Windows2000 DNS Technical Guide 4

zhaozj2021-02-08  231

Chapter 4 Danger Information Details This chapter includes: • Database resource record. Resource Record referred to as R r, constitutes content of the domain area file, is the core data of D N S. As the name suggests, the resource record contains important resource information that D N S should know, these resources are other D n s servers and hosts. This section will illustrate the main resource record types and introduce them. • Cache file. Cache files (root prompt) will indicate the root domain name server so that any D n S server can easily find the root of the domain name system tree. This section describes the cache file, its importance, and how to use it. • Entrusted authorization. Register your primary domain server to i n t e R n i c to enable the domain to access your domain list, you can connect to this server, and publish your auxiliary domain name server with domain name server record (N s record). This section will explain why the authorization server is published. If D N s is life, then some things are completed by intuitive, while other functions are to learn. This chapter will introduce the basic work that DNS should complete, that is, DNS is almost brought by intuitive completion (from its domain zone file), will also introduce the type of various resource records, which can be used to make DNS more advanced The task is required to meet the needs of the user (routing mail, the service positioning information, and the use of key exchange to improve the security structure). This chapter does not involve D N S recently have new dynamic upgrades. 4.1 Database Resource Record like any other database, D N S's architecture is also composed of a table, and each table contains many records. D N s database table is called a zone file. Most records have specialized meanings because they identify a number of resources, which can even be associated with records in other tables. The resource record type includes authorization start recording S O A (Start of Authority), address record A (A D r e s s), pointer record P T R (P O i n t e R model, etc.). This chapter will introduce a variety of resource record types in detail later. Appendix F "Resource Record and I N TE E R N I C Cache File" provides a complete resource log list. What kind of records that can be seen in the domain area file depends on a number of factors. The first thing to see is which domain zone file, if you are looking for a field area and a reverse lookup domain area, there is little record. Another factor in determining the content of the domain area is what information is required to publish or need to be issued. This section will explain the various important record types in detail. They should be very understandable and know how they are used. When the domain area information is stored in the file form, the Windows DNS stores the domain zone database file in the% Wi N D n s Y S T E M 3 2 / D N S directory. Windows DNS also provides a number of template files in the subdirectory in the. / S A M P L e S subdirectory to provide an example of file format. The Windows DNS server can store configuration information and domain information in three. The configuration information is typically stored in the registry, or it can be stored in a boot file compatible with B i N D (U N i X machine is done). Domain area information is stored in a domain area file or an active directory. D N S Server Boot Configuration Information In the registry is H K L M, S Y S T E M, C U R E N T C O N T R O L S E T, S E R V I C E S, D N S, Z O N E S; file name is B O O T.

Unlike a Named. Boot file, the Windows DNS server allows it to have only the information of the primary server, secondary service, and cache server in the boot file, Figure 4 - 1 shows the "P Roperties" "A" in the Windows DNS server "A" DVANCED (Advanced) "tab. Figure 4-1 Windows DNS Server Properties dialog box, you can set the boot option when "Load Zone Data On Start Up is set to" from file "option, the registry information is A boot file is automatically generated. When it becomes "from registry", the previous boot file is moved into. / Backup subdirectory, whether the above case, the registry always keeps current information, this The change is to take effect immediately when "a PPLY" button is pressed. It is easy to cause misleading here, unless the active directory is used, the domain zone file is always used to store domain information. Although there is "from Active Directory and Registry" option in Figure 4 - 1, the domain area file (ie, the real resource record) is still not stored in the registry. When the domain information is stored in the active directory, the domain area is transmitted to the visible directory object via the L D A P protocol. Although these domain logs are still used for any secondary server, there is no longer existing domain zone files on the primary server. At the same time, there is no longer "from file" "option. The format of the Windows DNS area file is compatible with R F C, and this format in this chapter is also applied to the B i n D domain area file and Windows DNS file. The information included in this chapter will be much more than what can be seen in the Window DNS management interface. This is because the actual data store is much more complicated than what you can see, and in the server, you simplify things as much as possible, you only need to choose the configuration and default values. RFC 1 0 3 5, RFC L183, RFC 1 6 6 6 4, RFC 1 8 8 6, RFC 2 0 5 2, RFC 2 1 8 1, RFC 2 0 3 5 and RFC 2 6 7 2 (available from WW W. ISI. EDU is found to be the most authoritative file recorded by root field. When using the DNS Server Management Controller, Windows DNS will automatically format records, but if you use boot file options and move file back and forth between Windows DNS and BIND, you need to know how to use text editors to format records and how to let Wi NDOWS accepts boot files. One excellent feature of Windows DNS is that it can generate a configuration with the DNS Server Management Console, then save the configuration in a boot file, obviously, if you want to go to UNIX / BIND-based systems from Windows DNS, this is very Help, there is no other way. 4.2 Resource Recording Syntax Format The following is taken from RFC 1035, written by Paul Mockapetris, explaining the syntax of the R R format (pages 3 2 ~ 3): 38 Part 1 understands the domain name system

