لطفا منتظر باشید ...
7.4 Zone Datafile Controls
The datafiles for all
name servers, whether
Microsoft or BIND, can include two control entries: $ORIGIN and
$INCLUDE. $ORIGIN changes the origin, and $INCLUDE inserts a new file
into the current file. These control entries are not resource
records; they facilitate the maintenance of DNS data. They were
designed back in the "good old
days" as a shortcut for people who had to edit zone
datafiles by hand. If you make changes to your zones with the DNS
console only, you won''t encounter these controls:
the Microsoft DNS Server doesn''t use them in the
zone datafiles it generates. However, some day you might need to work
with zone datafiles created by hand, so it''s
important that you understand these controls.
7.4.1 Changing the Origin in a Datafile
The default origin for a DNS datafile is just the domain name of the
zone. The origin is a domain name that is appended automatically to
all names not ending in a dot. This origin can be changed within the
zone datafile using $ORIGIN, which must be followed by a domain name.
(Don''t forget the trailing dot if you give the full
domain name!) From that point in the file on, the new origin will be
appended to all names not ending in a dot.
If we didn''t have the DNS console to make changes
and had to edit files by hand, we''d run into times
when $ORIGIN would save us some work. For example, if your name
server were responsible for a number of subdomains, you could use the
$ORIGIN entry to reset the origin and simplify the files. For
example, from the movie.edu zone datafile:
$ORIGIN classics.movie.edu.
maltese IN A 192.253.253.100
casablanca IN A 192.253.253.101
$ORIGIN comedy.movie.edu.
mash IN A 192.253.253.200
twins IN A 192.253.253.201
We''ll discuss creating subdomains in Chapter 10.
7.4.2 Including Other Datafiles
To continue our example of editing zone datafiles by hand: once
you''ve subdivided your domain like this, you might
find it more convenient to keep the subdomain records in separate
files. The $INCLUDE statement would let you do this:
$ORIGIN classics.movie.edu.
$INCLUDE classics.dns
$ORIGIN comedy.movie.edu.
$INCLUDE comedy.dns
To simplify the file even further, the new origin can be specified on
the $INCLUDE line:
$INCLUDE classics.dns classics.movie.edu.
$INCLUDE comedy.dns comedy.movie.edu.
When you specify the origin on the $INCLUDE line, it applies only to
the particular file that you''re including. For
example, the comedy.movie.edu origin applies
only to the names in comedy.dns. After
comedy.dns has been included, the origin returns
to what it was before $INCLUDE, even if
comedy.dns contained an $ORIGIN entry.
Remember that, strictly speaking, you don''t need to
know anything about these directives to create subdomains with the
DNS console, and the Microsoft DNS Server doesn''t
generate zone datafiles using these shortcuts. But you do need to
know about them to complete your knowledge of zone datafiles.
7.4.3 Keeping Everything Running Smoothly
A significant part of maintenance is being aware when something has
gone wrongbefore it becomes a real problem. If you catch a
problem early, chances are it''ll be that much easier
to fix. As the adage says, an ounce of prevention is worth a pound of
cure.
This isn''t quite
troubleshootingwe''ll devote an entire chapter
to troubleshooting (Chapter 15)but you can
think of it as
"pre-troubleshooting."
Troubleshooting (the pound of cure) is what you have to do if you
ignore maintenance, after your problem has developed complications,
when you need to identify the problem by its symptoms.
The next two sections deal with preventive maintenance: looking
periodically at the Event Log and the name server statistics to see
whether any problems are developing. Consider this a name
server''s medical checkup.
7.4.4 Common Event Log Messages
The Microsoft DNS Server logs events to the System Log. To view the
events, you can either use the
Event Viewer (which you start with
Start
Administrative Tools Event Viewer) or click on the
Event Viewer folder for a given server in the
DNS console''s left pane. The DNS server logs to a
special category called, appropriately enough, DNS Server. If you use
the Event Viewer, make sure you''re looking at the
correct log messages by selecting DNS Server
in the left pane. To save space, when we describe an event
we won''t show a screenshot of the complete event.
Instead, we''ll list just the description from the
event detail. (Double-click an event to see its details.)
We''ll also list the Event ID in parentheses after
the text of the event.
When the server starts up (either at boot time or because you
restarted it) and is ready to answer queries, you''ll
see this event:
The DNS Server has started. (ID 2)
For a healthy server, you should see this event after booting. If you
stop the server manually, you''ll see this event:
The DNS Server has shutdown. (ID 3)
If a server is a secondary for a zone, it will notify you every time
it performs a zone transfer:
A more recent version, version 2000120500 of zone movie.edu was found at DNS server
at 192.249.249.3. Zone transfer is in progress. (ID 6522)
The DNS server wrote version 2000120500 of zone movie.edu to file movie.edu.dns.
(ID 3150)
You''ll also see that last message on the primary
when you make a change to a zone through the DNS console and select
Action
Update Server Data Files. After the serverwrites the updated file to disk, it logs that event.
If the primary is not authoritative for the zoneanother error
conditionyou''ll see this on the secondary:
Zone transfer request for secondary zone
movie.edu refused by master server at 192.
