Rodney Buike - Founder and original lazy admin.
Daniel Nerenberg - Microsoft MVP and lazy admin.
Disclaimer
These postings are provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.
|
|
Maintenance, its boring, repetitive, and often forgotten. The old adage “If it ain’t broke, don’t fix it” is followed by too many administrators but preventitive maintenance can help you discover minor problems and allow you to fix them before they snowball into major issues!
There are some simple maintenance tasks that you can perform on a weekly or monthly basis to help you keep things running smoothly. First and foremost is to quickly review the DNS Server event logs on your DNS servers. You can lookup any events at the Events and Errors Message Center. This is something that you can do on a daily basis, it only takes a minute and you can create a custom MMC console with your Event Logs from all your servers for quick and easy reference.
Microsoft has some tools available which you can use to test and verify the operation
Continue reading DNS Tips #19 – DNS Server Maintenance
NSLookup is a powerful troubleshooting tool that administrators can use to determine DNS related problems. I am often asked about errors that occur when using NSLookup. Seeing as troubleshooting the troubleshooting tool will only extend the time it takes to resolve the problem I have documented so of the errors you may encounter with NSLookup and the resolution.
Looking for a record that doesn’t exist can cause an odd issue to pop up.
C:> nslookup Default Server: dns.thelazyadmin.lab Address: 10.0.0.10
> thelazyadmin.lab.
Name: thelazyadmin.lab
This weird output can appear if there are no A records for thelazyadmin.lab. To determine what records do exist use the set=any command to list all the records available.
C:>nslookup
> set type=any
> thelazyadmin.lab.
Server: dns.thelazyadmin.lab
Address: 10.0.0.10
thelazyadmin.lab nameserver = ns1.thelazyadmin.lab
thelazyadmin.lab nameserver = ns2.thelazyadmin.lab
thelazyadmin.lab
primary name server = ns1.thelazyadmin.lab
responsible mail addr = mail.thelazyadmin.lab
serial = 178
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
thelazyadmin.lab
Continue reading DNS Tips #18 – Troubleshoot DNS with NSLookup
Securing the cache against pollution helps to prevent spoofed DNS records from polluting the cache. This is an important setting on external DNS servers and I even recommend it for internal DNS servers.
Securing your DNS servers from cache pollution is rather straight-forward. Open up Administrative Tools, and then click DNS to open the DNS Management MMC. Right-click on the DNS server and select Properties, then select the Advanced tab. Check the box next to Secure Cache Against Pollution.
That’s all there is to it! Now Windows will still trust zone transfers from BIND servers so if you are using BIND you should upgrade to BIND 9 which automatically scrubs poisoned records.
As with any standard, there are specifications on what is allowed and what is not allowed. DNS is a standard and as such has certain restrictions on DNS names.
When creating a DNS name, you should be aware of these limitations to prevent any problems from forming and causing issue on your network. The first thing to understand is that not all characters can be used in DNS names. The following characters cannot be used in a DNS name.
! @ # $ % ^ & * ( ) – _ + = { } ` ~ . ? < > [ ] | [space]
When creating your DNS name, your best bet is to stick to numbers and letters. There are also limits on the length of DNS names. The following limits apply when creating DNS names. Host name length is limited to 63 characters and the
Continue reading DNS Tips # 16 – Properly Formatting DNS Names
We all know DNS is important to web browsing, Active Directory and so much more. However, I am often receive emails asking questions about DNS issues and the answers almost always lead back to how DNS lookups work. Understanding how DNS resolves names to IP addresses is crucial to troubleshooting DNS related issues.
The first and most obvious step in the DNS resolution task is entering the DNS name. Let’s walk through an example of DNS resolution. You can follow along the steps below with this example.
It all starts when you enter a DNS name such as www.thelazyadmin.com into your browser. The browser passes the DNS name to the DNS client and waits for the response (either an IP address, or an error code). The DNS client takes the DNS name and makes a request to the computers DNS server. The DNS
Continue reading DNS Tips # 15 – DNS Resolution Explained
Windows DNS is pretty straightforward to install and setup, but occasionally issues occur that require investigation. By enabling DNS debug logging, you can log all DNS related actions such as zone transfers, DNS queries and resource record updates.