The format of these files is a series of entries. The entries are basically in behavioral units, but they can also be used in parentheses, and the characters of the text can include C R L f (Enter Rankings). The combination of any number of TA B keys and space bobs is equivalent to a separator to separate the components in the entry. At any line of the primary file, you can add any comments, and comments start with a semicolon; Define the following entry: The first defined space line is defined. Dark lines can be used anywhere in the file, and the blank can be annotated or not commented. Two control entries have also been defined above: $ O R I g i n and $ I N C L u d E. The $ O R I g I n must be followed by a domain name, which is to set the current domain to the domain specified in the entry. $ I N c L u D entry will insert a domain name file in the current domain name file. The domain name in the $ INCLUDE entry is optional, the purpose is to specify the current domain name containing the file. The $ include entry can also be annotated. Note that whether or not $ I N c L u d E entries change the domain of $ I N C L u d e file, the current domain of the parent file (current file) will not change the current domain. The latter two entries represent the format of R r (resource record). If the R r begins in a space, this R r is all the domains that are last indicated in the above entry. If a R r entries are started by the domain name (, the owner of the record is reset. The content of can have the following format: R r begins with options T t L and C L A S S, then the T y P E segment and R D ATA (recording data) segment corresponding to the type (T y P e) and category (C L A S). C L A S S and T Y P e use standard holidays, T T L is a decimal number. If the value of C L A Ss S and T L is omitted, the default is the value of the last one. Because Type and Class's help not repeat, the syntax analysis of them will be unique (the order and examples listed here are different from the order in the actual resource record, and the order listed here is more convenient to perform Gramma analysis). Records with will account for most of the main file data. Each part of the domain name is represented by a string, and "." Is separated. Any character can be used in the domain name. The domain name ended with "." Is an absolute domain name and is a complete domain name. The domain name not "." Is the relative domain name, the actual domain name is made up of the relative domain name and the source that is connected after the source specified by the $ O R I g i n, $ include, or the destination parameter when the main file is in the calling routine. When there is no source available, the relative domain name is an error. String can be used in two ways: may be a continuous character set without internal spaces; or use the character set enclosed in the character set, which can be used in addition to? If you want to use the host, you must use the backslash. These files are text files, but some characters or representations have special significance, especially:. Representative roots. @ 单 @ 符 represents the current source. / X The x here is any character except for 0 to 9 characters. This indication is to indicate that the X character here is just a normal character without any special meaning. If it is? /. "It means a general". ", Not root. Chapter 4 Domain Information Details 39

