7.4 Zone Data File Controls
7.4 Zone Data File Controls The data files for all name servers, whether Microsoft or BIND, can include two control entries: $ORIGIN and $INCLUDE. $ORIGIN changes the origin, and $INCLUDE inserts a new file into the current file. These control entries are not resource records; they facilitate the maintenance of DNS data. They were designed back in the "good old days" as a shortcut for people who had to edit zone data files by hand. If you make changes to your zones with the DNS console only, you won't encounter these controls: the Microsoft DNS Server doesn't use them in the zone data files it generates. However, some day you might need to work with zone data files created by hand, so it's important that you understand these controls. 7.4.1 Changing the Origin in a Data FileThe default origin for a DNS data file is just the domain name of the zone. The origin is a domain name that is appended automatically to all names not ending in a dot. This origin can be changed within the zone data file using $ORIGIN, which must be followed by a domain name. (Don't forget the trailing dot if you give the full domain name!) From that point in the file on, the new will be origin appended to all names not ending in a dot. If we didn't have the DNS console to make changes and had to edit files by hand, we'd run into times when $ORIGIN would save us some work. For example, if your name server were responsible for a number of subdomains, you could use the $ORIGIN entry to reset the origin and simplify the files. For example, from the movie.edu zone data file: $ORIGIN classics.movie.edu. maltese IN A 192.253.253.100 casablanca IN A 192.253.253.101 $ORIGIN comedy.movie.edu. mash IN A 192.253.253.200 twins IN A 192.253.253.201 We'll discuss creating subdomains in Chapter 9. 7.4.2 Including Other Data FilesTo continue our example of editing zone data files by hand: once you've subdivided your domain like this, you might find it more convenient to keep the subdomain records in separate files. The $INCLUDE statement would let you do this: $ORIGIN classics.movie.edu. $INCLUDE classics.dns $ORIGIN comedy.movie.edu. $INCLUDE comedy.dns To simplify the file even further, the new origin can be specified on the $INCLUDE line: $INCLUDE classics.dns classics.movie.edu. $INCLUDE comedy.dns comedy.movie.edu. When you specify the origin on the $INCLUDE line, it applies only to the particular file that you're including. For example, the comedy.movie.edu origin applies only to the names in comedy.dns . After comedy.dns has been included, the origin returns to what it was before $INCLUDE, even if comedy.dns contained an $ORIGIN entry. Remember that, strictly speaking, you don't need to know anything about these directives to create subdomains with the DNS console, and the Microsoft DNS Server doesn't generate zone data files using these shortcuts. But you do need to know about them to complete your knowledge of zone data files. 7.4.3 Keeping Everything Running SmoothlyA significant part of maintenance is being aware when something has gone wrongbefore it becomes a real problem. If you catch a problem early, chances are it'll be that much easier to fix. As the adage says, an ounce of prevention is worth a pound of cure. This isn't quite troubleshootingwe'll devote an entire chapter to troubleshooting (Chapter 13)but you can think of it as "pre-troubleshooting." Troubleshooting (the pound of cure) is what you have to do if you ignore maintenance, after your problem has developed complications, when you need to identify the problem by its symptoms. The next two sections deal with preventive maintenance: looking periodically at the Event Log and the name server statistics to see whether any problems are developing. Consider this a name server's medical checkup. 7.4.4 Common Event Log Messages The Microsoft DNS Server logs events to the System Log. To view the events, use the Event Viewer, which you start with Start When the server starts up (either at boot time or because you restarted it) and is ready to answer queries, you'll see this event: The DNS Server has started. (ID 2) For a healthy server, you should see this event after booting. If you stop the server manually, you'll see this event: The DNS Server has shutdown. (ID 3) If a server is a slave for a zone, it will notify you every time it performs a zone transfer: A more recent version, version 2000120500 of zone movie.edu was found at DNS server at 192.249.249.3. Zone transfer is in progress. (ID 6522) The DNS server wrote version 2000120500 of zone movie.edu to file movie.edu.dns. (ID 3150) You'll also see that last message on the primary master when you make a change to a zone through the DNS console and select Action If the primary master is not authoritative for the zoneanother error conditionyou'll see this on the slave: Zone transfer request for secondary zone movie.edu refused by master server at 192. 