Time
1 hour 27 minutes
Difficulty
Intermediate
CEU/CPE
4

Video Description

Configuring DNS Zones This lesson covers the configuration of DNS zones using the conditional forwarders command in the DNS manager. In this lab-based lesson, participants learn step-by-step instructions and can follow along with the instructor while he configures a DNS zone. The conditional forwarder can also be managed in the Windows Power Shell environment. Participants in this lesson also learn about reverse look up zones

Video Transcription

00:04
there are multiple options to work with when you're actually trying to configure your D N s zones. So let's go ahead and get back to our Deena's own counsel here from Sarah. Manager Tools,
00:16
No idea. Ask counsel going Make that expanded out, Thio. Larger size
00:22
don't need to, but you can if you want to.
00:24
And once again, we have our
00:27
local server locally Network server. He had four look of zones, reverse lookup zones, trust points
00:32
condition foreigners and global logs.
00:35
Uh,
00:36
do you have for lack of zones and reverse cubs odes we're gonna actually start with conditional Ford is, although technically not a zone is frequently used to supplement dear zone infrastructure, so we could take a look at conditional Ford or so, in this case, we don't actually have a conditional foreigner. So first thing we're going to do is create a conditional foreigner. So go ahead and right Click on there,
00:56
click on new conditional forger,
00:58
and you're going to say
00:59
what the D. N s domain names base that you're going to forward is so in this particular case, we're going to put in Kyoto, so dot com
01:08
contest that calm, then we need to put in an I p address for the D. N. A server that's authoritative for tosa dot com,
01:17
where it's located. So you come down here to the I P address space and you put in an I P address, for example, will point in 131.107
01:26
0.1 dot two. It could be
01:29
any number that's viable. It could be a internalize pianists around Herbal i p address doesn't matter. You have toe choose what you want to do,
01:36
had forgiven Net. And obviously it's not going to succeed in terms of
01:41
validating because it doesn't have access to that domain at the moment. But you just hit the enter button and let it resolve their go through the process of attempting to resolve
01:49
fella did it and ideally, would do both would actually resolve and validated if you actually had it configured properly.
01:57
In this particular case, we just don't have access externally because we're working a lab environment
02:00
and that's what you do. And you just go ahead and click on okay, and that would guess you create a conditional Ford or to you,
02:07
um, one of things you actually run into from time to time is that you're dealing with a environment where you have
02:15
cash information that may need to be updated. So we also want to take on our server
02:20
going click on your local server there
02:22
and right click on it, and you can actually clear the cache is clear is the local cached information for the D. N s look up
02:29
environment. That's not the
02:30
Deanna's cash on this physical box. It's the Deanna's cash with Indian s environment itself. They just took a clear cash, and that actually clears the cash. We can also manage that conditional, afford his own from our power shell environment. So we go down here and stick a quick look in our power shell environment will bring it up.
02:46
There's a partial environment. We actually we want to go through the process of actually
02:52
working with that air D. N s environment within power show, so this particular case will start with our basic command Here, you get
03:00
D. N s right, and then we also want to type what we're going to do to get DNA. Sarah. So
03:07
there's our get DNA server. We go ahead and
03:08
hit enter
03:10
that would give us information about our d n a server environment. This is enabled,
03:15
and there's a whole lot of information in there. Just so you know, this is basically all the information you could find in the gooey,
03:23
separated out like theirs are root server hits. There's our zone name. So here's our various his own names and the type of zone it is primary foreigner. So it's like here we have a tosa dot com is a forger. We have trust anchors, anything that we would have in here that you could see into gooey you would have in here. Now, you can always pipe this output if you want to
03:43
Dutch
03:44
using the
