Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 50 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
50
Dung lượng
1,26 MB
Nội dung
Section/Entry (Command) Description Example/Accepted Values fAutoCacheUpdate (/secureresponses) Indicates how server caching works. 0; default, saves all responses to name queries to cache. 1; saves only records in same DNS subtree to cache. fSlave (/isslave) Determines how the DNS server responds when forwarded queries receive no response. 0; default, recursion is enabled. If the forwarder does not respond, the server attempts to resolve the query itself using recursion. 1; recursion is disabled. If the forwarder does not respond, the server terminates the search and sends a failure message to the resolver. fNoRecursion (/norecursion) Indicates whether the server performs recursive name resolution. 0; default, DNS server performs if requested. 1; DNS server doesn’t perform recursion. fRoundRobin (/roundrobin) Indicates whether server allows round robin load balancing when there are multiple A records for hosts. 1; default, automatically load balances using round robin for any hosts with multiple A records. 0; disables round robin. fStrictFileParsing (/strictfi leparsing) Indicates server behavior when it encounters bad records. 0; default, continues to load, logs error. 1; stops loading DNS fi le and logs error. fBindSecondaries (/bindsecondaries) Indicates the zone transfer format for secondaries. By default, DNS server is confi gured for compatibility with other DNS server types. 1; default, for pre-BIND 4.9.4 compatibility. 0; enables compression and multiple transfers on Windows secondaries and others with BIND 4.9.4 or later. fWriteAuthorityNs (/writeauthorityns) Indicates whether the server writes NS records in the authority section of a response. 0; default, writes for referrals only. 1; writes for all successful authoritative responses. fLocalNetPriority (/localnetpriority) Determines the order in which host records are returned when there are multiple host records for the same name. 1; returns records with similar IP addresses fi rst. 0; returns records in the order in which they are in DNS. Troubleshooting the DNS Server Service 817 Chapter 24 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Section/Entry (Command) Description Example/Accepted Values Aging Confi guration ScavengingInterval (/scavenginginterval) Indicates the number of hours between scavenging intervals. 0x0; scavenging is disabled. DefaultAgingState (/defaultagingstate) Indicates whether scavenging is enabled by default in new zones. 0; default, scavenging is disabled. 1; scavenging is enabled. DefaultRefreshInterval (/defaultrefreshinterval) Indicates the default refresh interval in hours. 168 (set in hexadecimal) DefaultNoRefreshInterval (/defaultnorefreshinterval) Indicates the default no- refresh interval in hours. 168 (set in hexadecimal) ServerAddresses Addr Count The number of IP addresses confi gured on the server and the IP address used. 1 Addr[0] => 192.168.1.50 ListenAddresses Addr Count The number and value of IP addresses confi gured for listening for requests from clients. NULL IP Array when there are no specifi c IP addresses that are designated for listening for requests from clients. 1 Addr[0] => 192.168.1.50 Forwarders Addr Count The number and value of IP addresses of servers confi gured as forwarders. NULL IP Array when there are no forwarders. 1 Addr[0] => 192.168.12.8 Forward timeout (/forwardingtimeout) Timeout for queries to forwarders in seconds. 3 Slave Indicates whether recursion is enabled. 0; recursion is enabled 1; recursion is disabled Another useful command for troubleshooting a DNS server is Dnscmd /Statistics. This command shows you the following information: DNS server time statistics, including server start time, seconds since start, and stats of last cleared date and time Details on queries and responses, including total queries received, total responses sent; the number of UDP queries received and sent, UDP responses Chapter 24 818 Chapter 24 Implementing and Managing DNS Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. received and sent; and the number of TCP queries received and sent, TCP responses received and sent Details on queries by record, including the exact number of each type of record sent Details on failures and where they occurred, including recursion failures, retry limits reached, and partial answers received Details on the total number of dynamic updates, the status for each update type; later breakdowns on number and status of secure updates, the number of updates that were forwarded, and the types of records updated Details on the amount of memory used by DNS, including total amount of mem- ory used, standard allocations, and allocations from standard to the heap Save the Stats to a File Write the output of Dnscmd /Statistics to a fi le so that you don’t overfl ow the history buffer in the command prompt. This also allows you to go through the stats