Technical posts about IT

Posts tagged DNS

Windows 7 DNS Client Requests

Jan12
2012 Leave a Comment Written by Sean Metcalf

I decided I would install WireShark on my Windows 7 laptop and watch some traffic. After running Wireshark, I discovered some interesting traffic as a result of a simple DNS query…

The example I use here is a simple nslookup for google.com against the DNS server 10.10.10.11 (ns1.metcorp.org).

nslookup google.com

That simple command initiated the following activities.

When a Windows 7 workstation sends a DNS query to a DNS server, it performs the following queries (DNS client queries in Blue & responses in Orange):

  1.  Standard Query PTR 11.10.10.10.in-addr.arpa
    (reverse lookup for the PTR record associated with the primary DNS server in order to get the DNS server’s hostname).
  2. Standard Query response PTR ns1.metcorp.org
    (the DNS server responds with the hostname)
  3. Standard Query A google.com.metcorp.org
    (The DNS client appends its local domain suffix to perform single-label name resolution. The DNS client requests an A (host) record.)
  4. Standard Query response, No such name
    (The DNS server could not find  an A (host) record matching google.com.metcorp.org)
  5. Standard Query AAAA google.com.metcorp.org
    (The DNS client appends its local domain suffix to perform single-label name resolution. The DNS client requests an AAAA (IPv6 host) record which is the IPv6 version of an A record.)
  6. Standard Query response, No such name
    (The DNS server could not find  an AAAA (IPv6 host) record matching google.com.metcorp.org)
  7. Standard Query A google.com
    (The DNS client sends the original queried hostname. The DNS client requests an A (host) record.)
  8. Standard Query response, A 74.125.113.105 A 74.125.113.99  A 74.125.113.104 A 74.125.113.103 A 74.125.113.147 A 74.125.113.106
    (The DNS server locates an existing A record matching google.com. In this example, there are multiple IP addresses associated with google.com and these are provided in the response.)
  9. Standard Query AAAA google.com
    (The DNS client sends the original queried hostname. The DNS client requests an AAAA (IPv6 host) record.)
  10. Standard Query response
    (includes SOA record information for the domain)
  • Authoritative nameservers
  • google.com: type SOA, class IN, mname ns1.google.com (the mname record identifies the primary name server)
  • name: google.com
  • Type: SOA (Start of zone authority)
  • Class: IN (0×0001)
  • Time to live: 5 minutes
  • Data length: 38
  • Primary name server: ns1.google.com
  • Responsible authority’s mailbox: dns-admin.google.com
  • Serial number: 1473701 (at the time I ran it)
  • Refresh interval: 2 hours
  • Retry interval: 30 minutes
  • Expiration limit: 14 days
  • Minimum TTL: 5 minutes

NOTE:
This process doesn’t include the traffic from the local DNS server (ns1.metcorp.org) to get the A record information from the google.com DNS server.

The Windows DNS client will append its primary DNS suffix:

Note that when using Active Directory, by default, the primary DNS suffix portion of a computer’s full computer name must be the same as the name of the Active Directory domain where the computer is located. To allow different primary DNS suffixes, a domain administrator may create a restricted list of allowed suffixes by creating the msDS-AllowedDNSSuffixes attribute in the domain object container. This attribute is created and managed by the domain administrator using Active Directory Service Interfaces (ADSI) or the Lightweight Directory Access Protocol (LDAP).

Furthermore, the Windows DNS client will check its cache first, then send the DNS query to the first DNS server listed in the NIC settings (primary DNS) and after not receiving a response within 1 second, will send the same query to the first DNS configured server (on all network adapters) – whichever one replies first is used for subsequent queries. If there is no response from this query to all DNS servers on the preferred network adapter:

  • It waits 2 seconds for a response from the primary DNS servers configured on all other adapters.
  • After this second try with no response, the DNS client sends the query to all DNS servers on all adapters (still under consideration) waiting 2 seconds for a response.
  • After this third try with no response, the DNS client sends the query to all other DNS servers still under consideration (on all adapters) waiting 4 seconds for a response.
  • After this fourth try with no response, the DNS client sends the query to all other DNS servers still under consideration (on all adapters) waiting 8 seconds for a response.
  • At this point the DNS client returns a time-out.

Once a response is received, querying stops.
If the response is a positive one, the response is added to the client’s cache, and the query is fulfilled.
If the response is a negative one, all alternate DNS servers are removed from consideration for this query and the negative response is cached.

For example, if someone queries for portal.metcorp.org before the admin creates the A record, the user’s computer will cache this negative response from the DNS sever – the record doesn’t exist so it is cached as such on that computer until the cache expires. The admin creates the A record for portal.metcorp.org 1 minute later and asks the user to try again. The user attempts to connect to portal.metcorp.org and it fails again because this time the DNS query is satisfied by the DNS client cache on the user’s workstation.  Running ipconfig /flushdns will clear the DNS client cache on the computer including negative responses. After performing this action on the user’s computer (or restarting the DNS Client service), the user is able to receive the configured IP address for portal.metcorp.org.

The Windows DNS client performs Subnet Prioritization which means that if there are multiple IP addresses for a hostname, the response is then ordered in priority order with the hostname associated IP Addresses that are local to the client listed first. The use of Subnet Prioritization overrides DNS Round Robin behavior.