03:45
come in and with it, you know, actually give you a page of the time, but just diseases to scroll up here and take a look at it. You can even play the outlook,
03:53
the inspiration
03:53
to an actual file if you want. You were actually gonna go do that so it takes to take a look at piping the outlet to a file.
04:00
So let's go ahead. Scroll back down here to our input line. Here
04:03
it
04:04
the first thing we want to do is show what we would do for that same thing. So if we have to get d n a server that we want our pipe command so we'll go ahead and put in our pipe command. There's our pipe, and then we
04:15
put in If you want to, actually, do you screen my screen, you put in the word war Annette, enter. So that's one option you would have.
04:24
And we also have the option to export information, which is what we're gonna do next. So this time I'm going to get that same de ns information and we're going to export it.
04:32
Yeah. What are we gonna export? We're gonna export the cli XML
04:39
and you don't need to capitalize any of this. You can capitalize anything. You want to make it easier for you. Then we have to tell it where we're going to actually output that
04:46
export information too. So next thing you know, you need to put in the path.
04:51
So the fact is fairly straightforward.
04:54
Did you type in, for example, see
04:58
colon backslash and then wherever you wanted to put it, it could be anywhere. No. See, Dr is not necessarily the best choice, but for the simplicity purposes, we're just going to do directly to see Dr and we type in the information we want. So it's going to be D and s
05:12
export
05:14
extra
05:15
option in there,
05:17
Miss Ke that
05:18
so d n s export. And then you're gonna put in the file Dave's which is
05:21
dot xml.
05:24
So there's your dot xml Will you put in? It would call whatever you want.
05:28
Deanna's export dot xml is pretty self explanatory. So you go ahead and eat.
05:31
Click on
05:32
that.
05:33
Enter this. His name is Raj Do boot. Not ethical on a d n a server, which is fine.
05:39
And it puts it now we actually want to go ahead and take a look at our file here. So go down here
05:45
and look at our C drive. There's a D in this export
05:47
a double click on it. It'll actually launched an Internet Explorer
05:50
because that's the default
05:53
application for extremophiles.
05:55
And unless we get the scent of an instance here, if you scroll down on this list, you would see all the information that you had
06:02
previously in the other windows that both too gooey and the power shelf. So I hear you got for example, a seven a right here.
06:10
So that's one that says the D n a server zone Name space. We got things like bullying classes
06:15
head. It's a very long list because obviously it's all the data that was also available. It are gooey and our power show
06:24
So we could actually exploit that work with that every what?
06:27
So
06:28
think it's us, our export information. And now we're gonna should do the next step here where should go to use our power shell to add a
06:35
conditional forwarders out. So in this particular case,
06:41
ad
06:42
D s s right. So I got my dash.
06:46
I didn't d n s
06:48
ad S t and s
06:50
And then we're gonna do server
06:54
conditional,
06:56
right?
06:57
Forger
06:58
fo r w
07:02
So adequate is no forger zone. So that's what we're gonna do. So we're gonna actually tell what do you do at a conditional forge his own?
07:10
And then we're gonna say, Okay, we need a name for that zone name. In this particular case, we'll go ahead and use
07:15
fabric cam
07:16
dot com
07:18
against his own name
07:19
that we have to tell it
07:21
where those oh names resides. So
07:24
though, that we called the master servers
07:27
at master servers and we can have more than one. But in this particular case, which is gonna put the one in and we don't need an argument tag at this point, we just need to give it the address. So 131.107 dot
07:39
56
07:40
and hit Enter.
07:44
It does.
07:45
Yeah, I cannot possibly argument transformation on Ford or timeout can act everybody fabric came dot com and to type system unit. So in frustrate was not in the correct form. It tells us
07:54
we have something is not the correct format. So we have to go back and take a look at this. So you add Deanna Server conditional for his own. And what we have here is just a simple typo.
08:03
We actually have
08:05
listening, arguing here, right
08:09
for his own right. So if you take a look at this, if we have
