Part4 of our little mini-series here on DNS focuses our attention not just on the zones but also on the records you can create inside those DNS zones.
The first of which being just a simple A record or a AAAA record if you’re using IPv6. But there are also other types of records you could use for other purposes like PTR and SOA, and name server and service records as well as CNAME and mail exchanger records. Each of these has a specific purpose and so we’ll talk about why you would create them. For each record as well there are a number of different record options that you may need to select including time to live, including weight and priority which is not mentioned here. These additional record options provide ways to get rid of a record when it’s no longer necessary, provide a way to get it out of a cache if it should be cached locally. Also provides ways for you to just tune the load balancing that you might get should you decide to implement things like round robin.
Now DNS actually supports a very large list of possible record types but there are smaller number of those that are important for you to know because they’re the ones that are used most commonly in a Windows environment.
Let’s get started.
A and AAAA records (The A in A record stands for Address)
So the ones that you’ve got to be aware of begin with the A and AAAA records. An A record is used to find the IP address of a computer connected to the internet from a name. A and AAAA are essentially the same thing except the A record has to do with IPv4 and the AAAA has to do with IPv6. When you create a new record for a server, that server’s record is traditionally an A record or a AAAA record. And so that’s the kind of primary entry point by which a client can then find a server. If you do an NS lookup against the server by default it’s doing that NS lookup against that server’s A record.
Now if we look at these 2 records DC02 and RDS01 we will see the word Static
That means that I created this manual record. It also means that if there is a change, if that machine needs to change its address, I have to go in and change the address manually. The other addresses have been assigned either by the computer, themselves setting the address or by DHCP giving them the address.
To create a new A record you will need to right-click on the zone and select New Host (A or AAAA)
New Host Window will pop-up. Type in the Name and the IP address of the client machine. If you have Reverse Lookup Zone you can tick Create associated pointer (PTR) record. If you opt not to create a PTR record when you create an A record, you can create the PTR later as necessary.
Allow any authenticated user to update DNS records with the same owner name option: Select this option if you want to allow other users to update this record or other records with the same host name. You should usually leave this option deselected.
Click ADD HOST and that’s it.
There are hidden options in DNS and to access them you will need to click on View –> Advanced
Now if we go and create a new A record we will get a new option TTL.
If you click on existing A record
Without Advanced Options / With Advanced Options
TTL (Time to Live) is a setting for each DNS record that specifies how long a resolver is supposed to cache (or remember) the DNS query before the query expires and a new one needs to be done. So the next time you attempt to connect to that machine if it’s not been an hour, well then you won’t actually have to go to your DNS server to resolve its IP address because that information exists locally. Now you might be thinking to yourself, “Well why in the world will we have just a single hour “for this caching of this information?” and the reason is that individual DNS requests, although they do take time and consume resources, it’s generally not a large amount of time and resources. And you want to protect yourself against the situation where a server you’re attempting to connect to has its IP address information changing. So with a single hour here this means that if for some reason your server should fail over to an alternative site and need to have a new IP address your clients will take about an hour before they end up realizing that they need to request that information again from DNS and then relocate the server in its new location.
Delete this record when it becomes stale – You will see timestamp only on the dynamic records. Static records have a timestamp of 0 indicating do not scavenge. We will talk more about Scavenging later.
CNAME (CANONICAL NAME RECORD)
CNAME stands for Canonical Name and can be used to alias one name to another. What that really means is it’s an alias that points to something that already exists. A lot of us have our servers named after something that that makes it easy for us to remember like MEHIC/server01/whatever. And so these very long lists of sometimes complex names are great for us in IT because it helps us identify what the server is but a lot of times our users would prefer something a little more friendly. A CNAME provides a way for you to give what is essentially a nickname for a server. So MEHIC/server01/whatever could just simply be shortened to “www.” You find yourself using the CNAMES a lot when you don’t want to change the actual name of the server but you want to provide an alternative name that again, is a little more friendly for users to use.
To create CNAME record you will need to right-click on the zone and select CNAME
New Resource Record Window will pop-up.
Alias name: Type in the name you would like to use (webserver in my case)
Fully Qualified domain name: click Browse, double-click DC, double-click Forward Lookup Zones, double-click mehic.se and select the target server. Click OK.
