To get an idea of how an application uses round-robin, try PINGing the same hostname over and over again. You will be shown the IP address used each time, and it should rotate through the list shown by NSLOOKUP.
To configure a hostname to map to multiple IP addresses, simply add that hostname in over and over again, once for each IP address. Easy!
DNS Record Properties (Caching and TTL)
As responses are returned from the servers to the clients, they contain more information than the basic IP address. This additional information helps to direct the behavior of the client or secondary name server and can control aspects such as how long they will retain that IP address in their cache, if they may retain it at all. For the person managing the servers, these are simply properties in the Microsoft DNS Manager dialog box. For someone analyzing DNS traffic with a protocol analyzer, these properties are evident within the data portion of the packet.
By default, when a name server is queried using a recursive query, that name server will pass the query on to a more authoritative name server. When the result is finally returned to the original name server, it will store that name and IP address in a cache so that it will not have to query other servers if it is asked for the same information. For those already familiar with proxy servers, this is very similar to the behavior exhibited by an HTTP server: Store all returned data in a cache for later use.
DNS servers communicate how long a given record should be cached using the Time to Live (TTL) property. The TTL of a record is the amount of time that an intermediary name server may retain the record in its cache before purging it. When an intermediary name server or a DNS client caches a record, it must begin to count down the TTL. When the number reaches zero, the record must be purged from cache.
However, there are many circumstances in which DNS addresses should be cached differently or not at all. For example, consider a network that is using DHCP to dynamically assign IP addresses to clients. A properly configured DNS server will return the correct IP address for a dynamically assigned client, but that IP address may not be valid the next time the client starts up. Therefore, it is a good idea to reduce the amount of time that the IP address is stored in the caches of other name servers. This can be done by changing the TTL of a given DNS result using the DNS Manager.
Modifying the TTL of a DNS record can have many side effects. If an administrator wanted to ensure that a DNS server was queried every single time a name from the domain was requested, he or she could configure the DNS records with a TTL of zero. By eliminating caching on intermediate DNS servers, however, the administrator would increase the load on his or her own server–every single request, regardless of where it came from, would have to query the authoritative server. The advantage to this is an increase in the accuracy and freshness of data as it is returned to clients, despite an increase on the load of a server.
To restate that, as you decrease a TTL, you increase the load on a server and improve the consistency of the data being returned.
The DNS Database
The data your clients will be querying from your DNS server has to be physically stored somewhere, and that place is the DNS database. This database stores all the records within your domain. While the structure of the database itself has very little impact on the network, I feel it is important to provide a general reference to the different types of records and databases you will encounter.
TYPES OF RECORDS
This section gives a brief overview of the most common types of DNS records you will encounter and what they each mean. Again, I do not intend this chapter as a definitive source of information for every aspect of the DNS protocol suite. I am only providing a brief overview of the various record types that you may come across when working with DNS servers.
SOA (START OF AUTHORITY) The SOA record is always the first record in any zone. It indicates that the server holding the SOA record is the best source of domain information; the “horse’s mouth,” if you will.
The NS (name server) records exist to provide a list of name servers within a domain. One NS record should exist for each DNS server.
MX (mail exchange) records allow mail destined for a domain to be directed to a mail server, which may not be in the same domain. This is useful in many circumstances, but particularly in cases where a domain is managed by an ISP but mail should be directed to the organization’s mail server.
The A record, otherwise known as an address record, maps hosts to IP addresses. This is the most common type of DNS record.
CNAME (canonical name) records are used to provide an alias for a host within a domain’s name space. For example, it is common practice for Internet service providers to create CNAME records for “POP” and “SMTP” within their domain. Because both POP and SMTP are often served by the same system, they may both be CNAME records directing traffic to the same IP address.
PTR (pointer) records are used within the in-addr.arpa domain to allow reverse lookups. They map an IP address to a hostname, just opposite what the A record does.
WINS records are not part of the standard DNS configuration but may exist in Windows NT–based DNS servers to allow for integration with a WINS database. These records store NetBIOS names and resolve them to IP addresses.
WINS-R (WINS Reverse Lookup) records are not part of the standard DNS configuration, but may exist in Windows NT–based DNS servers to allow for integration with a WINS database. They store IP addresses and allow them to be resolved to NetBIOS names.
CACHE DATABASE The cache database is a mechanism built into DNS to allow a name server to store name and IP address relationships that are not part of a zone that the name server is participating in. In other words, the name server may keep IP addresses and names without being authoritative to them. Don’t confuse the cache database with similar mechanisms already built into Windows NT, such as the ARP cache. While they are similar in some of their functions, the DNS cache database operates in ways distinct from other caches.