08:13
the, uh,
08:13
missing
08:16
name argument here, so
08:18
they should be named.
08:20
So if we actually didn't type it in properly, we could go back here and probably put it in here. So it's name
08:24
and then we scroll down to the end of it.
08:28
But you know, the end of our environment and we head enter again
08:31
at this time
08:33
Successful.
08:35
So
08:35
any time you have just a single typo,
08:37
Do you have an issue?
08:39
It's just being extra space egg. We're missing comma
08:43
missing quotation mark with some fantasy bracket created number things, But you need to have it just so capitalization doesn't matter. But the other things D'oh! Now, if we actually go back to our D. N s Council here
08:52
and look at our conditional forwarders
08:54
and refresh it so we gotta go, everyone to refresh it,
08:58
we would now have a another conditional forger called fabric. And
09:01
that's how we do that.
09:03
Now you take a look at our other zones. So we talked about a connection. Ford's own stopped. Really? A zone is for just a conditional Florida.
09:11
But how about our reverse look observes, That's why talk about next. Relax. You wantto take a look at our reverse look observes
09:18
and
09:18
in our reverse lookup zones reissue what to
09:22
take and created New zone. So if we're gonna go ahead right here and we're gonna right click on that and doing the zone
09:26
it is going to say next
09:30
and says what type of his own
09:31
that we have.
09:33
If unless you are connected with another d N a server pulling that zone transferred for mission down, it's going to be a primary zone.
09:39
The secondary zone option here
09:41
and the stubs own option require connectivity to and
09:46
authorization from another d n a server to chance for that zone information. So we're going ahead and click on Primary Zone here so quick on that
09:54
head,
09:56
we're going to say what type of his own it is. I pee before I Phoebe *** reverse lookup zone. You choose what you need to do. Remember, if you want both, you have to do them individually. Separate. I'm out.
10:05
So we're gonna go ahead and click on the next option here.
10:09
It says give you the network i D. And when you type it in, you kept it in the order. You're used to typing in it, but it actually displays it in reverse order. So in this particular case, want to choose a
10:18
internal
10:20
network. Where did you
10:22
1 72.16
10:24
right, So it's our network, so it's in a private i p address space
10:28
and you go and click on next. What? You do that?
10:31
So is there. And I was down here the bottom and it puts it in reverse order. That's the standard format with Indian s.
10:37
It says created new file with his name. That gives us a reverse format here. Also for the file name
10:43
16 That 1 72 which is actually reverse order.
10:46
Where then
10:46
obviously we could also put in existing file If you want to dio if we already have the information
10:52
going, click next
10:54
and it says dynamic update.
10:56
So in terms of replicating his data, we're gonna replicate it.
11:00
So we either allow allow secure, which is only for 80 integrated,
11:05
both secure, not secure if that's a matter or in this particular case, since it sustained low D and s ever, we're going to not allow
11:13
dynamic updates. So we don't actually don't want a lot of dynamic updates on that. So we'll leave that would check,
11:16
go and click on next
11:18
and we get our finish wizard. Hey, we go ahead and click out finished
11:22
and that's it. So there's our reverse lookup zone there gives us. Our zone information and notice are starting authority is our local server and our names servers also our local server.
11:35
So that gives us the basic information now.
11:37
Well, we're done with this. We have share one more step that we need to do to make sure that everything is properly implement. So in this particular case, we should want to go back into our power. Shelagh varmint. So here's a partial environment back up, and we actually want to make sure we register that D. N s information so that we get the all the completed steps
11:56
finalized. So this particular case, we do our stated i p config.
12:01
So there's our beekeeping and always face flash states this case register D N s
12:07
that we're gonna hit. Enter,
12:11
This is it's done right away.
12:13
This is his registration of the research records are all that is in this computer has been initialized.
12:18
