Dns On Windows Server 1002003 [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

Dns On Windows Server 1002003 [Electronic resources] - نسخه متنی

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Main Page

Table of content

Copyright

Preface

Versions

What''s New in This Edition

Organization

Audience

Obtaining the Example Programs

Viewing Microsoft Knowledge Base Articles

Conventions Used in This Book

Using Code Examples

How to Contact Us

Quotations

Acknowledgments

Chapter 1. Background

1.1 A (Very) Brief History of the Internet

1.2 On the Internet and Internets

1.3 The Domain Name System in a Nutshell

1.4 The History of the Microsoft DNS Server

1.5 Must I Use DNS?

Chapter 2. How Does DNS Work?

2.1 The Domain Namespace

2.2 The Internet Domain Namespace

2.3 Delegation

2.4 Name Servers and Zones

2.5 Resolvers

2.6 Resolution

2.7 Caching

Chapter 3. Where Do I Start?

3.1 Which Name Server?

3.2 Choosing a Domain Name

Chapter 4. Setting Up the Microsoft DNS Server

4.1 Our Zone

4.2 Installing the Microsoft DNS Server

4.3 The DNS Console

4.4 Setting Up DNS Data

4.5 Running a Primary Master Name Server

4.6 Running a Secondary Name Server

4.7 Adding More Zones

4.8 DNS Properties

4.9 What Next?

Chapter 5. DNS and Electronic Mail

5.1 MX Records

5.2 Adding MX Records with the DNS Console

5.3 What''s a Mail Exchanger, Again?

5.4 The MX Algorithm

5.5 DNS and Exchange

Chapter 6. Configuring Hosts

6.1 The Resolver

6.2 Resolver Configuration

6.3 Advanced Resolver Features

6.4 Other Windows Resolvers

6.5 Sample Resolver Configurations

Chapter 7. Maintaining the Microsoft DNS Server

7.1 What About Signals?

7.2 Logging

7.3 Updating Zone Data

7.4 Zone Datafile Controls

7.5 Aging and Scavenging

Chapter 8. Integrating with Active Directory

8.1 Active Directory Domains

8.2 Storing Zones in Active Directory

8.3 DNS as a Service Location Broker

Chapter 9. Growing Your Domain

9.1 How Many Name Servers?

9.2 Adding More Name Servers

9.3 Registering Name Servers

9.4 Changing TTLs

9.5 Planning for Disasters

9.6 Coping with Disaster

Chapter 10. Parenting

10.1 When to Become a Parent

10.2 How Many Children?

10.3 What to Name Your Children

10.4 How to Become a Parent: Creating Subdomains

10.5 Subdomains of in-addr.arpa Domains

10.6 Good Parenting

10.7 Managing the Transition to Subdomains

10.8 The Life of a Parent

Chapter 11. Advanced Features and Security

11.1 New Ways to Make Changes

11.2 WINS Linkage

11.3 Building Up a Large, Sitewide Cache with Forwarders

11.4 Load Sharing Between Mirrored Servers

11.5 The ABCs of IPv6 Addressing

11.6 Securing Your Name Server

Chapter 12. nslookup and dig

12.1 Is nslookup a Good Tool?

12.2 Interactive Versus Noninteractive

12.3 Option Settings

12.4 Avoiding the Search List

12.5 Common Tasks

12.6 Less Common Tasks

12.7 Troubleshooting nslookup Problems

12.8 Best of the Net

12.9 Using dig

Chapter 13. Managing DNS from the Command Line

13.1 Installing the DNS Server

13.2 Stopping and Starting the DNS Server Service

13.3 Managing the DNS Server Configuration

13.4 An Installation and Configuration Batch Script

13.5 Other Command-Line Utilities

Chapter 14. Managing DNS Programmatically

14.1 WMI and the DNS Provider

14.2 WMI Scripting with VBScript and Perl

14.3 Server Classes

14.4 Zone Classes

14.5 Resource Record Classes

Chapter 15. Troubleshooting DNS

15.1 Is DNS Really Your Problem?

15.2 Checking the Cache

15.3 Using DNSLint

15.4 Potential Problem List

15.5 Interoperability Problems

15.6 Problem Symptoms

Chapter 16. Miscellaneous

16.1 Using CNAME Records

16.2 Wildcards

16.3 A Limitation of MX Records

16.4 DNS and Internet Firewalls

16.5 Dial-up Connections

Appendix A. DNS Message Format and Resource Records

A.1 Master File Format

A.2 DNS Messages

A.3 Resource Record Data

Appendix B. Converting from BIND to the Microsoft DNS Server

B.1 Step 1: Change the DNS Server Startup Method to File

B.2 Step 2: Stop the Microsoft DNS Server

B.3 Step 3: Change the Zone Datafile Naming Convention

B.4 Step 4: Copy the Files

B.5 Step 5: Get a New Root Name Server Cache File