at your leisure. Type dnscmd ServerName /statistics > FileName, where ServerName is the name or IP address of the DNS server and FileName is the name of the fi le to use, such as dnscmd corpsvr02 /statistics > dns-stats.txt. Examine Zones and Zone Records Dnscmd provides several useful commands for helping you pinpoint problems with records. To get started, list the available zones by typing dnscmd ServerName /enum- zones, where ServerName is the name or IP address of the DNS server you want to check. The output shows a list of the zones that are confi gured as follows: Enumerated zone list: Zone count = 4 Zone name Type Storage Properties . Cache File _msdcs.cpandl.com Primary AD-Forest Secure 1.168.192.in-addr.arpa Primary AD-Legacy Secure Rev cpandl.com Primary AD-Domain Secure Aging The zone names you can work with are listed in the fi rst column. The other values tell you the type of zone and the way it is confi gured as summarized in Table 24-2. Save the Stats to a File Write the output of Dnscmd /Statistics to a fi le so that you don’t overfl ow the history buffer in the command prompt. This also allows you to go through the stats at your leisure. Type dnscmd ServerName /statistics > FileName, where ServerName is the name or IP address of the DNS server and FileName is the name of the fi le to use, such as dnscmd corpsvr02 /statistics > dns-stats.txt. Troubleshooting the DNS Server Service 819 Chapter 24 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Table 24-2 Zone Entries and Their Meanings Column/Entry Description Type Cache A cache zone (server cache). Primary A primary zone. Secondary A secondary zone. Stub A stub zone. Storage AD-Forest Active Directory–integrated with forest-wide replication scope. AD-Legacy Active Directory–integrated with legacy replication scope to all domain controllers in the domain. AD-Domain Active Directory–integrated with domain-wide replication scope. File Indicates the zone data is stored in a fi le. Properties Secure Zone allows secure dynamic updates only and is a forward lookup zone. Secure Rev Zone allows secure dynamic updates only and is a reverse lookup zone. Secure Aging Zone allows secure dynamic updates only and is confi gured for scavenging/aging. Aging Zone is confi gured for scavenging/aging but isn’t confi gured for dynamic updates. Update Zone is a forward lookup zone confi gured to allow both secure and nonsecure dynamic updates. Update Rev Zone is a reverse lookup zone confi gured to allow both secure and nonsecure dynamic updates. Down Secondary or stub zone hasn’t received a zone transfer since startup. After you examine the settings for zones on the server, you can print out the zone records of a suspect zone by typing dnscmd ServerName /zoneprint ZoneName at the command prompt, where ServerName is the name or IP address of the DNS server and ZoneName is the name of the zone as reported previously. Consider the following example: dnscmd corpsvr02 /zoneprint cpandl.com Chapter 24 820 Chapter 24 Implementing and Managing DNS Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Here, you want to examine the cpandl.com zone records on the CORPSVR02 server. The output from this command shows the records in this zone and their settings. Here is a partial listing: ; ; Zone: cpandl.com ; Server: corpsvr02.cpandl.com ; Time: Wed Mar 10 18:38:14 2008 UTC ; @ [Aging:3534235] 600 A 192.168.1.50 [Aging:3534235] 3600 NS corpsvr02.cpandl.com. 3600 SOA corpsvr02.cpandl.com. hostmaster. 383 900 600 86 400 3600 3600 MX 10 exchange.cpandl.com._msdcs 3600 NS corpsvr01.cpandl.com._gc._tcp.Default-First-Site-Name._sites [Aging:35265] 600 SRV 0 100 3268 corpsvr02.cpandl.com._kerberos._tcp.Default-First-Site-Name._sites [Aging:35235] 600 SRV 0 100 88 corpsvr02.cpandl.com._ldap._tcp.Default-First-Site-Name._sites [Aging:35335] 600 SRV 0 100 389 corpsvr02.cpandl.com._gc._tcp [Aging:3534265] 600 SRV 0 100 3268 corpsvr02.cpandl.com._kerberos._tcp [Aging:3534235] 600 SRV 0 100 88 corpsvr02.cpandl.com._kpasswd._tcp [Aging:3534235] 600 SRV 0 100 464 corpsvr02.cpandl.com.corpsvr02 [Aging:3534281] 3600 A 192.168.1.50 corpsvr17 3600 A 192.168.15.22 DomainDnsZones [Aging:3534265] 600 A 192.168.1.50 _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones [Aging:35365] 600 SRV 0 100 389 corpsvr02.cpandl.com._ldap._tcp.DomainDnsZones [Aging:3534265] 600 SRV 0 100 389 corpsvr02.cpandl.com.ForestDnsZones [Aging:3534265] 600 A 192.168.1.50 _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones [Aging:35365] 600 SRV 0 100 389 corpsvr02.cpandl.com._ldap._tcp.ForestDnsZones [Aging:35365] 600 SRV 0 100 389 corpsvr02.cpandl.com.ny 3600 NS ns1.ny.cpandl.com.ns1.ny 3600 A 10.10.10.52 www 3600 CNAME corpsvr17.cpandl.com. As you can see from the listing, Dnscmd /Zoneprint shows all the records, even the ones created by Active Directory. This is particularly useful because it means you don’t have to try to navigate the many subfolders in which these SRV records are stored. Troubleshooting the DNS Server Service 