Configuring Dynamic Update Options
When configured to do
so, DNS servers running on Windows 2000 or Windows Server 2003 can
accept dynamic updates of A and PTR resource records. The updates
themselves must be performed either by a DNS client running Windows
2000, Windows XP, or Windows Server 2003, or by a DHCP server (on behalf
of a DNS client) running Windows 2000 or Windows Server 2003.
Tip
For
the exam, remember that UNIX-based DNS servers running Berkeley
Internet Name Domain (BIND) 8.1.2 or later can accept dynamic updates. |
Dynamic
updates can occur only when clients are configured with a domain suffix
that matches the zone name hosted by the preferred DNS server. In other
words, for the record of a computer named Client1 to be dynamically
updated in the lucernepublishing. com zone, the FQDN of that computer
must be client1.lucernepublishing.com., and the client must specify as
its DNS server the IP address of the DNS server hosting
lucernepublishing.com.
Default Client Update Behavior
By default, DNS clients
that are configured with a static IP address and an appropriate domain
suffix attempt to register and update both A and PTR resource records
with the preferred DNS server. However, DNS clients that obtain their
address from a DHCP server attempt to register and update only their A
resource records with the preferred DNS server. In this case, the PTR
resource record is updated by the DHCP server when the lease is
assigned. Windows clients that are not capable of performing dynamic
updates—such as DNS clients running Windows Me or Windows NT 4—can have
both A and PTR resource records updated on their behalf by a specially
configured DHCP server.
To configure a DNS
client to attempt dynamic updates in DNS, make sure the Register This
Connection’s Addresses In DNS check box is selected on the DNS tab of
the Advanced TCP/IP Settings dialog box, as shown in Figure 4-15.
(It is selected by default.) This configures the DNS client to attempt
to register and update the computer’s full computer name (primary domain
name). When you clear this check box, the DNS client no longer attempts
dynamic updates. If you configure a DNS suffix for the connection, you
can also specify that the DNS client attempt to dynamically register and
update an FQDN based on this connection-specific suffix. To do so,
click the Use This Connection’s DNS Suffix In DNS Registration check
box. (It is not selected by default.)
To force a DNS client to attempt dynamic registration of its A and PTR resource records, type ipconfig /registerdns at a command prompt.
Note
For
Internet Connection Sharing (ICS) clients, Dynamic DNS updates are
configured in a distinct manner. When DNS clients running Windows 2000,
Windows XP, or Windows Server 2003 obtain their IP configuration from a
computer running ICS, those clients can update their records in DNS only
when the Use This Connection’s DNS Suffix In DNS Registration is
selected. You do not need to specify a connection-specific suffix.
Instead, the primary DNS suffix forms the FQDN. |
Configuring TCP/IP Settings for DNS Clients
The following procedure summarizes the steps necessary to enable clients to use DNS.
To configure TCP/IP settings for DNS clients, complete the following steps:
1. | Open the Network Connections window.
|
2. | Right-click the network connection you want to configure, and then select Properties.
The connection’s properties dialog box appears.
|
3. | On
the General tab (for a local area connection) or the Networking tab
(all other connections), select the Internet Protocol (TCP/IP)
component, and then click Properties.
The Internet Protocol (IP) Properties dialog box appears.
|
4. | If you want to obtain DNS server addresses from a DHCP server, select Obtain DNS Server Address Automatically.
|
5. | If
you want to manually configure DNS server addresses, select Use The
Following DNS Server Addresses, and in the Preferred DNS Server text box
and Alternate DNS Server text box, type the preferred DNS server and
alternate DNS server IP addresses.
|
6. | To configure advanced DNS properties, click Advanced, select the DNS tab, and do one or more of the following:
To configure an additional DNS server IP address, click the topmost Add button and specify a DNS server IP address. To modify the resolution behavior for unqualified DNS names, do the following: To
configure the client to resolve an unqualified name by adding the
primary DNS suffix and the DNS suffix of each connection (if
configured), select Append Primary And Connection Specific DNS Suffixes.