If there's ares would be reported within 15 minutes. So we go back to our D. N s console
12:22
in our Deanna's console to reverse lookup zones.
12:26
We're going to say
12:28
there's our reverse club's owned were still here right?
12:31
Then say
12:31
if we
12:33
press F five here.
12:35
Thio, refresh it.
12:37
We are information
12:39
is
12:41
we'll be updated ultimately with the correct information. So we're gonna have once we got 1 72 16 here it says
12:48
and appoint a record for
12:50
at some point when the somewhere 10 to 15 minutes. Well, should get our
12:56
was there. Did you have 16 0 that Ted? Because we have to look at what the i p address of our servers. So if you take a look at our
13:03
server itself and we do that same I p config
13:07
on our server,
13:09
you take a look at that, it we'll see the
13:11
Ivy Anderson server,
13:13
for example. We have a 0.21. So at that point, that 21 would be information. We also wanna have showing up in there
13:20
an idea as counsel
13:22
naked says our reverse lookup. Don't. And like I said, this could take a
13:26
anywhere from
13:28
a very quick order
13:28
of time to a little bit longer. Order of time.
13:33
Out to the four. Look observes four. Look observes it. Reversible stones are essentially done exactly the same way. There's
13:41
only the only difference between four. Look up zone. A reversal of zone is which order you're trying to get the information it
13:46
If you're doing a reverse, you want to start with I p address and go to your name. And if you're doing forward, you're obviously doing the reverse. So in this particular case for themselves, which is the most common type that are used
13:56
at a new zone,
13:58
go ahead and
14:01
click on.
14:01
He added his own there and click on next stick with the primary zone.
14:05
Now, can I do a secondary zone?
14:07
I could certainly do a secondary zone. If I wanted, I would just need to be able to have connectivity to a another one. Um, actually, because I've seen the primaries Oh, process. Let's go ahead and
14:18
do a secondary zone.
14:20
So their secondary zone in this case where you got next
14:22
and we're gonna have his own name. So this in this case, we want to tell it
14:26
what zone we're gonna have a secondary copy.
14:28
So this case we're gonna
14:31
a datum
14:31
dot com that zone we want to have a copy of it is good to be a
14:37
copy of his own. It's not gonna be an actual zone and go ahead and click on next. It says Now give me the address of the D. N s server for that zone. Well, in this particular case, 1 72.16 dot zero That 10 for example, that's would be the master server. That's authoritative for the
14:54
well, one of the master servers authoritative for that Deanna zone.
14:58
So you go and hit, enter,
15:01
and it's gonna attempt to resolve it, Mrs C. A. Validated it. And that's that right. Validated
15:05
it right here,
15:07
then attempted to resolve. Now validate is one thing attempted resolved. There you go. There's our other piece of information. So it's there, so we don't have a
15:16
fully executed secondary zones. We click on next
15:20
and then click on finish here,
15:22
and we now have
15:22
copy of the A datum zone.
15:26
Locally on this computer,
15:26
there's a zone not loaded by D. N a service. If you take a close look at that, the reason that zones not loaded is because
15:33
we
15:35
have that set up transferring.
15:37
So
15:37
So even though we created a
15:39
zone secondaries Ellen,
15:41
we actually haven't transferred the zone data to this computer, which is done separately. We actually have to do that from a separate environment. So that zone data is done separately. We can also, in our environment here, we can actually take and do the same thing we just did from Windows Power Show. We do this earlier with our
16:00
conditional forward, and now we're actually going to go ahead and do this with a national
16:04
primary zone.
16:07
So in this particular case, we're going to actually
16:08
on the same environment or get teased.
16:11
Get off our shell, which already in here we're gonna
16:15
ad
16:17
D. N s
16:18
server right. And then we're gonna have Primary Zone is what we're gonna do.
16:22
So has added an observer primary zone and that we have to put in
16:27
what we're gonna add the name of it. So give our name argument that we're gonna actually call it
16:32
in this particular case we call it
16:33
would grow bank.
16:36
So there we go would grow bank.
16:38
So we have a name of it dot com, Of course.
16:41
