DNS Service Pog

Managing the Windows Server Platform
Domain Name System (DNS) Service

Product Operations Guide
The information contained in this document represents the current view of Microsoft
Corporation on the issues discussed as of the date of publication. Because
Microsoft must respond to changing market conditions, it should not be interpreted
to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the
accuracy of any information presented after the date of publication.
This document is for informational purposes only. MICROSOFT MAKES NO

WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without
limiting the rights under copyright, this document may be reproduced, stored in or
introduced into a retrieval system, or transmitted in any form or by any means
(electronic, mechanical, photocopying, recording, or otherwise), but only for the
purposes provided in the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other

intellectual property rights covering subject matter in this document. Except as
expressly provided in any written license agreement from Microsoft, the furnishing of
this document does not give you any license to these patents, trademarks,
copyrights, or other intellectual property.
Unless otherwise noted, the example companies, organizations, products, domain

names, e-mail addresses, logos, people, places, and events depicted herein are
fictitious, and no association with any real company, organization, product, domain
name, email address, logo, person, place, or event is intended or should be inferred.
 2003 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Visual Basic, Windows, Windows NT, and Windows Server
are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
The names of actual companies and products mentioned herein may be the
trademarks of their respective owners.
Domain Name System (DNS) Service Product Operations Guide iii
Contents
Introduction to Product Operations Guide ....................................................................................... 1
Document Purpose ...................................................................................................................... 1
Intended Audience ....................................................................................................................... 1
How to Use This Guide ................................................................................................................ 1
Background .................................................................................................................................. 2
High-Level Processes for Maintaining Windows Server 2003 DNS Service ................................... 5
Overview ...................................................................................................................................... 5
Technology Required ................................................................................................................... 6
Maintenance Processes Checklist ............................................................................................... 9
Operating Quadrant .................................................................................................................. 9
Service Monitoring and Control SMF .................................................................................... 9
Storage Management SMF................................................................................................. 10
Supporting Quadrant .............................................................................................................. 11
Incident Management SMF................................................................................................. 11
Problem Management SMF ................................................................................................ 12
Optimizing Quadrant .............................................................................................................. 13
Capacity Management SMF ............................................................................................... 13
Availability Management SMF ............................................................................................ 14
Changing Quadrant ................................................................................................................ 15
Change Management SMF................................................................................................. 15
Configuration Management SMF ........................................................................................ 16
Detailed Maintenance Actions ....................................................................................................... 17
Overview .................................................................................................................................... 17
Process: Data backup, restore, and recovery operations .......................................................... 18
Task: Create DNS backup and pull backup files to remote storage ...................................... 18
Option 1—System State ..................................................................................................... 18
Procedure 1: Manual backup to tape or external locally-attached storage ........................ 18
Procedure 2: Scriptable manual copy to remote server directory ...................................... 19
Option 2—System State and Zone File Backup ................................................................. 20
Procedure 1: Manual backup to tape or external locally-attached storage ........................ 20
Procedure 2: Scriptable manual copy to remote server directory ...................................... 20
Task: Verify previous day's backup job .................................................................................. 22
Procedure 1: Verify the backup job is completed ............................................................... 22
Process: Data backup, restore, and recovery operations .......................................................... 23
Task: Verify restore ................................................................................................................ 23
Procedure 1: Verify restore configuration of a primary zone .............................................. 24
Procedure 2: Verify restore configuration of a secondary zone ......................................... 24
Procedure 3: Verify restore configuration of a stub zone ................................................... 25
Process: Design for recovery ..................................................................................................... 26
Task: Test the server restoration capability ........................................................................... 26
Procedure 1: Restoring from backup Active Directory integrated DNS .............................. 26
Procedure 2: Restoring from backup standard primary zone ............................................. 27
Process: Storage resource management .................................................................................. 28
Task: Monitor disk space for DNS logs and database ........................................................... 28
Procedure 1: Monitor disk usage and availability ............................................................... 28
Process: Managing resources and service performance........................................................... 30
Task: Capture service performance statistics ........................................................................ 30
Procedure 1: Configure DNS performance logging ............................................................ 31
Process: Perform monitoring ..................................................................................................... 34
Task: Capture usage performance statistics .......................................................................... 34
Task: Capture system performance statistics ........................................................................ 38
Process: Managing resources and service performance........................................................... 42
iv Managing the Windows Server Platform
Task: Create service performance and utilization report ....................................................... 42

Procedure 1: Calculate daily statistics ................................................................................ 42
Procedure 2: Store data and reports .................................................................................. 43
Task: Create system load and utility report ............................................................................ 43
Procedure 1: Calculate daily statistics ................................................................................ 43
Procedure 2: Store data and reports .................................................................................. 43
Process: Problem recording and classification .......................................................................... 44
Task: Temporarily enable debug logging options .................................................................. 44
Procedure 1: Select and enable debug logging options on the DNS server ...................... 44
Procedure 2: Disable debug logging options on the DNS server ....................................... 44
Task: Diagnose backup conditions ........................................................................................ 45
Procedure 1: Enable detailed logging ................................................................................. 45
Procedure 2: Review the backup log .................................................................................. 46
Process: Proactive analysis and review .................................................................................... 47
Task: Monitor DNS event log for critical DNS events ............................................................ 47
Procedure 1: Access event log ........................................................................................... 47
Procedure 2: Review event log ........................................................................................... 48
Task: Service check—resolve alerts indicating DNS Server service is down ........................ 51
Procedure 1: Verify DNS Server service status.................................................................. 51
Procedure 2: Start the DNS Server service ........................................................................ 52
Task: Service check—manual verification of dynamic record update ................................... 52
Procedure 1: Monitor dynamic client registration ............................................................... 53
Task: Verify dynamic DNS record updates—DNS client ....................................................... 54
Procedure 1: Accessing client event log ............................................................................. 54
Procedure 2: Reviewing the client event log items ............................................................. 55
Task: Verify dynamic DNS record updates—DHCP server ................................................... 55
Procedure 1: Review DHCP server log .............................................................................. 56
Task: Verify dynamic DNS record updates—DNS server ...................................................... 57
Procedure 1: Configure DNS debug logging ...................................................................... 57
Procedure 2: Review the DNS server log ........................................................................... 57
Task: Monitor key DNS dependencies (Active Directory and network services) ................... 58
Procedure 1: Monitor Active Directory services.................................................................. 58
Procedure 2: Monitor network infrastructure ...................................................................... 59
Task: Service check—verify zone transfers ........................................................................... 60
Procedure 1: Check zone transfer error events .................................................................. 60
Procedure 2: Review event log ........................................................................................... 61
Procedure 3: Simulate and test a zone transfer ................................................................. 61
Task: Service check—simple and recursive resolution .......................................................... 61
Procedure 1: Simple and recursive test query.................................................................... 62
Task: Clear the DNS cache .................................................................................................... 63
Procedure 1: Clearing the cache ........................................................................................ 63
Procedure 2: Clearing the cache from the command line .................................................. 64
Process: Review configuration items ......................................................................................... 65
Task: Capture DNS configuration snapshot ........................................................................... 65
Procedure 1: Capture the snapshot .................................................................................... 65
Process: Review configuration items ......................................................................................... 66
Task: Compliance check—namespace (NS) records ............................................................ 66
Procedure 1: Generate DNSLint report of DNS server and NS records ............................ 66
Procedure 2: Verify report of DNS server and NS records ................................................. 67
Task: Compliance check—root hints ...................................................................................... 68
Procedure 1: Updating root hints ........................................................................................ 68
Task: Compliance check—zone delegations ......................................................................... 69
Procedure 1: Checking delegations .................................................................................... 69
Domain Name System (DNS) Service Product Operations Guide v
Task: Compliance check—scavenging .................................................................................. 70

Procedure 1: Reviewing the scavenging parameters ......................................................... 70
Task: Compliance check—aging configuration ...................................................................... 70
Procedure 1: Reviewing the aging parameters .................................................................. 71
Task: Compliance check—administrative user group ............................................................ 71
Procedure 1: Verifying administrative group membership .................................................. 71
Task: Compliance check—architectural standards ................................................................ 72
Procedure 1: Collect information ........................................................................................ 72
Procedure 2: Review configuration items ........................................................................... 73
Procedure 3: Update configuration items ........................................................................... 73
Process: Investigation and diagnosis ........................................................................................ 74
Task: Respond to daily service request ................................................................................. 74
Procedure 1: Acknowledge receipt of service request ....................................................... 74
Procedure 2: Document incident ........................................................................................ 74
Procedure 3: Update customer on status of incident ......................................................... 75
Procedure 4: Close incident................................................................................................ 75
Task: Respond to weekly service request .............................................................................. 75
Procedure 1: Acknowledge receipt of service request ....................................................... 75
Procedure 2: Document incident ........................................................................................ 76
Procedure 3: Update customer on status of incident ......................................................... 76
Procedure 4: Close incident................................................................................................ 76
Process: Incident closure ........................................................................................................... 77
Task: Roll up activity report into monthly metric..................................................................... 77
Procedure 1: Create monthly metric ................................................................................... 77
Process: Change classification and authorization ..................................................................... 78
Task: Attend CAB meeting ..................................................................................................... 79
Procedure 1: Attend change review board meeting ........................................................... 79
Task: Review emergency change request ............................................................................. 79
Procedure 1: Contact CAB/EC ........................................................................................... 80
Processes by MOF Role Clusters ................................................................................................. 83
Operations Role Cluster ......................................................................................................... 83
Support Role Cluster .............................................................................................................. 85
Release Role Cluster ............................................................................................................. 85
Infrastructure Role Cluster ..................................................................................................... 86
Security Role Cluster .............................................................................................................. 86
Partner Role Cluster ............................................................................................................... 87
Troubleshooting ............................................................................................................................. 89
Overview .................................................................................................................................... 89
Problem #1: DNS Name Resolution Failure ........................................................................... 89
Problem #2: DNS Client Receives “Name Not Found” Error ................................................. 91
Problem #3: DNS Server Provides Stale Information ............................................................ 92
Problem #4: DNS Server Not Responding to Clients ............................................................. 93
Problem #5: Clients Not Providing Dynamic Updates ............................................................ 95
Problem #6: Server Not Providing Dynamic Updates ............................................................ 96
Problem #7: Zone Delegation Failures ................................................................................... 97
Problem #8: Zone Transfer Failures ...................................................................................... 97
Appendix ........................................................................................................................................ 99
DNS Log Events—ID Codes ...................................................................................................... 99
vi Managing the Windows Server Platform
Domain Name System (DNS) Service Product Operations Guide vii
Contributors
Program Manager
Jeff Yuhas, Microsoft Corporation
Lead Writers
Jim Quiggle, Covestic Inc., USA
Michael Sarabosing, Covestic Inc., USA
Other Contributors
Marius Apreutesei, Microsoft Corporation
Jason Popp, Microsoft Corporation
Test Manager
Greg Gicewicz, Microsoft Corporation
QA Manager
Jim Ptaszynski, Microsoft Corporation
Lead Technical Writer

Jerry Dyer, Microsoft Corporation
Lead Technical Editor

Laurie Dunham, Microsoft Corporation
Technical Editor
Patricia Rytkonen, Volt Technical Services
Production Editor
Kevin Klein, Volt Technical Services
1
Introduction to Product Operations
Guide
Document Purpose
This guide describes processes and procedures for improving the management of
Microsoft® Windows Server™ 2003 Domain Name System (DNS) Service in your
infrastructure.
Intended Audience
This material should be useful for anyone planning to deploy this product into an
existing IT infrastructure, especially one based on the IT Infrastructure Library
(ITIL)—a comprehensive set of best practices for IT service management—and
Microsoft Operations Framework (MOF). It is aimed primarily at two main groups:
IT managers and IT support staff (including analysts and service-desk specialists).
How to Use This Guide

