DNS Client Side Name Resolution

Download as
 PPT
Presentation Description 

No description available

Comments Sign in to comment
Embed URL Thumbnail


Custom Embed WordPress Embed

Happy Thanksgiving
What's up on authorSTREAM?
Views: 714
Like it  ( Likes) Dislike it  ( Dislikes)
Added: September 25, 2008 This Presentation is Public 
Presentation Category : Entertainment All Rights Reserved
Tags Add Tags
Presentation Statistics
Views on authorSTREAM: 699 | Views from Embeds: 15
Others - 15 views
Presentation Transcript

DNS Client-Side Name ResolutionTim RainsWindows NT Support EngineerPSS, Premier ProgramMicrosoft Corporation :DNS Client-Side Name ResolutionTim RainsWindows NT Support EngineerPSS, Premier ProgramMicrosoft Corporation


Client-side Name ResolutionBackground Information :2 Client-side Name ResolutionBackground Information Applications may need to communicate with other computers A network operating system (OS) is used to facilitate network communication requests Applications sends requests to operating system The Microsoft® Windows® OS provides a number of API sets to handle requests Examples: NetBIOS, Windows Sockets


Client-side Name ResolutionBackground Information :3 Client-side Name ResolutionBackground Information Applications written using Windows Sockets can use the GetHostByName API Triggers name resolution request(s) The OS tries to resolve the name that the application passed to it, to an IP address A Windows OS uses two primary methods for name resolution: NetBIOS name resolution Host name resolution


Windows NT 4.0 Name Resolution Techniques :4 Windows NT 4.0 Name Resolution Techniques Microsoft® Windows NT® generally tries NetBIOS name resolution first, then host name resolution NetBIOS name resolution: NetBIOS name cache WINS B-cast LMHOSTS HOSTS DNS


Windows NT 4.0Name Resolution Techniques :5 Windows NT 4.0Name Resolution Techniques Host Name Resolution: Local Host name HOSTS DNS NetBIOS name cache WINS B-cast LMHOSTS


Windows 2000 Name Resolution Techniques :6 Windows 2000 Name Resolution Techniques Generally tries host name resolution first, then NetBIOS Caching Resolver Service is used to reduce network traffic Service can be viewed, stopped and started like other services To view cache: ipconfig /displaydns To clear the cache: ipconfig /flushdns To stop: net stop “dns client” To start: net start “dns client”


Windows 2000 Caching Resolver Service :7 Windows 2000 Caching Resolver Service Performs these tasks: Name resolution General caching of queries Negative caching Tracks transient network adapters (P’nP) Tracks connection specific domain names DNS server list management Prioritizes records by IP address when multiple A records are returned from a DNS server


Windows 2000 Caching Resolver Service :8 Windows 2000 Caching Resolver Service When the GetHostByName API is used: Resolver typically submits a query to DNS If DNS resolution fails, resolver checks the length of the name to determine if >15 bytes If the name is >15 bytes, resolution fails If the name is <15 bytes, is NetBIOS up? If NetBIOS is running it is used for name resolution If no NetBIOS – resolution fails


Windows 2000 Host Name Query Types :9 Windows 2000 Host Name Query Types Resolver checks what kind of name is being queried: Null Example: ping localhost Fully qualified domain name (FQDN) Example: host.reskit.com. Single-label, unqualified names (contain no periods) Example: host Multiple-label, unqualified names (not terminated with a period) Example: host.reskit


Windows 2000 Resolver Behavior :10 Windows 2000 Resolver Behavior When given a FQDN: Resolver queries DNS with that name When given a multiple-label, unqualified name: Resolver adds a period to the name Queries DNS with the period-terminated name If DNS server returns “Name does not exist” Resolver treats name like a single-label, unqualified name


Windows 2000 Resolver Behavior :11 Windows 2000 Resolver Behavior When given a single-label, unqualified name: Resolver appends different DNS suffixes to the name, adding periods to create a FQDN Resolver submits each name, in turn, to the DNS server and waits for a response Resolver stops querying when: Name is resolved When all DNS suffixes have been tried


Windows 2000 DNS Suffix Append Order :12 Windows 2000 DNS Suffix Append Order Primary DNS suffix is appended first System Properties, Network Identification, Properties, more…


Windows 2000 DNS Suffix Append Order :13 Windows 2000 DNS Suffix Append Order If using the Primary DNS suffix is not successful Resolver appends each connection-specific DNS suffix to the name Dynamically assigned by DHCP Manually entered in Advanced TCP/IP Settings on each network connection


Windows 2000 DNS Suffix Append Order :14 Windows 2000 DNS Suffix Append Order If using all connection-specific DNS suffixes is unsuccessful Resolver devolves the FQDN by appending the parent suffix of the primary DNS suffix and the parent of that suffix and the parent of that suffix and the parent of that suffix Devolves until name is resolved Or until only two labels are left in the FQDN


Windows 2000 Devolution Example :15 Windows 2000 Devolution Example Host name submitted is “client” Primary DNS suffix = “dev.eu.reskit.com” Resolver tries client.dev.eu.reskit.com. client.eu.reskit.com. client.reskit.com.