When I click OK, that creates the CNAME Record and notice how there’s not actually an IP address associated with that because we’re essentially creating an additional hop from our webserver to member01, and then from member01 to its actual IP address.
This creation and use of CNAMES allows you to go about changing IP addresses under the covers and swapping out servers without having to retell your users that there’s a completely different name of a computer that they need to find.
MX RECORD (MAIL EXCHANGE)
MX stands for Mail Exchange. MX Records tell email delivery agents where they should deliver your email. We won’t talk too much about Mail Exchange Records here but if you’re doing any kind of work with Exchange or SNTP or any of the other ways in which mail gets routed. An MX record is just another record. Usually sits right next to the A record that lets in coming clients know that that server happens to be a mail server. You will only find Mail Exchange Records when there’s some form of SNTP or Exchange or other mail services that exist on a machine. MX records make it easy to define what servers should handle email delivery and allows you to provide multiple servers for maximum redundancy and ensured delivery.
To crete one you will need to right-click on the zone and select New Mail Exchanger (MX)
New Resource Record will pop-up.
Mail Server Priority: This indicates the priority this mail server will receive. Each MX record has a prioroty. The lower priority MX records are tried first. If the e-mail server can not contact the server with the lowest mx priority it will try the next one.
NS (NAME SERVER RECORD)
NS Record and also a Start of Authority Record are used to define which machine is responsible for a particular zone. The Name Server is just literally a DNS Name Server. So that can be a machine, that is a Name Server and can respond to any requests.
these 2 NS records are associated with the two name servers that are currently hosting this zone, mehic.se
If I double click on one of them it will open DNS server properties (Name Servers Tab)
You’ll see that the name servers, there’s just a little bit of additional information here associated with the record. We configured this back in Part2 when we talked about adding in that other DC2 machine as a secondary name server for this zone.
SOA (Start of Authority Record)
The SOA record stores information about the name of the server that supplied the data for the zone; the administrator of the zone; the current version of the data file; the number of seconds a secondary name server should wait before checking for updates; the number of seconds a secondary name server should wait before retrying a failed zone transfer; the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire; and a default number of seconds for the time-to-live file on resource records. I talked about SOA Properties in Part 1 so please take a look on it to understand what these options mean.
PTR Records (Pointer Record)
While the A record points a domain name to an IP address, the PTR record resolves the IP address to a domain/hostname.
If they’re not created automatically, you can create them by to expanding Reverse Lookup Zone –> Right-Click on the zone and select New Pointer (PTR)
Click on Browse and find the server and click OK.
SRV Record in most situations is used for active directory. Some applications will create their own SRV Records but these active directory records are designed to help your clients find the different active directory services that are supported by the different domain controllers that you may have. So for example if I troll down here through DC and through my various sites, his is the active directory site that we have in this domain which is the default site and then down once again, we can take a look at the different kinds of services that are supported by active directory. In this location we have a couple of them. The kerberos service and the LDAP service which you’ll see here are configured by a pair of SRV Records that essentially says “Hey client, if you’re looking to find Kerberos “well that Kerberos is going to be found “on thisserver in this location”. If you take a look at the records themselves you’ll see that records here, SRV Records, have a priority, a weight and a port number
Now what if you need a particular record for a specific application or some situation and it’s not a CNAME record or an MX record? Well if you right-click on the zone you can go down and see Other New Records
and here is the list of all of the standard types of records that are available and it’s a pretty long list, plus the ones that we just went over, like the MX record that you can create in your environment.
UNKNOWN RECORD SUPPORT
Something supported for the first time in Windows Server 2016 DNS is unknown record support. Now, what unknown record support does is it provides support for unusual or unknown or records that basically Windows Server 2016 doesn’t know about based on RFC 3597. So, what you can do is you can actually go and add an unsupported record type. Let’s say that you’ve come up with a new protocol, or you’ve come up with a special kind of DNS record, or your developers have because they’re very creative people, and you need to provide information across the wire that will come out of the DNS server. Well, the Windows Server 2016 DNS server will not perform any special processing but will respond to record queries of this type if they receive them and if you have configured these records and they’re stored in the zone.
In the next part we will take a look on Zone Scavenging, DNSSEC, Delegated Administration and DNS Advanced Solutions.