If you also want to search the parent suffixes of the primary DNS
suffix up to the second-level domain, select the Append Parent Suffixes
Of The Primary DNS Suffix check box. To
configure the client to resolve an unqualified name by adding the
suffixes from a list of configured suffixes, select Append These DNS
Suffixes, and then click Add to add suffixes to the list.
To configure a connection-specific DNS suffix, type the DNS suffix in the DNS Suffix For This Connection text box. To modify DNS dynamic update behavior, do the following:
configure
the client to register the connection’s IP address with the local
computer’s full computer name in DNS, select the Register This
Connection’s Addresses In DNS check box. This option is enabled by
default. This option requires that the primary DNS suffix of the
computer match a domain hosted by the preferred DNS server. configure
the client to register the connection’s IP address with a
connection-specific FQDN, select the Use This Connection’s DNS Suffix In
DNS Registration check box. This option is disabled by default. completely
disable DNS dynamic updates for all names on the computer, clear the
Register This Connection’s Addresses In DNS check box for all
connections in Network Connections.
|
Viewing and Clearing the DNS Resolver Cache
The DNS resolver cache,
also known as the DNS client cache, is maintained separately from the
DNS server cache. This resolver cache is checked first by DNS clients
before they attempt to query a DNS server. New entries are added to the
resolver cache whenever a DNS client receives a query response from a
DNS server.
To view the DNS client cache, enter ipconfig /displaydns
at a command prompt. The output of this command includes entries loaded
from the local Hosts file, as well as any recently obtained resource
records for name queries resolved by the system.
To clear the DNS resolver cache, you can enter ipconfig /flushdns
at the command prompt. Alternatively, you can restart the DNS Client
service by using the Services console, an administrative tool accessible
through the Start menu.
Tip
Remember the following DNS-related commands for the exam: Ipconfig /displaydns. Displays the contents of the DNS client cache Ipconfig /flushdns. Purges the contents of the DNS client cache Ipconfig /registerdns. Refreshes all DHCP leases and reregisters DNS names with DNS zones configured to accept dynamic updates
Know
also that the Ipconfig / registerdns command can be used only on
clients running Windows 2000, Windows XP, and Windows Server 2003. |
Tip
For
the exam, remember that you sometimes need to run Ipconfig /flushdns on
your computer before you can see the benefit of having fixed a DNS
problem elsewhere on the network. For example, suppose you are unable to
ping a UNIX computer by name from a Windows client. You manually create
a host (A) resource record for the UNIX computer to remedy the
situation, but when you again try to ping the UNIX computer by name, you
still receive an error response. This problem occurs because the
Windows client has cached a negative response to the earlier query for
the UNIX computer name. To fix the problem, flush the DNS client cache
by executing Ipconfig /flushdns on the Windows computer. This command
forces the Windows client to attempt from scratch to resolve the UNIX
computer name instead of just responding with the cached negative
response. |
Practice 1: Configuring a Primary DNS Suffix
In this practice, you
configure a primary DNS suffix for Computer1 and Computer2 and then
observe changes resulting from this procedure in the DNS console.
Exercise 1: Adding Suffix Names to Computers
In this exercise, you configure a primary DNS suffix for Computer1 and Computer2.
Log on to Computer1 as Administrator.
In Control Panel, open the System tool.
The System Properties dialog box opens.
Click the Computer Name tab.
Click the Change button.
The Computer Name Changes dialog box opens.
Click More.
The DNS Suffix And NetBIOS Computer Name dialog box opens.
In the Primary DNS Suffix Of This Computer text box, type domain1.local.
In the Computer Name Changes dialog box, click OK.
The Computer Name Changes message box appears, indicating that you need to restart the computer for the changes to take effect.
In the System Properties dialog box, click OK.
The System Settings Change dialog box opens, which asks you whether you want to restart your computer now.