/ DDD D is an eight-input number, D D D is an octal representation of the corresponding decimal number, and the obtained D D D is also as a text, and there is no other meaning. () Brackets are used to enclose cross-line data. If there is a routine endorse, it is not recognized that the end of the line. The semicolon is used to begin annotation, and the semicolon can be ignored. The grammar representation and examples of each R r described later in this chapter are from R F C 1 0 3 5, RFC 11 8 3, RFC 1664. These documents are the authoritative reference materials in the main file format. However, it is still necessary to mention some information: • The resource record entry is not case sensitive, so H O S T N a m E = H O S T N a m E = H O S T n a m e. • In the name of the resource record, each label has 6 3 character lengths, and each whole domain cannot exceed 2 5 characters. • Underline in Service Resource Record (S RV), is specified in RF C 2 0 5 2, perhaps temporary, is used in the specified service and protocol domain. The current RFC 2052BIS draft is intended to abolish the R f C2052IS DVAFT-ICTF = DNSIND-IFC2052BIS-0.5TXT file on November 1, 9 9 9 9 9. • For internationalization, RFC 2044 uses standard add-to-standard support, which is abolished after RFC 2279. The U T F - 8 standard is specified in RFC 2279, which is not specifically handled D N s character set, which has been built into resource record support for Windows 2000 DNS. Underline uses Underline to use the underline to name the mode in Windows NT. But there is a problem when the NET B I O S name is mapped to D n s domain name space. Wi N D O W S must recognize that the current underscore is illegal in D N s host and domain name. Some domain names only do not advocate using underscores, but some servers returns an error message and reject the query. In Windows 2000, because D N S and Wi N D O W S name space must be closely linked to each other, the use of underscore is a typical issue. The rest of the problem is that the U t f - 8 or the use of special characters such as underline will bring trouble to the D N S server collaborative work. Start authorization record S O A Start authorization record, is generally referred to as S O A record (S t a R t-o f-a u T H o R I T Y) is the first entry necessary in all forward and reverse domain zone files. Some key information required for each domain is provided by the S O A record defined by the RFC 1035. Most importantly, the S O A record specifies the domain authorization domain server. Figure 7 - L is the "Domain Name ServerManager Properties" dialog that S O A record, and you can open the dialog in the server list. The S O A record is very important, which contains the following sections (some values ​​of them) can be seen in Figure 4-2). All segments are given in the following list (but not exactly the same as those displayed in the Windows DNS manager). • Owners (O W N E R): The owner recorded by S O A is generally the source of the domain zone, that is, the domain represented by the domain zone file. In MS DNS Manager, the owner is the domain name under the server name in the server list, which will automatically write to the database. • Effective time (t i m e - t o - l i v e, refermstr T t L): The domain default T t1 is the minimum T t1 (see the last list of this list, M - T L).

If this setting is used, it will overwrite a single record using the domain default T t l value (M - T t L). • Category (C L A S s): The category of S O A record is default I n to I N t e R N e t. • Type (T Y P E): The type of S O A record is S O A, and appears in the T y P E column of resource records to indicate which D n s server is authorized to this domain. 40 Part 1 Understanding Domain Name System Figure 4-2 Observe the S O A Record in D N S Manager • Zone File Source: The domain area file source is the host name of this domain master D N S server. In Windows DNS, this is automatically generated when using the management interface. • The D n s name of the person in charge of the mailbox (M A I L B O X): The mailbox here is generally an email address of the domain administrator. The mailbox is expressed as "." Format, such as A c t i o n. C n r i. R e s t o n. V a. U s, it will be translated into email address a c t i o n @ c n r i. R e s t o n. U s. A C T I O n may be an administrator of the C N R I domain. • Serial Number: The serial number is used as version control. When the domain file is modified, the serial number will increase, and the secondary server will find this change. If the serial number does not increase, the secondary server will consider its domain zone data or correct, and does not initiate the transmission to update the data. The slave server requests a serial number from the primary server and compared to the current serial number. If the serial number of the primary server is discovered, it starts a domain area. If the two serial numbers are equal, there is no domain zone transmission. If the serial number of the primary server is smaller, not only without the domain zone transmission, the slave server writes information in its log file than the self-serial number than the own serial number. • Refresh (R E F R E S H): Refresh Time Tell the secondary server over a long time to prepare for a domain area data. Refresh time is also called refresh interval or refresh cycle. When the new time has arrived, first check the serial number to decide whether to refresh the transfer. If the serial number has increased, the data changes, the secondary server will reload the domain data and record the new serial number. Chapter 5, "Domain Name Query Details" provides information on increment transmission and complete domain zones. • RETRY Interval: Retry Interval Specifies how long the secondary server will retrip the transfer after a transfer data fails. • Expire Time: The expiration time specifies that if the refresh fails, the secondary service device can also provide a continuous authorization answer. If the refresh fails due to the failure of the primary server, the secondary server will continue to answer the query until the domain data expires. If the primary server returns to normal, the secondary server will restart refresh. If the domain data expires cannot be successfully refreshed, the secondary server will stop answering the query on this domain. • Minimum T t L (M - T L): The minimum effective time indicates that the answer is effective in how long it is. When the client Chapter 4 Domain Information 41