B.6 Step 6: Restart the DNS Server

B.7 Step 7: Change the DNS Server Startup Method to Registry

Appendix C. Top-Level Domains

Colophon

Index

Index SYMBOL

Index A

Index B

Index C

Index D

Index E

Index F

Index G

Index H

Index I

Index J

Index K

Index L

Index M

Index N

Index O

Index P

Index Q

Index R

Index S

Index T

Index U

Index V

Index W

Index Z
توضیحات
افزودن یادداشت جدید










12.6 Less Common Tasks


The following sections describe tricks you'll
probably have to use less often but are still handy to have in your
repertoire. Most of these will be helpful when
you're trying to troubleshoot a DNS problem;
they'll enable you to grub around in the messages
the resolver sees and mimic a name server querying another name
server or transferring zone data.


12.6.1 Seeing the Query and Response Messages


If you need to, you can direct
nslookup to show you the queries it sends out
and the responses it receives. Turning on debug
shows you the responses. Turning on d2 shows you
the queries as well. When you want to turn off debugging completely,
you have to use set nodebug, since set
nod2 turns off only level 2 debugging. After the following
trace, we'll explain some parts of the message
output. If you want, you can pull out your copy of RFC 1035, turn to
page 25, and read along with our
explanation. 

C:\> nslookup 
Default Server:  terminator.movie.edu 
Address:  192.249.249.3 
> set debug
> set type=mx
> oreilly.com.
Server:  terminator.movie.edu
Address:  192.249.249.3
------------
Got answer:
HEADER:
opcode = QUERY, id = 11, rcode = NOERROR
header flags:  response, want recursion, recursion avail.
questions = 1,  answers = 1,  authority records = 0,  additional = 1
QUESTIONS:
oreilly.com, type = MX, class = IN
ANSWERS:
->  oreilly.com
MX preference = 20, mail exchanger = smtp2.oreilly.com
ttl = 21598 (5 hours 59 mins 58 secs)
ADDITIONAL RECORDS:
->  smtp2.oreilly.com
internet address = 209.58.173.10
ttl = 21598 (5 hours 59 mins 58 secs)
------------
Non-authoritative answer:
oreilly.com
MX preference = 20, mail exchanger = smtp2.oreilly.com
ttl = 21598 (5 hours 59 mins 58 secs)
smtp2.oreilly.com
internet address = 209.58.173.10
ttl = 21598 (5 hours 59 mins 58 secs)
>
> set d2
> oreilly.com. 
Server:  terminator.movie.edu 
Address:  192.249.249.3

This time the query is also shown:

------------
SendRequest(  ), len 29
HEADER:
opcode = QUERY, id = 12, rcode = NOERROR
header flags:  query, want recursion
questions = 1,  answers = 0,  authority records = 0,  additional = 0
QUESTIONS:
oreilly.com, type = MX, class = IN
------------
------------
Got answer (67 bytes):

The answer is the same as in the previous example.

Between the dashes are the query and
response messages. As promised, we will go through the message
contents. DNS messages are composed of five sections:

Header section



The Header section is present in every query and response. The
operation code is always QUERY. (Other opcodes are used for other DNS
operations, such as the Notify and Dynamic Update protocol extensions
described in Chapter 11.) The ID is used to
associate a response with a query and to detect duplicate queries or
responses. You have to look in the header flags to see which messages
are queries and which are responses. The string
"want recursion" indicates that the
querier wants the name server to do all the work. The flag is
parroted in the response. The string "auth.
answer," when present, means that the response is
authoritativein other words, that the response comes from the
name server's authoritative data, not from its cache
data. (This response isn't authoritative, so that
string is absent.) The response code, rcode, can be one of no error,
server failure, name error (also known as
"NXDOMAIN" or
"nonexistent domain"), not
implemented, or refused. The server failure, name error, not
implemented, and refused response codes cause the nslookup
"Server failed,"
"Nonexistent domain,"
"Not implemented," and
"Query refused" errors,
respectively. The last four entries in the Header section are
countersthey indicate how many resource records there are in
each of the next four sections.


