TechEd EMEA 2008 IT Professionals - Name Resolution 2008 Style : What's up with DNS, WINS and NetBios
Voici mes quelques notes (enrichies de ressources complémentaires) prises lors de la session “Name Resolution 2008 Style : What's up with DNS, WINS and NetBios” animée avec brio par Mark Minasi (www.minasi.com) ce matin à TechEd EMEA 2008 IT Professionals :
Is NetfBios finally dead ?
Wins your days are numbered
unfortunately, though the number is pretty large
WINS
dans Windows Server 2008, WINS est une feature pas un rôle
IPv6 doesn't have clue about WINS/NetBios
Computer Browser
Service disabled by DEfault in a workgroup
Browser replacement : Network Discovery, off by default
Driven by multicast messages, not broadcasts
Network Discovery details
Built along Universal PnP lines
Advertisement / announcement go to multicast address 239.2552.255.250
uses UDP port 3702, TCP port 5357 (http), TCP Port 5358 (https)
DNS Server Changes
DNS is now multithreated
Can't accept updates until all zones are loaded
Installation de DNS dans Windows Server 2008
Installation classique : Servermanagercmd -install DNS
Installation Core : ocsetup DNS-Server-Core-Role ==> ATTENTION CASE SENSITIVE
DNSCMD is now "in the box"
A ce propos 2 liens super intéressants sur le site de Mark Minasi :
- Mark Minasi's Windows Networking Tech Page Issue #69 Late March 2008
https://www.minasi.com/newsletters/nws0803a.htm ==> contient un tableau à connaitre (DNS Command-Line Cheat Sheet) - Une présentation sur l'administration en ligne de commande de Windows (dont le Server Core)
https://www.minasi.com/333.pdf
prisoner.iana
=> pour éviter les communications du serveur DNS vers ce serveur, créer des reverse DNS Zones. Plus d’informations sur :
- Requête DNS pour prisoner.iana.org
https://support.microsoft.com/kb/259922
ACL sur les zones DNS intégrées AD pour permettre aux RODC de faire des mises à jour.
How 2008/Vista rediscover :
You can make the cache "evaporate" after a given time.
KB939252 ==> hotfix pour XP/2003.Valeur de registre : ForceRediscoveryInterval (In Seconds)
Valeur par défaut : 12 heures (convertit en secondes)
- The domain controller locator cannot find an appropriate domain controller on a computer that is running Windows XP or Windows Server 2003 : https://support.microsoft.com/kb/939252/en-us
DsGetDcName Function
https://msdn.microsoft.com/en-us/library/ms675983(VS.85).aspxValeur : TryNextClosestSite de type DWORD
0 = don't use next site
1 = do use next siteEnabling Clients to Locate the Next Closest Domain Controller
https://technet.microsoft.com/en-us/library/cc733142.aspxChecklist: Deploying the First Domain Controller in a New Regional Domain
https://technet.microsoft.com/en-us/library/cc755204.aspx
Name resolution in IPv6
No Netbios support at all
ipv6 doesn't undestand WINS
Local name resolution with IPv6 : RFC 4795
RFC 4795 - Link-Local Multicast Name Resolution (LLMNR)
https://www.ietf.org/rfc/rfc4795.txt
IPv6 and AAAA record
AAAA ("quad-A") record map host names to IPv6 addresses
Vista and 2008's DNS client automatically register AAAAs
DNS Server in 2003 handless AAAAs just fine
New records type :
DNAME : simplifying migration
En gros c'est comme un CNAME mais pour un domaine entier
cf. RFC 2672 : Non-Terminal DNS Name Redirection (https://www.ietf.org/rfc/rfc2672.txt)
Attention : no GUI !! se fait en ligne de commande avec l'outil DNSCMD
Post-WINS Single Lable Names
You can deploy a DNS suffix search list via GPO
Doing Single-Label in 2008 create GlobalNames
...
sur chaque serveur DNS:
dnscmd /config /enableglobalnamessupport 1
..
new SRV record : _vlmcs._tcp
==> utilisé par le KMS Server (cf. https://www.microsoft.com/france/technet/desktopdeployment/bdd/2007/volumeact_6.mspx)
Bon sinon, pour ceux qui trouvent mes notes un peu incompréhensibles :-) , j'ai aussi trouvé 2 bon résumés des améliorations de DNS dans Windows Server 2008 :
- Windows Server 2008 - DNS enhancement nuggets
https://edge.technet.com/Media/622/ - The Cable Guy DNS Enhancements in Windows Server 2008
https://technet.microsoft.com/en-us/magazine/cc137727.aspx
Tags: DNS