Learn to use AI like a Pro. Learn More

288M Module 1

Estimated read time: 1:20

    Learn to use AI like a Pro

    Get the latest AI workflows to boost your productivity and business performance, delivered weekly by expert consultants. Enjoy step-by-step guides, weekly Q&A sessions, and full access to our AI workflow archive.

    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo
    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo

    Summary

    Robert McMillan introduces Advanced Networking with Windows Server 2022, focusing on DNS components including installation, configuration, and the creation of DNS zones and records. He delves into the importance of DNS in translating domain names to IP addresses, discussing both public and private DNS implementations. McMillan emphasizes the employment benefits of mastering DNS and walks through various DNS concepts such as resolver cache, reverse lookup zones, stub zones, and resource records like SOA and PTR. The session is packed with practical insights on DNS server setup, delegation, and updates, making DNS a critical skill for networking professionals.

      Highlights

      • DNS is essential for translating domain names into IP addresses, easing network access. 🌐
      • Stub zones are outdated but might appear in exams or interviews. 🎓
      • DNS resolver cache boosts speed by retaining local copies of domain queries. ⚡
      • Understanding public vs private DNS is critical for internet and intranet configurations. 🔄
      • DNS delegation allows junior admins to manage records without full domain access. 👨‍💻
      • Reverse lookup zones are crucial for resolving IP addresses back to domain names. 🕵️
      • Record types like SOA, PTR, and NS play key roles in DNS functionality. 🔑

      Key Takeaways

      • Understanding DNS increases employability and skill set. 🚀
      • DNS resolves domain names to IP addresses, simplifying network navigation. 🌐
      • Public DNS differs from private DNS, serving different network needs. 📡
      • DNS caching speeds up domain resolution by storing query results locally. 🗃️
      • Stub zones are rarely used but important for certain network setups. 🤓
      • Dynamic DNS updates allow devices to register themselves automatically. 🔄
      • Mastering DNS involves understanding various record types and configurations. 📝

      Overview

      In this module, instructor Robert McMillan takes us on a journey through the intricacies of DNS (Domain Name System) and its crucial role in networking with Windows Server 2022. From installation to configuration of DNS servers, the course offers a deep dive into the world of DNS, unraveling the complexity behind converting domain names into IP addresses. McMillan highlights the significance of DNS in both public and private scenarios, making it a valuable skill for anyone looking to enhance their employability in the tech sector.

        A variety of DNS configurations are explored, including the differences between forward and reverse lookup zones, and the important yet rarely used stub zones. Understanding resource records such as SOA and PTR, which dictate how DNS entries are handled and how name servers are recognized, forms another critical part of mastering DNS. McMillan's training is not just about theory but also provides actionable insights into managing and optimizing DNS functionality, ensuring learners can apply their skills effectively in real-world environments.

          Dynamic DNS updates, superior speed through resolver cache, and DNS delegation strategies are also covered, giving participants a comprehensive toolkit for DNS management. Whether you're setting up DNS on a non-domain controller server or tweaking access lists for secure DNS handling, this curriculum equips you with the knowledge to navigate and control DNS operations confidently, preparing you for advanced roles in network administration and architecture.