This guide is divided into six chapters. The first chapter provides basic background
information. The second chapter provides a high-level checklist of the tasks required
for maintaining this product. The third chapter takes a more detailed look at the
tasks described in the maintenance chapter. The fourth chapter organizes tasks by
the Microsoft Operations Framework (MOF) role cluster responsible for each task.
The fifth chapter provides information about common troubleshooting techniques
for the Windows Server 2003 DNS Service. The sixth chapter addresses audit logging
behavior that applies to the DNS Service provided with Windows Server 2003.
The guide may be read as a single volume, including the detailed maintenance and
troubleshooting chapters. Reading the document in this way will provide the
necessary context so that later material can be understood more readily. However,
some people will prefer to use the document as a reference, only looking up
information as they need it.
2 Managing the Windows Server Platform
Background
This guide is based on Microsoft Solutions for Management (MSM). MSM provides a
combination of best practices, best-practice implementation services, and best-
practice automation, all of which help customers achieve operational excellence as
demonstrated by high quality of service, industry reliability, availability, and
security, and low total cost of ownership (TCO).
These MSM best practices are based on MOF, a structured, yet flexible approach
based on ITIL. MOF includes guidelines on how to plan, deploy, and maintain IT
operational processes in support of mission-critical service solutions.
Central to MOF—and to understanding the structure of this guide—are the MOF
Process and Team models. The Process Model and its underlying service
management functions (SMFs) are the foundation for the process-based approach
that this guide recommends for maintaining a product. The Team Model and its role
clusters offer guidance for ensuring the proper people are assigned to operational
roles.
Figure 1 shows the MOF Process Model combined with the SMFs that make up each
quadrant of the Process Model.
Figure 1
MOF Process Model and SMFs
Domain Name System (DNS) Service Product Operations Guide 3
Figure 2 shows the MOF Team Model, along with some of the many functional roles
or function teams that might exist in service management organizations. These roles
and function teams are shown mapped to the MOF role cluster to which they would
likely belong.
 Change management
 Release/systems engineering
 Configuration control/asset
management
 Software distribution/licensing
 Intellectual property protection  Quality assurance  Enterprise architecture
 Network and system security  Infrastructure engineering
 Intrusion detection  Capacity management
 Virus protection Release  Cost/IT budget management
 Audit and compliance admin  Resource and long-range
 Contingency planning planning
Security Infrastructure
Partner Support
 Maintenance vendors  Service desk/help desk

 Environment support  Production/production support
 Managed services, outsourcers, Operations  Problem management
trading partners  Service level management
 Software/hardware suppliers
 Messaging operations
 Database operations
 Network administration
 Monitoring/metrics
 Availability management
Figure 2
MOF Team Model and examples of functional roles or teams
The MOF Team Model is built on six quality goals, which are described and matched
with the applicable team role cluster in Table 1.
Table 1. MOF Team Model Quality Goals and Role Clusters
Quality Goal Team Role Cluster
Effective release and change management. Accurate inventory Release

tracking of all IT services and systems.
Management of physical environments and infrastructure Infrastructure

tools.
Quality customer support and a service culture. Support
Predictable, repeatable, and automated system management. Operations
Mutually beneficial relationships with service and supply Partner

partners.
Protected corporate assets, controlled authorization, and Security

proactive security planning.
Further information about MSM and MOF is available at

http://www.microsoft.com/solutions/msm/techinfo/default.asp, or search for the
topic on TechNet at http://www.microsoft.com/technet/default.asp. You can also
contact your local Microsoft or partner representative.
2
High-Level Processes for Maintaining
Windows Server 2003 DNS Service
Overview
Every company consists of employees (people), activities that those employees
perform (processes), and tools that help them perform those activities (technology).
No matter what the business, it most likely consists of people, processes, and
technology working together to achieve a common goal. Table 2 illustrates this point.
Table 2. People, Processes, and Technology Working Together
Area People Process Technology
Auto repair Mechanic Repair manual Socket set

industry
Software Programmer Project plan Compiler;

development debugger
industry
IT operations IT technician Microsoft Windows Server

Operations 2003 Domain
Framework Name System
(DNS)
Domain Name System (DNS) is the primary method for name resolution in
Windows Server 2003. DNS is also a requirement for deploying Microsoft Active
Directory® directory service, but Active Directory is not a requirement for deploying
DNS. However, integrating DNS with Active Directory enables DNS servers to take
advantage of the security, performance, and fault tolerance capabilities of Active
Directory.
Technology Required
Table 3 lists the tools or technologies used in the procedures described in this guide.
All tools should be accessed from a Windows Server 2003 server console, except in
those cases where a link is provided.
Table 3. Tools and Technologies Required to Use the Procedures in This Guide
Required Technology Description Location
Backup Performs backup and Start > All Programs >

restore operations. It is Accessories > System Tools
automatically installed with > Backup
Windows Server 2003. Or to open the Backup tool
using the command line:
Start > Run. In the Open box,
type ntbackup and then click
OK.
SrvInfo.exe Gathers system information Windows Server 2003

from servers. Resource Kit
Windows® Provides management Start > Run. In the Open box,

Management capabilities. In this guide, it type wmimgmt.msc and then
Instrumentation is used specifically within click OK.
(WMI) Microsoft Visual Basic®
Scripting Edition (VBScript).
WMI is automatically
installed with Windows
Server 2003.
DNS Manager Used for modifying DNS Start > Control Panel >
parameters. These Administrative Tools
centralized management
Or to open DNS Manager
and monitoring tools can be
using the command line,
found either in type:
Administrative Tools after
initial installation of the %systemroot%\System32\
DNS service, or through dnsmgmt.msc
Adminpak.msi.
Event Viewer Provides logs for Start > Control Panel >
transactional reactive Administrative Tools >
reviews of system and Event Viewer
service events. It is Or to open Event Viewer
automatically installed with
Windows Server 2003.
Start >Run. In the Open box,
type eventvwr.msc and then
click OK.
System Monitor Provides detailed Start, > Control Panel >

performance information on Administrative Tools >
(formerly known
key metrics used to Performance
in Microsoft
troubleshoot bottlenecks
Windows® 2000 Or to open System Monitor
as Performance and degradation. It is using the command line:
automatically installed with
Monitor) Start > Run. In the Open box,
Windows Server 2003.
type perfmon and then click
OK.
Task Manager Offers an immediate view of Right-click an empty space

system activity and on the taskbar, and then click
performance. This Task Manager.
technology is automatically
installed with Windows
Server 2003.
Service Allows for general \windows\system32\ sc.exe

Controller management of Windows Or to open Service Controller
(Sc.exe) services, including startup,
shutdown, and status.
type sc and then click OK.
Netsh Manages network services \windows\system32\netsh.ex

(Netsh.exe) and configuration objects. e
Or to open Netsh using the
command line:
type netsh and then click
OK.
Windows Provides operations tools, http://www.microsoft.com/d

Server 2003 scripts, and shortcuts to add ownloads/details.aspx?famil
Resource Kit and automate yid=9d467a69-57ff-4ae7-96ee-
Tools administrative functionality b18c4790cffd&displaylang=e
for Windows Server 2003. n, or search for “Windows
This kit is a separate Server 2003 Resource Kit
installable package. Tools” at
http://www.microsoft.com.
Microsoft Word, Full-featured Microsoft Microsoft Word, Excel, and

Microsoft Excel, Office desktop applications Access can be found either as
and Microsoft that can be used to create a stand-alone product or as
Access XP the reports and manage the part of Microsoft Office XP.
data sets listed in this
product operations guide.
Microsoft SQL Can be used to manage http://www.microsoft.com/sq

Server™ enterprise-level volumes of l/
(optional) management log,
performance, and
configuration data.
CSVDE Active Directory command- %systemroot%\system32\csv

line manipulator and de.exe
reporting tool.
CScript Command-line .vbs script %systemroot%\system32\csc

interpreter. ript.exe
Findstr Lexical and expression- %systemroot%\system32\fin

based parser. dstr.exe
Pathping Ping-based network %systemroot%\system32\pat

performance check for each hping.exe
hop along a network path.
NSLookup DNS lookup utility for %systemroot%\system32\nsl

resolving host name and IP. ookup.exe
DNSCmd DNS command-line utility Windows Server 2003

for manipulation and Support Tools
extraction.
DNSLint DNS command-line utility Windows Server 2003

for DNS reporting and Support Tools
check.
Maintenance Processes Checklist

The following tables provide a quick reference for those product maintenance
processes that need to be performed on a regular basis. These tables offer a high-level
view of the processes described in subsequent chapters of this guide. They are
limited to those processes required for maintaining the product.
Operating Quadrant
The processes for this chapter are based on the service management functions (SMFs)
that make up the MOF Operating Quadrant. Further information about the MOF
Process Model and the MOF SMFs is available at
document title on TechNet at http://www.microsoft.com/technet/default.asp.
Service Monitoring and Control SMF

Daily Processes
Process Name Related SMFs MOF Role Cluster
Perform Monitoring Infrastructure

Weekly Processes
There are no weekly

processes for this SMF.
Monthly Processes
There are no weekly

As-Needed Processes
There are no as-needed

Storage Management SMF

Daily Processes
Data Backup, Restore, Operations

and Recovery Options
Weekly Processes
Storage Resource Operations

Management
Monthly Processes
There are no weekly

As-Needed Processes
Data Backup, Restore, Operations

and Recovery Options
Supporting Quadrant
The processes for this section are based on the SMF guides that make up the MOF
Supporting Quadrant.
Incident Management SMF

Daily Processes
Proactive Analysis and Support and Operations

Review
Weekly Processes
There are no weekly

Monthly Processes
Incident Closure Support

As-Needed Processes

Problem Management SMF

Daily Processes
Proactive Analysis and Support

Review
Weekly Processes
Proactive Analysis and Support

Review
Monthly Processes
There are no monthly

As-Needed Processes
Problem Recording and Operations

Classification
Proactive Analysis and Operations

Review
Optimizing Quadrant
The tasks for this section are based on the SMF guides that make up the MOF
Optimizing Quadrant.
Capacity Management SMF

Daily Processes
Managing Resources Operations

and Service
Performance
Weekly Processes
There are no weekly

Monthly Processes
Managing Resources Operations

and Service
Performance
As-Needed Processes

Availability Management SMF

Daily Processes
There are no daily

Weekly Processes
There are no weekly

Monthly Processes
There are no monthly

As-Needed Processes
Design for Recovery Operations

Changing Quadrant
The processes for this section are based on the SMF guides that make up the MOF
Changing Quadrant.
Change Management SMF

Daily Processes
Change Classification Infrastructure

and Authorization
Weekly Processes
There are no weekly

Monthly Processes
There are no weekly

As-Needed Processes
There are no weekly

Configuration Management SMF

Daily Processes
There are no daily

Weekly Processes
Review Configuration Infrastructure

Items
Monthly Processes
Review Configuration Operations

Items
As-Needed Processes

3
Detailed Maintenance Actions
Overview
This chapter provides detailed information about the processes that must be
performed in order to maintain Windows Server 2003 DNS services. These processes
are arranged according to the MOF quadrant to which they belong and, within each
quadrant, by the MOF SMF guides that make up that quadrant.
Those quadrants are:
● Operating Quadrant
● Supporting Quadrant
● Optimizing Quadrant
● Changing Quadrant
Further information about the MOF Process Model and the MOF SMFs is available at
document title on TechNet at http://www.microsoft.com/technet/default.asp.
Operating Quadrant Storage Management Operations Role Cluster Daily

SMF
Process: Data backup, restore, and recovery operations

Description
Storing, restoring, and recovering data are key storage management activities for
maintaining company data. Data should be classified by type, and a strategy should
be developed to ensure that operations fulfill business requirements and service level
objectives. This process should be performed on a daily basis to ensure a viable
backup and recovery capability.
Task: Create DNS backup and pull backup files to remote

storage
Purpose
The intent of these backups is to provide an externally stored restore source that is
readily available in the event of local database corruption.
Because there are several options for DNS implementations, there will also be
varying data storage requirements. DNS backups will depend on the implementation
type. For Active Directory integrated DNS, use Option 1—System State. For standard
implementation, use Option 2—System State and Zone File Backups.
Option 1—System State

Procedure 1: Manual backup to tape or external locally-attached storage
1. From a Windows Server 2003 with access to a tape device, on the Start menu,
click Run, enter ntbackup.exe and click OK.
2. If Backup or Restore Wizard window is shown, click Advanced Mode.
3. Click Backup Wizard (Advanced).
4. Click the check box to flag for System State backup.
5. Select an appropriate backup destination, such as a SAN-connected tape drive, or
choose a directory by clicking Browse. Selecting a directory will enable a shadow
copy into a file.
6. Type in a name for the backup job, and click Next.
7. Make sure the appropriate media is loaded or the target directory is accessible,
and click Finish.
Procedure 2: Scriptable manual copy to remote server directory