When query D n s servers, the T tl time information is obtained in addition to getting the response, so that the client knows how much this answer can be used without checking whether the record is changed. If the data is not frequent, the value of T t L is relatively large. At this time, there are not many queries to establish a continuous use cache. If the value of t tl is smaller, the client's cache will expire quickly, so that even the same record, it is necessary to query frequently. The use of T T L value in the resource record is uncommon, which means that the resource record has a inherited T t l value, which is specified in the domain S O A resource record as the minimum T t1 specified. A typical SOA record as follows: Symbol @ can also be used to represent the current source (Example. Net in this example), the following SOA record and the above example are equivalent: here, @ 就 相 相 e e Net. As mentioned earlier, the T t1 is often omitted, while the value of M - T t L will apply to each record of the domain zone. Attention time is in seconds. 4.3 Domain Name Server (N s) Record Domain Name Server Record tells D N S which server is the delegation authorization server of this domain or its subdomain. Entrusted authorization to a server to answer the query. The entrusted authorization is similar to the manager to delegate the work to another member. A domain name server can delegate all licenses of a subdomain to other servers, or a primary server can delegate the authorization to the secondary server so that although they are not the source of the address map, they can also answer the query. 4. 5 Section will be described in detail. Figure 4 - 3 is the Domain Name Server Manager Properties dialog recorded by N s. Figure 4-3 Observing N S Record 42 in D N S Manager 42 first part of understanding domain name system

In the forward domain zone file and the reverse domain zone file, the N S recorded, the format of the N s record is as follows: The first segment of the record is the owner, indicating the domain that the server has been entrusted. The next T t1 is often blank, and the administrator generally uses the value of the M - T t L recorded in S O A. The rear category (C L A S s) segment is almost always I n, represents I n t e R n e t. Type N s indicates that it is recorded by N s. Finally, the "host name. Domain name" of the domain name server is authorized to provide an answer to the entire server of the server. This domain name should have the tail "." To ensure that the parser can know that it is a whole domain name. It can be seen that there are many similar places in N S records and S O A records. Both have all owners, T t l and categories, these sections are likely to be the same in two records. There is a N S record for each delegated authorized domain name server, and there is a bonded record from the parent server or root server to the delegate authorization server. You can use N s to specify an additional domain name server, but they can only be used for internal clients, and the external mechanism only knows the domain name server and the domain area of ​​the domain name server and the domain zone registered in I N TE R N I c. It should be noted that the above-mentioned entrusted authorization is in the usual mode. In Windows 2000 DNS Manager, the delegate authorization looks a bit different. Here, the N S record can be generated by selecting "New Deli Authorization" by selecting "New Deli District". The former is based on the current server setting to generate a new domain area with N S and S O A record. The latter generates a subdomain at the current point and generates an N S record. Although MS Windows 2000 documentation is compatible with these uses, it should also be known that the entrusted authorization mentioned in this chapter usually has a special specified meaning. N s records have the following form: The N S records that may generally see are the following form: because the first record in the domain area is S O A record, and the owner has been described in the SOA record. Therefore, the owner can be omitted in the N S record, so that the above form is to assume that the owner is the current source E x a m p L e. N e t specified by S O A. It can be noted that the T t l value is not specified in the above example, and the domain name server n s 1. I S i. E d u. N s 1. U s c. E d u. It is the formal domain name ending with the point. There is no server and authorized domain that require entrusted authorization must be the same domain, which is also an advantage of the D N S structure. Note that these domains actually have different domain suffixes. 4.3.1 Pointer Record and Reconfaction Pointer Records are also known as P T R record, which is a key record for reverse address resolution. If a host's I P address is known, to know its hostname, you need to reverse analysis from the reverse address (or directly referred to as address) to the host name. The P T R record is the main body of the domain area file of the A r p A domain in the I n - a d r. Figure 4 - 4 is a D N s Manager Properties dialog recorded by P T R. The reverse domain zone file (I n - a d r file) is also started with S O A record and N s, and the rest of the file is usually recorded, sometimes a specification name (C N a m e) record. The format of the PTR record is as follows (see Figure 4 - 4): Observation 1. 1 6 8. 1 9 2. In - the main server of the Add R.Arpa domain, there is a form: Chapter 4 Domain information 43

Figure 4-4 Observing the P T R record in D N s Manager First, pay attention to the host name ".", That is, all domain names, so these names do not need additional information. If the tail is not ".", The source of the domain area should be added behind the host name. Because the source is 1. 1 6 8. 1 9 2. I n - a d r. A R p A, so the domain name will become difficult. Since this domain area file is expressed as a reverse address map, the number 1. 1 6 8. 1 9 2 The number of numbers that appear in the P T r record. Therefore, N s. E x a m p L e. The reverse address of N e t is 1. 1 6 8. 1 9 2. Convert this number, it is its I P address 1 9 2. 1 6 8. 1. 1. This example uses a representation of Class C address. For Class B networks, its reverse (I n - a d r) domain area file will vary. Take 1 3 2. 1 0. 0. 0 network as an example, the domain name is x y z. C O m. In the boot file, the entry of the in-addr area area file will be represented as: the domain area file can be set to: Also, you can use the $ origin command to segment this domain area in the field: 44 The first part understands the domain name system

