Lesson 2: Administering DNS in a Restructure Migration

In this lesson, you'll look at the importance of DNS to the restructure process.


After this lesson, you will be able to

  • Configure Windows 2000 DNS.
  • Verify that DNS is working.

Estimated lesson time: 35 minutes


Implementing a DNS Configuration

As you've seen in Chapter 4, "Assessing Your Network Infrastructure," the Domain Name System (DNS) performs the mapping of fully qualified domain names (FQDNs) to IP addresses. Windows 2000 and Active Directory use DNS to locate resources. When performing a restructure migration, remember the following:

  • The design of the DNS hierarchy should have been completed as one of the key components of the migration plan.
  • The DNS plan must include such issues as the number and placement of DNS servers and the zones for which they will be responsible.

It is essential that you have already thought through how you will locate resources via DNS. For example, when moving computers to the pristine environment, some of your options are the following:

  • Use the integrated Windows 2000 DHCP service to assign IP addresses to clients. The DHCP service will automatically update the DNS server.
  • Manually enter the new host records in readiness for the workstations, servers, and domain controllers that will be joining the pristine environment.
  • Plan to allow all workstations and servers to keep their current IP addresses and import the IP addresses and host names from a copy of the DNS BIND files located on the Windows NT system.
  • Use the Windows NT DNS server as a secondary server for Windows 2000 DNS.

Whether you decide to use any of these options, if you don't carefully plan for implementing Windows 2000 DNS, you might find that users can no longer access resources located on restructured servers.

NOTE


This book has revisited DNS on several occasions. DNS is so vital to Windows 2000 Active Directory directory services that it's essential for you take time to learn about it in greater depth from such books as MCSE Training Kit—Windows 2000 Active Directory Services and MCSE Training Kit—Designing a Microsoft Windows 2000 Directory Services Infrastructure.

Nslookup is supplied with Windows NT and Windows 2000 and provides a means for diagnosing DNS problems. Nslookup can test forward and reverse lookup zones for servers and also list all the records held in a particular domain by a server. You'll use Nslookup to verify the DNS settings for the TRAINKIT domain in the following practice.

Practice: Configuring DNS

This practice will give you further experience setting up DNS records and verifying that the DNS server is working. The DNS server on TRAINKIT1 will be used for the trainkit.microsoft.com, the migrate.microsoft.co.uk domain to be created later in this chapter, and the migkit.trainkit.microsoft.com domains. You'll also configure reverse lookup (the service that maps IP addresses to names), which is required by the ADMT and ClonePrincipal tools that you'll be using.

When the Active Directory installation wizard installs DNS, it configures the loopback IP address for the server (127.0.0.1) as the address of the DNS server. The loopback address can cause problems when other systems attempt to determine the name of the DNS server in use. Therefore, if the DNS server is set to 127.0.0.1, you will need to configure TRAINKIT1 to be its own DNS server. This is an essential step that you should have completed in Chapter 8, but you'll check this setting again now.

To verify that TRAINKIT1 is its own DNS server

  1. Log on to TRAINKIT1 as Administrator with the password secret.
  2. Right-click My Network Places and select Properties from the shortcut menu that appears.

    The Network And Dial-up Connections dialog box will appear.

  3. Right-click the Local Area Connection icon and select Properties from the shortcut menu.

    The Local Area Connection Properties dialog box will appear.

  4. Select Internet Protocol (TCP/IP) from the list box and click the Properties button.

    The Internet Protocol (TCP/IP) Properties dialog box will appear.

  5. Verify that the IP address 192.168.0.105 is listed in the Preferred DNS Server field. If necessary, enter it now.
  6. Click OK to close each dialog box and then close the Network And Dial-up Connections dialog box.

To create a reverse lookup zone for trainkit.microsoft.com

  1. Log on (if necessary) to TRAINKIT1 as Administrator with the password secret.
  2. Open the DNS administrative tool from the Start menu by opening Programs, Administrative Tools, and clicking DNS.
  3. Double-click the TRAINKIT1 server icon to view the forward and reverse lookup zones.
  4. Right-click Reverse Lookup Zones and select New Zone from the shortcut menu.

