Important Resource records in DNS

By -

SOA-Records (Start of authority)


zone contains exactly one SOA-record, which holds the following properties for the zone:

Name of primary DNS server
The host name of the primary DNS server for the zone.
The zone should contain a matching NS-record.

NOTE: For dynamic updates from Windows clients and Active Directory to work correctly, it is important that this contains the correct host name for the primary DNS server for the zone, and also that an A-record exists for this name pointing to the correct IP address.

E-mail address of responsible person
The e-mail address of the person responsible for the zone.
The standard for this is the "hostmaster" alias - such as "hostmaster@example.com".

Serial number (see Zone Transfers)
Used by secondary DNS servers to check if the zone has changed.
If the serial number is higher than what the secondary server has, a zone transfer will be initiated.
This number is automatically increased by Simple DNS Plus when changes are made to the zone or its records (happens when you save the zone).
Unless you have a specific reason for changing this number, it is best to let Simple DNS Plus manage it.
You should never decrease a serial number.

Refresh Interval (see Zone Transfers)
How often secondary DNS servers should check if changes are made to the zone.

Retry Interval (see Zone Transfers)
How often secondary DNS server should retry checking if changes are made - if the first refresh fails.

Expire Interval (see Zone Transfers)
How long the zone will be valid after a refresh.
Secondary servers will discard the zone if no refresh could be made within this interval.

Minimum (default) TTL
Used by other DNS server to cache negative responses (such as record does not exist etc.).


A SOA-record is automatically created when you create a new zone.

A-Records (Host address)


The A-record is the most basic and the most important DNS record type.

It is used to translate human friendly domain names such as "www.example.com" into IP-addresses such as 23.211.43.53 (machine friendly numbers).

A-records are the DNS server equivalent of the hosts file - a simple domain name to IP-address mapping.

A-records are not required for all computers, but are needed for any computer that provides shared resources on a network.

To create a new A-record, right-click a zone in the left list of DNS Records window, and select "New A-record" from the pop-up menu.

PTR-Records (domain name pointer)

PTR-records are primarily used as "reverse records" - to map IP addresses to domain names (reverse of A-records and AAAA-records).

For a reverse IPv4 mapping, the name of the PTR-record is the IP address with the segments reversed and with "in-addr.arpa" appended to the end.
As an example, looking up the domain name for IP address "12.23.34.45" is done with a query for the PTR-record for "45.34.23.12.in-addr.arpa".

For a reverse IPv6 mapping, the name of the PTR-record is each hex digit of the IP address in reverse order, with dots between each digit, and with "ip6.arpa" appended to the end.
As an example, looking up the domain name for IPv6 address "1234:5678:90ab:cdef:1234:5678:90ab:cdef" is done with a query for the PTR-record for "f.e.d.c.b.a.0.9.8.7.6.5.4.3.2.1.f.e.d.c.b.a.0.9.8.7.6.5.4.3.2.1.ip6.arpa".

For more information see the section on Reverse DNS.

To create a PTR-record use one of the following options:
The "Update Reverse Zone" check box in the Record Properties dialog for an A-record or AAAA-record.
Right-click a reverse zone in the DNS Records window, and select "New PTR-record" from the pop-up menu.

NS-Records (Authoritative name server)


NS-records identify the DNS servers responsible (authoritative) for a zone.

zone should contain one NS-record for each of its own DNS servers (primary and secondaries).
This is mostly used for zone transfer purposes (notify messages).
These NS-records have the same name as the zone in which they are located.

The more important function of the NS-record is delegation.
Delegation means that part of a domain is delegated to other DNS servers.
For example, all ".com" sub-names (such as "example.com") are delegated from the "com" zone.
The "com" zone contains NS-records for all ".com" sub-names (a lot!).

You can delegate sub-names of your own domain name (such as "subname.example.com") to other DNS servers the same way.
To delegate "subname.example.com", create NS-records for "subname.example.com" in the "example.com" zone.
These NS-records must point to the DNS server responsible for "subname.example.com", for example, "ns1.subname.example.com" - or a DNS server somewhere else like "ns1.othername.net".

An NS-record identifies the name of a DNS server - not the IP-address.
Because of this, it is important that an A-record for the referenced DNS server exists (not necessarily on your DNS server, but wherever it belongs), otherwise there may not be any way to connect with that DNS server.

If an NS-record delegates a sub-name ("subname.example.com") to a DNS server with a name in that sub-name ("ns1.subname.example.com"), an A-record for that server (""ns1.subname.example.com") must exist in the parent zone ("example.com").
This A-record is called a "glue record", because it doesn't really belong in the parent zone, but is necessary to locate the DNS server for the delegated sub-name.

To create a new NS-record, right-click a zone in the left list in the DNS Records window, and select "New NS-record" from the pop-up menu.

SRV-Records (location of service)


SRV-records are used to specify the location of a service.

They are used in connection with different directory servers such as LDAP (Lightweight Directory Access Protocol), and Windows directory services, and more recently with SIP servers (see http://www.simpledns.com/kb.aspx?kbid=1218).

They can also be used for advanced load balancing and to specify specific ports for services, for example, that a web-server is running on port 8080 instead of the usual port 80 (theoretical example - this is not yet supported by any major browsers).

This record type is however NOT supported by most programs in use today, including web-browsers.

