Creating Dynamic DNS in Network Environments
Creating Dynamic DNS in Network Environments
This content is from our CompTIA Network + Video Certification Training Course. Start training today!
In this video, CompTIA Network + instructor Rick Trader teaches how to create Dynamic DNS zones in Network Environments.
Now that we’ve installed DNS, we’ve created our DNS zones, the next step is now, how do we produce those records in our DNS database?
We actually have two options. We have the ability to create records statically, or to be able to create records dynamically.
One of the things we had a challenge with in static was, let’s say I had a computer called SPR‑1.USSHQ.Local.
The IP address of that machine was 172.16.0.100.
What if the IP address changes, say goes from 100 to 101, if I have static‑based DNS, I have to go into my DNS server, and I have to change that record from 100 to 101.
That record gets synchronized out to any secondaries we might have in our environment.
Or what if we add a new server to our environment, SVR‑2.USSHQ.Local, with an IP address of 172.16.0.120?
Nobody in the environment is going to be able to resolve to this new server, until I manually create that record in DNS. Let’s think about this for a second. One or two changes is not a big deal, but what if you have 1,000 plus machines in your environment? You might be spending every single day, day‑in and day‑out, doing nothing but managing records in DNS.
We don’t want to spend our time doing that unless you want that as your job security.
Starting back in the Windows 2000 operating system, or with BIND ‑‑ BIND stands for Berkeley Internet Name Domain standard. BIND introduced the ability to do dynamic DNS. You’ll see this abbreviated DDNS for Dynamic DNS.
What does this dynamic DNS allow us to do?
First of all, here’s my DNS server. I’ll create my zone database, whether it be a forward or a reverse lookup zone.
I had to tell this zone that it has to accept dynamic updates. Microsoft has both secured and unsecured dynamic updates. When I get into the interface here in a few seconds in the demo, I’ll discuss that in a little more detail.
I have to configure dynamic updates, then I’ll reset a DNS client. The DNS client has to understand what dynamic updates are.
Microsoft operating systems by default, since Windows 2000, has been configured to automatically register its IP address with its DNS server, that it has a DNS suffix.
If I do not have a DNS suffix, I won’t know who to register it with. If I’m running on UNIX, Linux or Red Hat, I have the ability to configure those DNS clients as a dynamic DNS client. What will happen is, when this machine turns on, or anytime this machine gets a new IP address, it’s going to register its name and IP address with DNS.
Routinely, it’s going to go out to the DNS servers, “Hey, DNS, my name hasn’t changed, my IP address hasn’t changed,” just to make sure the record keeps updated.
If I restart the machine, that background refresh, or I change its name, or I change its IP address, DNS is going to be automatically updated.
When I’m looking at this, from the client side registration, automatic means I have to do absolutely nothing. It’s done behind the scenes. I have to do nothing whatsoever.
An IP address changes, the name changes, a new machine, or a new name, whatever, it’s automatically registered in DNS.
If I’m running a Microsoft operating system, a Microsoft operating system has two different utilities if I want to do it manually, if I don’t want to have the client do it.
The first one is called Ipconfig /registerdns.
I go into my command prompt, I simply type that, hit enter, and it’s going to rush through my name, and my IP address in DNS.
If I’ve gotten a new IP address, this I’ve done it statically, I can run this and it will register me automatically in DNS. No big deal, I don’t need administrative rights to do this.
If I’m running PowerShell and I don’t want to do it through the command line, because I want to be a PowerShell userI can launch my PowerShell command‑line interface and run register DNS client, and it’ll go out and register my DNS.
The big thing with both of these is, my DNS client requires two things.
It must know the IP address of the DNS server, and it must know the DNS suffix that I’m going to register with. If I do not know the DNS suffix, I’ve got to attempt to match my name with DNS, but DNS won’t know where to put it. I’ll go, “Hey, DNS, here’s my name. But I don’t know where to place it.”
The other option is, if you’re running on a non‑Microsoft operating system, let’s say you’re running on Linux‑based operating system.
Linux has a utility called “nsupdate.” Nsupdate is more of an interactive utility. Running nsupdate, as soon as I run it, type “nsupdate” and what this will do is, you’ll immediately get a caret, then there’s a whole lot…
I can delete records, I can add records, I can update records. I have to tell it what type of record to update. Linux is more of an interactive utility instead of just a simple command‑line, like it is in Microsoft.
Let’s take a few moments and let’s go actually look at my DNS database.
I’ll show you how to go about registering a machine in DNS.
In my environment, I have a DNS server.
My DNS server is called USSHQ.Local, that’s the name of my namespace that’s the zone.
Its IP address is 172.16.0.10. Over here, I have a machine called USSSVR‑2. It has an IP address of 172.16.0.20, and it’s currently pointing to this IP address for DNS, but my server doesn’t have a DNS suffix.
A couple of things that I want to do on this machine, so it registers in DNS. First of all, I’ve already gone in and I’ve told this machine the IP address of the DNS server.
I’ve gone into my network adapters, properties.
I’ve already told it the IP address of the DNS server.
The next thing I want to do is, I want this to register in the USSHQ.Local namespace.
I’ll bring up my server manager, I need to change my DNS suffix. Workggroup.
Then change > more >.I want this to register in the USSHQ.Local namespace.
This will require a restart.
When I restart it, it’s going to automatically register itself because it’s being restarted.
I come in my server 1, I will show you there’s no record currently in server 1 for USSHQSVR‑1.
If I wanted to register my record, I will go into that machine, I would have two options. If it’s changed after the restart, actually we’ll do that after we start, I’ll change my IP address and I’ll manually update it.
Just a couple seconds to reboot Go back into. server one, watch for the record to show up.
This will be dynamic DNS. As the server comes online, it will register its record.
Notice USSHQSRV‑2 automatically populated with that IP address.
Now, let’s assume we changed the IP address.
Let’s say this machine’s IP address changed for whatever reason. I’ll come into my network adapter card, properties.
Then select IPv4, let’s change this IP address to 120. For whatever reason, the IP address has changed.
What I’d want to do is, instead of waiting for dynamic updates to occur, I can go into my PowerShell. I can run ipconfig /registerdns and hit enter.
That’ll come back and tell me “Hey, if there’s been any errors, they’ll report it in 15 minutes.” That’s one way of registering.
The other way to register would be to use PowerShell Claimants themselves. “Register‑DNSClient,”
I just hit tab to tab complete, hit enter. On PowerShell, no news is good news. If it didn’t come back red, no news is good news.
I come back out now to server 1, and I refresh my screen.
Notice server 2 now has an IP address of 172.16.120.
Dynamic DNS lightens our workload instead of statically having to configure all the IP addresses on our environments for A records, our pointer records, or our AAAA records. This is a much easier way of doing business.
You May Also Like
In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.
One of the coolest new features in Window Server 2012 and Windows Server 2012 R2 is the ability to clone a Domain Controller. In the past, if we had virtualized Domain Controllers and we actually took a snapshot of it and then rolled back to that snapshot, it would break the logon service on that … Continue reading How to clone a Windows Server 2012 or 2012 R2 Domain Controller
In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.