            Chapters

            • 00:00 - 05:30: Introduction to DNS Components This chapter serves as an introduction to DNS Components, as taught by Robert McMillan in the course 'Advanced Networking with Windows Server 2022'. It focuses on the installation and configuration of DNS servers, acting as an extension of previous knowledge on Windows servers. Emphasizing the significance of DNS knowledge, the instructor highlights its importance for employability in the IT field, suggesting that mastering DNS can greatly enhance career opportunities.
            • 05:30 - 11:00: DNS Zones and Records The chapter covers the creation and configuration of DNS zones and records, focusing on their implementation within Active Directory. It highlights the differences between Active Directory DNS and non-Active Directory DNS. The chapter emphasizes the importance of understanding DNS, which serves to resolve domain names to IP addresses.
            • 11:00 - 16:30: DNS Forward and Reverse Lookup Zones The chapter discusses the complexities associated with remembering both IPv4 and IPv6 addresses. It emphasizes the necessity of DNS (Domain Name System) for converting easy-to-remember names into IP addresses, allowing access to resources without needing to recall numeric IP addresses. The hierarchical nature of DNS, referred to as a naming structure or namespace, is highlighted as a fundamental feature.
            • 16:30 - 22:00: Stub Zones and Resource Records The chapter discusses how domain names are structured, explaining that they start from the root domain, which is at the far right of the domain name. It moves from right to left, beginning with 'com' and then the domain name, followed by any subdomain names such as 'www', 'email', or 'web'.
            • 22:00 - 27:30: Installing DNS and Dynamic Updates The chapter discusses the installation and utilization of DNS (Domain Name System) with an emphasis on its importance in both public and internal networks. DNS allows for the mapping of various hostnames to specific IP addresses, serving as a crucial component in managing and accessing domain spaces.
            • 27:30 - 33:00: DNS Forwarding and Conditional Forwarding The chapter discusses the concepts of DNS forwarding and conditional forwarding. It explains the difference between resolving public names and resolving names of servers and other resources within a local network. The text highlights the role of ICANN (Internet Corporation for Assigned Names and Numbers) in managing public names and notes the transition from U.S. control to an international body for overseeing these responsibilities.
            • 33:00 - 38:30: DNS and Active Directory Integration The chapter discusses the critical role of DNS (Domain Name System) in modern internet functionality, highlighting the possibility of using non-public domain names for specific applications like Active Directory. It uses the example of a company having '.internal' domain for internal purposes, contrasting it with previously used non-public domains like '.local', which have become public domain names. Additionally, the chapter explains DNS servers' role in responding to DNS record requests made by resolvers, which essentially refers to clients sending requests to DNS servers.