Question section


A DNS message always contains one and
only one question; it includes the name and the requested data type
and class. There is never more than one question. Handling more than
one question in a DNS message would require a redesign of its format.
For one thing, the single authority bit would have to be changed,
because the Answer section could contain a mix of authoritative
answers and nonauthoritative answers. In the present design, setting
the authoritative answer bit means that the name server is an
authority for the domain name in the Question section.


Answer section


This section contains the resource
records that answer the question. There can be more than one resource
record in the response. For example, if the host is multihomed, there
will be more than one address resource record.


Authority section


The Authority section is where name
server records are returned. When a response refers the querier to
some other name servers, those name servers are listed here.


Additional section


The Additional records section adds
information that may complete information included in other sections.
For instance, if a name server is listed in the Authority section,
the name server's address is added to the Additional
records section. After all, to contact the name server, you need to
have its address.




12.6.2 Querying Like a Name Server


You can
make nslookup send out the same query message a
name server would. Name server query messages are not much different
from resolver messages. The primary difference in the query messages
is that resolvers request recursion and name servers seldom do.
Recursion is the default with nslookup, so you
have to explicitly turn it off. The difference in
operation between a resolver and a name server
is that the resolver implements the search list and the name server
doesn't. By default, nslookup
implements the search list, so that, too, has to be turned off. Of
course, judicious use of the trailing dot will have the same effect.

In nslookup
terms, this means that to query like a resolver, you use
nslookup's default settings. To
query like a name server, use set norecurse and
set nosearch. On the command line,
that's nslookup -norecurse
-nosearch.

When a name server gets a query, it looks for the answer in its
cache. If it doesn't have the answer and it is
authoritative for the zone, the name server responds that the name
doesn't exist or that there is no data for that
type. If the name server doesn't have the answer and
it is not authoritative for the zone, it starts
walking up the namespace looking for NS records. There will always be
NS records somewhere higher in the domain tree. As a last resort, it
will use the NS records at the root domain, the highest level.

If the name server received a nonrecursive query, it would respond to
the querier by giving the NS records that it had found. On the other
hand, if the original query was a recursive query, the name server
would then query the remote name servers in the NS records that it
found. When the name server receives a response from one of the
remote name servers, it caches the response and repeats this process,
if necessary. The remote server's response will
contain either the answer to the question or a list of name servers
lower in the namespace and closer to the answer.

Let's assume for our example that we are trying to
satisfy a recursive query and that we didn't find
any NS records until we checked the com domain.
That is, in fact, the case when we ask the name server on
terminator.movie.edu about
www.theonion.comit
doesn't find any NS records in its cache until the
com domain. From there we switch servers to a
com name server and ask the same question. It
directs us to the theonion.com servers. We then
switch to a theonion.com name server and ask the
same question:

C:\> nslookup  
Default Server:  terminator.movie.edu 
Address:  192.249.249.3 
> set norec                Query like a name server: turn off recursion. 
> set nosearch             Turn off the search list. 
> www.theonion.com         We don't need to dot-terminate since we've turned search off. 
Server:  terminator.movie.edu 
Address:  192.249.249.3
Name:    www.theonion.com
Served by:
- a.gtld-servers.net
192.5.6.30
COM
- b.gtld-servers.net
192.33.14.30
COM
- c.gtld-servers.net
192.26.92.30
COM
- d.gtld-servers.net
192.31.80.30
COM
- e.gtld-servers.net
192.12.94.30
COM
- f.gtld-servers.net
192.35.51.30
COM
- g.gtld-servers.net
192.42.93.30
COM
- h.gtld-servers.net
192.54.112.30
COM
- i.gtld-servers.net
192.43.172.30
COM
- j.gtld-servers.net
192.48.79.30
COM

