70411R2Lab08

Lab 8Configuring DNS ZonesThis lab contains the following exercises and activities: Exercise 8.1 Installing DNS Exercise 8.2 Creating Primary and Secondary Zones Exercise 8.3 Creating an Active Directory Integrated Zone Exercise 8.4 Configuring Zone Delegation Exercise 8.5 Configuring a Stub Zone Exercise 8.6 Configuring Forwarding and Conditional Forwarding Zones Exercise 8.7 Configuring Zone Transfers Lab Challenge Using the DNSCMD Command To Manage Zones BEFORE YOU BEGINThe lab environment consists of student workstations connected to a local area network, along with a server that functions as the domain controller for a domain called contoso.com. The computers required for this lab are listed in Table 8-1.Table 8-1Computers Required for Lab 8 Computer Operating System Computer Name Server (VM 1) Windows Server 2012 R2 RWDC01 Server (VM 2) Windows Server 2012 R2 Server01 In addition to the computers, you also require the software listed in Table 8-2 to complete Lab 8. Table 8-2Software Required for Lab 8 Software Location Lab 8 student worksheet Lab08_worksheet.docx (provided by instructor) Working with Lab WorksheetsEach lab in this manual requires that you answer questions, take screen shots, and perform other activities that you will document in a worksheet named for the lab, such as Lab08_worksheet.docx. You will find these worksheets on the book companion site. It is recommended that you use a USB flash drive to store your worksheets, so you can submit them to your instructor for review. As you perform the exercises in each lab, open the appropriate worksheet file using Word, fill in the required information, and save the file to your flash drive. After completing this lab, you will be able to:§ Configure DNS zones including primary zones, secondary zones, and Active Directory Integrated zones.§ Configure Zone delegation§ Configure a Stub Zone§ Configure Forwarding and Conditional Forwarding zones§ Configure Zone Transfers§ Use DNSCMD command to manage zonesEstimated lab time: 80 minutes Exercise 8.1 Installing DNS Overview Domain Name System (DNS) is already installed on RWDC01. However, we need a second DNS server for future exercises. Therefore, during this exercise, you install a second DNS server on Server01. Mindset DNS is a naming service that is used by TCP/IP network and is an essential service used by the Internet. For years, Windows servers have included the DNS role. Completion time 10 minutes 1.Log in to Server01 as the Contoso\administrator user account with the Pa$$w0rd password. The Server Manager console opens.02.When Server Manager opens, click Manage < Add Roles and Features.3.On the Before you begin page, click Next.4.Select Role-based or feature-based installation, and then click Next.5.Click Select a server from the server pool, click Server01.contoso.com and then click Next.6.On the Select server roles page, click DNS Server. 7.When the Add Roles and Features Wizard dialog box appears, select Add Features, and then click Next.8.When the Select features page opens, click Next.9.On the DNS Server page, click Next.10. On the Confirm installation selections page, click Install.11. When the installation is done, take a screen shot of the Add Roles and Features Wizard by pressing Alt+Prt Scr and then paste it into your Lab08_worksheet file in the page provided by pressing Ctrl+V.12. Click Close. Question 1 For a typically large organization, how many DNS servers should you install? End of exercise. You can leave the windows open for the next exercise. Exercise 8.2 Creating Primary and Secondary Zones Overview During this exercise, you create primary and secondary zones on RWDC01 and Server01. Mindset For the Contoso Corporation, you are building a new network. Therefore, you need to install DNS to support your network. You have three primary sites. When you use primary and secondary zones, you can have only one primary zone. The other sites have to be secondary zones. Therefore, you will have one primary zone and two secondary zones. Completion time 15 minutes Creating a Standard Forward Lookup Primary Zone1.Log in to RWDC01 as the Contoso\administrator user account with the Pa$$word password. The Server Manager console opens.2.On Server Manager, click Tools < DNS to open the DNS Manager console. If necessary, expand the DNS Manager console to a full-screen view. Question 2 What is the primary tool to manage DNS in Windows? 3.Expand the server so that you can see the Forward Lookup Zones and Reverse Lookup Zones folders, if needed.4.Click, then right-click Forward Lookup Zones and choose New Zone.5.When the Welcome to the New Zone Wizard page opens, click Next.6.On the Zone Type page (as shown in Figure 8-1), with the Primary zone radio button already selected, click to deselect the Store the zone in Active Directory option. Click Next.Figure 8-1Creating a new zone7.The Zone Name page opens. In the Zone name text box, type adatum.com and then click Next.8.On the Zone File page, ensure that the Create a new file with this file name radio button is selected and then click Next.9.On the Dynamic Update page, ensure that the Do not allow dynamic updates radio button is selected and then click Next.10. When the Completing the New Zone Wizard page displays, take a screen shot of the New Zone wizard by pressing Alt+Prt Scr and then paste it into your Lab08_worksheet file in the page provided by pressing Ctrl+V.11. Click Finish.Creating a Standard Forward Lookup Secondary Zone1.On Server01, click Tools < DNS to open the DNS Manager console. If necessary, expand the DNS Manager console to a full-screen view.2.Expand the server so that you can see the Forward Lookup Zones and Reverse Lookup Zones folders, if needed.3.Click, then right-click Forward Lookup Zones and choose New Zone.4.When the Welcome to the New Zone Wizard page opens, click Next.5.On the Zone Type page, select the Secondary zone radio button and then click Next. The Zone Name page appears. 