Need some advice on learning networking

[rthonpm]

I hear you on the config for 2 DNS servers but I want to get 1 down first.


Here's where I'm at thus far. I have DNS working so when a user joins the domain, his static IP address is registered under Forward Zone. When I give him a DHCP address, the a-record is automatically up dated with the new DHCP address.

However, a new pointer record is not created and that's because we must set up integration been DNS and DHCP. I'll update once I've done this.

In DHCP settings you'll need to add the appropriate Scope Options, you'll need to specify at minimum, your router (gateway IP), time server (in this case the domain controller), any DNS servers, and the local domain name.

Here's my main network information, with some of the more sensitive information removed:

Screenshot 2021-12-04 190412.jpg

[BillyCarpenter]

In DHCP settings you'll need to add the appropriate Scope Options, you'll need to specify at minimum, your router (gateway IP), time server (in this case the domain controller), any DNS servers, and the local domain name.

Here's my main network information, with some of the more sensitive information removed:

Screenshot 2021-12-04 190412.jpg

I have all that configured and up and running. That's no problem. Right now I'm working on getting the pointer records to update for DHCP clients. The A record will update automatically but not the reverse lookup record.

I'm watching a video on this and confirming as I go along.

[BillyCarpenter]

I have it to where both my forward and reverse records update when a DHCP client renews or changes their DHCP address. By default, only DHCP a-records are updated.


In order to get the pointer record (reverse record) to update for DHCP client, you must go through a long process which involves joining a Security Group called "dnsUpdateProxy".


There's a lot to it. Here's the video if anyone is interested.


PS - I verified every single step and it worked exactly as described. For what it's worth....

[BillyCarpenter]

Next step on my best practice list?



How to Configure DNS Aging and Scavenging | Windows Server 2019

[BillyCarpenter]

This has been an eye opening experience as far as learning how DNS works in an Active Directory Domain Server.

The first thing that I had to wrap my mind around was how DHCP was integrated with DNS.

The next step was getting my pointer records to auto update with DHCP.

And then I learned how to activate aging and scavenging to locate and clean up any stale DHCP addresses.

It's my understand that any stale static IP addresses need to me removed manually. Yes?


I still have a ways to go.

[rthonpm]

Correct: static records need to be manually removed. The hope generally is that static records are going to be much more durable than dynamic ones. Server and other resource names often last longer than the actual device itself.

Sent from my BlackBerry using Tapatalk

[BillyCarpenter]

With two DNS servers, you have a hierarchy as I posted before:

Your primary DNS server would be set like this, no matter how many DNS servers there are in the environment.

DNS 1 = 127.0.0.1
DNS 2 = IP of server

Your secondary would be:

DNS 1 = IP of primary
DNS 2 = 127.0.0.1

Your secondary and any other servers will always defer to the primary, this is due to always needing a definitive source that replicates to the subordinates. In Active Directory this becomes even more critical. The choice of DNS server for clients will go with the order that they are configured, again, you always want your primary listed first.

In the settings for the DNS service, you can configure any external servers that the local server will forward requests it can't resolve.

Attachment 50987

This is a sample from one of my DNS servers that's configured for both IPv4 and v6.

When I first looked at the picture, I didn't understand what I was looking at. But I do now. These are forwarders that send outside queries to an external DNS server and by the looks of it, you can enter several and I'm guessing it goes down the list in order?

I also notice that you're using 9.9.9.9 and 1.1.1.1. Why these?

Thanks in advance.

[rthonpm]

1.1.1.1 and 9.9.9.9 both have a good reputation for blocking malicious IP's and spammers, as well as being very fast. The former is owned by Cloudflare, which is a network services firm known mainly for DDoS protection. Quad 9 is a Swiss firm that has been around for a long time and is known for privacy focused service. OpenDNS is my third option since they're also very well regarded and have multiple servers around the world.

Google's 8.8.8.8 is also popular, but I've found faster returns using the other services.

Sent from my BlackBerry using Tapatalk

[BillyCarpenter]

I stayed up very late last night working on DNS. Every time I learn something like this it always feels like stepping out of the darkness into the light.

It's a lot more to setting up DNS in Windows Server than meets the eye.

I want to thank rthonpm for hanging in there with me while I stumbled my way through DNS. I've learned a ton from this dude. Thank you.


PS - I want to learn how to create a virtual machine on bare metal but I really don't understand the concept of "bare metal". I've heard you talk about this and it sounds exciting. I need to learn this.

[rthonpm]

Bare metal is the physical hardware itself. You'll need to install a hypervisor like Hyper-V Server or ESXi on the server and then build your VM on that. These are both Type 1 hypervisors which give you full access tro the physical hardware of the system as opposed to a Type 2 like VirtualBox or VMWare Player that only let you use abstracted hardware.

Personally, I'm a Hyper-V guy, but both it and ESXi are very good platforms. You can also install Hyper-V in Windows 10 as a practise move, though I'd recommend a system with more than one network card (same with a server).

Going through the steps of setting this up is fairly detailed, but once it's set up, you can manage everything from a remote machine and really only have to log into the server for patching.

Sent from my BlackBerry using Tapatalk