If Procedure 1 backup was targeted to a local storage location, perform this
procedure to create a remote copy.
Make sure a share with restricted access has been created for the DNS server’s zone
file directory. To create a share with restricted access to the DNS backup directory on
the Windows Server 2003 DNS server, follow these steps:
Using Server Management to create a share:
1. Click Start, then All Programs, then Administrative Tools, and then click Server
Management.
2. Connect to the specific remote Windows Server 2003 DNS server and create a
share specifying the system state backup directory, such as
“C:\Backup\SystemState.” Make sure the shares are restricted to allow read-
only, and customize permissions to only the group or user responsible for
backup and maintenance of the DNS server.
Using a command line to create a share:

1. On the Start menu, click All Programs, then click Accessories, then click
Communications, and then click Remote Desktop Connection.
2. Connect to the specific remote Windows Server 2003 DNS server, and on the
remote system Start menu, click Run, and type cmd
3. Enter the command:
net share dnsSysState=C:\backup\SystemState /GRANT:username,READ
/USERS:1 /CACHE:None
Copying backup to remote storage system:

2. Connect to the specific remote Windows Server 2003 DNS server, and on the
3. Enter the following commands:
net use \\ DNS_Server_hostname\dnsSysState
net use \\Repository_hostname\sharename
xcopy \\DNS_Server_hostname\dnsSysState \\Repository_hostname\sharename
/I /V /E /H /K /X /Y
net use \\DNS_Server_hostname\SysState /delete
net use \\Repository_hostname\sharename /delete
Option 2—System State and Zone File Backup

Procedure 1: Manual backup to tape or external locally-attached storage
1. From a Windows Server 2003 with access to a tape device, on the Start menu,
click Run, enter ntbackup.exe and click OK.
2. If Backup or Restore Wizard window is shown, click Advanced Mode.
3. Click Backup Wizard (Advanced).
4. Click the check box to flag for System State backup.
5. Expand to the %SystemRoot%\System32\DNS folder on the left tree view, and
click its check box to flag for backup.
6. Select an appropriate backup destination, such as a SAN-connected tape drive, or
choose a directory by clicking Browse. Selecting a directory will enable a shadow
copy into a file.
7. Type in a name for the backup job, and click Next.
8. Make sure the appropriate media is loaded or the target directory is accessible,
and click Finish.
Procedure 2: Scriptable manual copy to remote server directory

If Procedure 1 backup was targeted to a local storage location, perform this
procedure to create a remote copy.
Make sure a share with restricted access has been created for the DNS server’s zone
file directory. To create a share with restricted access to the DNS backup directory on
the Windows Server 2003 DNS server, follow these steps:
Using Server Management to create a share:
1. Click Start, then All Programs, then Administrative Tools, and click Server
Management.
2. Connect to the specific remote Windows Server 2003 DNS server and create a
new share specifying the DNS zone file directory, such as the default
“C:\Windows\System32\DNS\.” Create a second share specifying the system
state backup directory, such as “C:\Backup\SystemState.” Make sure the shares
are restricted to allow read-only, and customize permissions to only the group or
user responsible for backup and maintenance of the DNS server.
Using a command line to create a share:

2. Connect to the specific remote Windows Server 2003 DNS server and on the
3. Enter the command:
net share dnsbackup=%systemroot%\system32\dns /GRANT:username,READ
net share dnsSysState=C:\backup\SystemState /GRANT:username,READ
Copy backup to remote storage system:

2. Connect to the specific remote Windows Server 2003 DNS server and on the
remote system Start menu, click Run, and enter cmd
3. Enter the following commands:
net use \\DNS_Server_hostname\dnsbackup
net use \\ DNS_Server_hostname\dnsSysState
net use \\Repository_hostname\sharename
xcopy \\DNS_Server_hostname\dnsbackup \\Repository_hostname\sharename /I
/V /E /H /K /X /Y
xcopy \\DNS_Server_hostname\dnsSysState \\Repository_hostname\sharename /I
/V /E /H /K /X /Y
net use \\DNS_Server_hostname\dnsbackup /delete
net use \\DNS_Server_hostname\SysState /delete
Dependencies
System state backups are being performed.
Technology Required
● Windows Server 2003
● Backup
● DNS Manager
Task: Verify previous day's backup job

Purpose
The purpose of this process is to give guidance on how to verify the integrity of the
daily scheduled backup job. Regardless of the utility used to provide backup service
to the DNS server, the operations team should verify each backup job after it is
completed. This verification allows the operations team to resolve issues with
backups that may put the organization at risk of data loss.
Backups are typically scheduled during off-peak hours or during maintenance
windows. Therefore, this task focuses on verifying the last completed backup run.
Procedure 1: Verify the backup job is completed

You can use Event Viewer to verify whether a backup job started or completed, and
if there were errors encountered during the backup operation.
1. Start Event Viewer.
2. Right-click Application Log, select Properties, highlight View, and select Filter.
3. In Event Source, click the drop-down menu, select Backup, and click OK.
4. Search for the following events:
● Event 8000: This event signals the start of a backup on a volume. You should
receive this event for each volume in the backup job.
● Event 8001: This event signals the end of a backup on a volume. You should
receive n – 1 of this event for a backup job, where n is equal to the number of
volumes in the backup job. When a volume has backed up successfully,
Event 8001 will be logged as an informational event. When errors are
encountered backing up a volume, Event 8001 will be logged as an error
event.
● Event 8019: This event signals the end of the backup operation. You should
receive one 8019 event per backup job.
Dependencies
● Backup jobs are logged to disk.
● Incident management process.
Technology Required
● Backup
● Event Viewer
Operating Quadrant Storage Management Operations Role Cluster As Needed

SMF
Process: Data backup, restore, and recovery operations

Description
Storing, restoring, and recovering data are key storage management activities for
maintaining company data. Data should be classified by type, and organizations
should develop a strategy to ensure that these operations fulfill business
requirements and service level objectives.
Task: Verify restore

Purpose
When restoring the DNS server, it is important to verify the successful completion of
the restoration task. A DNS database can be partitioned into multiple zones. A single
DNS server can be configured to host zero, one, or multiple zones. DNS zones may
be primary, secondary, or stub (a zone containing only those resource records that
are necessary to identify the authoritative DNS servers for that zone). Zones may be
converted to Active Directory integrated by using the Active Directory Service as the
data storage and replication engine. In a Directory Services (DS) integrated DNS,
each DNS zone becomes an Active Directory Service container object (DnsZone). In
Windows Server 2003, application directory partitions enable storage and replication
of DNS zones stored in the non-domain naming context (NDNC) partition of Active
Directory. Only servers running on domain controllers can load DNS integrated
zones; consequently, restoration of a DS integrated DNS server is equivalent to a
domain controller restoration.
The tasks below describe the verification steps of a standard primary, secondary, and
stub zone restore.
Procedure 1: Verify restore configuration of a primary zone

1. Start the Backup utility.
2. On the Tools menu, select Reports.
3. In the Backup Reports window, select the report that contains the Restore Job,
and click View.
4. Search the log for the “Operation: Restore” string.
5. Verify that the restore location and restore files are in the location specified in the
initial restore request. The .DNS file with the zone data is located in the
%SystemRoot%\System32\DNS folder.
6. Start the DNS Manager from Administrative Tools.
7. From the left-tree view, select the applicable DNS server.
8. Verify that the zone is listed, which signifies it was restored.
9. Select the applicable DNS server from the left-tree view. On the Action menu,
select Properties.
10. Select the Monitoring tab.
11. Select Simple and Recursive queries. Select Run Now.
12. Results may be viewed in the Test Results dialog box.
Procedure 2: Verify restore configuration of a secondary zone

3. In the Backup Reports window, select the report that contains Restore Job, and
click View.
7. Select the applicable secondary zone.
8. On the Action menu, click Transfer from Master. The zone is then updated from
the configured master zone.
9. Verify that the zone data has been restored by checking Selected Records.
10. Select the applicable DNS server from the left-tree view. On the Action menu,
select Properties.
Procedure 3: Verify restore configuration of a stub zone

3. In the Backup Reports window, select the report that contains Restore Job, and
click View.
7. Select the applicable stub zone.
8. On the Action menu, click Reload from Master. The zone is then reloaded from
the configured master.
9. Verify that the zone data has been restored by checking Selected Records.
10. Select the applicable DNS server from the left-tree view. On the Actions menu,
select Properties.
Dependencies
Scheduled zone file and system state backups are being performed.
Technology Required
● Backup
● DNS Manager
Optimizing Quadrant Availability Management Operations Role Cluster As Needed

SMF
Process: Design for recovery

Description
Designing for recovery ensures that the appropriate processes, procedures, and
technologies are in place to efficiently recover IT services and bring them back to
operating levels. Its role is to examine each state in the incident’s life cycle and to
minimize the time spent in each area.
Task: Test the server restoration capability

Purpose
A comprehensive recovery plan should include periodic testing of the backups to
ensure that the backup media, data, and type of data collected are sufficient to
ensure the complete recovery of a DNS server.
Procedure 1: Restoring from backup Active Directory integrated DNS

Please refer to the Active Directory Service Product Operations Guide for detailed
information on Active Directory restore. The following is high-level guidance from a
directory services integrated DNS perspective.
1. Build and configure a stand-alone Windows Server 2003 server, preferably with a
hardware configuration identical to the production server.
2. Ensure that the server is not connected to the production network. (Many
organizations maintain a standing data recovery [DR] lab environment that has
been isolated from the networks it supports.)
3. Perform the steps necessary for normal Active Directory restore using system
state backup data.
4. Validate restore by testing DNS functionality. Since the restored service is in a
DR lab environment, the server may not retain full functionality. Where
functionality is not testable, check the configuration items—such as the
forwarder IP addresses—against production DNS servers.
Procedure 2: Restoring from backup standard primary zone

1. Build and configure a stand-alone Windows Server 2003 server with hardware
configuration as close as possible to that of the production server.
2. Ensure that the server is not connected to the production network. (Many
organizations maintain a standing DR lab environment that has been isolated
from the networks it supports.)
3. Restore the system state for a stand-alone Windows Server 2003 server or
perform the tasks necessary for a normal Active Directory restore if the server is
a domain controller.
4. Restore the DNS zone files that were backed up in "Task: Create DNS backup
and pull backup files to remote storage.”
5. Validate restore by testing DNS functionality. Since the restored service is in a
DR lab environment, the server may not retain full functionality. Where
functionality is not testable, check the configuration items—such as the
forwarder IP addresses—against production DNS servers.
Dependencies
Scheduled zone file and system state backups are being performed.
Technology Required
● DR lab or similar equipment
● Backup
Operating Quadrant Storage Management Operations Role Cluster Weekly

SMF
Process: Storage resource management

Description
Storage resource management (SRM) is a key storage management activity focused
on ensuring that important storage devices, such as disks, are formatted and
installed with appropriate DNS systems. In addition, SRM includes using
management technologies to monitor storage resources to ensure that they meet
availability, capacity, and performance requirements.
Task: Monitor disk space for DNS logs and database

Purpose
This task ensures that the DNS zone files can grow as appropriate. Because of the
relatively small size of zone files, DNS server disk space is normally not an issue.
DNS debug logging is disk-resource intensive. Before enabling and configuring DNS
debug logging, review disk availability.
Procedure 1: Monitor disk usage and availability

Using the Explorer GUI:
1. Click Start, click Run; in the Run box, type explorer and then click OK.
2. On the left-tree view, browse to the drive where the DNS server files are stored.
The default location is C:\Windows\System32\DNS.
3. Right-click the drive and select Properties.
Using a WMI script:

The script below illustrates another way to collect resource information similar to the
way described in Procedure 1. This script does not continuously collect and store
formatted performance information, but serves as a sample base for writing an
operations script that may be integrated with an enterprise Management Pack or as a
scheduled job.
1. Copy and paste the script to Notepad.exe and save to a file such as
“DNSChkSpace.vbs.”
2. Run the script by typing the following command:
cscript DNSChkSpace.vbs
The following is the script listing for multiple server checks:
rem – DNS Check Disk Space for Log and DB Drive ---------------------
On Error Resume Next
rem --------------------------------------------------------------------------
-------
rem -- List all DNS Servers in the strDNSServer array in quotes
rem -- and separated by commas. use "." for localsystem.
rem --
rem -- Example:
rem -- strDNSServer=array("dnssvr01","dnssvr02","192.168.23.21")
rem --
arrDNSSvr = array( ".","dnssvr01")
rem --------------------------------------------------------------------------
-------
For Each strComputer in arrDNSsvr
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colItems = objWMIService.ExecQuery("Select * from Win32_LogicalDisk",,48)
For Each objItem in colItems
Wscript.Echo "DeviceID: " & objItem.DeviceID
Wscript.Echo "FreeSpace: " & objItem.FreeSpace
Wscript.Echo "VolumeName: " & objItem.VolumeName
Next
Next
rem – END OF SCRIPT --
The following is the script listing for a single server with a specific drive check:
rem – DNS Check Disk Space for Log and DB Drive ----------------
rem – Replace “.” with the DNS server’s hostname or IP.

strComputer="."
rem – Replace ‘c:’ with the DNS server’s appropriate directory

rem --
Set colItems = objWMIService.Get("Win32_LogicalDisk.DeviceID='c:'")
Wscript.Echo "DeviceID: " & colItems.DeviceID

Wscript.Echo "FreeSpace: " & colItems.FreeSpace
Wscript.Echo "VolumeName: " & colItems.VolumeName
rem – END OF SCRIPT –
Dependencies
None
Technology Required
● Basic Windows Server 2003 operating system installed with DNS
● Windows Management Instrumentation (WMI) infrastructure
● CScript
Optimizing Quadrant Capacity Management Operations Role Cluster Daily

SMF
Process: Managing resources and service performance

Description
Capacity management is concerned with the optimized use of IT resources in order
to achieve the level of performance agreed upon with the client. The process of
capacity management can be either reactive or proactive. Iterative activities, such as
monitoring, analyzing, tuning, and reporting, are also important in the process of
managing resources and service performance. The present and future capacity
requirements for a service are documented in service level agreements (SLAs). These
requirements are broken down into individual operating level agreements (OLAs)
for each of the key IT layers in the technical infrastructure.
The tasks included in this process use comma-delimited files for storing data as a
base reference. For larger environments that include 10 or more servers,
administrators should use Microsoft SQL Server™ or Microsoft Operations Manager
2000 (MOM) as an effective centralized repository for events.
Task: Capture service performance statistics

Purpose
The following activity captures empirical data on DNS service performance. This
data, which is collected daily (or multiple times a day) will be reviewed weekly. It
will also be used to create monthly reports that are reviewed quarterly for service
level agreement (SLA) compliance. Service performance statistics are different from
system or usage performance statistics in that they measure the characteristics of the
DNS services, not the underlying infrastructure, such as disk, memory, and
processor.
Procedure 1: Configure DNS performance logging

Using the System Monitor GUI:
1. Start the System Monitor from Administrative Tools or click Start, click Run; in
the Run box, type perfmon and then click OK.
2. On the left-tree view, expand the Performance Logs and Alerts branch and click
Counter Logs. The view in the right pane will display all log settings.
3. Right-click Counter Logs, and select New Log Settings.
4. Enter a name such as “DNS Service Performance,” and click OK.
5. Click the Add Counters button, which will bring up the Add Counters dialog
box.
6. Click the Select Counter objects from computer radio button, and select or enter
the appropriate DNS server in the pull-down box.
7. In the Performance Object pull-down box, select DNS.
Click Secure Update Failure, Secure Update Received, Zone Transfer Failure,
Zone Transfer Request Received, Dynamic Update Queues, Dynamic Update
Received/sec, Recursive Queries/sec, Recursive Query Failure/sec, Recursive
TimeOut/sec, TCP Query Received/sec, TCP Response Sent/sec, UDP Query
Received/sec, UDP Response Sent/sec. There are no instances associated with
these counters.
8. Click Add.
9. Verify that the new counters were added to the logging.
(The Add Counters window may be blocking the previous DNS Service Load
and Util window.)
10. In the Sample data every: area, specify an appropriate interval—such as 10
minutes.
11. Select the Log Files tab on this window.
12. In the Log file type: area, select Text File (Comma delimited), and click
Configure.
13. Specify the appropriate location for the log file. Ideally, this should be a remote
directory from a reliable file server with ample disk space to store three to five
months' worth of DNS Service Perf logs.
14. In the File name: area, enter an appropriate name, such as “DNSSvcPerf” and
verify that the log file size is set to Maximum limit. Click OK.
15. Enable End File names with: and select [yyyymmdd] in the pull-down selector.
16. Add an appropriate comment such as “DNS Service Perf Log v1.”
17. Click Apply, and then click OK.
Using a WMI VBScript:

The following script approach illustrates the collection of service performance
information in a way similar to the method described in Procedure 1. This script
does not continuously collect and store formatted performance information, but
serves as a sample base for writing an operations script that may be integrated with
an enterprise Management Pack.
1. Copy and paste the script below to an editor such as Notepad and save it using a
file name such as “DNSServicePerf.vbs.”
cscript //nologo DNSServicePerf.vbs
The following is a sample script listing:
rem – DNS Server Service Performance Logging ---------------------
rem --------------------------------------------------------------------------
-------
rem --
rem -- Example:
rem -- arrDNSSvr=array("DNSsvr01","dnssvr02","192.168.23.21")
rem --
arrDNSSvr = array( ".","DNSsvr01")
rem --------------------------------------------------------------------------
-------
For Each strComputer in arrDNSsvr
Wscript.Echo “—“ & strComputer & “------------------------------“

Set colItems = objWMIService.ExecQuery("Select * from
Win32_PerfFormattedData_DNS_DNS",,48)
Wscript.Echo "SecureUpdateFailure: " & objItem.SecureUpdateFailure
Wscript.Echo "SecureUpdateReceived: " & objItem.SecureUpdateReceived
Wscript.Echo "ZoneTransferFailure: " & objItem.ZoneTransferFailure
Wscript.Echo "ZoneTransferRequestReceived: " &
objItem.ZoneTransferRequestReceived
Wscript.Echo "DynamicUpdateQueued: " & objItem.DynamicUpdateQueued
Wscript.Echo "DynamicUpdateReceivedPersec: " &
objItem.DynamicUpdateReceivedPersec
Wscript.Echo "RecursiveQueriesPersec: " & objItem.RecursiveQueriesPersec
Wscript.Echo "RecursiveQueryFailurePersec: " &
objItem.RecursiveQueryFailurePersec
Wscript.Echo "RecursiveTimeOutPersec: " & objItem.RecursiveTimeOutPersec
Wscript.Echo "TCPQueryReceivedPersec: " & objItem.TCPQueryReceivedPersec
Wscript.Echo "TCPResponseSentPersec: " & objItem.TCPResponseSentPersec
Wscript.Echo "UDPQueryReceivedPersec: " & objItem.TCPQueryReceivedPersec
Wscript.Echo "UDPResponseSentPersec: " & objItem.TCPResponseSentPersec
Next
Next
To format the script similar to the System Monitor format:

1. At the top of the script, add the following lines:
m=Month(Now)
d=Day(Now)
s=Second(Now)
If (m<10) Then
m="0" & m
End If
If (d<10) Then
d="0" & d
End If
If (s<10) Then
s="0" & s
End If
strFormattedDate = chr(34) & m & "/" & d & "/" & Year(Now) & " " & Hour(Now) &
":" & Minute(Now) & ":" & s & ".000" & chr(34)
2. After the line “For Each objItem in colItems” all the way to “Next” are the output
commands to echo the results to screen. Select the objects you would like to log
and replace the “Wscript.Echo …” lines with concatenated and formatted output,
including formatting such as “ (quotes) represented by chr(34) and , (commas).
For example, to create a System Monitor-style output for DNS
TotalQueryReceived/sec, TotalResponseSent/sec, and ZoneTransferSuccess, the
result would be:
…
Wscript.Echo strFormattedDate & “,” & chr(34) &
objItem.TotalQueryReceivedPersec & chr(34) & “,” & chr(34) &
objItem.TotalResponseSentPersec & chr(34) & “,” & chr(34) &
objItem.ZoneTransferSuccess & chr(34)
Next
…
Dependencies
None
Technology Required
● WMI infrastructure
● CScript
Operating Quadrant Service Monitoring and Infrastructure Role Daily

Control SMF Cluster
Process: Perform monitoring

Description
The purpose of service monitoring and control is to observe the end-to-end health of
IT services in order to detect and prevent service exceptions and to gather data used
by other SMFs to optimize IT services. The perform monitoring process continuously
monitors the IT infrastructure and components that deliver the end-to-end service.
The tasks included in this process use comma-delimited files for storing data as a
base reference. For larger environments that include 10 or more servers,
administrators should use Microsoft SQL Server or Microsoft Operations Manager
(MOM) as an effective centralized repository for events.
Task: Capture usage performance statistics

Purpose
The following activity captures empirical data on DNS services performance. This
data, which is collected daily (or multiple times a day) will be reviewed weekly. It
will also be used to create monthly reports that are reviewed quarterly for service
level agreement (SLA) compliance. Usage performance is different from system or
DNS service performance statistics in that it measures the utilization of the DNS
Service, not the underlying infrastructure, such as disk, memory, and processor or
DNS service-related items.

1. Start the System Monitor from Administrative Tools, or click Start, click Run; in
2. On the left-tree view, expand the Performance Logs and Alerts branch, and click
4. Enter a name such as “DNS Usage Performance,” and click OK.
5. Click the Add Counters button, which will bring up the Add Counters dialog
box.
6. Click the Select Counter objects from computer radio button, and select or enter
the appropriate DNS server in the pull-down box.
7. In the Performance Object pull-down box, select DNS.
8. Click Total Response Sent/sec, Total Query Received/sec, WINS Lookup
Received/sec, WINS Response Sent/sec, WINS Reverse Lookup Received/sec,
WINS Reverse Response Sent/sec. There are no instances associated with these
counters.
9. Click Add.
10. Verify that the new counter was added to the logging.
(The Add Counters window may be blocking the previous DNS Usage Load and
Util window.)
minutes.
13. In Log file type: area, select Text File (Comma delimited), and click Configure.
months' worth of DNS Service Perf logs.
15. In the File name: area, enter an appropriate name, such as “DNSUsagePerf” and
17. Add an appropriate comment such as “DNS Usage Perf Log v1.”

1. Copy and paste the script below to Notepad.exe and save to a file such as
“DNSUsagePerf.vbs.” The script illustrates the collection of performance
information in a way that is similar to the one described in Procedure 1. This
script does not continuously collect and store formatted performance
information, but serves as a sample base for writing an operations script that
may be integrated with an enterprise Management Pack or as a scheduled job.
cscript //nologo DNSUsagePerf.vbs
The following is a sample script listing:

strComputer = "."
Win32_PerfFormattedData_DNS_DNS",,48)
Wscript.Echo "TotalQueryReceivedPersec: " &
objItem.TotalQueryReceivedPersec
Wscript.Echo "TotalResponseSentPersec: " &
objItem.TotalResponseSentPersec
Wscript.Echo "WINSLookupReceivedPersec: " &
objItem.WINSLookupReceivedPersec
Wscript.Echo "WINSResponseReceivedPersec: " &
objItem.WINSResponseReceivedPersec
Wscript.Echo "WINSReverseResponseSentPersec: " &
objItem.WINSReverseResponseSentPersec
Wscript.Echo "WINSReverseLookupReceivedPersec: " &
objItem.WINSReverseLookupReceivedPersec
Next

m=Month(Now)
d=Day(Now)
s=Second(Now)
If (m<10) Then
m="0" & m
End If
If (d<10) Then
d="0" & d
End If
If (s<10) Then
s="0" & s
End If
":" & Minute(Now) & ":" & s & ".000" & chr(34)
2. Between “For Each objItem in colItems” and “Next” are the output commands to
echo the results to screen. Select the objects you would like to log and replace the
“Wscript.Echo …” lines with concatenated and formatted output, including
formatting such as “ (quotes) represented by chr(34) and , (commas). For
example, to create a System Monitor-style output for DNS
TotalQueryReceived/sec, TotalResponseSent/sec, and ZoneTransferSuccess, the
result would be:
…
Wscript.Echo strFormattedDate & “,” & chr(34) &
objItem.TotalQueryReceivedPersec & chr(34) & “,” & chr(34) &
objItem.TotalResponseSentPersec & chr(34) & “,” & chr(34) &
objItem.ZoneTransferSuccess & chr(34)
Next
…
Dependencies
None
Technology Required
● DNS server
● CScript
Task: Capture system performance statistics

Purpose
The following activity captures empirical data on the DNS server. This data, which is
collected daily (or multiple times a day) should be reviewed weekly. It will also be
used to create monthly reports that are reviewed quarterly for SLA/OLA compliance.
System utilization statistics are different from service or usage metrics in that they
measure the usage characteristics of the underlying infrastructure of the DNS server
system, such as disk, memory, or processor.