Type a full-length gain in Windows NT4, MS knowledge set # q 1 5 4 5 5 5 files should enter the tail of the tail in the DNS management controller, when can you not like this? The input has been described: When the specified server is data in the record (such as the domain name server in the NS record, the specification name in the CNAME record, the main domain server, MS record in the SOA record), the whole domain name must The ".", Because the server in these segments can be in the current domain, or may not be in the current domain, so the whole domain must be used. Other and server-related names do not use the full domain name ".", Such as host name in A record, the domain name in the CNAME record, the domain name in the SOA record, etc.), these names are in use. Suppleed by the domain into a national name. Similar syntax analysis is also applied in the Windows 2000 DNS Server Management Controller. And when you don't need to type ".", You type it sometimes is not related to the contents of writing the entry area file. This file settings that target the domain zone can greatly simplify the management of large domain zone files. The $ O R I g i n command reset all the domain names of the following R r so that it is consistent with the domain name specified in the $ O R I g i n command. If you use $ I n c L u d e command, it can be further simplified. Using $ I N c L u d e commands can put these files in different files in different files, and then insert these files through the $ I n c l u d e command in the primary domain file. The resulting domain area file has the following form: At this time, the files in the two $ I n c L u d E commands should contain the P T r record of the corresponding subnet and the host. Sometimes, I n - a d r rs is authorized by a complete eight byte by a complete eight byte. A R p A domain does not meet the requirements. When using a whateocratic I n t e R n e T domain rout (C i D r), a lookup that is very similar to the reverse lookup is based on a standard name record and the entrusted authorization of the I N-A D r. A R pia domain. See R F C 2 3 1 7.4.3.2 Address (a) Recording address record is a mapping of the host name to I P (version 4) address. These records are used in the field of finding domain zones and root caching files. For I P Version 6, use the corresponding 4 A (a a a a a a a a a a a) resource record. A recorded format and the format of N s records. A record contains owners, categories, t t l, type, and finally the host address. The above order can be different, for example, the TTL value is placed in front of the category. The Windows 2000 DNS server will cycle multiple a records of the same host, each A records to the host name to provide a different I P address. A recorded format can be in the following form (see Figure 4 - 5): A specific A record can be: in a A record, the owner is the host name record itself. Since the source indicated by the S O A record is E x a m p L e. N e t, the host name in the above example actually converts to F S1. E X a m p L e. N e t. This is because F S 1 is not added ".", According to D N s default, Chapter 4, domain information detail 45

Features will add the source domain name to the resource name. The result is the host F S1. E x a m p1. N e t's query points to this record and returns the corresponding I P address. Figure 4 - 5 is a D n S Manage Controller Properties dialog for a record. Similar to the P T r record, the TTL value is obtained by the M - T t l value recorded by S O A. $ O R I g i n and $ I N C L u D E-statement can also be used in a record. If the domain's primary domain server is also a sub-domain service, you can use the $ O R I g i n statement to retest the source below the record below to the appropriate subdomain. Similarly, the $ include statement can also segment some files to the corresponding files, making the domain area file simplified. Figure 4-5 Observing a Recording 4.3.3 Mail Exchange (M x) Record Mail Exchange Record in the D N S Manage Controller. M x Record as a member of the domain to provide information to deliver the message. The format of M x record is similar to N S recorded, which also contains owner, t t l, category, type, and mail switch itself. In addition, M x record has a priority segment to specify the priority of each host that can transmit mail. With a M x record pointing to a host for mail is not to configure that host receives mail! Figure 4 - 6 shows the D N S Manage Controller Properties dialog recorded by M x. The format of M x record is as follows: The following is an example of M x record (see Figure 4 - 6): The second line describes two things. One is that if the S O A record is the last record set in the file, the N S will automatically become the mail exchanger of the specified domain e x a m p L e. N e t in the S O A record. It is important to pay attention to the impact of the record order before the file in the file is very large, so if the record in front of the MX is a record instead of the SOA record (such as Second -Fiddler IN A 192.168.1.32), the host mailhub becomes the host. SECONDFIDDLER's mail switch instead of domain 46 first part of understanding domain name system