821 Chapter 24 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. W indows Internet Naming Service (WINS) enables computers to register and resolve NetBIOS names on IPv4 networks. WINS is not used with IPv6 net- works. WINS is maintained primarily for backward support and compatibility with legacy applications and early versions of Microsoft Windows, including Windows 95, Windows 98, and Windows NT, that used WINS for computer name resolution; or for networks running Windows 2000 or WindowsServer 2003 that don’t have Active Directory deployed and thus don’t require DNS. On most large networks, WINS is needed to support legacy applications and computers running Windows 95, Windows 98, and Windows NT. If you are setting up a new network, you probably don’t need WINS. On an existing network running all Windows 2000, Windows XP, and WindowsServer2008 systems, only the Domain Name System (DNS) is needed because these computers rely exclu- sively on DNS for name resolution if Active Directory is deployed. Because WINS is not required, WINS support could be removed from the network. Doing so, however, would mean that legacy applications and services that rely on NetBIOS, such as the computer Browser service, would no longer function. WINS Essentials Like DNS, WINS is a client/server protocol. All Windows servers have a WINS service that can be installed to provide WINS services on the network. All Windows computers have a WINS client that is installed automatically. The Workstation and Server services on computers are used to specify resources that are available, such as fi le shares. These resources have NetBIOS names as well. NetBIOS Namespace and Scope WINS architecture is very different from DNS. Unlike DNS, WINS has a fl at namespace and doesn’t use a hierarchy or tree. Each computer or resource on a Windows network has a NetBIOS name, which can be up to 15 characters long. This name must be unique on the network—no other computer or resource can have the same name. Although there are no extensions to this name per se that indicate a domain, a NetBIOS scope can be set in Dynamic Host Confi guration Protocol (DHCP). WINS Essentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 823 Setting Up WINS Servers . . . . . . . . . . . . . . . . . . . . . . . . 826 Configuring Replication Partners . . . . . . . . . . . . . . . . . . 828 Configuring and Maintaining WINS . . . . . . . . . . . . . . . . 832 Enabling WINS Lookups Through DNS . . . . . . . . . . . . . 839 CHAPTER 25 Implementing and Maintaining WINS 823 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. The NetBIOS scope is a hidden 16th character (suffi x) for the NetBIOS name. It is used to limit the scope of communications for WINS clients. Only WINS clients with the same NetBIOS scope can communicate with each other. See “Confi guring TCP/IP Options” on page 717 for details on setting the NetBIOS scope for computers that use DHCP. NetBIOS Node Types The way WINS works on a network is determined by the node type set for a client. The node type defi nes how name services work. WINS clients can be one of four node types: B-Node (Broadcast Node) Broadcast messages are used to register and resolve names. Computers that need to resolve a name broadcast a message to every host on the local network, requesting the IP address for a computer name. Best for small networks. P-Node (Peer-to-Peer Node) WINS servers are used to register and resolve com- puter names to Internet Protocol (IP) addresses. Computers that need to resolve a name send a query message to the server and the server responds. Best if you want to eliminate broadcasts. In some cases, however, resources might not be seen as available if the WINS server isn’t updated by the computer providing the resources. M-Node (Mixed Node) A combination of B-Node and P-Node. WINS clients fi rst try to use broadcasts for name resolution. If this fails, the clients then try using a WINS server. Still means a lot of broadcast traffi c. H-Node (Hybrid Node) A combination of B-Node and P-Node. WINS clients fi rst try to use a WINS server for name resolution. If this fails, the clients then try broadcasts for name resolution. Best for most networks that use WINS servers because it reduces broadcast traffi c. Small Networks Might Not Need a WINS Server On a small network without subnets and a limited number of computers, WINS clients can rely on broadcasts for name resolution. In this case, it isn’t necessary to set up a WINS server. WINS Name Registration and Cache WINS maintains a database of name to IP address mappings automatically. Whenever a computer or resource becomes available, it registers itself with the WINS server to tell the server the name and IP address it is using. As long as no other computer or resource on the network is using that name, the WINS server accepts the request and registers the computer or resource in its database. Small Networks Might Not Need a WINS Server On a small network without subnets and a limited