    The New Zone Wizard will appear.

  5. Click Next to open the Zone Type dialog box.
  6. Select Active Directory–Integrated from the three zone type options presented, and then click Next.

    Now you must enter the IP address range for which your DNS system will provide authority.

  7. Enter 192.168.0 as the range of the addresses so that the lookup zone resembles that shown in Figure 9.1.

    click to view at full size.

    Figure 9.1 Identifying the reverse lookup zone

  8. Click Next.
  9. On the summary page, verify that you've entered the correct settings and then click the Finish button to create the zone.

    You must now manually create a pointer in the reverse lookup domain for trainkit1.trainkit.microsoft.com.

  10. Double-click on the entry 192.168.0.x Subnet under Reverse Lookup Zones.
  11. Right-click the entry 192.168.0.x Subnet, and then select New Pointer from the shortcut menu. If the New Pointer item isn't available, select Refresh on the shortcut menu, and then select New Pointer again.

    The New Resource Record dialog box will appear.

  12. For the final byte in the Host IP Number box, type 105.
  13. In the Host Name box, type trainkit1.trainkit.microsoft.com and then click OK.

NOTE


Sometimes you won't see items even though they're in the DNS database. To see the items, you can press the F5 key to refresh the screen. If the refresh doesn't work, you can also try restarting the DNS service by right-clicking the TRAINKIT1 server in the DNS administrative tool, selecting All Tasks from the context menu, and then selecting Restart.

You're going to use the TRAINKIT1 server as the DNS server for the whole network. You must therefore create a zone for the (future) migrate.microsoft.co.uk domain and create a DNS entry for the MIGRATE1 domain installed on PC2. Perform the following tasks using the DNS administrative tool on TRAINKIT1.

To add the migrate.microsoft.co.uk zone to TRAINKIT1

  1. In the DNS tool's left pane, right-click Forward Lookup Zones and select New Zone from the shortcut menu that appears.

    The New Zone Wizard will appear.

  2. Click Next.
  3. Select Active Directory—Integrated for the zone type and click Next.

    The wizard will now ask you for the name of the domain to be created.

  4. Enter the domain name migrate.microsoft.co.uk and click Next.

    The summary page will now appear.

  5. Click Finish to close the wizard and create the zone.

    Note that the migrate.microsoft.co.uk zone has now appeared in the forward lookup zones.

You are now going to create another zone that will be used for the intra-forest restructure practice at the end of this chapter.

To add the migkit.trainkit.microsoft.com zone to TRAINKIT1

  1. Right-click Forward Lookup Zones and select New Zone from the shortcut menu.

    The New Zone Wizard will start up.

  2. Click Next.
  3. Select the zone type as Active Directory—Integrated and click Next.
  4. Enter the domain name migkit.trainkit.microsoft.com and click Next.
  5. Click Finish.

    Note that the migkit.trainkit.microsoft.com zone has now appeared in the forward lookup zones.

Now that you have the zones in place, the hosts must be added to them. Once a host is in the zone, the DNS server can look up the host name and supply the matching IP address.

To add hosts to the zones

  1. Expand Forward Lookup Zones in the left pane and then right-click the migrate.microsoft.co.uk zone.
  2. Select New Host from the shortcut menu.

    The New Host dialog box will appear.

  3. In the Name box, type migrate1, in the IP Address box, type 192.168.0.106, and place a check mark next to Create Associated Pointer (PTR) Record, which will automatically create a reverse lookup entry.
  4. Click the Add Host button to add a new record.

    A DNS message box appears to tell you the host was added.