            288M Module 1 Transcription

            • 00:00 - 00:30 welcome to Advanced networking with Windows Server 2022 I am your instructor Robert McMillan and we're going to talk about an introduction to DNS components we're going to look at installation and configuring of DNS servers this is going to be an extension to the introduction to Windows servers we're going to go much deeper and cover much more territory now one of the interesting things about DNS is that once you learn DNS you become highly employable and so
            • 00:30 - 01:00 after for work so this is going to be an area that you really need to pay attention to and to do your best to learn the most you can out of it so we're also going to look at creating configuring DNS zones and records and active directory DNS implementation which is a little different than non-ad DNS and I'll show you what that means what DNS does or domain name system is basically resolve it resolves names to IP addresses and IP addresses
            • 01:00 - 01:30 are difficult to remember because uh you've got both ipv4 addresses and IPv6 addresses and these things can become very complicated you have to have a really good memory if you're going to try to open up resources using an IP address instead of a name so we need to have some way of translating or converting a name to an IP address and that's exactly what DNS does there is a hierarchy to DNS and we call that a naming structure uh name space it's hierarchical which means that
            • 01:30 - 02:00 it starts with a root domain which is going to be all the way to the right so for instance if we have a domain it's going to start at do com it doesn't start at www it starts at do and works its way left it reads from right to left and then comes the name of the domain followed by any subdomain names you might have after that now we don't really use www much anymore but you might have other things like it might be email. contoso.com or web . kos.com or
            • 02:00 - 02:30 even VPN anyone of an unlimited amount of different names that you can use DNS is used in a couple of different areas first Public public meaning internet facing that means that when you set up a public domain space you're going to also uh be able to point all the different host names to specific IP addresses it works the same way with internal NS as well except for instead
            • 02:30 - 03:00 of resolving public names you're now resolving names of say servers and other resources on your on premises Network public names work with Ian or the internet Corporation for assigned names and numbers this used to be something that the United States since they invented we invented the uh internet uh has you know gone ahead and managed but now we've turned it over over to an international body which makes a lot of sense since the the world
            • 03:00 - 03:30 really cannot function without the internet anymore so a non-public domain name is also possible for say active directory in this case you've got the widget llc. internal we used to use the looc names uh for a long time but then somebody bought it and now it's public now. local is a public domain name DNS servers respond to requests for dnf records that are made by resolvers that's kind of a fancy way to say that a client ient can send a request to
            • 03:30 - 04:00 resolve a name to an IP address because the servers are going to respond by IP addresses they're not going to respond by names but you are of course requesting these Resources by names so DNS is going to go ahead and do that resolving for you so that way it's seamless to you as the user trying to access a server such as a domain controller in this case dc1 all domain controllers by default are also DNS servers and I don't recommend that you take that away from
            • 04:00 - 04:30 them because uh if you try to take away DNS from a domain controller and just point it to another domain controller it's possible the resolution speed might not be fast enough and then you might end up uh taking much longer uh to access things and you'll notice some latency and it might even time out when a DNS server is going to be responsible for a specific namespace such as contoso.com you create a zone that corresponds with that namespace now
            • 04:30 - 05:00 the first Zone owner say the DNS owner of that particular zone of say kos.com is also going to have write capability not just read capability but also the ability to make changes to that zone such as adding new records deleting records and editing them but secondary zones are going to be readon you could make them you could make multiple primary zones but you could have secondary zones which are readon where you don't want the administrator of that particular server to make it any changes
            • 05:00 - 05:30 to it and this is pretty popular for child domains as well as domains in remote locations a DNS resolver that's the client that needs to resolve the DNS records so that's going to be say your Windows 10 or 11 computer that says hey I need to gain access to file server01 the uh DNS client service then sends that request now every Windows client every Windows 10 or 11 computer has a DNS client service and so it doesn't mean it does the resolution it just
            • 05:30 - 06:00 means that it will facilitate the request from name to IP address and it sends that DNS request to the DNS server configured in the IP properties the Internet Protocol properties and that's called the DNS resolver cache now all DNS servers will do will be caching servers which is really great because by being a caching server the first time that a record needs to be resolved it's going to have to find whoever the Zone holder is find the record and then send
            • 06:00 - 06:30 that information back to the user but once it caches that information it doesn't have to look it up anymore it's much faster by going right to the cache right to this little file that looks up any uh recently looked up domain names to IP addresses and it hands it back much faster the second time around now this is true not only of private uh DNS servers but also public ones for example if you are on a client computer and you ask ask for a resolution to a public name like