6.In the Zone name text box, type adatum.com and then click Next.7.On the Master DNS Servers page, type 192.168.1.50(as shown in Figure 8-2) and then press Enter. Click Next.Figure 8-2Specifying the master DNS server8.When the Completing the New Zone Wizard page opens, click Finish.Creating a Standard Reverse Lookup Primary Zone1.On RWDC01, go to the DNS Manager console. Right-click Reverse Lookup Zones and choose New Zone.2.When the Welcome to the New Zone Wizard page opens, click Next.3.On the Zone Type page, click Next. 4.On the Active Directory Zone Replication Scope, click Next.5.On the Reverse Lookup Zone Name page, with IPv4 Reverse Lookup Zone already selected, click Next. 6.Type the network address of 172.24.1 and then click Next.7.On the Dynamic Update page, click Next.8.When the Completing the New Zone Wizard page opens, take a screen shot of the New Zone Wizard by pressing Alt+Prt Scr and then paste it into your Lab08_worksheet file in the page provided by pressing Ctrl+V.9.Click Finish..End of exercise. You can leave the windows open for the next exercise. Exercise 8.3 Creating an Active Directory Integrated Zone Overview During this exercise, you create an Active Directory Integrated zone. Mindset You decide that you want to improve the DNS system for your company and you are thinking of switching to Active Directory-Integrated zones. Active Directory-Integrated zones are fault tolerant, they offer better security, and they have more efficient replication. With these features, you don’t have to worry about primary and secondary zones because each DNS server acts as a master. Completion time 5 minutes 1.On RWDC01, go to the DNS Manager console.2.Right-click the Forward Lookup Zones and choose New Zone. 3.When the Welcome to the New Zone Wizard starts, click Next.4.With Primary zone and Store the zone in Active Directory options already selected, click Next.5.On the Active Directory Zone Replication Scope dialog box, click Next.6.On the Zone Name page, type fabrikam.com and then click Next.7.On the Dynamic Update page, with the Allow only secure dynamic updates selected, click Next. Question 3 What is needed to perform secure dynamic updates? 8.Take a screen shot of the New Zone Wizard by pressing Alt+Prt+Scr and then paste it into your Lab08_worksheet file in the page provided by pressing Ctrl+V.9.Click Finish. The fabrikam.com domain is created.End of exercise. You can leave the windows open for the next exercise. Exercise 8.4 Configuring Zone Delegation Overview In this exercise, you delegate a subdomain called support under fabrikam.com on a different DNS server. Mindset Subdomains allow you to break up larger domains into smaller, more manageable domains. Then by using delegation, you place the subdomain on another DNS server. Completion time 5 minutes Question 4 You discovered that one server is heavily utilized by many request from the support domain. What can you do to break up the workload of the server? 1.On RWDC01, go to the DNS Manager console. Under Forward Lookup Zones, right-click Fabrikam.com and choose New Delegation. 2.When the Welcome to the New Delegation Wizard starts, click Next. 3.In the Delegated domain text box, type support(as shown in Figure 8-3) and then click Next.Figure 8-3Delegating a domain4.On the New Delegation Wizard page, click Add, type Server01in the Server fully qualified domain name (FQDN) text box, and then click Resolve. Ignore the red circle with the white X; the zone in Server01 still needs to be created. Click OK to close the New Name Server Record dialog box. Click Next.5.When the wizard is complete, click Finish.6.On Server01, go to the DNS Manager console. Right-click Forward Lookup Zones and choose New Zone.7.When the Welcome to the New Zone Wizard starts, click Next.8.On the Zone type, with the Primary zone already selected, click Next.9.On the Zone Name page, type support.fabrikam.comin the Zone name text box and then click Next.10. On the Zone File page, click Next.11. On the Dynamic Update page, click Next.12. When the wizard is complete, take a screen shot of the New Zone Wizard by pressing Alt+Prt Scr and then paste it into your Lab08_worksheet file in the page provided by pressing Ctrl+V.13. Click Finish..End of exercise. You can leave the windows open for the next exercise. Exercise 8.5 Creating a Stub Zone Overview In this exercise, you create a stub zone that points directly to another DNS server. Mindset A stub zone is a copy of a zone that contains only necessary resource records—Start of Authority (SOA), Name Server (NS), and Address/Host (A) record—in the master zone and acts as a pointer to the authoritative name server. Completion time 10 minutes 1.On RWDC01, go to the DNS Manager console. Right-click Forward Lookup Zones and choose New Zone. 2.When the Welcome to the New Zone Wizard begins, click Next.3.When the Zone Type page opens, select the Stub zone radio button and then click Next. Question 5 Which featuredoes Stub Zones bring to DNS: better performance, redundancy, or both 4.On the Active Directory Zone Replication Scope page, click Next.5.On the