Windows 2000 Domain Suffix Search Lists :16 Windows 2000 Domain Suffix Search Lists If a domain suffix search list has been entered Primary DNS suffix and connection-specific domain name are ignored Domain suffix search list is the “manual over-ride” for default resolver behavior Connection properties, Internet Protocol (TCP/IP), Properties, Advanced, DNS tab


Windows 2000 Domain Suffix Search Lists :17 Windows 2000 Domain Suffix Search Lists


Windows 2000 Domain Suffix Search Lists :18 Windows 2000 Domain Suffix Search Lists Neither primary DNS suffix name nor connection-specific domain name is appended to the name Resolver appends each suffix from search list in order Sends queries to DNS server until Name is resolved It reaches the end of list


Windows 2000 Resolver Cache :19 Windows 2000 Resolver Cache The cache is always checked before queries are sent to a DNS server Positive and negative responses can be cached Decreases network traffic Positive entries are cached for a max period = TTL returned with the record from DNS Negative entries are cached for a max period = minimum TTL in SOA record Cannot be less than 1 minute Cannot be greater than 15 minutes


Windows 2000 Resolver Cache :20 Windows 2000 Resolver Cache Caching behavior is configurable Entries are cached for the number of seconds specified by the TTL But never for longer than the values in registry Q245437 “How to Disable Client-Side DNS Caching in Windows 2000” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache\Parameters (Note that the registry key is all one line, but is wrapped here for readability) Set MaxCacheEntryTtlLimit = 1 (Default = 86400) Set NegativeCacheTime = 0 (Default = 300)


Windows 2000 Resolver Cache :21 Windows 2000 Resolver Cache View TTLs in cache: ipconfig /displaydns


Windows 2000 DNS Queries :22 Windows 2000 DNS Queries If the name is not in cache: Resolver queries the DNS servers configured on each adapter


Windows 2000 DNS Queries :23 Windows 2000 DNS Queries Each adapter can be configured with multiple DNS servers (list servers) Resolver sends queries to the first DNS server on the “preferred adapter’s” list Waits one second for a response If no response, resolver queries the first DNS servers listed on all adapters’ lists Waits two seconds for a response If no response from any server, resolver queries all DNS servers on all adapters Waits two seconds for a response


Windows 2000 DNS Queries :24 Windows 2000 DNS Queries At the 5 second point If a response is not received from any DNS server Resolver queries all DNS servers on all adapters and waits 4 seconds for a response If a response is not received from any DNS server Resolver queries all DNS servers on all adapters Waits 8 seconds for a response If no DNS servers respond, resolver responds with a “Time-out” message


Windows 2000 DNS Queries :25 Windows 2000 DNS Queries Total time should be no more than 17 seconds If resolver does not receive a response from any server on a given adapter Resolver stops querying that adapter’s DNS servers For 30 seconds returns a time-out


Windows 2000 Name Server List Management :26 Windows 2000 Name Server List Management If the resolver receives a negative response at any point in the process It removes every server on that adapter from consideration during that particular search If the resolver receives a positive response at any point in the process Resolver stops querying DNS servers Adds response to cache Returns response to client


Windows 2000 Name Server List Management :27 Windows 2000 Name Server List Management When resolver does not receive a response from a particular DNS server Resolver moves next DNS server in list to the top of list Resolver may move servers up or down list based on quickly they respond Keep infrastructure as simple as possible Resolver list management behavior is not configurable Refer to Q135919 “DNS Server Search Order Functionality in Windows NT”


Windows 2000 Name Resolution Example :28 Windows 2000 Name Resolution Example Client-side DNS Configuration


Windows 2000 Name Resolution Example :29 Windows 2000 Name Resolution Example Scenario hq.corp2. is not connected to Internet Client sends a single-label, unqualified query for “hostb” hostb in the RAS connection’s DNS server Example: hostb is in hq.corp2.


Windows 2000 Name Resolution Example :30 Windows 2000 Name Resolution Example


Windows 2000 Name Resolution Example :31 Windows 2000 Name Resolution Example Data used at each step in the host name resolution process Name being queried DNS server being queried DNS server’s response to the query


Windows 2000 Example: First attempt :32 Windows 2000 Example: First attempt Name resolution order for query Is name in resolver’s cache? No Query sent to E1 using FQDN hostb.na.corp.com. E1 is the preferred adapter’s DNS server na.corp.com. is primary DNS suffix for client E1 will return a negative response


Windows 2000 Example: Second attempt :33 Windows 2000 Example: Second attempt FQDN hostb.na.corp.com. sent to R1 na.corp.com. is primary DNS suffix for client R1 is other adapter’s DNS server R1 will return a negative response


Windows 2000 Example: Third attempt :34 Windows 2000 Example: Third attempt Domain name avionics.naom.corp.com. is appended and sent to E1 E1 is preferred adapter’s DNS server avionics.naom.corp.com is the connection-specific DNS suffix E1 returns a negative response hostb does not exist in that domain


Windows 2000 Example: Fourth attempt :35 Windows 2000 Example: Fourth attempt Same name avionics.naom.corp.com. is appended and sent to R1 R1 is the other adapter’s DNS server avionics.naom.corp.com is the connection-specific DNS suffix R1 returns a negative response hostb does not exist in that domain with that suffix


Windows 2000 Example: Fifth attempt :36 Windows 2000 Example: Fifth attempt Domain name hq.corp2. is appended to hostb and sent to E1 E1 is preferred adapter’s DNS server hq.corp2. is the next connection-specific DNS suffix E1 returns a negative response E1 is not authoritative for hq.corp2.


Windows 2000 Example: Sixth attempt – name resolved :37 Windows 2000 Example: Sixth attempt – name resolved Same name hq.corp2. is appended to hostb and sent to R1 R1 is the other adapter’s DNS server hq.corp2. is the next connection-specific DNS suffix R1 returns a positive response R1 is authoritative for hq.corp2 hostb is found in that domain


Windows 2000 Reading and Resources :38 Windows 2000 Reading and Resources Q217769 “Description of DNS Client Name Resolution in Windows 2000” From the Microsoft Windows 2000 Resource Kit: “Windows® 2000 Server TCP/IP Core Networking Guide”