While
Computer1 is restarting, perform this same procedure on Computer2,
assigning the primary DNS suffix of domain1.local, and then choosing to
restart the computer.
Practice 2: Configuring a DNS Server to Perform Recursion
In this practice, you
configure the DNS server on Computer1 to answer recursive queries for
Internet-based DNS names from Computer2. You then initiate a recursive
query from Computer2 and monitor the results.
Because Computer2 is
assigned a private address, it can communicate with the Internet only by
means of an address translation service such as Network Address
Translation (NAT) or ICS. As a result, the first step in this practice
is to configure ICS on Computer1.
Exercise 1: Enabling ICS
In this exercise, you
enable ICS on Computer1. This feature performs address translation for
all computers on the network segment and enables them to communicate
with Internet hosts. ICS also provides addresses for DHCP clients on the
local segment and configures these clients to use the ICS computer as a
DNS server. After ICS is enabled, the DNS server on the ICS server
performs recursion to answer the DNS queries from local clients.
Log on to Computer1 as Administrator.
Open the Network Connections window.
If the MyISP connection is active in the Network Connections window, right-click MyISP and select Disconnect.
After the dial-up connection has finished disconnecting, right-click MyISP and select Properties.
The MyISP Properties dialog box opens.
In
the Internet Connection Sharing area, select the Allow Other Network
Users To Connect Through This Computer’s Internet Connection check box.
Click OK.
The Network Connections dialog box opens.
Read the text in the box, and then click Yes.
At
this point, the local computer is assigned an IP address of
192.168.0.1. You might temporarily lose network connectivity while these
changes are being made.
Log on to Computer2 as Administrator.
Exercise 2: Performing Recursive Queries
In this exercise, you
use Network Monitor to capture a DNS query from Computer2. After
Computer1 performs recursion to answer the query, you explore the
capture and verify that new entries corresponding to the query have been
loaded into the DNS Server cache.
Connect Computer1 to the Internet through the MyISP connection.
Log on to Computer2 as Administrator and open a command prompt.
At the command prompt, type ipconfig /all, and then press Enter.
Because
ICS has been enabled on the network, Computer2 now specifies
192.168.0.1, the address of Computer1, as its DNS server. Computer2
therefore resolves DNS queries through Computer1.
At the command prompt, type ipconfig /flushdns, and then press Enter.
The resolver cache clears, which forces Computer2 to contact a DNS server to resolve all DNS names.
Switch to Computer1, open Network Monitor, and begin a Network Monitor capture.
Switch
back to Computer2, and then open Internet Explorer. If you receive a
message box informing you that an enhanced security configuration is
currently enabled, select the check box to prevent this message from
appearing again, and then click OK.
In the Address text box in Internet Explorer, type http://www.windowsupdate.com, and then press Enter.
The connection is successful.
Switch back to Computer1 and in Network Monitor, click the Stop And View Capture button.
In
the Capture: 1 (Summary) window, locate and double-click the first DNS
frame in the capture. Note that the FQDN queried for in the first line
is www.windows-update.com.
Within the expanded DNS frame in the details (center) pane, expand the section named DNS Flags.
A set of flagged messages appear. These messages are true when the corresponding flag is set to 1.
Answer the following question: Which of the DNS flags is set to 1 and not 0?
Recursive Query Desired
This flag serves as a request that the DNS server perform recursion to answer the query if necessary.
Close Network Monitor. Do not save the capture or choose to save any entries to the database.
Open the DNS console. (If the DNS console is already open, close the console and reopen it.)
In the console tree, select the COMPUTER1 icon.
From the View menu, select Advanced.
A new folder named Cached Lookups appears in the console tree.
Expand the Cached Lookups folder, and then expand the .(root) folder.
Within the .(root) folder, browse the subfolders to locate the CNAME record www.windowsupdate.com.
Computer1
has performed recursion to answer Computer2’s recursive query. The DNS
Server service has then cached the records returned in the response to
the query.
Log off Computer1 and Computer2.