Configuring DNS Debug logging can be done from the command line using DNSCmd.exe or from the GUI. Before this feature can be enabled via the command line, you first must calculate the log level. Simply select the log level options from the chart below and add up the hex values, the result is the log level value you need to use with DNSCmd.
In this example I will choose to log question (0×100) and answer (0×200) packets which adds up to 0×300.
DNSCmd [DNSServerName] /Config /LogLevel [LogLevel Hex Value] DNSCmd ns1.thelazyadmin.lab /config /LogLevel 0×300
You can also specify the location of the log file…..
DNSCmd
Continue reading DNS Tips #14 – DNS Logging
DNS is a hierarchical naming system. A DNS name includes the names of all of the DNS namespaces that it belongs to. The DNS namespace is made up of a number of components.
The DNS namespace starts with a root domain. The root domain is a logical domain that has no name and is represented by a dot (.) The root domain holds all top-level domains (TLDs) because they are the highest-level end of the DNS namespace. Examples of TLDs include .com, .net, .ca etc….
In order to have an Internet presence you have to register an Internet domain name. This domain name will be a subdomain of a top-level domain. Examples of a registerd domain name include Thelazyadmin.com, Microsoft.com and Google.com.
The components mentioned make up the External DNS namespace. On the inside of an organization you may have an Internal DNS namespace. This namespace contains the subdomains of the registered
Continue reading DNS Tips #13 – DNS Namespace Explained
There are a variety of differnt DNS Resource Records. What are they and when do you use one or the other? Keep reading!
When working with Active Directory there are certain record types you need to be familiar with.
Start of Authority (SOA) records are used to identify the primary name server for the domain. This record also sets such parameters as expiration times and TTL as well as the settings required for zone transfers.
Host (A) records are used to identify the IP address for a host. These are the most common type of resource record and can be created manually or clients can register themselves with DNS with Dynamic DNS registration.
Mail eXchanger (MX) records are used to identify email servers. You would normally create an MX record on your external DNS server(s) to help external resources locate the mail server(s) for your domain.
Name Server (NS) records identify the name servers
Continue reading DNS Tips #12 – DNS Record Types
When using Windows 2003 and Exchange 2003, there is an issue that can occur when you attempt to resolve certain Domain Name System (DNS) query responses through a firewall. When DNS queries are passed through a firewall they are inspected (this depends on your firewall). DNS query packets may be blockedif they are larger than 512 bytes.
When sending email to certain domains you may get the following error: ‘
Usersname@domain.com’ on 9/13/2005 9:00 AM There was a SMTP communication problem with the recipient’s email server. Please contact your system administrator.
The problem here is that RFC 2671, “Extensions Mechanisms for DNS (EDNS0),” will allow DNS requests to send UDP packets larger than the standard 512 bytes. Depending on if the ISP has enabled this, DNS queries returned from those ISPs will be blocked if the firewall is configured to block oversized UDP packets. There are two ways to
Continue reading DNS Tips #11 – DNS, Exchange and Firewalls
Windows 2003 introduced a new type of DNS zone called a Stub Zone. A Stub Zone is a zone that it obtains its resource records from other name servers. A stub zone is like a secondary zone, however it is read-only so administrators can’t manually add, remove, or modify resource records on it.
Stub zones only contain the following types of DNS records – A copy of the SOA record for the zone. – Copies of NS records for all name servers authoritative for the zone. – Copies of A records for all name servers authoritative for the zone. A Stub zone will not contain any CNAME records, MX records, SRV records, or A records for hosts in the zone. Stub zones can be integrated with Active Directory, unlike secodary zones, and use TCP for all transfers. Stub zones are normally used to make name resolution between forests more efficient.
Continue reading DNS Tips #10 – Stub Zones
|
|
|
Get a free 5GB e-mail account @isalazyadmin.com |
|