            • 06:30 - 07:00 google.com What will happen is that that client resolver on on the Windows client will send the request to your local DNS server the local DNS server in active directory will say do I have google.com on my network and it'll say no of course then it'll go what's called to the forwarder we always set up a forwarder in DNS and that's because if there's anything that can't be resolved locally it will forward it on to a public DNS server so in that case it sends the
            • 07:00 - 07:30 request off to the public DNS server and then uh it will go ahead and resolve Google's information it'll put that information in the cache as well so that way the second time you need to go to google.com or somebody else in your company does it won't have to look it up it'll just go right to the cache now you can also create what's called a local hosts file which will override the DNS server so if you're doing testing sandboxing that kind of thing then you may decide you want to edit a local file
            • 07:30 - 08:00 on your on your computer on your client computer uh called a host's file so if there is a name to IP address in the local host file it will override any DNS resolution on the DNS server I've used this many times when I was say setting up a new web server I wanted to point a name to an IP address that wasn't yet public so I would put it into that uh that hosts file in that path that you see here and I would do that because uh
            • 08:00 - 08:30 I wanted it to resolve to the new test box rather than to the public one once I tested out that web server everything worked fine then I would move it from the local hosts file and add it to the DNS server so that way when anybody else asked for the uh the website they would get the new site instead of the old one a zone is the specific portion of a domain name so it's the Zone itself is going to be say contoso.com widget llc.
            • 08:30 - 09:00 internal you know those kinds of things then the hosts file that go goes in them they get their names appended to the left of the name of the domain so let's say we've got we want to put in web. contoso.com contoso.com is the Zone name but the host record is going to be web. contoso.com inside that zone and again you can go as far left as you want as many different uh Zone names uh as you'd like in those host host records so
            • 09:00 - 09:30 here's an example of a host record dco1 widget llc. internal and you can see the IP address of dco1 so that is a host record every device every endpoint that would be a server a client a phone that gets IP addresses a tablet those are all going to have host records associated with them and even though you don't add them manually they they themselves register themselves into the DNS server with when uh they have that capability so for
            • 09:30 - 10:00 instance a Windows client uh when once it joins the domain it now has registered itself into the Zone there are two different types of lookup zones there is a forward lookup Zone which looks up the name to the IP address and here you can see that the DNS client is asking for uh the name of a specific resource and then it's being handed back to that client with that information
            • 10:00 - 10:30 the internal DNS service re organization has a zone that corresponds to the active directory domain Services domain so as an example if your active directory domain name is going to be contoso.com there's going to be automatically going to be a DNS name for contoso.com there's going to be a Zone that's going to be added and once again we're still in the forward lookup Zone area the other type of lookup zone is going to be a reverse lookup Zone which we'll talk about in a minute so if you're providing name resolution for
            • 10:30 - 11:00 that zone to to clients basically any computer inside your network you can host the Zone on a Windows Server that's accessible on the internet so the uh the domain controller that's running DNS uh also can access the internet as well so it can get those referrals for outside public domain names as I had talked about earlier now we're going to switch gears to reverse lookup zones reverse lookup zones are used only for resolving the opposite it's going to be an IP address to a name so the reason why you need to
            • 11:00 - 11:30 have both a forward and a lookup are because of two different sets of uh people or things so people typically need to know the name to an IP address that's the forward lookup whereas applications and other devices sometimes they want to know the IP address to the name instead so uh you here's an example here a reverse record now a reverse record is also referred to as a PTR record I like to call it a pointer
            • 11:30 - 12:00 record myself uh and it goes from the IP address to the name as you see here so it's the exact opposite of the forward lookup so it's not really complicated you have forward you have reverse they both do their own thing and for different reasons when you create a reverse lookup Zone it has a name and this is how you know it's a reverse lookup Zone because the name always ends in in- addr arpa so what that means is uh addr is for address and arpa stands for
            • 12:00 - 12:30 address resolution protocol and basically that's just the name that they came up with when this was all invented in the ipv4 space so the Zone name for 17216 35024 reverse lookup would be and it would always start it would drop off the last octet in this case it was it's a zero then it would go with 3516 172 and then it' be do in addr arpa by default a reverse first lookup zone is not created even when you create
            • 12:30 - 13:00 a domain controller you have to go in and manually create it and that's because in many cases it's just not needed uh in other cases where it is it's it's very easy to go in rightclick and create a new reverse lookup Zone the same way you create a forward one just under a different heading a lot of times when we uh have on premises resources such as web servers and email servers and things like that you need to have a block of of public IP addresses routable IP