e x a m p L e. N e t's mail swappers. Therefore, if the owner is specified in the M x record, D N S will consider that owner is the one in the previous record. Figure 4-6 Observing M x Recording in the D N S Manage Controller If the domain can have several mail swappers, the priority can be used to specify the order of use. Use priority to provide a certain redundancy for mail delivery to ensure email delivery. The value of the priority should be between 0 ~ 6 5 5 3 5, the smaller the value, the higher the priority. Priority 1 0, 2 0, and 3 0 is used in the following M x record, where 1 0 is preferentially preferably 300 in again 2 0, 2 0. In the above example, the three M x records are email exchange records for e x a m p L e. N e T domain, and the priority setting indicates that M A I L H U b is the primary mail switched server. If M A I L H U b is not available or too busy, the email can be sent to M A I L H U B 2. If M a i l h u b and m a i l h u B 2 are not responding, you can use M A I L H UB 3.4.3.4 Record (C N a M e) record specification name record referred to as C n a m e (canonial name) record. C n a m e records an alias for a standard name (domain name, hostname). Alias ​​points or another machine. For example, by using C n a m e record, the primary D n S domain name server and the mail host are the same machine. Figure 4 - 7 is a D N S Manager Properties dialog recorded by C N a M e. The format of C n a m e has the following form: Try to consider the following: A business has registered N s. X y z. C O m is the main D n S server of the domain, but the mail program requires a special computer name such as M A I L H O S T as a mail host name. To solve this problem, you can detail the actual name of the computer Chapter 4 47

(Normative Name) is N s. X y z. C O R n, and then add a C N a M e record so that the mail to M A I L H O S T is also sent to N s. X y z. C O m. In this way, in addition to the administrator, others don't know that two names or both services are actually used. Test Considering the following assumptions: a company uses F T P. X y z. C O m as the primary server of F T P. It also wants to run a WE B server, but the WE B server is named WW W. COM, and the FTP service is running on the same machine, so you can add a standard name record, point the WWW packet to FTP. Xyz. COM. Figure 4-7 Observing the C N A MEE Record in the D N S Manage Controller Setting up a loop in a mail exchange program, such as sending a message, avoiding a loop because the loop cannot be delivered. The loop will make the email to loop in a circle without the last destination. If the message is sent to a machine, this machine sends the message to another machine, and finally send the message back to the first machine. Some mail programs avoid cycles by using M x records that do not use equal or smaller values ​​priority to the local host and other machines. The domain zone file corresponding to the above situation has the following form: Name M A I L H O S. x y z. C O m and ns.xyz. COM will be correctly parsed, and get the same I P address. Another example is the address of the specified F T P and W W W service using C N a M e, can also be used for other services such as F T P, T f T P and H T T P,. C N a M e Record allows these services to use the host using any habitual name. C N a M e can also make although the physical host of the service is changed, the machine name used by these services is unchanged, and services are available as usual. This will be able to improve the service 48 first part of the 48 first part of the 48 first part of the domain name system by using new computers.

Performance without affecting the normal operation of the service. Because it is easy to specify a new host for the service by c n a m e, and the general users will not be aware. Note This benefit can also be provided using S RV records. It is pointed to a untrustse host M x record and N s records cannot point to an untrue host, that is, a host named by C N A M e alias. All hosts specified in the N S record must also have a A record as a direct resolution in the same domain area file. If you forget one of these rules, the domain name server does not stop working, but it will generate an error message. 4.3.5 Services (S RV) Record From the technical point of view, S RV record is an experimental resource record, Microsoft constructs a service basis to eliminate traditional N et BIOS services, this foundation is dependent on the positioning provides a service host S RV record. Under the old operating system (N T 4 or earlier), the host provides what kind of service is broadcast through n e t b I o s. Under the new operating system, Under Windows 2000, it is implemented by using S RV records. The client must know the S RV record to find the host that provides the required service via the S RV record, in other words, if the client doesn't know what to ask D N s, it will not get the answer. When the client is able to query a type of service and get an answer, it will get an I P address so that contact the requested service. An example is a user requests to log in to the Internet through the client. To do this, the client must be able to confirm that the user uses the correct domain controller. That is, the client must know where to send a confirmation request. The client should send a D n s query to the server as a login domain controller. Although the actual process is more complicated, the user identity authentication process will continue after the domain controller is confirmed. When D N S can perform dynamic update, the service record is created by the N e t l o g o n process. It is used to maintain the Structure Structure, otherwise, some S RV records must be created manually, and some examples of the S RV record service type are listed below. S RV records can be used to broadcast other services outside the services that have been queried. Figure 4 - 8 shows the process of creating a broadcast S1. E x a m p L e. N e T host S Ring record. Figure 4-8 Creating a broadcast S1 host - h t t p. - T c p. E x a m p L e. The format of the service recording service record of N e t is shown below: Chapter 4 Data Details 49