Then we have to give the rest the argument. Are we going to
16:45
how we're gonna handle dynamic updates so that we put in
16:48
dynamic
16:49
of date.
16:51
So we have dynamic update and then obviously what type of a dynamic update is going to be
16:56
secure, right? So
17:00
but its cure,
17:02
then we also want to decide how we're gonna replicate so
17:06
extra space there. Sorry
17:10
replication.
17:11
So have replication in an obviously replication scope is what we want. Matches replication were actual. Want the scope.
17:18
So where we're gonna replicate that information to this particular Gatien, we want to replicate it to the whole domain. So in that particular case, that's what you want to do. You want to replicate it to the entire to May.
17:27
So
17:29
go and hit. Enter
17:32
and we have a
17:34
what again? We probably a typo. So says Addie and a surprise f educate zone would grow bank on server
17:41
at the line.
17:41
So that's because
17:45
we
17:45
are trying to do
17:48
in this particular case,
17:48
we tried to add a a d integrated zone. I remember
17:53
80 integrated zone with replication of dynamic update on a non domain controller.
17:59
So this clearly is what our air is going to be. So if we try to add on the wrong machine that we get an air tells us we can't do it now if we go ahead and get over to our actual domain controller here. So let's go ahead and flip over tired, too many controller
18:12
and get tardiness. We don't even need to get a d in this council there yet. We just go to our power shell
18:18
is going to make her partial here a little bit different. We have blue power cell on hard to be in control, which is the standard blue format. You can make this any color you want,
18:26
so there's a blue flower shell, and we're going to do that same set of commands in there. So we got to go back here and type in the same set of commands. Obviously, we can't use our up error to make our lives easier, but we
18:38
timing and again ad d. N s
18:41
server
18:44
primary zone.
18:47
So that's what we're adding, Dina. Super primaries, Ellen.
18:49
Then we're gonna take the name of it,
18:52
and we're gonna tape in would grow bank
18:56
and dot com.
18:59
So we got would grow bank dot com.
19:00
Now,
19:02
this day, we're actually going to go ahead and
19:04
make it a dynamic update. So
19:08
dynamic update Right.
19:14
Secure. So what type of dynamic updated with what
19:15
secure
19:18
that didn't get typed it properly,
19:19
kind ahead of myself.
19:22
And then we got a d r
19:22
replication, right?
19:26
Extra letter there.
19:29
Application
19:33
backspace. So replication and
19:37
scope
19:40
ad replication scripts going for the hole to make
19:44
guide presenter.
19:47
And this time we're actually running the same command on
19:51
a environment that is
19:52
actor directory. So in this particular case
19:56
and actor director viral, we can now assure you to our d. N s council here
20:00
and goto
20:02
d N s.
20:03
And if we look at our
20:04
Ford pickup zones,
20:06
well, this is a would grow bank for the Cubs own there.
20:08
That's now how we get it
20:11
into the environment that we needed to be it.
20:15
Now, obviously, we could actually look at the properties of this of what we could take a right click on it.
20:19
Ah, so are four look of zones. We actually have our bank here, and we can actually look at our properties of it
20:26
by right clicking on it. And they give us information like
20:27
type of updates. There No said secure a jinx. We could send aging of scavenging for this bullet specifically, and you could certainly
20:36
scavenge stale resource records if you wanted on that one.
20:38
Who the Esso is. If I ever need to change at this where I need to change it for the name servers. That's also I can add, additional name servers, zone transfers if I want to allow his own transfers. That I need to go ahead allows own transfers that we're gonna transfer it
20:52
and then security, obviously and wins if I need to do wins.
20:56
That's how we go ahead and get our survivors set up for
21:00
different temp zones. So there we go. That's how we get our environment set up.

Up Next

Manage a Network Infrastructure

Helping an organization determine how to build, design, and protect their network is a highly demanded skill. Gain a deep understanding of the requirements needed to securely manage a network infrastructure in less than an hour.

Instructed By

Instructor Profile Image
Michael Boberg
CEO of Broadline Enterprises, LLC
Instructor