First, the cache database will almost always contain a list of servers that have been statically entered. This static list allows the DNS server to locate other servers that must be queried–for example, for a DNS server to resolve names on the Internet, it must know where the authoritative servers are located. The DNS service built into Windows NT 4.0 includes the following entries by default:
. 2163095040 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 2163095040 IN A 198.41.0.4
. 2163095040 IN NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 2163095040 IN A 128.9.0.107
. 2163095040 IN NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 2163095040 IN A 192.33.4.12
. 2163095040 IN NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 2163095040 IN A 128.8.10.90
. 2163095040 IN NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 2163095040 IN A 192.203.230.10
. 2163095040 IN NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 2163095040 IN A 39.13.229.241
. 2163095040 IN NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 2163095040 IN A 192.112.36.4
. 2163095040 IN NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 2163095040 IN A 128.63.2.53
. 2163095040 IN NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 2163095040 IN A 192.36.148.17
It’s important to understand this database file because it contains entries for the primary servers on the Internet, and if they are wrong or missing, your DNS server will have no idea where to point to resolve names. The latest file can be downloaded from ftp://rs.internic.net/domain/named.cache. As you can imagine, it is fairly important that these servers not change their IP addresses very often. Nonetheless, the default cache file provided by Microsoft is already out of date, so I advise you to download the newest from the InterNIC and keep it updated on your DNS servers.
REVERSE LOOKUP DATABASE The reverse lookup database is very similar to the standard lookup database, except IP addresses are mapped to hostnames, instead of the other way around.
PLANNING FOR DNS IN YOUR NETWORK
Designing an effective DNS architecture that can last many years is a very difficult process! It is definitely worth the effort required, and this section will attempt to give you some hints, offer detailed advice, and point you in the right direction.
Integrating Your DNS into the Internet
DNS is useful whether or not you are planning to connect your organization to the Internet. However, the majority of companies require some form of Internet connectivity, and the majority of those companies will need to integrate their DNS structures into their ISP and the rest of the Internet.
REGISTERING A DOMAIN NAME
Nowadays, everyone has a domain name on the public Internet. You certainly don’t want to be left out of this great big party on the Net, so here’s an outline of the steps to take to get yourself registered. These steps are summarized in Table 12-4.
The first step in the process of participating in the public Internet DNS architecture is to find a couple of DNS servers to use. In most cases, organizations that are connecting to the Internet allow their ISP to provide a Primary DNS server. Usually, the company will configure a secondary DNS server on their side of the Internet link to provide local name resolution.
This works out well, unless you are the ISP. In this case, you will probably take responsibility for the primary DNS services. It is not as difficult as it may sound, but it requires a solid name server foundation and plenty of redundancy. A single failed DNS server can cause an entire organization to disappear from the Internet–it is very important the your name services be reliable!
The next step, which may already be done for you, is to register a domain name with InterNIC. A good starting place for registration information can be found at http://rs.internic.net/help/domain/new-domain-reg.html. This page will allow you to determine whether or not the desired domain name is available, and it contains links to help you register the name.
Registering a name is the second step because you must provide the IP address of an ISP’s DNS server that will take primary DNS server responsibilities. The InterNIC will place the IP address of this system in the name space under the top-level domain in which your domain belongs. For example, if you purchased the domain name “mycompany.com,” the InterNIC would associate the domain entry “mycompany” within the “com” top-level domain with the IP address of your (or your ISP’s) DNS server. The process of registering a domain name is outlined in Figure 12-6.
Once you have your domain registered on the Internet, you may begin to add hostnames and subdomains. It is common to add host records for www and ftp that will point to public servers people can use to get information about your organization. You will also want to add several standard records, such as an MX record. The MX record will allow you to receive mail that is destined for that domain at a specific SMTP server. Assuming everything has been configured correctly, your domain information will be available from the public Internet.
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
You've Deployed SharePoint...Now What? This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions
What Would You Do If You Ran Microsoft? ITTV's 2008 inaugural video contest, "If I Ran Microsoft..." is your chance to tell it like it is. Be goofy or be serious, but don"t miss this chance to have fun, win prizes, and go viral in a major way.
Maximize Your SharePoint Investment This web seminar discusses how true bi-directional replication of SharePoint content from one server to another enables branch offices to maintain access to current SharePoint content.
Windows IT Pro
Register