1. Start the System Monitor from Administrative Tools or click Start, click Run; in
2. On the left-tree view, expand the Performance Logs and Alerts branch and click
4. Enter a name such as “DNS Server Load and Util,” and click OK.
5. Click the Add Counter button; this will bring up the Add Objects dialog box.
6. Verify that the applicable DNS server is listed in the Select counters from
computer: pull-down box.
7. Verify that the Select counters from list: radio button is selected.
8. In the Performance Object pull-down box, select Processor.
9. Click %Processor Time, %Privileged Time, and %User Time from the counters
and choose the _Total instance.
10. Click Add.
(The Add Counters window may be blocking the previous DNS Server Load and
Util window.)
12. In the Performance Object pull-down box, select Process.
13. Click %Processor Time, Private Bytes, and Page File Bytes from the counters
and choose dns as the instance.
14. Click Add.
Util window.)
16. In the Performance Object pull-down, select Memory.

17. Click Available Bytes, Pages Input/sec, Pages Output/sec, Page Reads/sec, and
Page Writes/sec. There are no instances associated with these counters.
18. Click Add.
Util window.)
20. In the Performance Object pull-down, select PhysicalDisk.
21. Click Current Disk Queue Length from the counters and choose _Total as the
instance.
22. Click Add.
Util window.)
24. In the Performance Object pull-down, select Network Interface.
25. Click Bytes Total/sec and choose the appropriate interface instance(s) utilized by
the DNS server.
26. Click Add.
Util window.)
minutes.
30. In the Log file type: area, select Text File (Comma delimited), and click
Configure.
months' worth of DNS server system load and util logs.
32. In the File name: area, enter an appropriate name such as “DNSSysUtil” and
34. Add an appropriate comment such as “DNS System Perf and Util Log v1.”

1. Copy and paste the script below to Notepad.exe and save to a file such as
“DNSServerPerf.vbs.” The script illustrates another way to collect performance
information similar to that described in Procedure 1. This script does not
continuously collect and store formatted performance information, but serves as
a sample base for writing an operations script that may be integrated with an
enterprise Management Pack or as a scheduled job.
cscript //nologo DNSServerPerf.vbs
The following is a script listing:
rem – DNS Server System Load and Utilization Basic Collector ------------
rem ----------------------------------------------------------------------
rem --
rem -- Example:
rem -- strDNSServer=array("dnssvr01","dnssvr02","192.168.23.21")
rem --
arrDNSSvr = array( ".","dnssvr01")
rem ----------------------------------------------------------------------
For Each strComputer in arrDnssvr
Wscript.Echo “—“ & strComputer & “------------------------------“

Win32_PerfFormattedData_PerfOS_Processor",,48)
Wscript.Echo "PercentPrivilegedTime: " &
objItem.PercentPrivilegedTime
Wscript.Echo "PercentProcessorTime: " &
objItem.PercentProcessorTime
Wscript.Echo "PercentUserTime: " & objItem.PercentUserTime
Next

Win32_PerfFormattedData_PerfProc_Process where Name = ‘dns’ ",,48)
Wscript.Echo "PageFileBytes: " & objItem.PageFileBytes
Wscript.Echo "PercentProcessorTime: " & objItem.PercentProcessorTime
Wscript.Echo "PercentUserTime: " & objItem.PercentUserTime
Next

Win32_PerfFormattedData_PerfOS_Memory",,48)
Wscript.Echo "AvailableBytes: " & objItem.AvailableBytes
Wscript.Echo "PageReadsPersec: " & objItem.PageReadsPersec
Wscript.Echo "PagesInputPersec: " & objItem.PagesInputPersec
Wscript.Echo "PagesOutputPersec: " & objItem.PagesOutputPersec
Wscript.Echo "PageWritesPersec: " & objItem.PageWritesPersec
Next

Win32_PerfFormattedData_PerfDisk_PhysicalDisk",,48)
Wscript.Echo "CurrentDiskQueueLength: " & objItem.CurrentDiskQueueLength
Next

Win32_PerfFormattedData_Tcpip_NetworkInterface",,48)
Wscript.Echo "BytesTotalPersec: " & objItem.BytesTotalPersec
Next
Next

m=Month(Now)
d=Day(Now)
s=Second(Now)
If (m<10) Then
m="0" & m
End If
If (d<10) Then
d="0" & d
End If
If (s<10) Then
s="0" & s
End If
":" & Minute(Now) & ":" & s & ".000" & chr(34)
2. Between “For Each objItem in colItems” and “Next” are the output commands to
echo the results to screen. Select the objects you would like to log and replace the
“Wscript.Echo …” lines with concatenated and formatted output, including
formatting such as “ (quotes) represented by chr(34) and , (commas). For
example, to create a PerfMon-style output for DNS Server AvailableBytes,
PageReadsPersec, and PagesOutputPersec, the result would be:
…
Wscript.Echo strFormattedDate & “,” & chr(34) & objItem.AvailableBytes &
chr(34) & “,” & chr(34) & objItem.PageReadsPersec & chr(34) & “,” & chr(34) &
objItem.PagesOutputPersec & chr(34)
Next
…
Dependencies
None
Technology Required
● Windows Script Host
Optimizing Quadrant Capacity Management Operations Role Cluster Monthly

SMF
Process: Managing resources and service performance

Description
Capacity management is concerned with optimized utilization of IT resources in
order to achieve the level of performance agreed to with the client. Support
organizations supply these resources to ensure that the requirements of the business
are met. The process of capacity management can be either reactive or proactive.
Iterative activities, such as monitoring, analyzing, tuning, and reporting, are also
important in the process of managing resources and service performance. The type of
data for each activity differs. For example, the level of utilization of individual
components in the infrastructure is relevant to IT resource management, while the
transaction throughput rates and response time are pertinent to service-performance
management.
Task: Create service performance and utilization report

Purpose
This task captures service performance and utilization in data that can be used to
support decision making.
In this task, Microsoft Excel is used for analysis and visualization. Alternatively,
System Monitor may be used to load statistics if stored in binary logs instead of csv.
For larger environments that include 10 or more servers, administrators should use
Microsoft SQL Server or Microsoft Operations Manager (MOM) as an effective
centralized repository and analysis tool for events.
Procedure 1: Calculate daily statistics

1. Import performance and utilization logs into Microsoft Excel.
2. Calculate the daily performance average for each counter collected in the log.
3. In a new worksheet, record the daily average of the counters for each day of the
month.
4. Use the graphing feature in Excel to create visuals that illustrate trends in
performance.
For clarity, it may be easier to calculate the daily statistics on the basis of
performance objects. You should also consider that these reports will be
pertinent to the measuring of service level agreements (SLAs), operating level
agreements (OLAs), and underpinning contracts (UCs).
Procedure 2: Store data and reports

1. Store each month’s data in a single workbook for future reference.
2. Save the workbook to a file share on a file server that is under regular backup
maintenance.
Dependencies
Capturing service performance in performance logs.
Technology Required
Microsoft Excel or third-party spreadsheet application
Task: Create system load and utility report

Purpose
This task captures the usage of print-server resources in data that can be used to
support decision making and resource allocation.
Procedure 1: Calculate daily statistics

1. Import service usage statistics into Excel.
2. Calculate the daily average for each counter collected in the log.
3. In a new worksheet, record the daily average of the counters for each day of the
month.
4. Use Excel’s graphing feature to create visuals that illustrate trends in
performance.
For clarity, it may be easier to calculate the daily statistics on the basis of
performance objects.
Procedure 2: Store data and reports

1. Store each month’s data in a single workbook for future reference.
2. Save the workbook to a file share on a file server that is under regular backup
maintenance.
Dependencies
Capturing service performance in performance logs.
Technology Required
Excel or third-party spreadsheet application
Supporting Quadrant Problem Management Operations Role Cluster As Needed

SMF
Process: Problem recording and classification

Description
The problem recording and classification process deals with the initial detection and
recording of a problem, which can originate from a variety of sources and mediums.
Problems may be reported through the incident management process or as a result of
analysis from the data collected by the problem management team.
Log files and event logging facilities commonly provide support for this process.
Task: Temporarily enable debug logging options

Purpose
DNS debug logging creates a Dns.log file that contains debug logging activity. By
default, it is located in the C:\Windows\System32\DNS folder. Using debug
logging options impacts DNS server performance. For this reason, all debug logging
options are disabled by default and should be enabled only for specific monitoring
operations.
Procedure 1: Select and enable debug logging options on the DNS server
3. On the Action menu, click Properties.
4. Click the Debug Logging tab.
5. Select Log packets for debugging, and then select the events that you want the
DNS server to record for debug logging.
6. Select applicable criteria including Packet direction, Transport protocol, and
type.
7. Specify the log file name, location, and maximum file size. Note that the file
name will be cached and, if re-used, will append to the log instead of
overwriting. This will cause the log file to take up more disk space.
8. Click OK.
Procedure 2: Disable debug logging options on the DNS server

5. Click Reset To Default, and then OK.
Dependencies
DNS Service
Technology Required
DNS Manager
Task: Diagnose backup conditions

Purpose
The intent of this task is to perform detailed investigation on the backup jobs. This
task goes beyond the summary information that “Task: Verify previous day’s backup
job” provides.
Procedure 1: Enable detailed logging

Backup logs can be vital to troubleshooting and recording status of the backup
operation. The default setting in Windows Server 2003 is for backup logs to contain
summary information—for example, loading a tape, starting the backup, files backed
up, bytes backed up, or failing to open a file. Some environments require more
detailed information, such as which files are being backed up for a particular backup
job.
For more detailed logging in the backup logs:
2. On the Tools menu, click Options.
3. In the Options window, click the Backup Log tab, select Detailed, and click OK.
Backup logs will now contain detailed information regarding the backup operations.
Procedure 2: Review the backup log

2. On the Tools menu, click Reports.
3. In the Backup Report dialogue box, select the previous night’s backup report
and click View.
● Event 8000 is not logged for the specific items being backed-up. When
these events are not present, the backup did not run. When this occurs, the
DNS server is at risk of data loss. Verify the backup job has not been deleted.
Review the start time for the job to verify it has not been modified.
● Event 8001 is logged as a warning event in the application log. Review the
backup log by searching for the “Warning:” string in the body of the log.
Record what the warning is and the reason for the warning.
● Event 8019 is not logged for the specific items being backed-up. This means
the backup job is still running. Review the application log and record the last
volume to trigger a successful 8001 informational event. Record the last
volume to trigger an 8000 event.
Dependencies
● Backup jobs are logged to disk.
● Problem management process.
Technology Required
● Backup
● Third-party backup software
Supporting Quadrant Problem Management Support Role Cluster Daily

SMF
Process: Proactive analysis and review

Description
Proactive analysis activities are concerned with identifying and resolving problems
and known errors before incidents occur, thus minimizing the adverse impact on the
service and business as a whole. After a major incident or a major problem has
occurred, a review of all the events and actions that took place should be conducted.
This review provides a means of gathering useful data for future analysis and
ensures that all important lessons are identified and recorded.
The tasks below use a manual method for tracking and analyzing events and are
usable for all operations. However, for larger environments having 10 or more
servers, it is best to use a centralized event management system such as Microsoft
Operations Manager (MOM).
Task: Monitor DNS event log for critical DNS events

Purpose
This task reviews DNS event log monitoring procedures to identify and correct any
escalating issues. DNS debug logging is utilized only for troubleshooting specific
DNS issues and is not included as a periodic monitoring function.
Procedure 1: Access event log

Using the Event Viewer GUI:
1. Click Start, click Run; in the Run box, type dnsmgmt.msc and then click OK.
3. Expand Event Viewer.
4. Click DNS Events.
Using a command line:

1. Click Start, click Run; in the Run box, type cmd and then click OK.
2. At the command prompt, type:
CSCRIPT %systemroot%\System32\eventquery.vbs /S \\computer name /U
domain\user /P password /V /L system /FO LIST /FI “source eq dnsapi”
Procedure 2: Review event log

Check for the following critical events:
Event Description
ID
140 The DNS server could not initialize the Remote Procedure Call (RPC)
service. If it is not running, start the RPC service or reboot the computer.
For specific error code, see the Record Data page on the Event Viewer.
In order for DNS to run, the Remote Procedure Call (RPC) service must
be running on the DNS server.
1. Verify that the Remote Procedure Call (RPC) service has been started.
2. Open Administrative Tools, and double-click Services.
3. If the service has been started, try restarting the server.
4. If the error continues, remove and reinstall the RPC Configuration
service by using the Services tab network connection in Network and
Dial-up Connections in Control Panel.
403 The DNS server could not create a Transmission Control Protocol (TCP)
socket. Restart the DNS server or reboot the computer. For the specific
error code, see the Record Data page.
The Wsock32.dll might be incompatible with a third-party TCP/IP stack.
This problem can also occur if the TCP/IP protocol is not bound to the
network adapter.
If you are using a third-party TCP/IP protocol, verify that the protocol is
compatible with the Wsock32.dll.
Check the bindings of the protocol stack. It is a good idea to have TCP/IP
bound at the top of the stack. If the error continues, remove and reinstall
the TCP/IP protocol, and then try again.
1. Open Control Panel, and then double-click Network and Dial-up
Connections.
2. Right-click the connection, and then click Properties.
3. Verify that the bindings for all protocols to network adapters are
enabled and that no broken connections exist in the stack.
Event Description
ID
407 DNS server could not bind the main datagram socket. The data is the
error.
This error can occur if there is a mismatch between the configured IP
address in the Advanced IP Addressing dialog box and the addresses
listed in the Server Properties dialog box for the DNS server. This
problem can also occur if the TCP/IP protocol is not bound to the network
adapter.
Verify that the TCP/IP addresses configured in the Advanced IP
Addressing dialog box match those configured in the Server Properties
dialog box in DNS Manager:
1. Open Control Panel, and double-click Network.
2. Click the Protocols tab, and click TCP/IP Protocol in the Network
Protocols list.
3. Click Properties, and then click Advanced.
Match the IP addresses to those displayed in the DNS server Properties
dialog box:
1. In DNS Manager, right-click the DNS server name, and then click
Properties.
2. Compare the IP addresses with those from the Advanced IP
Addressing dialog box. If there are no IP addresses configured in the
Advanced IP Addressing dialog box or on the Interfaces tab of the
Server Properties dialog box, enter the IP address of your network
adapter. Use the ipconfig -all command to obtain your IP address.
Check the binding of the TCP/IP protocol to the network adapter:
1. Open Control Panel, and double-click Network.
2. Click the Bindings tab.
3. Verify that the bindings for all protocols to network adapters are
enabled and that no broken connections exist in the stack.
Event Description
ID
408 DNS server could not open socket for address [IP address of server].
The DNS server could not open a socket with the current TCP/IP and
DNS service configurations.
Verify that this is a valid IP address on this machine.
If the IP is not valid:
1. Use the Interfaces dialog under Server Properties in the DNS
Manager to remove it from the list of IP interfaces.
2. Stop and restart the DNS server. (If this was the only IP interface on
this machine, the DNS server may not have started as a result of this
error. In that case, remove the DNS\Parameters\ListenAddress value
in the services section of the registry and restart.)
If the IP is valid:
Verify that no other application (for example, another DNS server) is
running that would attempt to use the DNS port.
4000 The DNS server was unable to open Active Directory.

The DNS server is configured to obtain and use information from the
directory for this zone and is unable to load the zone without it.
Check that Active Directory is functioning properly and reload the zone.
4001 The DNS server was unable to open zone domain name in Active
Directory. This DNS server is configured to obtain and use information
from the directory for this zone and is unable to load the zone without it.
Check that Active Directory is functioning properly and reload the zone.
4004 The DNS server is configured to use information obtained from Active
Directory for this zone and is unable to load the zone without it.
Check that Active Directory is functioning properly and repeat
enumeration of the zone.
4007 The DNS server was unable to open zone <zone name> in Active
Directory from the application directory partition <partition name>. This
DNS server is configured to obtain and use information from the
directory for this zone and is unable to load the zone without it. Check
that Active Directory is functioning properly and reload the zone. The
event data is the error code.
4016 The DNS server timed out attempting an Active Directory service
operation on <distinguished name>. Check Active Directory to see that it
is functioning properly. The event data contains the error.
Events 403, 407, and 408 are usually triggered together, as well as 4000, 4001, and
4004.
Dependencies
None
Technology Required
● CScript
● Event Viewer
● DNS server
● Windows 2000, Windows XP, or Windows Server 2003 operating systems
Task: Service check—resolve alerts indicating DNS Server

service is down
Purpose
If the DNS Server service is not running, name resolution cannot be dispensed. To
determine the status of the DNS Server service, perform the following procedures.
Procedure 1: Verify DNS Server service status

Using the Computer Management GUI:
1. Start Computer Management from Administrative Tools or click Start, click
Run; in the Run box, type compmgmt.msc and then click OK.
2. On the Action menu, click Connect to another computer.
3. Select the applicable DNS server.
4. On the left-tree view, expand Services and Applications.
5. Click Services.
6. On the right-tree view, select DNS Server, right-click and select Properties.
7. Check and review the service status.

2. At the command prompt, enter:
SC “\\DNS_Server” QUERY DNS
Service Control should return a state indicating "4 Running."

Procedure 2: Start the DNS Server service

If the DNS Server service is not running, name resolution cannot be dispensed.
Investigate why the service is stopped and log a service ticket as appropriate.
To start the service using the Windows interface:
1. Click Start, click Control Panel, click Administrative Tools, and then click
Services.
2. Find DNS server, right-click the service, and then click Start.
3. Verify that the status of the DNS server is Started.
To start the service using the command line:

1. Open a command-prompt window (Start > Run, type cmd and click OK).
2. Enter the Service Control command, replacing DNSServerName with the name of
the DNS server:
sc.exe “\\<DNSServerName>” start DNS
sc.exe “\\<DNSServerName>” query DNS
3. Service Control should return a state indicating "4 Running."
Dependencies
None
Technology Required
DNS server
Task: Service check—manual verification of dynamic record

update
Purpose
This task is designed to track a specific dynamic update of a DNS record from a
client or a DHCP server. This validates that the dynamic update capability is
functioning normally or quickly isolates problem areas within this process. This
process assumes that detailed logging facilities, established in "Task: Verify dynamic
DNS record updates—DNS server," are in place.
Procedure 1: Monitor dynamic client registration

The following procedure will stop and flush the client cache and force a dynamic
update. The procedure is performed on the client computer either locally or
remotely. This procedure will work on client-side dynamic DNS-capable systems,
such as Windows 2000 and later.
1. On a Windows 2000 or later system, click Start, click Run; in the Run box, type
cmd and then click OK.
2. In the shell, type:
ipconfig /flushdns
ipconfig /registerdns
Or, at the command prompt, type:
net stop "dhcp client"
net start "dhcp client"
3. Review logs. The success or failure of the dynamic update may be viewed by the
client’s Event Viewer, as well as the DNS server log. Refer to "Task: Verify
dynamic DNS record updates—DNS server" and "Task: Verify dynamic DNS
record updates—DNS client."
Dependencies
● DNS/DHCP client
● DNS server
● DHCP server
Technology Required
● DNS Service
● DHCP Service
Supporting Quadrant Problem Management Support Role Cluster Weekly

SMF

Description
service and business as a whole. After a major incident or a major problem occurs, a
review should be conducted to examine the events and actions that took place. This
review provides a means of gathering useful data for future analysis and ensures
that all important lessons are identified and recorded.
Task: Verify dynamic DNS record updates—DNS client

Purpose
Dynamic DNS clients can automatically send updates to the name server that is
authoritative for their records. The change can be adding records, deleting records,
or modifying records. If the update fails because the server is not available, the client
logs a message in its event log, which can be viewed by using Event Viewer. The
Event Viewer can be used to check the system log for any event messages that
explain why attempts by the client to dynamically update its host (A) or pointer
(PTR) resource records failed.
Procedure 1: Accessing client event log

Using the Event Viewer GUI:
1. Click Start, click Run; in the Run box, type eventvwr.msc and then click OK.
2. To view the log of a remote system, on the Action menu, click connect to another
computer.
3. Enter the client computer name, such as \\DomainName\ComputerName, or
browse to the client computer.
4. Click OK.
5. Open the System Log.
6. On the View menu, select Filter and choose dnsapi in the Event Source pull-
down box.
7. Click OK to view filtered events.
Using a command line from a Windows Server 2003 host:

2. In the command shell, enter:
CSCRIPT %systemroot%\System32\eventquery.vbs /S \\compuetr name /U
Procedure 2: Reviewing the client event log items

From the log data accessed in Procedure 1, look for the following events:
ID number DNS Event
11150 The system failed to register network adapter with settings:

The cause of this DNS registration failure was that the DNS update
request timed out after being sent to the specified DNS server. This is
probably because the authoritative DNS server for the name being
updated is not running.
You can manually retry registration of the network adapter and its
settings by typing ipconfig /registerdns at the command prompt.
11180 The system failed to update and remove registration for the network
adapter with settings.
The reason for this failure is that the DNS server the system sent the
update request to timed out. The most likely cause of this failure is that
the authoritative DNS server for the zone where the registration was
originally made is either not running or is unreachable through the
network at this time.
Dependencies
Dynamic DNS is enabled on a DDNS-capable system.
Dynamic DNS Refresh setting is enabled on the DNS server
Technology Required
● CScript
Task: Verify dynamic DNS record updates—DHCP server

Purpose
DHCP servers are able to register A and PTR resource records on behalf of DHCP
clients. The DHCP server log should be monitored to ensure that active updates
performed on behalf of the DHCP clients are successful. When the DHCP server is
configured to perform DNS dynamic updates on behalf of DHCP clients, you can use
the DHCP audit logs to monitor update requests by the DHCP server to the DNS
server, DNS record update successes, and DNS record update failures.
Procedure 1: Review DHCP server log

Interactive viewing using the log file and Excel:
1. Using Microsoft Excel, import the DHCP log (named by date) located by default
on the DHCP server’s \Windows\System32\DHCP directory.
2. Search for the following:
ID number DNS Event
30 DNS dynamic update request.
31 DNS dynamic update failed. The DHCP server was unable to

dynamically update DNS. This failure should be handled within
incident management and processed with DHCP administrators.
32 DNS dynamic update successful.
Searching the log file from the command line:

2. Type the following command lines to create a local directory, mount the share,
execute a remote copy, and unmount. It is assumed that the DHCP log file is
shared to the user with appropriate permissions:
md c:\DHCP_Log
net use \\DHCPServer_hostname\LogFileSharename
xcopy \\DHCPServer_hostname\LogFileSharename c:\DHCP_Log /I /V /E /H /K /X
/Y
3. Type the following command lines to search the log(s) for dynamic update
information:
Findstr “DNS dynamic update request” c:\DHCP_Log\DHCPSrvLogName.Day
Findstr “DNS dynamic update failed” c:\DHCP_Log\DHCPSrvLogName.Day
Findstr “DNS dynamic update successful”c:\DHCP_Log
\DHCPSrvLogName.Day
Dependencies
● Dynamic DNS is enabled on a DDNS-capable system.
● DHCP services are available.
Technology Required
● CScript
● Findstr
Task: Verify dynamic DNS record updates—DNS server

Purpose
It is possible to view dynamic update activity of clients by utilizing the DNS server
log (Dns.log). The log will include server-side information; client-side information
will be intuitive only.
Procedure 1: Configure DNS debug logging

To create a log file that records dynamic update events:
1. Click Start, click Run; in the Run box, type dnsmgmt.msc and then click OK.
5. Select Log packets for debugging.
6. Select Incoming and Outgoing Packet direction.
7. Select UDP and TCP Transport protocol.
8. Select Updates Packet contents.
9. Select Request and Response Packet types.
10. Select Details.
11. Click OK to begin debug logging.
Warning Do not leave DNS logging on during normal operations because it consumes both
processing and hard disk resources.
Procedure 2: Review the DNS server log

Client update information received by the DNS server will be contained within the
DNS server log. The log file is in rich text format and may not be opened while in
use. The following procedures assume that DNS debug logging is enabled and the
file is in use.
Using the Explorer GUI:
1. Click Start, click Run; in the Run box, type explorer and then click OK.
2. Browse to the default Dns.log location: C:\Windows\System32\DNS\.
3. Copy the Dns.log file.
4. Paste the Dns.log file. By default the file is renamed to Copy of Dns.log.
5. Open Copy of Dns.log with WordPad.