number of computers, WINS clients can rely on broadcasts for name resolution. In this case, it isn’t necessary to set up a WINS server. Chapter 25 824 Chapter 25 Implementing and Maintaining WINS Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Name registration isn’t permanent. Each name that is registered has a lease period associated with it, which is called its Time to Live (TTL). A WINS client must reregister its name before the lease expires and attempts to do so when 50 percent of the lease period has elapsed or when it is restarted. If a WINS client doesn’t reregister its name, the lease expires and is marked for deletion from the WINS database. During normal shutdown, a WINS client will send a message to the WINS server requesting release of the registration. The WINS server then marks the record for deletion. Whenever records are marked for deletion, they are said to be tombstoned. As with DNS clients, WINS clients maintain a cache of NetBIOS names that have been looked up. The WINS cache, however, is designed to hold only names looked up recently. By default, names are cached for up to 10 minutes and the cache is limited to 16 names. You can view entries in the NetBIOS cache by typing nbtstat -c at the com- mand prompt. WINS Implementation Details On most networks that use WINS, you’ll want to confi gure at least two WINS servers for name resolution. When there are multiple WINS servers, you can confi gure replica- tion of database entries between the servers. Replication allows for fault tolerance and load balancing by ensuring that entries in one server’s database are replicated to its replication partners. These replication partners can then handle renewal and release requests from clients as if they held the primary registration in the fi rst place. WINS supports: Persistent connections In a standard confi guration, replication partners establish and release connections each time they replicate WINS database changes. With persistent connections, replication partners can be confi gured to maintain a per- sistent connection. This reduces the overhead associated with opening and clos- ing connections and speeds up the replication process. Automatic replication partners Using automatic replication partners, WINS can automatically confi gure itself for replication with other WINS servers. To do this, WINS sends periodic multicast messages to announce its availability. These mes- sages are addressed to the WINS multicast group address (224.0.1.24), and any other WINS servers on the network that are listening for datagrams sent on this group address can receive and process the automatic replication request. After replication is set up with multicast partners, the partners use standard replication with either persistent or nonpersistent connections. Manual tombstoning Manual tombstoning allows administrators to mark records for deletion. A record marked for deletion is said to be tombstoned. This state is then replicated to a WINS server’s replication partners, which prevents the record from being re-created on a replication partner and then being replicated back to the original server on which it was marked for deletion. Record export The record export feature allows administrators to export the entries in the WINS database to a fi le that can be used for tracking or reporting on which clients are using WINS. WINS Essentials 825 Chapter 25 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. Setting Up WINS Servers To make a computer running WindowsServer2008 into a WINS server, you must install the WINS service. This service doesn’t require a dedicated server and uses lim- ited resources in most cases. This means you could install the WINS service on a DNS server, DHCP server, or domain controller. The only key requirement is that the WINS service can be installed only on a computer with a static IPv4 address. Although you can install WINS on a server with multiple IPv4 address or multiple network interfaces, this isn’t recommended because the server might not be able to replicate properly with its replication partners. In most cases, you won’t want to confi gure a domain controller as a WINS server. You can install the WINS service by following these steps: 1. In Server Manager, select the Features node in the left pane and then click Add Features. This starts the Add Features Wizard. 