            • 13:00 - 13:30 addresses inside IP addresses like 192 168 and 10.0 and 17216 you know those types of subnets are not routable to the outside they're only good for the inside and the reason for that is because all of us can reuse them I can use them on my network you can use them on your network and there's no type of conflict however public IP addresses you can't do that anything that's routable to all the other devices of the world have to all have a unique IP address and so if
            • 13:30 - 14:00 you've got a web server and an email server and an application server that's all reachable from the outside in and this also includes private clouds and public clouds um then you're going to be getting this block of IP addresses from your provider your internet provider or vendor whatever it is that you're using uh IP address for so uh you might have the option to maintain your own reverse lookup Zone in those particular cases again if you have an application that requires that reverse information so you'd have
            • 14:00 - 14:30 to manually create the reverse records but you can certainly do that now there's another type of Zone called a stub Zone I've talked about primary zones where that's a read writable Zone I've talked about secondary zones those are readon zones now you have this third one called a stub Zone hardly anybody uses this in in all of my uh career uh I don't know if I if I've ever had to use a St Zone I might have created it just for fun just to see what would happen but then when I understood what it was all about then I just stopped using them
            • 14:30 - 15:00 however the reason I'm I'm mentioning this because it might show up on a quiz it might show up on a certification test um it's something might show up on uh a request during an interview these are all times where it's important to understand what a stub zone is but in actual practice will you create one probably never so uh a stub zone is basically a hold over from Days Gone By when we had super slow internet and let's say you had a remote office that was running a dial speed uh and so instead of sending
            • 15:00 - 15:30 over an entire Zone uh over a slow internet connection like a secondary Zone which has a copy of everything or a primary that has read write copy of everything all it does is it sends over the records of where the zone is being hosted that's all it is so when you create a stub Zone it just basically redirects you to who actually does hold all the records so when you make a request for a name to IP address say for a resource inside your network uh and
            • 15:30 - 16:00 you have you're using a stub Zone at that remote office um then it's just going to point you back to where the read writable uh DNS server or secondary server one of those two it's going to send you over to the one of those servers that has a copy of all the records so again these are this is something that in my opinion should have been retired a long time ago but um there may be a case where some people are still using them resource records are things that that tell these are records that that tell you uh what is going on within the zone so for instance
            • 16:00 - 16:30 start of authority remember when I said earlier there are read writable zones and there are readon zones read writeable read writeable are called primary and read only are called secondary so uh you have to have a record that tells you or your client DNS service uh that uh you know which zone record holder is going to be the one that can both read and write make changes to his own and which ones are readon that's all it is it's a start of
            • 16:30 - 17:00 authority record who has the authority to make a change who has the authority for a read write DNS Zone if that zone holder does not have an S SOA a start of authority record then they cannot make the changes or uh tell the other uh clients that they can make changes it's you have to have at least one s SOA inside uh a DN Zone holder that has
            • 17:00 - 17:30 readwrite capability then there's something called a name server name server record identifies the server for the domain so uh if you once again you send off a request you're a client computer and you have the DNS client service running and you're you're saying hey who owns the zone for widget llc. internal where's the name server record who owns it so what'll happen is is it'll put that out there into The Ether and because you know we're using ethernet and uh then a name server a DNS server basically uh
            • 17:30 - 18:00 will then say I do I'm the I am the uh record uh holder for either the read write zone or the readon zone and I will provide you with the name to IP address request that you're making so those are what's called resource records they don't actually resolve names to IP addresses they just tell all the clients uh which zone holders do those kinds of resolution and once again every they are required every name server has to have
            • 18:00 - 18:30 an MS record every read write owner of a Zone has to have an SOA record another thing that's interesting about resource records is they have what's called a time to live so why do you need a time to live well by default it's going to be say uh 30 minutes or 60 minutes and public DNS uh zones uh you know register hours such as say go daddy or Network Solutions they do the same thing they have a time to live for every record and the reason for that is because let's say
            • 18:30 - 19:00 you go in and you make a change to a resource record and say it shouldn't be pointed to this place it should be pointed to that place well you don't want a hacker to be able to go in and undo what you just did you know or has say malware that's installed on your uh computer to be able to go and undo what you just did so it can be redirected to some nefarious location so this time to live you know is a way to keep that from happening uh I personally think that it's kind of a way was of time because I