Note that there must be a bit number between "S E R V I C E" and "P R Ot O C O L". The priority value (

value) is very similar to the priority value of M x record, the smaller the value, the higher the priority. The range range from 0 to 6 5 5 3 5. The weight ( value) is used when there are multiple recording of the same service, with a value from 1 to 6 5 5 3 5, and the query is proportional to the values. This is more advanced than the impact of the load balancing with wheel rotation. When the load balance is not considered 0. For the target (T A RG E T) domain, there is also a special value, i.e., when the service indicated in the record is confirmed in this domain, filling in the target domain in the target domain. The following is an example of a S RV record. The type of service required by S RV record broadcasts is as follows: _LDAP._TCP. - Allows the client to find a L D A P server in the specified domain. _LDap._tcp. ._ Sites. - Allows the client to find the L D A P server in the domain of the most cut specified site. _GC._tcp. - Allows the client to find a global directory server using the active directory root field. _gc._tcp. ._ sites. - Allows the client to find the global directory server that is the most consistent with the specified site where the active directory root domain is allowed. _kerberos._tcp. - Allows the client to find the Kerberos KDC service to the domain. _kerberos._udp. - In addition to using U D P instead of the T C P protocol. _kerberos._tcp. ._ sites. - Allows the client to find K d C in the domain of the most cut specified site. _kpasswd._tcp. - Allows the client to find K E R B E R O S in the domain to change the password service. _ k P a s s w d. _ u d p. - In addition to using u d P instead of T C P protocols. Note Some S RV records for the first defined word of or or are used to construct a classification and service query tree. Such an active directory client and server can be positioned by a simple query rather than a series of chain queries. This is very similar to the service directory of the Active Directory with_ S i T E S collected with the most suitable service positioning of the specified name site. 4.3.6 Windows Internet Domain Name Server (W i N s) Record Microsoft DNS Server and Some of the other dedicated servers that apply to Windows 2000 / NT support W i n S record type. It is not a resource record consistent with R f C. The format of W i n s record is basically the same as other recorded formats, but there are also some differences, in order to understand W i n s and it is similar to D N, seeing the server, see Chapter 1 6. Within a small range, when the client is not used to register on D N s but is registered on a W i n S server, the resource record of this server allows D N s to answer the query of the client named by N e T B I O s. However, it must be in the domain that is recorded in the root of the domain zone in W i N s. W i n s and w i n s Record a number worth noting in the use of D N S, so a chapter is specifically used to discuss it. Be careful here, when transmitting a domain region to a non-Microsoft DNS server (very small), the W i n s record should be omitted, which is determined by the rule of R f C.

So I have to remember that only the Windows DNS server knows what the use is what is WINS. Your ISP may not want to transfer the WINS record to its server when sending the WINS area! The better design is the secondary server of the Windows domain. MS DNS Instead of the DNS of the UNIX host so that WINS records can be transferred to all servers that need it. This approach is also in line with such design rules: primary server 50 first partially understands domain name systems and secondary servers not only authorized, but they can access all the same information. If only some domain name servers resolve the w i n S address in the domain, the client will have uncertain behavior. The most basic form of the W i N s record format is as follows: Here, the option value is D N S waiting to wait for the W i N S server to respond to the response response, the default value of Wi N D O W S2 0 0 0 is 2 seconds. The value is the length of time of D n s cache W i n s response. The default value of Windows 2000 is 1 5 minutes (given in seconds). These two must use L or C as the prefix of the value. The parameter control domain transmission of the L O c a l option will not be transferred when this option is used in use. Note that the minimum effective time of S O A record is independent of W i N s record, because the c parameter actually determines that D N S can keep the recording of the record. The following is an example of a W i N S resource record: the easiest way to find the feature of W i N s is to record a W i N s to the domain area file through the Windows DNS Management Console. To join a W i N S record, first select the correct domain zone root node in the D N S management console, then right-click Select Properties from the context menu (P R O P E R T I E S), a new dialog box appears. In this Domain Area Properties dialog box, select the W i N S tab to add a W i N S record and the I P address of the input W i N S server, as shown in Figure 4-9. Figure 4-9 Configuring the domain area to use WINS to find only the highly reliable WINS server, and to know that DNS must look down on the WINS server after the DNS must be fails, so it must communicate with WINS so you The DNS server must have considerable capabilities. As mentioned earlier, such W i N s must be rooted in the domain area. This means that all subdomains below this domain can use w i n s. Such a single N e t B I O S named by W i N s look like a multi-D N s full domain name. This is why it is recommended to create only a domain only for this purpose. A new P C is used as shown in Figure 4 - 1 0, using a new P C. E X A M P L E. N e t. In the Windous DNS Server Management Console, such a new domain must be created as a new domain area. Chapter 4 Domain Information Details 51