2. In the command shell, type:
cd\
cd windows\system32\dns
copy dns.log %systemroot%\system32\dns\copy_of_dns.log /V
type copy_of_dns.log
Dependencies
● DNS server.
● DNS audit logging enabled.
Technology Required
Microsoft Excel
Task: Monitor key DNS dependencies (Active Directory and

network services)
Purpose
This task monitors key DNS dependencies, including Active Directory and network
services. If this infrastructure becomes unavailable, DNS is also adversely impacted.
Procedure 1: Monitor Active Directory services

Information about Active Directory service monitoring can be found in the Active
Directory Service Product Operations Guide.
Procedure 2: Monitor network infrastructure

Network infrastructure is typically managed using tools compatible with the
infrastructure vendor—for example, CiscoWorks for Cisco-brand network
infrastructure. SNMP v1-3 protocols are commonly used to monitor and tune these
devices.
Netsh and pathping commands can be used for a quick check of connectivity to local
DNS servers.
1. Open a command-prompt window (Start > Run, type cmd and click OK) or
make a batch-file script.
Run netsh:
netsh diag ping dns
2. Verify that the desired DNS server is in the list and accessible within appropriate
performance levels.
3. For larger environments that require resolutions to traverse multiple networks,
check each hop using the Pathping utility:
pathping dnsserver_hostname
4. Verify that the specified DNS server is accessible within appropriate
performance and reliability levels, especially packet loss.
Dependencies
None
Technology Required
● Netsh and Pathping are included with Windows Server 2003.
● DNS server.
Supporting Quadrant Problem Management Operations Role Cluster Daily

SMF

Description
service and business as a whole. After a major incident or a major problem occurs, a
review should be conducted to examine the events and actions that led to the
incident or problem. This review provides a means of gathering useful data for
future analysis and ensures that all important lessons are identified and recorded.
Task: Service check—verify zone transfers

Purpose
With Directory Services (DS) integrated DNS, all DNS servers within the domain can
modify the zone and then replicate the changes to other domain controllers.
Therefore, the procedures for verifying zone transfers of a DS integrated DNS server
is equivalent to Active Directory replication verification procedures.
Although Active Directory-integrated zones are transferred by using Active
Directory replication, you can also perform standard zone transfers to secondary
servers similar to standard DNS zone transfers. The procedures below describe the
verification of zone transfers.
Procedure 1: Check zone transfer error events

Using the DNS Manager GUI:
1. Start the DNS Manager from Administrative Tools or click Start, click Run; in
the Run box, type dnsmgmt.msc and then click OK.
2. On the left-tree view, select and expand Event Viewer.
3. Select DNS Events.

CSCRIPT %systemroot%\System32\eventquery.vbs /S \\compuetr name /U
Procedure 2: Review event log

Check for the following critical events:
Event Description
ID
6527 Zone expired before it could obtain a successful zone transfer or update
from a master server acting as its source for the zone. The zone has been
shut down.
This event ID might appear when the DNS server is configured to host a
secondary copy of the zone from another DNS server acting as its source
or master server. Verify that this server has network connectivity to its
configured master server.
If the problem continues, consider one or more of the following options:
1. Delete the zone and recreate it, specifying either a different master
server, or an updated and corrected IP address for the same master
server.
For more information, see Add and remove zones.
2. If zone expiration continues, consider adjusting the expire interval.
For more information, see To adjust the expire interval for a zone.
For more information, see Understanding zones and zone transfer.
6004 The DNS server received a zone transfer request from %1 for a non-
existent or non-authoritative %2.
Procedure 3: Simulate and test a zone transfer

Nslookup –d2
In the NSLookup prompt: Ls –d <Domain Name>
3. Check for any output of Can’t list Domain <Domain Name>: parameter description,
which indicate a failed simulated transfer.
Dependencies
Network connectivity
Technology Required
● NSLookup
● DNS server
● CScript
Task: Service check—simple and recursive resolution

Purpose
To insure that DNS name resolution is functioning within specifications, periodic

testing should be performed.
Procedure 1: Simple and recursive test query

1. Start the DNS Manager from Administrative Tools; or click Start, click Run, in
2. Select from the console tree the applicable DNS server.
3. On the Action menu, select Properties.
4. Click the Monitoring tab.
5. Check the Simple Query check box.
6. Click Test Now. The results may be viewed in the Test Results dialog box.
7. Uncheck the Simple Query check box and check the Recursive Query check box.
8. Click Test Now. The results are displayed in the Test Results dialog box.

2. To perform a simple or recursive query, in the command shell enter:
NSLookup <HostName> <DNS Server>
A simple query may be initiated by using a Hostname command that makes the DNS
server authoritative for the record. A recursive query test would include a Hostname
command that makes the DNS server not authoritative for the record. A
comprehensive recursive test may also involve a flushing of the name cache to
ensure that DNS forwarding is utilized during the recursive test.
Dependencies
None
Technology Required
● DNS server
● NSLookup
Supporting Quadrant Problem Management Operations Role Cluster As Needed

SMF

Description
service and business as a whole.
After a major incident or a major problem occurs, a review should be done to
examine the events and actions that led up to the incident or problem. This review
provides a means of gathering useful data for future analysis and ensures that all
important lessons are identified and recorded.
Task: Clear the DNS cache

Purpose
DNS cache pollution can occur if Domain Name System (DNS) spoofing has been
encountered. Spoofing describes the sending of non-secure data in response to a
DNS query. It can be used to redirect queries to a rogue DNS server and can be
malicious in nature. Window Server 2003 DNS server is configured by default to
"Secure cache against pollution." With this setting, the DNS server ignores DNS
resource records that come from servers that are not authoritative for them.
Although it can cause extra DNS queries, the security benefits far outweigh the cost
of the extra queries.
Clearing the cache forces the DNS server to query authoritative sources for
resolution on records it does not maintain. Clearing should be performed when
pollution is identified, such as when a fully qualified domain name (FQDN) is
associated with an invalid IP. This is typically identified through a service desk-
escalated incident.
Procedure 1: Clearing the cache

3. On the Action menu, click Clear Cache.
Procedure 2: Clearing the cache from the command line

1. Run cmd
2. At the prompt, type:
Dnscmd DNS_Server_Name /clearcache
Dependencies
DNS Service
Technology Required
● DNS Manager
● DNSCmd
Changing Quadrant Configuration Infrastructure Role Weekly

Management SMF Cluster
Process: Review configuration items

Description
Because the accuracy of the information stored in the configuration management
database (CMDB) is crucial to the success of Change Management, Incident
Management, and other SMFs, a review process should be set up to ensure that the
database accurately reflects the production IT environment.
Task: Capture DNS configuration snapshot

Purpose
The intent of a configuration snapshot is to provide a readily available, externally
stored reference of past and present DNS server configurations. The procedures
below assume that a SQL storage repository is not being utilized. Efficient storage of
and custom query retrieval of snapshot data would include a management system
consisting of automatic snapshots stored in a SQL storage repository.
Procedure 1: Capture the snapshot

This snapshot may be run locally on the DNS server, which stores the configuration
item (CI) snapshot on local storage. The snapshot can also be run remotely, whereby
the CI snapshot is stored on the remote server.
dnscmd \\dns_server_name /info > %systemroot%\dns_backupdirectory\
DNSConfigItems_infoyyyymmdd.txt
Dependencies
Formalized configuration management process
Technology Required
● DNS server
● DNSCmd
Changing Quadrant Configuration Operations Role Cluster Monthly

Management SMF
Process: Review configuration items

Purpose
Because the accuracy of the information stored in the configuration management
database (CMDB) is crucial to the success of Change Management, Incident
Management, and other SMFs, a review process should be set up to ensure that the
database accurately reflects the production IT environment.
Task: Compliance check—namespace (NS) records

Purpose
To ensure that DNS namespace (NS) records are current, the DNS records are
checked and compared against a reference source such as the CMDB. An input file is
used for this task, which has information pulled from a reference source such as a
CMDB.
Procedure 1: Generate DNSLint report of DNS server and NS records

This procedure utilizes DNSLint’s /ql (Query List) option. DNSLint reads
instructions from a specified text file (Inputfile.txt) and, once it has verified it is a
valid input file, runs the queries that are specified within the file and reports the
results in an easy-to-read HTML report (and optionally in a text report). This input
file allows administrators to customize which DNS servers to query and exactly
which DNS records to look for on each server. The file must start with the word
“DNSLint” at the top of it. This is the first thing DNSLint looks for when the input
file is opened. If it is not the first word read when the file is opened, the specified
input file is rejected and an error is generated.
Cd\
Cd \program files\Support Tools
Dnslint \ql inputfile.txt /v
The format of the inputfile.txt file is as follows:
DNSLint
[dns server] 169.254.46.138
www.reskit.com,a,r
169.254.197.1,ptr,r
[dns~server] 169.254.46.200
reskit.com,cname,r
reskit.com,mx,r
_kerberos._tcp.dc._msdcs.reskit.com,srv,r
This line: [dns server] 169.254.46.138 specifies the IP address of a DNS server to send
queries to. [dns server] must be specified followed by a valid IP address. If either of
these two components is missing, an error is generated and the specified input file is
rejected.
Subsequent lines indicate the queries to send to the specified DNS server:
www.reskit.com,a,r
169.254.197.1,ptr,r
Format of the queries:

The first field in the line is the name to query—for example, www.reskit.com. The
name is then immediately followed by a comma. No spaces are allowed on either
side of the comma.
The second field follows the comma immediately after the name to query. The
second field is the type of record to query for. Valid types are as follows:
● a = host
● ptr = pointer
● cname = alias
● mx = mail exchange
● srv = service location
The type of record is then immediately followed by a comma. No spaces are allowed
on either side of the comma.
The third field is the type of query. This field immediately follows the comma after
the type of record. Valid query types are as follows:
● r = recursive
● i = iterative
Nothing else is required to follow the third field. All three fields are required, and no
spaces are allowed anywhere within the query line. A fourth field is optional.
Appending “,tcp” to the third field will make DNSLint send the specified query
using the TCP protocol instead of the default UDP protocol. Again, no spaces are
allowed and nothing should follow this field if it is used.
Procedure 2: Verify report of DNS server and NS records

DNSLint will generate a report of the specified DNS server and its NS records. This
report should be verified for accuracy and compared against a known set of good
data such as that which is captured in a CMDB.
Dependencies
Configuration management database (CMDB)
Technology Required
● DNS server
● DNSLint
● Windows Server 2003 Support Tools
Task: Compliance check—root hints

Purpose
By default, the DNS Server service implements root hints using a file, Cache.dns,
stored by default in C:\Windows\System32\DNS folder on the server computer.
This file normally contains the NS and A resource records for the Internet root
servers.
If, however, you are using the DNS Server service on a private network, you can edit
or replace this file with similar records that point to your own internal root DNS
servers. This information should also be maintained in a CMDB.
Also note that in a directory services (DS) integrated environment, DNS will first use
the Active Directory published root hints and, if the root hints are not available, will
then use the root hints file.
Procedure 1: Updating root hints

1. Start the Computer Management from Administrative Tools; or click Start, click
Run, in the Run box, type dnsmgmt.msc and then click OK.
4. Click the Root Hints tab.
5. Modify server root hints as follows:
● To add a root server to the list, click Add, then specify the name and IP
address of the server to be added to the list.
● To modify a root server in the list, click Edit, then specify the name and IP
address of the server to be modified in the list.
● To remove a root server from the list, select it in the list and click Remove.
Dependencies
CMDB
Technology Required
● DNS server
● DNS Manager
Task: Compliance check—zone delegations

Purpose
Delegation is a process of assigning responsibility for a portion of a DNS namespace
to a separate entity. This separate entity could be another organization, department,
or workgroup within your company. Such delegation is represented by the NS
record that specifies the delegated zone and the DNS name of the server
authoritative for that zone. A DNS server is considered authoritative for a name if it
loads the zone containing that name. The procedure below describes the steps
necessary to check zone delegations.
Procedure 1: Checking delegations

2. At the command prompt on the server that you are testing, type the following:
NSLookup
3. At the NSLookup prompt, enter:
server <server IP address>
set norecursion
set querytype=<resource record type>
<FQDN >
…where resource record type is the type of resource record that you were querying for
in your original query, and FQDN is the FQDN for which you were querying
(terminated by a period).
● If the response includes a list of NS and A resource records for delegated servers,
repeat step 1 for each server and use the IP address from the A resource records
as the server IP address.
● If the response does not contain an NS resource record, you have a broken
delegation.
● If the response contains NS resource records, but no A resource records, type set
recursion and query individually for A resource records of servers listed in the
NS records. If you do not find at least one valid IP address of an A resource
record for each NS resource record in a zone, you have a broken delegation.
Dependencies
Network connectivity
Technology Required
● DNS server
● NSLookup
Task: Compliance check—scavenging

Purpose
When scavenging is enabled, the configuration parameters should be reviewed and
checked. Otherwise, the server may delete records that it should retain. If a name is
accidentally deleted, not only do users fail to resolve queries for that name, but any
user can create that name and then take ownership of it, even on zones configured
for secure dynamic update.
Procedure 1: Reviewing the scavenging parameters

1. Start the DNS Manager from Administrative Tools; or click Start, click, Run, in
3. On the Action menu, select Set Aging/Scavenging for all Zones.
4. Verify the Scavenging Parameters in the dialog box that is displayed.