            • 19:00 - 19:30 would like when I go to make a record change I want it to happen immediately I want or maybe within a minute I don't want to have to wait 60 Minutes I understand the security implications it just hasn't been uh exploited that often often enough uh in my opinion to be able to require this 60 Minutes or 30 minutes of time to live that a lot of uh DNS registers out in the public have but there's no real way to to stop them from doing it some of them allow you to go down to zero minutes and some of of them have a minimum of 30 or 60
            • 19:30 - 20:00 minutes now in Windows server and windows DNS there is no requirement there is no TTL requirement uh you can set the TTL and there is a TTL by default but you can zero that out so that way as soon as you make a record change it will uh go ahead and edit that for you um so you can install the DNS roll on a non-domain controller because domain controllers it just happens automatically um you go to a server manager click roles and features select
            • 20:00 - 20:30 the server that you want in some cases you you're only going to see one server and then choose to install DNS you can also install it using Powershell so if you're remoted into another computer using Powershell using Powershell remote then you can just run install Windows feature DNS and then you can choose the name of the server and it will install on that server by default the administrator of a server of a domain have the ability to manage the DNS services but you can certainly go in and add additional users such as Junior administrators things
            • 20:30 - 21:00 like that where you don't want to give them full access to everything but you may want to give them the ability to manage DNS and that's called deleg delegation of administration uh which is pretty simple to do so you can add a user Global Group to the DNS admins for a given domain in the forest and members of that group can make those changes as needed but again if they're not uh members of The Domain admins group they can still gain access uh into DNS without having to be an Enterprise or
            • 21:00 - 21:30 domain administrator and that way you can set up least privilege so not just anybody could manage the entire domain I've seen too many problems with that so to backup active directory you can use DNS command this is not Powershell that's just a plain old command or export ddns server Zone that is a Powershell command l so either one of those you can back up export uh import uh the zones if you would like you can also create resource records or
            • 21:30 - 22:00 any other type of Records using DNS manager Windows admin Center or Windows Powershell and here's a list of Powershell commandlets that you can use uh that are very useful for creating various different types of Records you see multiple different types of Records a is the most common you see the four a or quad a as I refer to it uh is for IPv6 then you have cname MX and PTR these are all different types of things that we'll talk about when you allow Dynamic updates for a Zone clients that
            • 22:00 - 22:30 use DNS will automatically register themselves with the server Dynamic DNS registration is triggered by multiple different types of events as you see here when the client starts or every 24 hours when an IP address is configured or you can type a command registerdns client or just ip config register DNS which is command line whereas the registered sdns client is going to be Powershell you can always tell the difference between Powershell and command line
            • 22:30 - 23:00 because the Powershell is going to have a na a verb Dash noun register Das DNS client that's a verb-noun so you know that's going to be Powershell Dynamic DNS updates can only be performed when the client communicates with the DNS server that holds the ability to read and write on that zone some non- windows DNS clients do not support Dynamic DNS so in that case you have to go in and you have to create a DNS record on your own and you can create those DNS records
            • 23:00 - 23:30 using these multiple different ways so if you go to the forward lookup Zone you open up DNS manager this is the way to do it through server manager on the Windows Server you expand DNS you select the zone and then you can go ahead and uh enter a name for the Zone click next choose the new Zone uh choose the type of Zone and primary secondary stub uh and then review that everything's correct and then click finish and that's creating the zone now once you've created The Zone then you
            • 23:30 - 24:00 can go in and create the records and one of those types of Records is going to be a c name an a MX all those are different types of records that do different things so in this case you right click on the name of the domain you wish to add records for and then you select the record type am MX you know resource records there's actually dozens of different types of Records most of which you'll never actually use but there are four or five that you will use on a regular basis so this gives you an idea of Zone storage and replication uh in
            • 24:00 - 24:30 this case you can see the Zone name you can say microsoft.com it has some subnames uh after that and then you can see it's a do com now we all started out with. com. edu.org and.net but now there are many many many more different names as a matter of fact for a couple hundred, you can go ahead and create your own custom one through Ian if you like Zone records are synchronized from a primary to a secondary zone so if you have multiple different zones you can
            • 24:30 - 25:00 sync that data from primary to secondary it cannot sync from secondary to primary because again secondary are read only so it only goes One Direction when you create these replications you can choose uh several options you can say I only want to replicate with servers that are listed in my name server list uh or only the following servers to to go ahead and uh do Zone transfers with that's totally up to you multiple different ways you can configure DNS with Dynamic updates or
            • 25:00 - 25:30 you can restrict the zone to only allow secure Dynamic updates secure is going to uh ensure that only the client that owns the DNS record is the one that can update it domain joined clients can perform secure Dynamic updates uh for non-domain you can set up the uh non-secure updates if you'd like and so the reason for that is because sometimes you have a DNS server that is a Linux server and that Linux server may not support core the secure updates so you