Zone Name page, type litware.com in the Zone name text box and then click Next.6.On the Master DNS Servers page, type 192.168.1.60and press Enter. Click Next.7.When the Completing the New Zone Wizard displays, click Finish.8.On Server01, go to the DNS Manager console. Right-click Forward Lookup Zones and choose New Zone.9.When the Welcome to the New Zone Wizard begins, click Next.10. On the Zone Type page, click Next.11. On the Zone Name page, type litware.com and then click Next.12. On the Zone File page, click Next.13. On the Dynamic Update page, click Next.14. When the wizard is complete, click Finish.15. On RWDC01, click the liteware.com node and then press F5 to refresh.16. On RWD01, take a screen shot of the DNS Manager window (with the litware.com node selected) by pressing Alt+Prt Scr and then paste it into your Lab08_worksheet file in the page provided by pressing Ctrl+V.End of exercise. You can leave the windows open for the next exercise. Exercise 8.6 Configuring Forwarding and Conditional  Forwarding Zones Overview To improve performance, you can control which DNS servers requests are forwarded to when performing naming resolution by configuring forwarding and creating conditional forwarding zones. In this exercise, you configure forwarding and create a conditional forwarding zone. Mindset By default, when a client contacts a DNS server and the DNS server does not know the answer, it performs an iterative query to find the answer (which means it first contacts the root domain and additional DNS servers until it finds the authoritative DNS server for the zone). However, DNS servers can be configured to be forwarded to another DNS server or a conditional forwarder based on the domain name queried. Completion time 10 minutes Configuring Forwarders1.On Server01, go to the DNS Manager console. Right-click Server01 and choose Properties. The Server Properties dialog box opens.2.Select the Forwarders tab. Question 6 Your company uses an ISP for Internet connection. How would you relay all DNS request through the ISP DNS servers? 3.Click Edit. The Edit Forwarders dialog box opens as shown in Figure 8-4.Figure 8-4Specifying DNS servers to forward requests4.In the IP address column, type the 192.168.1.50and press Enter. Click OK to close the Forwarders dialog box.5.Click OK to close theSERVER01 Properties dialog box.Configuring Conditional Forwarders1.On Server01, use the DNS Manager console to create a primary lookup zone named lucernepublishing.com. Question 7 How do you forward queries to a specific DNS server for a specified domain? 2.On RWDC01, go to the DNS Manager console. Click Conditional Forwarders Zones. Right-click Conditional Forwarders Zones and choose New Conditional Forwarder. The New Conditional Forwarder dialog box appears as shown in Figure 8-5.Figure 8-5Creating a new conditional forwarder3.Type lucernepublishing.com in the DNS Domain text box.4.In the IP Address column, type 192.168.1.60 in the IP addresses column and press Enter.5.Click OK to close the New Conditional Forwarder dialog box.6.On RWDC01, with the lucernepublishing.com node selected, take a screen shot of the DNS Manager console by pressing Alt+Prt Scr and then paste it into your Lab08_worksheet file in the page provided by pressing Ctrl+V.End of exercise. You can leave the windows open for the next exercise. Exercise 8.7 Configuring Zone Transfers Overview By configuring zone transfers, you can control to which servers DNS information is copied. Mindset You need to configure zone transfers between multiple DNS servers. What are the three types of zone transfer available? Completion time 10 minutes 1.On RWDC01, using the DNS Manager console, click adatum.com and then right-click the adatum.com zone and choose Properties. The Properties dialog box opens.2.Click the Zone Transfers tab.3.With the Allow zone transfers option already selected, select Only to the following servers radio button. Question 8 Which type of transfer copies the entire zone, which is done when a new DNS secondary service for an existing zone is added? 4.Click Notify, click The following servers radio button, type 192.168.1.60 in the IP Address column, and then press Enter. Click OK. 5.Click OK to close the adatum.com Properties dialog box.   End of exercise.Lab REview Questions Completion time 10 minutes 1.In Exercise 8.2, what must you create before creating the secondary zone?2.In Exercise 8.3, what is the prerequisite to have Active Directory-Integrated zones?3. In Exercise 8.6, how do you configure all queries that a DNS server cannot directly resolve be forwarded to your ISP’s DNS server?   4.In Exercise 8.6, where did you configure forwarding?5.In Exercise 8.7, how did you configure zone transfers? Lab Challenge Using the DNSCMD Command to Manage Zones Overview To complete this challenge, you must demonstrate how to use the DNSCMD command to manage zones. Completion time 10 minutes You need to configure a few scripts that will create DNS zones. Therefore, what commands would you use to perform the following on RWDC01.contoso.com:1.Create a primary zone called fabrikam.com2.Create a secondary zone called contoso.com. The primary server is located at 192.168.1.603.Create an Active Directory integrated zone called litware.com4.Delete a secondary zone called lucernpublishing.com.5.Force a zone replication for the lucernpublishing.com zone.End of lab. You can log off or start a different lab. If you want to restart this lab, you’ll need to click the End Lab button in order for the lab to be reset.