Friday, August 9, 2013

DNS Records types

We use different resource records to resolve many types of queries in today environment. The purpose of DNS query is to help us locate the server how’s Authoritative for ad Domain Controller, is mission is to check the query to its resource records.

Types of Records and what they here:

SRV and _MSDSC records:
Thus two records I created by default when you install your DNS role in your environment and it required for communication with Active Directory.

This record helps us to see the services available and make the connection between client’s computers and the Domain Controllers with the resolve of the DC ip addresses.

Example:
we can see our DNS servers, our Active-Directory servers and our Global Catalog servers.

SOA (State of Authority) Records:
This is the most important record that DNS server as to offer and for easy life for us the administrators we better know how to manage this record so we have easy life controlling our DNS server .we also need to remember that we have only on SOA record in a ZONE.

Basically this record contain all the information of our DNS server and Domain, for example in the SOA we can get information about updates and the time they occur in our domain, we also can specify our E-mail address in case we not in work because we transfer to a bigger office and we make much more money and our replacement need to ask stupid questions. We need also know that good SOA configuration helps us to save replication times in our domain.

MX Records:
If I have one way to describe the purpose of the MX records I would say that we use this type of records to help servers to deliver email between them.

The e-mail delivery can occur in your internal environment or to other external domains.

The process is very simple:
Client from planning-tech domain sends E-mail to other client that’s belonging to Microsoft domain.

The mail that send to an SMTP server and he checks the MX record of the domain in the send E-mail (XXX@IBM.com) if the SMTP server finds the MX record to be correctly configured he then checks for the A record for that domain and establish the connection to this Mail Server .

We can create multiple MX records (For redundancy or to create balance between our Exchange servers) with priority between them ,so when the SMTP server try one of our MX record he will chose the one with the lower number and if it’s not active he goes to the second priority MX record with higher number.

NS Records:
This record simply helps us knowing the authorities DNS servers we have in our environment.
We need to know\use the NS records when we create forwarders between DNS servers both Internal and External DNS servers.

PTR Records:
First we need to know that we cannot create PTR record by default, to create the PTR records we firs need to create additional Zone called “Reverse Lockup”.

The PTR record maps the ip addresses into Hostnames. When you use this types of records you need to know that it’s also can allow security problems because attacker can easily create a “Reverse DNS Lookup “ and by that achieve the target to know all your domains name and other security problems(But that will explained in other post…).

The main purpose of the PTR records is to help us establish connection to an SMTP mail relay that must have the PTR record to function properly so we can enjoy Mail-Flow.

A Host Record:
This is the classic record that DNS server as to offer, the only thing that “A” record do is to map Hostnames into IP addresses. We can set one A record to an IP address because if we set A record to one or more IP address we have conflicts in our DNS server. 

The A record also help us to set static IP addresses to our Domain Controllers that must have (Or let’s say that it’s recommended by Microsoft...)Static IP addresses (Imagine your DC change is IP address ….not so recommended….).
For Example:
www.XXX.com Equaled to 192.XXX.XXX.X

CName Record:

Cname is a canonical name Record that helps us to map our “A” records (Hosts Names) to a different path like another hostname or to different FQDN.  

No comments:

Post a Comment

My Presentations