            • 25:30 - 26:00 may want to replicate with that server uh in an unsecure manner if there is enough trust involved within the organization lots of different uh Powershell commandlets for creating zones uh that you can see here and uh many of these are ones uh that you can run directly from the server you can run it from your client computer if you use uh Powershell remote things like that I talked about DNS forwarding so every DNS server is set up with root hints what root hints are is just a list
            • 26:00 - 26:30 of servers of the top level DNS servers out on the internet that basically run the entire internet uh there's uh 13 of them I believe and uh underneath those 13 servers then you have all of your internet service providers DNS servers that where that's synchronized so what it is is the uh the top level domain servers will then send any updates down to the internet service providers DNS servers that you use and you would set those up as four ERS uh which you'll learn about in this course um so that
            • 26:30 - 27:00 way any requests that come in that are not local like google.com will go off uh to a public DNS server now some of the more common Google IP addresses or DNS that are public uh IP addresses are 8888 and 8844 these are owned by Google they you don't have to be a Google customer to use them uh so if you don't want to use your internet service providers uh DNS IP addresses then you can just go ahead and use Google's instead so here's a pop quiz a pointer record provides
            • 27:00 - 27:30 what kind of information you remember what kind that we talked about a PTR record well pause the video and think about it or look it up and come back let's see how you did a pointer record is a reverse record in a reverse Zone it does IP to names instead of names to IPS conditional foring these are things that uh conditional foring is something I just haven't used all that often because it's not very necessary however where I have used it is in a an organization that has multiple companies
            • 27:30 - 28:00 that where they have to have some sort of firewall between them to keep there from being any conflict of interest uh most of the time financial institutions Health institutions a lot of times they'll have multiple different sub businesses inside them that cannot communicate with each other in order to keep this conflict from happening so what you do is instead of creating a general forwarder that forwards off to a public DNS Server Like Google you create a conditional for a conditional f is just a single domain so it says hey instead of of going out to the public if you can't find a resource under this
            • 28:00 - 28:30 name I'm trying to find it's you go over to the server over here that's on a different floor in my same building and that's a conditional for the condition is that it has to be uh in the zone that I am specifying you can also use stub zones if you'd like instead of conditional forwarders all it basically does is it just says hey this is where the person who owns that zone lives on this particular server either one of them will work fine but condition forers I like because they're made specifically
            • 28:30 - 29:00 for that purpose active directory requires DNS if you don't have a DNS server active directory doesn't work now back in the windows nt4 days in the 1990s you didn't have DNS servers that were required they were there but you didn't need them for internal uh domains once active directory was invented in Windows 2000 then you started requiring DNS there are service names and ports that are being used for uh these types of Records such as SRV records are going to be ldap ports Port 3 389 and keros
            • 29:00 - 29:30 uses Port 88 the the reason why the this is mentioned is because you want to make sure your firewall is not blocking on the server itself not blocking any of these ports and if you have uh you virtual lands vlans between your servers and your clients make sure that there's no blocking happening on the layer3 switches or routers between those different vlans by default TCP or UDP is going to be used as the transport for DNS and
            • 29:30 - 30:00 unsecured non-secured type of DNS is usually UDP whereas secured is going to be using TCP is a connection oriented service that can be encrypted host name corresponds to the a record for the service when the client queries a service the DNS server returns that SRV record and Associated a records that go with it so sometimes it's not just the uh the resources is not just a computer that you're trying to get
            • 30:00 - 30:30 access to but a service on the computer integrated zones if you create an integrative Zone within active directory and by default one will be created as soon as you promote your first domain controller um they will replicate with any other domain controller in the network it used to be prior to active directory you'd have a primary domain controller and a secondary domain controller it doesn't work that way anymore all domain controllers are equal they're all called multim Masters you know they all each one is it's a multimaster domain so they're all equal there's no primary
            • 30:30 - 31:00 there's no secondary so when you create a DNS Zone it will automatically replicate with any other DNS server within active directory and multimaster updates as you see here they can use Dynamic update zones and have locations that are distributed geographically so in other words you can set up who gets the replication and when so you don't overwhelm any slow connected networks and secure Dynamic updates include Act directory integrated zones to delegated administration of zones so
            • 31:00 - 31:30 you can set up domains and resource records by modifying something called an access control list on the zone so you can decide who has all that power we talked a lot about DNS in this particular module where you in you know learn how to install configured DNS create zones and records and Implement using active directory