The Windows Server 2003 DNS Client service performs the following tasks:

  • Registers its names in DNS.
  • Name resolution.
  • Caching responses to name resolution queries.
  • Removes previously resolved names from the cache when it receives a negative response for the name.
  • Negative caching.
  • Keeps track of transitory (Plug and Play) network connections and the DNS server lists based on their IP configurations.
  • Maintains connection-specific domain name suffixes.
  • Prioritizes which DNS servers it uses according to whether they respond to a query if multiple DNS server are configured on the client.
  • Prioritizes the multiple A resource records it receives from a DNS server based on their IP address.
  • Initiates a network failure timeout when all DNS Client service queries time out, and does not submit any queries for 30 seconds. This feature applies to every adapter separately.
    From “How DNS Works

References:

Google+FacebookEmailPrintShare
Posted in Deployment, Microsoft Products, Tech, Technical Reference - Tagged , , , , ,

Microsoft Active Directory Design Guidance (IPDs)

Dec18
2011 Leave a Comment Written by Sean Metcalf

Not many people know that Microsoft provides a wealth of information useful for designing Active Directory structures. The so called Infrastructure Planning and Design (IPD) series is freely available on TechNet.

Here are a few of the Microsoft Products with IPDs:

Or, if you are feeling bold, download ALL of the IPDs!

The best thing about the IPD docs is the numbers used to determine how many servers to deploy.

For example, here is some extremely useful information for determining Active Directory Domain Controller numbers (from the AD IPD v2.1):

Task 1: Determine Number of Domain Controllers

For each domain in each location identified in Step B1, the minimum number of domain controllers required needs to be identified. The table below describes the minimum number of domain controllers required, based on number of users.

Table 4. Minimum Number of Domain Controllers

User per domain in a site Minimum number of domain controllers required per domain in a site
1–499 One – Single Processor
500–999 One – Dual Processors/Cores
1,000–2,999 Two – Dual Processors/Cores
3,000–10,000 Two – Quad Processors/Cores

For workloads greater than 10,000 users in a site, additional testing should be performed with user workloads to determine the need for additional hardware. Previous guidance stated an extra quad processor system for every additional 5,000 users. However, for authentication-only workloads, this will be overkill for most environments.

If only one domain controller per location exists, consideration should be made for the need to span the WAN to communicate with a domain controller for authentication and access to resources in the event of failure of the local domain controller.

All domain controllers within a domain must be fully aware of all information related to the domain. This is handled by replication of the AD DS database between domain controllers. This replication occurs within AD DS sites and across site boundaries. If the number of replication partners in a given site reaches 15 or more, an additional domain controller should be added to the site. Another domain controller should be added for each additional 15 replication partners.

Review all applications that rely on AD DS data. Some applications, such as Exchange Server, require additional domain controllers in order to function correctly. Evaluate the need for additional domain controllers based on the expected loads and requirements of the applications.

The IPD documents are valuable to the person tasked with design work.

Google+FacebookEmailPrintShare
Posted in Deployment, Favorite, Microsoft Products, Tech, Technical Reference - Tagged , , , , , , , , , , , , , , , ,

Reference: DCDIAG – What it does

Dec11
2011 Leave a Comment Written by Sean Metcalf

Sure you have run DCDIAG before, but do you know what it actually does?

Here’s the DCDIAG syntax:

dcdiag /test:DNS [/DnsBasic | /DnsForwarders | /DnsDelegation |
 /DnsDynamicUpdate | /DnsRecordRegistration | /DnsResolveExtName [/DnsInternetName:<InternetName>] | 
/DnsAll] [/f:<LogFile>] [/x:<XMLLog.xml>] [/xsl:<XSLFile.xsl> or <XSLTFile.xslt>] [/s:<DomainController>] [/e] [/v]

I usually run DCDIAG with the following switches to check the health of a DC:

DCDIAG /c /v /f:c:\DCDIAG.Log

  • /v: Provides verbose logging displaying additional information on what is being tested and the result.
  • /c: Performs a comprehensive suite of tests.
  • /a: Test all DCs in the site. This is useful if your local Exchange team thinks something is going on with the DCs since Exchange is acting up.
  • /e: Tests ALL the DCs in the enterprise. Use with caution.

Here’s an excellent in-depth post on DCDIAG and what happens behind the scenes when running it:

Google+FacebookEmailPrintShare
Posted in Microsoft Products, Tech, Technical Reference, Troubleshooting - Tagged , , , ,

Active Directory Resource Reference List

Nov10
2011 Leave a Comment Written by Sean Metcalf

There are a number of technologies required by Active Directory to ensure proper operation. Often I find myself reviewing this information to ensure that I fully understand how things work as well as any updates to how they operate in a newer version of Windows.

Here’s a list of Microsoft technical reference articles:

Google+FacebookEmailPrintShare
Posted in Favorite, Tech, Technical Reference - Tagged , , , , , , , , , ,

Microsoft Windows Server 2003 Technical Reference

Oct14
2011 Leave a Comment Written by Sean Metcalf

This is one of the best resources I have found for learning (and keeping recent with) relevant technologies.

http://technet.microsoft.com/en-us/library/cc739127(WS.10).aspx

 New & Updated Collections

Here are some of the highlights:

Google+FacebookEmailPrintShare
Posted in Deployment, Microsoft Products, Tech - Tagged , , , , , , , , , , ,
Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog do not represent the views of Metcorp Consulting, LLC or its partners. Content Ownership: All content posted here is intellectual work and under the current law, the poster owns the copyright of the article. Terms of Use Copyright © 2011 - 2012