4.3.7 Reverse Windows Internet Domain Name Server (W I N S - R) Recording Another option of the Windows Internet Domain Name Server (W i N S) is reverse W i n S recorded, which can be referred to as W i n s -r record. This resource record is used in I n - a d r. A R p A field and provides reverse lookups for D n s by W i n s. The format and W i N S records are similar to the format of W i n s - r, and the difference is that the domain area files of the record are different and the last parameters are different. The form of W i n S - r records is shown below, its meaning of "L O C a L" and "T L M E O U T" option is consistent with the match record of W i N s. In the Windows DNS Management Console, W i n S - r records via the I n - a d r. A RF field of the A R p A domain is set to be effective or invalid (see Figure 4 - 1 0). Select the "W I N S - R" tab, specify the domain name behind the host name obtained from W i N S. There is also an option in the tab to specify the impact range of the W i N S - R record to prevent the record from transferring the record to a secondary server that cannot understand the W i N S record type. Figure 4-10 Configuring an I n - a d r. A R p A reverse find the domain area to use the W i N S - R record 4.4 Cache file cache file (cache file) to save the name and address of the root domain server. The cache file is sometimes referred to as a prompt file (H i N TF I L E) because it can provide a prompt to the server how to resolve difficult queries. The cache file is not stored as the result of its name is hidden. Cache files cannot be confused with the cache of the domain name server, the cache is established when it is parsed, and the cache file typically contains the name and IP address of the root server, which is static for I NTERNET cache file entry (unless i nter NIC) Add a new root server) and when you cannot reset a host through a standard entrustment authorization, they give some other available DNS servers, and the M ICrosoft documentation is often called the root implied file. In Windows 2000 / NT, it is given in files named C A C H E. D N s. Figure 4 - 11 shows a D n S server. Cache text 52 first part of understanding domain name system

The content of the pieces are not very useful as information, but it must exist so that D N s can work. The D n S server assumes that the entries in the cache file are legitimate and are the achievable hosts. When a D n S server cannot reach these root servers, it will cause a serious dead cycle. If you are using a "split-brain" DNS server design, or when the server does not change the I NTERNET, or when the i NiC root domain server changes (this is rarely occurring), you need to change the cache. file. The node address is: f t p: / / r s. I n n μ n μ c. N e t / d o m a I n. N E TE. R O t. Figure 4 - 11 DNS Server Properties dialog box Root prompt file C A c h e. D N s guarantees that the cache file should ensure that the cache file is determined. If the root-level server is not defined, the D n S server may fall into a dead cycle. In this case, since there is no timing mechanism to terminate the cycle, any other host cannot be parsed again. Accessing the root domain server domain name server by caching file must answer the query, even if they do not contain local information that can be quickly and directly answer. Some recursive queries require D N s servers to get answers from other places. If the result is not obtained in the domain name tree, the cache file enables the D n S server quickly access the root field server, so that the way to find the down-finding path is found to reach the authorization D n s server for the domain of the specified host. If the computer in the network is not connected to I n t e R n e t or using a "split" design, but still use D N S to perform resolution, the cache file must point to the root domain server. If the root domain name server is just at the top of the local domain name tree, the cache in the boot profile points points to the cache file, but point to a name and IP address containing this domain server, and as a domain area of ​​root domain . This is legal, and it works very well. The query that cannot be answered will be considered a domain that does not exist. If this domain server can point to another computer that it is considered to be the root server, the query can continue and achieve good results. One options recommended by M i C R O S O f T are cache files that only contain "." Or only those servers that start the root server function in the specified dedicated D N S. Chapter 4 Data Details 53

转载请注明原文地址:https://www.9cbs.com/read-3339.html

New Post(0)