2. On the Select Features page, select WINS Server and then click Next. 3. Click Install. When the wizard fi nishes installing the WINS service, click Close. After you install the WINS service, the WINS console is available on the Administra- tive Tools menu. Start the console by clicking Start, Administrative Tools, WINS. Then, select the WINS server you are working with to see its entries, as shown in Figure 25-1. Figure 25-1 The WINS console. The only key postinstallation task for the WINS service is to confi gure replication part- ners. However, you should check the Transmission Control Protocol/Internet Protocol (TCP/IP) confi guration of the WINS server. It should have only itself listed as the WINS server to use and shouldn’t have a secondary WINS server. This prevents the WINS client on the server from registering itself with a different WINS database, which can cause problems. To set the server’s primary WINS server address to its own IP address and clear out any secondaries from the list, click Start and then click Network. In Network Explorer, click Network And Sharing Center on the toolbar. In Network And Sharing Center, click Manage Network Connections. In Network Connections, right-click the connection you Chapter 25 826 Chapter 25 Implementing and Maintaining WINS Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. [...]... 14:46:1 initialization : 3/12 /2008 at 02:14:12 planned scavenging : 3/19 /2008 at 12:30:25 admin triggered scavenging : 3/10 /2008 at 16:52:24 replicas tombstones scavenging : 3/21 /2008 at 09:12:26 replicas verification scavenging : 3/23 /2008 at 12:38:9 planned replication : 3/10 /2008 at 16:20:39 admin triggered replication : 3/27 /2008 at 08:27:30 reset of counter : 4/01 /2008 at 18:23:45 Counter Information... print server However, although Windows Vista systems are limited to 10 active connections, Windows Server2008 systems are not limited in this way You should consider the print server s central processing unit (CPU) speed, total random access memory (RAM), and network card speed When PCL printers and EMF print drivers are used, most of the document processing is performed on the server and the server. .. Set the WINS server s IP address as the WINS server to use and remove any additional WINS server addresses When you’re fi nished, click OK twice and then click Close You can remotely manage and configure WINS Simply start the WINS console, rightclick the WINS node in the left pane, and select Add Server In the Add Server dialog box, select WINS Server, type the name or IP address of the WINS server, and... database from the Wins server 192.168.1.50 CPANDL [1Bh]-D-A- 2 -U- 192.168.1.50 -3/25 /2008 2:46:01 PM CORPSVR02 [00h]-D-A- 7 -U- 192.168.1.50 -3/25 /2008 2:46:01 PM CORPSVR02 [20h]-D-A- 6 -U- 192.168.1.50 -3/25 /2008 2:46:01 PM CPANDL [00h]-D-A- 4 -N- 192.168.1.50 -3/25 /2008 2:46:01 PM CPANDL [1Ch]-D-A- 3 -I- 192.168.1.50 -3/25 /2008 2:46:01 PM CPANDL [1Eh]-D-A- 1 -N- 192.168.1.50 -3/25 /2008 2:46:01 PM WINS... Services Understanding WindowsServer2008 Print Services 841 Planning for Printer Deployments and Consolidation 847 Setting Up Print Servers 852 Managing Printers Throughout The Organization 872 P rint services have changed substantially over the years and the changes for Windows Server2008 offer many new... print device itself Windows Server2008 has built-in support for both 32-bit and 64-bit print drivers Support for 64-bit print drivers is important because systems running 64-bit editions of Windows need 64-bit drivers As with previous versions of Windows, print drivers are installed automatically on clients when they first try to print to a new printer device on a print serverWindows uses two types... can view server statistics by typing the command Chapter 25 netsh wins server ServerName show statistics where ServerName is the name or IP address of the WINS server you want to work with, such as \\WINS02 or 10.10.12.15 An example of the statistics follows: ***You have Read and Write access to the server corpsvr02.cpandl.com*** WINS Last Last Last Last Last Last Last Last Started : 3/10 /2008 at 14:46:1... be about $11,100 Setting Up Print Servers Windows Server2008 allows you to set up local printers as well as network-attached printers You can share either type of printer on the network so that it is available to other computers and users The computer sharing the printer is called a print server, regardless of whether it is actually running a server version of the Windows operating system Please purchase... wins> 3 Type server followed by the Universal Naming Convention (UNC) name or IP address of the WINS server, such as \\wins2 or \\10.10.15.2 If the WINS server is in a different domain from your logon domain, you should type the fully qualified domain name (FQDN) of the server, such as \\wins2.cpandl.com 4 The command prompt changes to netsh wins server> You can now work with the selected server If you... the EMF file to the print server The print server converts the EMF fi le to Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark Understanding Windows Server2008 Print Services 843 final form and then queues the file to the printer queue (printer) When the document reaches the top of the print queue it is sent to the physical print device Client Print server 1 Establishes connection . Microsoft Windows, including Windows 95, Windows 98, and Windows NT, that used WINS for computer name resolution; or for networks running Windows 2000 or Windows. to remove this watermark. Setting Up WINS Servers To make a computer running Windows Server 2008 into a WINS server, you must install the WINS service.