DNS Troubleshoot
Tools for Troubleshooting DNS:
DNS Console, NSLOOKUP, DNSCMD, IPCONFIG, Logs, PM, NBTSTAT,NETSTAT, ARP
Where does a Host File Reside? c:\windows\system32\drivers\etc.
Active directory integrated DNS information stored in NTDS.DIT File
The standard primary and secondary zone is less secure but active directory-integrated DNS is more secure.
DNS server Backup and restoration: HKEY_LOCAL_MACHINE\SYSTEM\Currentconsoleset\Services\DNS
%systemroot%\system32\dns
Active Directory-integrated method:
Primary server scenario
Secondary Server Scenario
A Zone can be authoritative for one domain or multiple domains.
You may also want to note that a single DNS server can provide multiple DNS zone Roles. In other words, a single DNS server can be a primary server for one of its configured zones and a secondary server for another zone.
1. Create a forward lookup Zone: (Recommended for Small networks) It Contains host records, which contain host names to IP address mapping information. It will resolve the domain name to the IP address ex:wipro.com (This server is authoritative for the DNS names of local resources but forwards all other queries to an ISP or other DNS servers. The server will configure the root hints but not create a reverse lookup zone.
2. Create forward and reverse lookup zones: (Recommended for large networks)
This server can be authoritative for forward and reverse lookup zones. It can be configured to perform recursive solutions, forward queries to other DNS servers, or both. The wizard will configure the root hints.
Reverse lookup Zone: (Recommended for large networks) It contains mapping information about IPs to the host. It will resolve the IP address to the domain name ex 192.1.1.0
3. Root hint server:(Recommended for advanced users only) if the DNS server does not know the address of the requested site, then it will forward the request to another DNS server. In order to do so, the DNS server must know of the IP address of another DNS server that it can forward the request to. This is the job of root hints. Root hints provide a list of IP addresses of DNS servers that are considered to be authoritative at the root level of the DNS hierarchy (also known as root name server). The good news is that root hints are preconfigured on Windows Server 2003 DNS servers. The root hints are stored in a file named cache. Dns that are located in the \Windows\System32\Dns folder. If you would like to see what the root hints file looks like, you can open it in Notepad. The root hints file is really nothing more than just a text file that pairs root DNS servers with their IP addresses.
Dynamic Updates: It is a feature of 2000 & 03 when a client machine or a network node comes on line; automatically gets their names registered in the DNS database. Dynamic updates take place when there is a modification or change done at the client or when we have a DHCP server.
There are 2 types of Dynamic updates
1) Secure
2) Non-secure
Secure Updates:
Useful when we do not want our DNS maintained outside our network host information.
Non-secure updates:
DNS gets updated as and when all the hosts come online get their names registered with the DNS server.
Configuring secure & non-secure updates:
Zone – properties
Dynamic updates
Select either secure or non-secure
Apply – OK.
Link:
How DNS Support for Active Directory Works: Active Directory | Microsoft Learn