Switch to a com name server. You may have to
turn recursion back on temporarily, if the name server
doesn't have the address already cached:

> server a.gtld-servers.net.
Default Server:  a.gtld-servers.net
Address:  192.5.6.30

Ask the same question of the com name server. It
will refer us to name servers closer to our desired answer:

> www.theonion.com.
Server:  a.gtld-servers.net
Address:  192.5.6.30
Name:    www.theonion.com
Served by:
- ns2.rackspace.com
207.71.44.121
theonion.com
- ns.rackspace.com
207.235.16.2
theonion.com

Switch to a theonion.com name
servereither of them will do:

> server ns.rackspace.com.
Default Server:  ns.rackspace.com
Address:  207.235.16.2
> www.theonion.com.
Server:  ns.rackspace.com
Address:  207.235.16.2
Name:    theonion.com
Address:  66.216.104.235
Aliases:  www.theonion.com

We hope this example gives you a feeling for how name servers look up
names. If you need to refresh your understanding of what this looks
like graphically, see Figures Figure 2-12 and Figure 2-13.

Before we move on, notice that we asked each of the servers the very
same question: "What's the address
for www.theonion.com?" What do
you think would happen if the com name server
itself had already cached
www.theonion.com's address? The
com name server would have answered the question
out of its cache instead of referring us to the
theonion.com name servers. Why is this
significant? Suppose you messed up a particular
host's address in your zone. Someone points it out
to you, and you clean up the problem. Even though your name server
now has the correct data, some remote sites find the old, messed-up
data when they look up the name. One of the name servers higher up in
the domain tree has cached the incorrect data; when it receives a
query for that host's address, it returns the
incorrect data instead of referring the querier to your name servers.
What makes this problem hard to track down is that only one of the
"higher up" name servers has cached
the incorrect data, so only some of the remote lookups get the wrong
answerthe ones that use this server. Fun, huh? Eventually,
though, the "higher up" name server
will time out the old record. If you're pressed for
time, you can contact the administrators of the remote name server
and ask them to kill and restart their name servers to flush the
cache. Of course, if the remote name server is an important,
much-used name server, they may tell you where to go with that
suggestion.


12.6.3 Zone Transfers



You can use
nslookup to transfer a whole zone with the
ls command. This feature is useful for
troubleshooting, for figuring out how to spell a remote
host's name, or just for counting how many hosts are
in some remote zone. Since the output can be substantial,
nslookup allows you to redirect the output to a
file.

Beware: a lot of hosts won't let you pull a copy of
their zones, either for security reasons or to limit the load on
their name server hosts.

nslookup filters zone transfer data: it shows
you only some of the zone unless you tell it otherwise. By default,
you see only address and name server data. You will see all of the
zone data if you tell nslookup to display data
of any type. The nslookup
help (available from the Help and Support Center) or command summary
(shown by typing help at the
nslookup prompt) tells you all the parameters to
the ls command. We are going to show only the
-t parameter, since the others can be emulated
with -t. The -t option
takes one argument: the data type to filter. So, to pull a copy of a
zone and see all the MX data, use ls -t mx.
Let's do some zone transfers:

C:\> nslookup  
Default Server:  terminator.movie.edu 
Address:  192.249.249.3 
> ls movie.edu.          List NS and A records for movie.edu.
[terminator.movie.edu]
movie.edu.                     NS     server = terminator.movie.edu
movie.edu.                     NS     server = wormhole.movie.edu
carrie                         A      192.253.253.4
diehard                        A      192.249.249.4
misery                         A      192.253.253.2
robocop                        A      192.249.249.2
shining                        A      192.253.253.3
terminator                     A      192.249.249.3
wh249                          A      192.249.249.1
wh253                          A      192.253.253.1
wormhole                       A      192.253.253.1
wormhole                       A      192.249.249.1
> ls -t any movie.edu > /temp/movie.edu.txt      List data into \temp\movie.edu.txt.
[terminator.movie.edu] 
Received 25 records.

Those forward slashes in the ls
command aren't a
misprintnslookup was originally written
for Unix as part of the BIND distribution. Microsoft must have missed
the slashes when porting nslookup to Windows.


/ 163