The name of a SRV-record is defined as "_service._protocol.domain", for example, "_ftp._tcp.xyz.com".
Most internet services are defined in RFC1700 (page 15), and the protocol is generally TCP or UDP.

The "service location" is specified through a target, priority, weight, and port:
- Target is the domain name of the server (referencing an A-record or AAAA-record).
- Priority is a preference number used when more servers are providing the same service (lower numbers are tried first).
- Weight is used for advanced load balancing.
- Port is the TCP/UDP port number on the server that provides this service.

To create a new SRV-record, right-click a zone in the left list in the DNS Records window, and select "Other new record" from the pop-up menu.

CNAME-Records (Canonical name for an alias)

CNAME-records are domain name aliases.

Computers on the Internet often performs multiple roles such as web-server, ftp-server, chat-server etc.

To mask this, CNAME-records can be used to give a single computer multiple names (aliases).
For example, the computer "computer1.xyz.com" may be both a web-server and an ftp-server, so two CNAME-records are defined:
"www.xyz.com" = "computer1.xyz.com" and "ftp.xyz.com" = "computer1.xyz.com".

Sometimes a single server computer hosts many different domain names (take ISPs), and so CNAME-records may be defined such as "www.abc.com" = "www.xyz.com".

The most common use of the CNAME-record type is to provide access to a web-server using both the standard "www.domain.com" and "domain.com" (with and without the www prefix).
This is usually done by creating an A-record for the short name (without www), and a CNAME-record for the www name pointing to the short name.

CNAME-records can also be used when a computer or service needs to be renamed, to temporarily allow access through both the old and new name.

A CNAME-record should always point to an A-record and never to itself or another CNAME-record to avoid circular references.

To create a new CNAME-record, right-click a zone in the left list in the DNS Records window, and select "New CNAME-record" from the pop-up menu.

Please note that you cannot create a CNAME-record for the zone name itself as this will always conflict with the zone's SOA-record.
For more on this see http://www.simpledns.com/kb.aspx?kbid=1176

AAAA-Records (IPv6 host address)


An AAAA-record is used to specify the IPv6 address for a host (equivalent of the A-record type for IPv4).

IPv6 is the future replacement for the current IP address system (also known as IPv4).

The current IPv4 addresses are 32 bits long ( x . x . x . x = 4 bytes), and therefore "only" support a total of 4,294,967,296 addresses - less than the global population.
With this limitation there is an increasing shortage of IPv4 addresses, and to solve the problem, the whole Internet will eventually be migrated to IPv6.

IPv6 addresses are 128 bits long and are written in hexadecimal numbers separated by colons (:) at every four digits (segment).
A series of zero value segments can be shortened as "::", and leading zeros in a segment can be skipped.
For example: 4C2F::1:2:3:4:567:89AB.

To create a new AAAA-record, right-click a zone in the left list in the DNS Records window, and select "New AAAA-record" from the pop-up menu.




Comments

Post a Comment

Popular posts from this blog

Boot configuration Data Store --BCDEdit /set

By -
The  BCDEdit /set  command sets a boot entry option value in the Windows boot configuration data store (BCD). Use the  BCDEdit /set  command to configure specific boot entry elements, such as kernel debugger settings, data execution protection (DEP) and processor address extension (PAE) options, and to load alternate hardware abstraction layer (HAL) and kernel files. You can use these boot entry options when you are testing and debugging your driver for Windows Vista, Windows 7, and later versions of Windows. bcdedit /set [{ID}] datatype value Parameters [ { ID }] The  { ID }  is the GUID that is associated with the boot entry. If you do not specify an  { ID } , the command modifies the current operating system boot entry. If a boot entry is specified, the GUID associated with the boot entry must be enclosed in braces  { } . To view the GUID identifiers for all of the active boot entries, use the  bcdedit /enum  command. datatype value The fol
Read more

ADSI Edit

By -
Image
ADSI Edit (adsiedit.msc) Updated: March 19, 2010 Applies To: Windows SBS 2008, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2 Active Directory® Service Interfaces Editor (ADSI Edit) is a Lightweight Directory Access Protocol (LDAP) editor that you can use to manage objects and attributes in Active Directory. ADSI Edit (adsiedit.msc) provides a view of every object and attribute in an Active Directory forest. You can use ADSI Edit to query, view, and edit attributes that are not exposed through other Active Directory Microsoft Management Console (MMC) snap-ins: Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, and Active Directory Schema. This topic includes the following sections: Installing ADSI Edit Using ADSI Edit
Read more

Userenv logging (User Environment logging)

By -
When you enable userenv logging, you can perform debug logging of the user profile and the system policy processes. Userenv log files also contain information about the status of each Group Policy extension, such as Application Deployment, Security, and Folder Redirection. Userenv log files reveal what is occurring in the background as a user logs on   Userenv.log file located in the %SystemRoot%\Debug\UserMode folder Userenv log files contains information about the following: Group Policy settings that are not processed or not applied as expected Folder redirection that does not occur Profile or registry hive load, unload, or deletion failures Logon script, or script not applied as expected Default behaviors occurring because a slow link was detected Roaming profile issues Slow logon issues Whether a given GPO is accessible, and if not, why access was denied. The name of the domain controller that is accessing SYSVOL. The Userenv log has a maximum size of 1 megabyt
Read more