This second excerpt is from Chapter 6 Network Administration and shows how you can manage Windows Server 2012 DNS servers using PowerShell. I've also included one of the chapter's exercises, which shows how you can configure a caching-only DNS server using PowerShell. Note that these book excerpts haven't finished going through the editorial review process yet, so they may change a bit in the published version.
Examples of network administration tasks
The best way to learn how to use Windows PowerShell to administer network settings and services on Windows Server 2012 is to experiment with performing different tasks in a test environment. The following sections provide some examples of what you can do in this area, and the practice and suggested practice exercises included in this chapter present you with further challenges for learning these skills.
Creating DNS resource records
You can manage Windows Server 2012 DNS servers using Windows PowerShell. Common DNS server management tasks adding resource records to zones, configuring forewarders, configuring root hints, and so on.
For example, let's view a list of zones on a DNS server that is also a domain controller for the corp.contoso.com domain:
PS C:\> Get-DnsServerZone
ZoneName ZoneType IsAutoCreated IsDsIntegrated IsReverseLookupZone IsSigned
-------- -------- ------------- -------------- ------------------- --------
_msdcs.corp.contoso.com Primary False True False True
0.in-addr.arpa Primary True False True False
127.in-addr.arpa Primary True False True False
255.in-addr.arpa Primary True False True False
corp.contoso.com Primary False True False False
TrustAnchors Primary False True False False
To view a list of resource records of type A (address) in the corp.contoso.com zone, we can pipe the output of the Get-DnsServerResourceRecord cmdlet into the Where-Object cmdlet like this:
PS C:\> Get-DnsServerResourceRecord -ZoneName corp.contoso.com | Where-Object {$_.RecordType -eq "A"}
HostName RecordType Timestamp TimeToLive RecordData
-------- ---------- --------- ---------- ----------
@ A 7/8/2012 12:00:00 PM 00:10:00 172.16.11.36
@ A 7/8/2012 1:00:00 PM 00:10:00 172.16.11.232
DomainDnsZones A 7/8/2012 12:00:00 PM 00:10:00 172.16.11.36
DomainDnsZones A 7/8/2012 12:00:00 PM 00:10:00 172.16.11.232
ForestDnsZones A 7/8/2012 12:00:00 PM 00:10:00 172.16.11.36
ForestDnsZones A 7/8/2012 12:00:00 PM 00:10:00 172.16.11.232
sea-srv-1 A 0 01:00:00 172.16.11.232
SEA-SRV-5 A 0 01:00:00 172.16.11.36
To add a new A resource record for a test server, you can use the Add-DnsServerResourceRecordA cmdlet like this:
PS C:\> Add-DnsServerResourceRecordA -IPv4Address 172.16.11.239 -Name SEA-TEST -ZoneName corp.contoso.com
You can also add other types of resource records such as PTR, CN or MX records using the above cmdlet. And you can use the Remove-DnsServerResourceRecord cmdlet to remove resource records from a zone.
There are over one hundred different cmdlets in the DnsServer module for Windows PowerShell in Windows Server 2012. Table 1 shows the cmdlets you can use to perform some common DNS administration tasks. You'll get some hands-on experience with using some of these cmdlets in the practice exercises for this chapter.
| TASK | CMDLET |
| Configure forwarders | Add-DnsServerForwarder |
| Create a stub zone | Add-DnsServerStubZone |
| Display the contents of the DNS server cache | Show-DnsServerCache |
| Clear the DNS server cache | Clear-DnsServerCache |
| Display full configuration details of the DNS server | Get-DnsServer |
| Display statistics for the DNS server | Get-DnsServerStatistics |
| Import root hints | Import-DnsServerRootHint |
| Configure the DNS server cache settings | Set-DnsServerCache |
| Configure DNS server scavenging | Set-DnsServerScavenging |
| Initiate scavenging | Start-DnsServerScavenging |
Table 1: Some common DNS server administration tasks and the Windows PowerShell cmdlets you can use to perform them.
Exercise 2: Configuring a caching-only DNS server using Windows PowerShell
In this exercise you will configure a caching-only DNS server using Windows PowerShell. You will then configure a forwarder on your caching-only DNS server to improve its name resolution performance.
- Log on to SERVER1, open Server Manager, select the All Servers page and make sure that both servers are displayed in the Servers tile. If SERVER2 is not displayed, add it to the server pool.
- Open a Windows PowerShell prompt and run the following command to install the DNS Server role on SERVER2:
Install-WindowsFeature -Name DHCP ComputerName SERVER2 -IncludeManagementTools -Restart
Note that although you specified the -Restart parameter, the servers did not restart after role installation because a restart was determined as being unnecessary. - SERVER5 is now configured as a caching-only DNS server is not authoritative for any domains and can only perform, queries, cache the answers, and return the results. Caching-only DNS servers can be useful at locations such as branch office sites and use root hints to identify the authoritative DNS servers for the root zone of your organization's DNS namespace.
- SERVER5 is currently using root hints for recursively performing name resolution. To view the root hints configured on SERVER2, run the following command:
Get-DnsServerRootHint -ComputerName SERVER2 - Display the contents of the DNS server cache on SERVER2 by running the following command:
Show-DnsServerCache -ComputerName SERVER2 - Use the nslookup command-line utility to attempt to use SERVER2 for resolving the IP address for the fully-qualified domain name (FQDN) www.bing.com as follows:
nslookup www.bing.com SERVER2 - Note that one or more DNS server time outs may occur when you perform this name query. This is because name resolution is being performed recursively, beginning with the root name servers on the Internet, which can take several seconds to complete. If no response is received to your query, repeat running the above command until a non-authoritative response is received.
- Use the command Show-DnsServerCache -ComputerName SERVER2 and note that the DNS server cache now contains numerous entries relating to the name query you performed using nslookup.
- Clear the DNS server cache on SERVER2 by running the following command:
Clear-DnsServerCache -ComputerName SERVER2 - Display the contents of the DNS server cache on SERVER2 again by running this command:
Show-DnsServerCache -ComputerName SERVER2 - Note that the cache entries relating to the name query you performed using nslookup have now been deleted. The only entries that remain in the cache are those for the root hints configured on the server.
- To speed up name resolution on your caching-only name server, you will configure SERVER1 as a forwarder on SERVER2. Once you have done this, any name query sent to SERVER2 will be forwarded to SERVER1 which will then use its external forwarders at your Internet Service Provider (ISP) for resolving the query.
- Configure SERVER1 as a forwarder on SERVER2 by running the following command:
Add-DnsServerForwarder -IPAddress 10.10.0.1 -ComputerName SERVER2 - Verify the result by displaying the forwarders configured on SERVER2 as follows:
Get-DnsServerForwarder -ComputerName SERVER2 - Use nslookup to perform another name query against SERVER2 for the FQDN www.bing.com. The response should be received almost immediately with no DNS server time outs occurring. This is because the query was forwarded to SERVER1 which then forwarded it to your ISP's DNS servers for resolution. This approach is generally much faster than using the Internet root name servers to reclusively resolve the requested FQDN.
- Display the contents of the DNS server cache on SERVER2 again. Note the cache entries relating to your name query, and note also that there are considerably fewer cache entries than when root hints alone were used for performing recursive name resolution.
No comments:
Post a Comment