249.249.3. Check the zone at the master server 192.249.249.3 to verify that zone transfer is enabled to this server. To do so, use the DNS console, and select master server 192.249.249.3 as the applicable server, then in secondary zone movie.edu Properties, view the settings on the Zone Transfers tab. Based on the settings you choose, make any configuration adjustments there (or possibly in the Name Servers tab) so that a zone transfer can be made to this server. (ID 6525) Unfortunately, if the name server simply can't reach the primary master (e.g., if it has gone down), the DNS server never logs an error. On the other hand, a server that's a primary master for a zone will notify you when a slave does a zone transfer: The DNS server successfully completed transfer of zone movie.edu to DNS server at 192.249.249.1. (ID 6001) If you're missing the cache file, cache.dns , or a zone data file, the server will log a flurry of messages. A missing or empty cache file produces these events: The DNS server could not open the file dns\cache.dns. Check that the file exists in the %SystemRoot%\System32\Dns directory and that it contains valid data. The event data is the error code. (ID 1000) The DNS server could not find or open zone file dns\cache.dns. in the %SystemRoot%\ System32\Dns directory. Verify that the zone file is located in this directory and that it contains valid data. (ID 1004) The DNS server is not root authoritative and no root hints were specified in the cache.dns file. Where the server is not a root server, this file must specify root hints in the form of at least one name server (NS) resource record, indicating a root DNS server and a corresponding host (A) resource record for that root DNS server. Otherwise, the DNS server will be unable to contact the root DNS server on startup and will be unable to answer queries for names outside of its own authoritative zones. To correct this problem, use the DNS console to update the server root hints. For more information, see the online Help. (ID 707) The DNS server does not have a cache or other database entry for root name servers. Either the root hints file, cache.dns, or Active Directory must have at least one name server (NS) resource record, indicating a root DNS server and a corresponding host (A) resource record for that root DNS server. Otherwise, the DNS server will be unable to contact the root DNS server on startup and will be unable to answer queries for names outside of its own authoritative zones. To correct this problem, use the DNS console to update the server root hints. For more information, see the online Help. (ID 706) The somewhat cryptic message "The event data is the error code" makes more sense when viewing the message in Event Viewer. This message means there's a specific error code listed in the Data field at the bottom of the Event Properties window for this event. A missing zone data file, say movie.edu.dns , generates these events: The DNS server could not open the file dns\movie.edu.dns. Check that the file exists in the %SystemRoot%\System32\Dns directory and that it contains valid data. The event data is the error code. (ID 1000) The DNS server could not find or open zone file dns\movie.edu.dns. in the %SystemRoot%\System32\Dns directory. Verify that the zone file is located in this directory and that it contains valid data. (ID 1004) The server also logs a syntax error in a zone data file. If you always make changes to your zones using the DNS console, you shouldn't see syntax errors. Editing by hand can get you into trouble, though. Here's what happens when the server encounters a syntax error: The DNS server unexpected end of line, in zone file movie.edu.dns at line 5. To correct the problem, fix this line in the zone file, which is located in the %SystemRoot%\System32\Dns directory. (ID 1505) The DNS server is ignoring an invalid resource record in zone file movie.edu.dns at line 5. See the previously logged event for a description of the error. Although the DNS server continues to load, ignoring this RR, it is recommended that you investigate the error associated with this record and either correct it or remove it from the zone file. (ID 1508) If you put an invalid IP address (such as an IP address not corresponding to a network interface on the server) in the DNS Server IP Addresses field of the Server Properties Interfaces window, you'll see this: The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer. Use the DNS manager server properties, interfaces dialog, to verify and reset the IP addresses the DNS server should listen on. For more information, see "To restrict a DNS server to listen only on selected addresses" in the online Help. (ID 409) Note that the server will not receive queries sent to the wildcard address 0.0.0.0. For a list of most of the events logged by a Microsoft DNS Server, see article Q259302 in the Microsoft Knowledge Base: http://support.microsoft.com/support/kb/articles/Q259/3/02.ASP. 7.4.5 Understanding Name Server Statistics You should periodically look over the statistics on some of your name servers. Name server statistics are viewed with the System Monitor. To start it, select Start Selecting all parameters is not usefulit produces too much information. To get an idea of the amount of memory being used by the server, choose Caching Memory and Database Node Memory . To see how busy the server isthat is, how many queries it is handlinglook at Total Query Received/sec and Total Response Sent/sec . To select several parameters, hold down the Ctrl key while single-clicking . When you've selected all the ones you want, choose Add , then Close . Note that you have to save this list if you want to avoid selecting the list of parameters again. Select Console  |
| | |
Team-Fly  |
| Top |
EAN: 2147483647
Pages: 154