249.249.3. Check the zone at the master server 192.249.249.3 to verify that zone
transfer is enabled to this server. To do so, use the DNS console, and select master
server 192.249.249.3 as the applicable server, then in secondary zone movie.edu
Properties, view the settings on the Zone Transfers tab. Based on the settings you
choose, make any configuration adjustments there (or possibly in the Name Servers
tab) so that a zone transfer can be made to this server. (ID 6525)
Unfortunately, if the name server simply can''t reach
the primary (e.g., if it has gone down), the DNS server never logs an
error.
On the other hand, a server that''s a primary for a
zone will notify you when a secondary does a zone transfer:
The DNS server successfully completed transfer o
f version 3 of zone movie.edu to DNS
server at 192.249.249.1. (ID 6001)
If you''re missing the cache file,
cache.dns, or a zone datafile, the server will
log a flurry of messages. A missing or empty cache file produces
these events:
The DNS server could not open the file dns\cache.dns.
Check that the file exists in the
%SystemRoot%\System32\Dns directory and that it contains valid data. The event data is
the error code. (ID 1000)
The DNS server could not find or open zone file dns\cache.dns.
in the %SystemRoot%System32\Dns directory.
Verify that the zone file is located in this directory and that
it contains valid data. (ID 1004)
The DNS server is not root authoritative and no root hints were specified in the cache.dns file.
Where the server is not a root server, this file must specify root hints in the form of at
least one name server (NS) resource record, indicating a root DNS server and a corresponding
host (A) resource record for that root DNS server. Otherwise, the DNS server will be
unable to contact the root DNS server on startup and will be unable to answer queries for
names outside of its own authoritative zones. To correct this problem, use the DNS console
to update the server root hints. For more information, see the online Help. (ID 707)
The DNS server does not have a cache or other database entry for root name servers.
Either the root hints file, cache.dns, or Active Directory must have at least one name
server (NS) resource record, indicating a root DNS server and a corresponding host (A)
resource record for that root DNS server. Otherwise, the DNS server will be unable to
contact the root DNS server on startup and will be unable to answer queries for names
outside of its own authoritative zones. To correct this problem, use the DNS console to
update the server root hints. For more information, see the online Help. (ID 706)
The somewhat cryptic message "The event data is the
error code" makes more sense when viewing the
message in Event Viewer. This message means there''s
a specific error code listed in the Data field at the
bottom of the Event Properties window for this event.
A missing zone datafile, say movie.edu.dns,
generates these events:
The DNS server could not open the file dns\movie.edu.dns. Check that the file exists in the
%SystemRoot%\System32\Dns directory and that it contains valid data. The event data is the
error code. (ID 1000)
The DNS server could not find or open zone file dns\movie.edu.dns. in the %System
Root%System32\Dns directory.
Verify that the zone file is located in this directory and that
it contains valid data. (ID 1004)
The server also logs a syntax error in a zone datafile. If you always
make changes to your zones using the DNS console, you
shouldn''t see syntax errors. Editing by hand can get
you into trouble, though. Here''s what happens when
the server encounters a syntax error (the exact error messages will
vary based on the kind of syntax error):
The DNS server could not parse an unexpected token "terminator.movie.edu." in zone file
movie.edu.dns at line 24. Although the DNS server continues to load, ignoring this token,
it is recommended that you either correct the token or remove the resource record from
the zone file, which is located in the %SystemRoot%\System32\Dns directory. (ID 1504)
The DNS server is ignoring an invalid resource record in zone file movie.edu.dns at line 24.
See the previously logged event for a description of the error.
Although the DNS server continues to load, ignoring this RR, it is recommended that you
investigate the error associated with this record and either correct it or remove it from
the zone file. (ID 1508)
For a list of most of the events logged by the Microsoft DNS Server,
see article 259302 in the Microsoft Knowledge Base. This article
lists events for the Windows 2000 version of the DNS Server since a
Windows 2003 list was not available when this book went to press.
However, in our experience, many of the events are identical between
the Windows 2000 and Windows Server 2003 versions of the DNS Server.
7.4.5 Understanding Name Server Statistics
You should periodically
look over the statistics on some
of your name servers. Name server statistics are viewed with the
System Monitor. To start it, select Start
Administrative Tools Performance. Make sure System Monitor is selected in the left pane,
right-click in the right pane, and select Add
Counters. Select DNS in
the Performance object pull-down
list. You''ll see a list of all the server parameters
that you can monitor in real time. A brief explanation of each
parameter is available in the Windows online help system document
entitled "Monitoring DNS server
performance." To view this document, choose
Start
Help and typeMonitoring DNS
Server Performance in
the search box and press Enter.
Click the help topic button in the left pane and click on the
document link when it appears.
Selecting all parameters is not usefulit produces too much
information. To get an idea of the amount of memory being used by the
server, choose Caching Memory and Database Node
Memory. To see how busy the server
isthat is, how many queries it is handlinglook at
Total Query Received/sec and Total Response Sent/sec. To select several parameters, hold
down the Ctrl key while
single-clicking. When you''ve selected all the ones
you want, choose Add, then Close. Note that you have to save this list if
you want to avoid selecting the list of parameters again. Select
File
Save As to produce a .mscfile that you can use for subsequent monitoring sessions.
