{"id":9249,"date":"2008-11-06T10:34:00","date_gmt":"1999-11-29T20:00:00","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=9249"},"modified":"2008-11-06T10:34:00","modified_gmt":"1999-11-29T20:00:00","slug":"day-3-name-resolution-208-style-dns-wins-and-netbios","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=9249","title":{"rendered":"Day 3: Name Resolution 208 Style: DNS, WINS and NetBIOS"},"content":{"rendered":"<p>The speaker is Mark Minasi.\u00a0 I will only blog a few points on this presentation only because it&#8217;s material that Mark make&#8217;s a living from.\u00a0 Despite the data here, I really recommend you attend Mark&#8217;s sessions of you get a chance &#8230; there&#8217;s always <strong><u><em>much more<\/em><\/u><\/strong> to be learned from him in person.<\/p>\n<ul>\n<li>DNS is the cause of most Active Directory issues.\u00a0 True enough based on my experiences.<\/li>\n<li>WINS is not dead.\u00a0 Still used by many technologies.\u00a0 Try disabling it in a lab first.\u00a0 WINS is a W2008 feature.\u00a0 IPv6 is not WINS aware.\u00a0 <\/li>\n<li>Computer Browser (network neighbourhood service) is turned off by default.\u00a0 Network Discovery (multicast instead of broadcast) is disabled by default.\u00a0 Uses UDP 3702, TCOP 5357 (HTTP) and 5358 (HTTPS).\u00a0 Based on WS-Discovery.\u00a0 Removing legacy (pre Vista\/W2008) machines reduces LAN traffic.<\/li>\n<li>Background zone loading: LOTS (thousands) of AD integrated zones can take 1 hour to boot a DC &#8211; DNS loads and checks all zones before completing service startup.\u00a0 Now, DNS fires up and loads zones, thus allowing DC to boot faster.\u00a0 DNS multithreaded.\u00a0 DNS can do LDAP query to another DC while the AD-I zone is unavailable.\u00a0 Not able to accept updates until all zones are loaded.<\/li>\n<\/ul>\n<p><strong><u>Administration<\/u><\/strong><\/p>\n<ul>\n<li>Can install DNS and\/or ADDS on Server Core.\u00a0 Use DNSCMD to manage DNS.\u00a0 Now in the OS, not in resource kit.<\/li>\n<li>For your first zone create on Core using DNSCMD, restart the DNS service to make it work.\u00a0 There&#8217;s a weirdness there in the DNS service.\u00a0 After first zone, everything is fine.<\/li>\n<li>Keep reverse zones to facilitate site based GPO and to quell DNS chatter on PTR records.\u00a0 All computers attempt to register PTR records even if you have no ADI PTR zone.\u00a0 In that case, the registration attempt can go out onto the Internet.\u00a0 Not nice at all!\u00a0 See &quot;prisoner.iana&quot;.\u00a0 Or use GPO to disable PTR registration.<\/li>\n<li>Beware the dodgy DCPROMO DNS wizard trying to create a delegation of .com, etc for your <em>root<\/em> domain.\u00a0 Just say &quot;no&quot;.\u00a0 And even if things are OK, you get a warning about the zone already existing.\u00a0 It&#8217;s a nonsense error.<\/li>\n<li>RODC&#8217;s cannot accept changes to AD-I zones.\u00a0 That DNS traffic will want to go to a read\/write copy of AD across the WAN.\u00a0 Use ADSIEdit to modify the permissions of that zone to allow the group of RODC&#8217;s to write to the zone.<\/li>\n<li>Branch Office DC offline =&gt; PC&#8217;s in the branch office will hit any random DC on the WAN for logon.\u00a0 We now have &quot;Rediscover&quot;.\u00a0 Automatic on W2008 and Vista.\u00a0 KB939252 for XP and W2003.\u00a0 GPO: Computer ConfigurationAdministrative TemplatesSystemzNetlogonDC Locator DNS RecordsForce Rediscovery Internal.\u00a0 The default value is 12 hours (measured in seconds).\u00a0 Vista and W2008 will operate differently &#8211; uses site links to find the next nearest site.\u00a0 Another reason to put in sites and site links &#8211; DO NOT USE DEFAULT SITE LINK!\u00a0 It&#8217;s lazy and leaves other things unprepared for other services, e.g. Exchange 2007.<\/li>\n<\/ul>\n<p><strong><u>IPv6 and Name Resolution<\/u><\/strong><\/p>\n<ul>\n<li>Uses LLMNR 0 link local multicase name resolution.\u00a0 Requestor multicasts to UDP 5335.\u00a0 Answerer unicasts to requestor on UDP 5335.\u00a0 <\/li>\n<li>AAAA (quad-A) gives name-IPv6 name resolution.\u00a0 Vista and 2008 automatically registers AAAA.\u00a0 Link local addresses that start with FE80 don&#8217;t register in DNS.\u00a0 W2003 DNS handles AAAA.<\/li>\n<\/ul>\n<p><strong><u>New DNS Record Types<\/u><\/strong><\/p>\n<ul>\n<li>DNAME: map nasty long DNS names to short friendly ones.\u00a0 It&#8217;s similar to CNAME, just for domain names.\u00a0 Handy in migration scenarios.\u00a0 It&#8217;s an RFC record type.\u00a0 Example.\u00a0 Move A or AAAA records to new zone.\u00a0 Create a DNAME record in the old zone.\u00a0 You cannot do this in the GUI &#8211; use DNSCMD.\u00a0 <em>dnscmd \/recordadd oldzone.com\u00a0 @ DNAME newzone.com<\/em>.\u00a0 The response is like &quot;Oh sorry that doesn&#8217;t exist.\u00a0 Did you mean this instead?&quot;.\u00a0 Records in the old zone then DNAME stops working &#8230; leave the defaults there, e.g. SOA, NS, etc.<\/li>\n<li>Post-WINS single label names: Use NetBIOS style names for DNS lookups, e.g. myserver instead of myserver.myzone.com.\u00a0 Requires 2008 be on all DNS server.\u00a0 Use a zone called &quot;GlobalNames&quot;.\u00a0 Enable global name resolution on all DNS servers with that zone.\u00a0 Now add CNAME&#8217;s in this zone, e.g. myserver maps to myserver.myzone.com.\u00a0 Best to use AD integrated zones.\u00a0 Put it in ForestDNSZones makes sense for this &#8211; it&#8217;s a global zone.\u00a0 You can use it for WINS replacement for manageable numbers of records; they&#8217;re manually created.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The speaker is Mark Minasi.\u00a0 I will only blog a few points on this presentation only because it&#8217;s material that Mark make&#8217;s a living from.\u00a0 Despite the data here, I really recommend you attend Mark&#8217;s sessions of you get a chance &#8230; there&#8217;s always much more to be learned from him in person. DNS is &hellip; <a href=\"https:\/\/aidanfinn.com\/?p=9249\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Day 3: Name Resolution 208 Style: DNS, WINS and NetBIOS&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[42],"tags":[],"class_list":["post-9249","post","type-post","status-publish","format-standard","hentry","category-teched-emea-it-pro"],"aioseo_notices":[],"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/9249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9249"}],"version-history":[{"count":0,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/9249\/revisions"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9249"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}