  5. Click OK to continue.
  6. Enter another new host, migrate2, set the IP address to 192.168.0.107, and make sure the check box is still set. Click Add Host.
  7. When the message box appears, click OK, and then click Done to close the New Host dialog box.
  8. Right-click the trainkit.microsoft.com zone, open the New Host dialog box, and, repeating steps 1 to 7, add a host record for a computer called TRAINKIT2 with an IP address of 192.168.0.110. Make sure that Create Associated Pointer (PTR) Record is selected so that a reverse lookup entry will be created.
  9. Finally, right-click the migkit.trainkit.microsoft.com zone and add a host record for MIGKIT1 with an IP address of 192.168.0.100. Make sure that Create Associated Pointer (PTR) Record is selected so that a reverse lookup entry will be created.
  10. Verify the successful creation of your reverse zone records by clicking 192.168.0.x Subnet under Reverse Lookup Zones. Remember to press F5 to refresh the list if you don't see the records as shown in Figure 9.2.

    click to view at full size.

    Figure 9.2 Reverse lookup zones

  11. Close the DNS tool.

For the migration exercises to work, MIGRATE1 in the MIGRATE domain (which will be used as the source for the migration) must be connected to a properly configured DNS server that has reverse lookup enabled.

To configure DNS on MIGRATE1

  1. Log on to MIGRATE1 (PC2) as Administrator with the password secret.
  2. Right-click Network Neighborhood and select Properties from the shortcut menu that appears.

    The Network dialog box will appear.

  3. From the Protocols tab, select TCP/IP Protocol and click the Properties button.

    The Microsoft TCP/IP Properties dialog box will appear.

  4. Select the DNS tab and type migrate.microsoft.co.uk into the Domain box.

    Now you're going to assign TRAINKIT1 to be the DNS server for MIGRATE1.

  5. Click the Add button in the DNS Service Search Order section.
  6. Type the address 192.168.0.105 (the IP address of TRAINKIT1) in the TCP/IP DNS Server dialog box, and then click Add.
  7. Click OK to close the Microsoft TCP/IP Properties dialog box and then close Network Neighborhood.

You now have a number of hosts enabled in the DNS. To verify their existence, you will now use the Nslookup program to check the host entries.

To verify the DNS service

  1. On the MIGRATE1 system, open a command prompt.
  2. Type the following command: nslookup.

    The command-line program will start and should identify trainkit1.train-kit.microsoft.com as the default server with an IP address of 192.168.0.105.

  3. To test forward lookup, type migrate1.migrate.microsoft.co.uk and press Enter.

    The DNS server name and IP address should be displayed, followed by the IP address of MIGRATE1, 192.168.0.106. If it doesn't appear, check your DNS configuration.

  4. Type the following commands, one line at a time, and study the results:

     ls trainkit.microsoft.com ls _t srv trainkit.microsoft.com 

    Notice the global catalog (gc) alias in the first command's listing.

    What is the difference between these two commands?

  5. Now test reverse lookup by typing 192.168.0.105 and pressing Enter.

    A result of trainkit1.trainkit.microsoft.com should be displayed.

  6. Now type 192.168.0.100 and press Enter.

    A result of migkit1.migkit.trainkit.microsoft.com should be displayed.

  7. Finally, type 192.168.0.106 and press Enter.

    A result of migrate1.microsoft.co.uk should be displayed.

  8. Exit from Nslookup by typing exit.

The Nslookup command will help you verify whether your DNS service is running correctly and help you test entries in the forward and reverse lookup zones.

Answers

Lesson Summary

In this lesson, you learned that DNS is core to Windows 2000 Active Directory and that if you don't plan your DNS structure properly, you might lose access to resources located on restructured servers. You learned how to set up forward and reverse lookup zones in Windows 2000 DNS and to add hosts for the zones. You also used the Nslookup utility to query your DNS database from a remote server.



MCSE Training Kit (Exam 70-222. Migrating from Microsoft Windows NT 4. 0 to Microsoft Windows 2000)
MCSE Training Kit (Exam 70-222): Migrating from Microsoft Windows NT 4.0 to Microsoft Windows 2000 (MCSE Training Kits)
ISBN: 0735612390
EAN: 2147483647
Year: 2001
Pages: 126

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net