Cd\
Cd \program files\support tools
Dnscmd \\DNS Server /info
Dependencies
None
Technology Required
● DNS server
● DNSCmd
Task: Compliance check—aging configuration

Purpose
When aging and scavenging are enabled, the configuration parameters should be
reviewed and checked. DNS server uses a record time stamp along with aging
parameters to determine when to scavenge records. By default, the time stamps of
records that are created by any method other than dynamic update are set to zero. A
zero value indicates that the time stamp must not be refreshed and the record must
not be scavenged. An administrator can manually enable aging of such records.
Procedure 1: Reviewing the aging parameters

3. On the Action menu, select Set Aging/Scavenging for all Zones.
4. Verify the Aging parameters in the dialog box that is displayed.

2. At the command prompt type:
Cd\
Cd \program files\support tools
Dnscmd \\DNS Server /info
Dependencies
None
Technology Required
● DNS server
● DNSCmd
● DNS Manager
Task: Compliance check—administrative user group

Purpose
DNS administrative user group access must be checked and updated to ensure that
users responsible for DNS administrative tasks have the proper access rights. User
group access lists should be compared to an authoritative list such as the CMDB.
Procedure 1: Verifying administrative group membership

Using the Active Directory Users and Computers GUI:
1. Start Active Directory Users and Computers from Administrative Tools; or click
Start, click Run, in the Run box, type dsa.msc and then click OK.
2. On the left-tree view, browse to the applicable DNS Security Group.
4. Click the Members tab.
5. Verify the membership displayed against an authoritative list such as the CMDB.
Using a WMI script:

The script below will return a list of all members of the DNSAdmins security group.
2. On the command shell enter:
csvde –m –f Output.CSV –v –d
“cn=DNSAdmins,cn=Users,dc=yourdomain,dc=com” –r “(objectClass=group)” –p
Subtree
3. Replace dc=yourdomain,dc=com with the appropriate LDAP-compliant domain
name. This command line requires sufficient rights to query administrative areas
of Active Directory.
4. Open the Output.csv file in Microsoft Excel. Verify the membership displayed
against an authoritative list such as the CMDB.
Dependencies
● Active Directory domain-implemented
● CMDB
Technology Required
● CSVDE
● DNS server
● Microsoft Excel
Task: Compliance check—architectural standards

Purpose
This preventative task audits service artifacts in order to detect and correct
configuration drift. DNS server, service, and utilization statistics, in addition to
Active Directory and network infrastructure data, must be compiled to produce a
complete picture of the current DNS operations environment. This information
should be reviewed to ensure compliance with original architectural intent and
working standards.
Procedure 1: Collect information

1. Compile server, service, and utilization statistical data collected from System
Monitor captures.
2. Gather configuration snapshot data.
Procedure 2: Review configuration items

Review the current DNS operations environment compared to predefined
architectural standards with consideration given to the ongoing change management
queue. Configuration items (CIs) for review and consideration should include:
network topology, Active Directory design principles, Active Directory architecture
and engineering specifications, system configurations, and optimal DNS server
configurations. The optimal configuration for any DNS server will vary greatly
depending on the server hardware, implementation of the DNS server (Active
Directory integrated, primary, secondary, or stub zones), and the network topology
it operates within.
1. Access the current DNS operations environment.
2. Audit configuration management database (CMDB) to review mapping of
configuration items (CIs) for any changes within the operating environment.
Procedure 3: Update configuration items

1. Address out-of-compliance CIs.
2. Propose solutions for ongoing issues.
3. Propose CI modifications to address any operational environment changes.
4. Update defined architectural and configuration items.
Dependencies
● Formalized architectural standard, stored in the CMDB.
● Performance monitoring and configuration snapshots are performed regularly.
● Collaboration and communication are required between operations teams.
Technology Required
None
Supporting Quadrant Incident Management Support and Operations Daily and weekly
SMF Role Clusters
Process: Investigation and diagnosis

Description
This process investigates incidents and gathers diagnostic data. The aim of the
process is to identify how to resolve the incident as quickly as possible.
The process allows for management escalation or functional escalation if either
becomes necessary in order to meet SLA targets.
Task: Respond to daily service request

Purpose
This task ensures that all incidents are answered and that there is an incident owner
responsible for the incident life cycle. This serves the organization in two ways:
● The customer understands that, when an incident is reported, he or she will
receive a confirmation that someone from the incident management team has
reviewed the request. This ensures that customers will continue to use the
organization’s incident-support channel.
● Each incident will have an owner responsible for collecting background
information and doing preliminary troubleshooting. The owner is responsible for
contacting other technical specialists to assist the customer in resolving the
incident, documenting the incident, and making sure contributing technicians add
their comments to the incident request. The act of designating an owner ensures
that there is a single point of contact (SPOC) for the incident from both the
customer’s and the organization’s perspective.
Procedure 1: Acknowledge receipt of service request

1. Send customer an e-mail message confirming receipt of incident request.
2. Give customer an incident case number prior to collecting data and
troubleshooting the incident.
Procedure 2: Document incident

Document the issue, the system affected, any actions taken to troubleshoot the
problem, and plans to resolve the incident. The following are systems that can be
affected in a DNS server environment:
● DNS, Active Directory, WINS, and DHCP servers
● Static entries/maps
● Replication partners
● IP/config
● Domain accounts/service permissions
Procedure 3: Update customer on status of incident

Send the customer e-mail confirming the problem, systems affected, actions taken to
troubleshoot, and the current plan to resolve the incident. If another technician is
involved in troubleshooting, make sure that technician’s notes are part of the case
documentation.
Procedure 4: Close incident

If the incident is not resolved following the customer’s initial request for incident
management, follow up with the customer and other technicians until the incident is
resolved.
Dependencies
● Incident ticketing system.
● An SLA on how customers can request incident management—for example,
through e-mail or with a service phone number.
Technology Required
● Third-party tools that provide incident management ticketing functionality.
● A Microsoft Access or SQL Server database can also be used to create incident
tickets.
Task: Respond to weekly service request

Purpose
This task ensures that all incidents are answered and that there is an incident owner
responsible for the incident life cycle. This serves the organization in two ways:
● The customer understands that, when an incident is reported, he or she will
receive a confirmation that someone from the incident management team has
reviewed the request. This ensures that customers will continue to use the
organization’s incident-support channel.
● Each incident will have an owner responsible for collecting background
information and doing preliminary troubleshooting. The owner is responsible for
contacting other technical specialists to assist the customer in resolving the
incident, documenting the incident, and making sure contributing technicians add
their comments to the incident request. The act of designating an owner ensures
that there is a single point of contact (SPOC) for the incident from both the
customer’s and the organization’s perspective.
Procedure 1: Acknowledge receipt of service request

1. Send customer an e-mail message confirming receipt of incident request.
2. Give customer an incident case number prior to collecting data and
troubleshooting the incident.
Procedure 2: Document incident

Document the issue, the systems affected, any actions taken to troubleshoot the
problem, and plans to resolve the incident. The following are items that can be
affected in a DNS server environment:
● DNS, Active Directory, WINS, and DHCP servers
● Static entries/maps
● Replication partners
● IP/config
● Domain accounts/service permissions
Procedure 3: Update customer on status of incident

Send customer e-mail confirming the problem, systems affected, actions taken to
troubleshoot, and the current plan to resolve the incident. If another technician is
involved in troubleshooting, make sure that technician’s notes are part of the case
documentation.
Procedure 4: Close incident

If the incident is not resolved following the customer’s initial request for incident
management, follow up with the customer and other technicians until the incident is
resolved.
Dependencies
● Incident ticketing system.
● An SLA on how customers request incident management—for example, by e-
mail or with a service phone number.
Technology Required
● Third-party tools that provide incident management ticketing functionality.
● A Microsoft Access or SQL Server database can also be used to create incident
tickets.
Supporting Quadrant Incident Management Support Role Cluster Monthly

SMF
Process: Incident closure

Description
This process ensures that the customer is satisfied that the incident has been resolved
prior to closing the incident record. It also checks that the incident record is fully
updated and assigns a closure category.
Task: Roll up activity report into monthly metric

Purpose
The objective of this task is to provide utilization and turnover metrics to assist in
planning staffing levels and checking the Incident Management SMF against other
SMFs. These reports can be used in conjunction with other SMFs (such as Service
Level Management, Financial Management, and Workforce Management) and can
also be used by members of the six MOF role clusters (such as Operations, Support,
and Release).
Procedure 1: Create monthly metric

The details of this task should show the cost of the incident management process and
where resources should be allocated to optimize its performance. The following
metrics should be provided:
● Percent closed incidents. This metric is created by taking the total number of
cases closed for a month and dividing it by the number of cases opened for the
month.
● Percent incidents closed on first contact. This metric is created by taking the
total number of cases closed on first contact and dividing it by the number of
cases opened for the month.
● Mean time to resolution. This metric measures the effectiveness of the incident
management process. It is calculated by taking the total time spent on incident
resolution and dividing it by the total number of cases closed. SLAs can be
compared to this metric.
The numbers reported should then be analyzed to assess the incident management
process and to determine how to improve effectiveness and efficiency.
Dependencies
● Responding to daily service request.
● Weekly service request activity report.
Technology Required
Microsoft Excel
Changing Quadrant Change Management Infrastructure Role Daily

SMF Cluster
Process: Change classification and authorization

Description
After a request for change (RFC) has passed the initial screening, the change
manager must classify and authorize the request for change. The category assigned
to the RFC is a reflection of the impact the change is likely to have on the IT
environment. The priority level set for an RFC is a reflection of its urgency and
determines how quickly the change advisory board (CAB) will review it.
There are four change categories: minor, standard, significant, and major. There are
also four levels of priority: low, medium, high, and emergency.
Once an RFC has been classified, it must be authorized. The process of authorizing a
change request depends on the category and priority of the change:
● Emergency priority changes are escalated to the CAB/EC for fast-track approval.
● Standard changes are approved automatically and progress directly to the
change development and release phases.
● Minor changes can be approved by the change manager without reference to the
CAB.
● All other changes must be approved by the CAB.
The two tasks that follow—attending a CAB meeting and reviewing an emergency
change request—are among several tasks that would be associated with classification
and authorization. Attending a CAB meeting is singled out because it is common to
much of the change process. Reviewing an emergency change request is singled out
because emergency changes typically involve high risk and require a great outlay of
time and resources.
More information about the other tasks, and about the change management process
in general, is available at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/ms
m/smf/smfchgmg.asp, or search for “Change Management SMF” on TechNet at
http://www.microsoft.com/technet/default.asp.
Task: Attend CAB meeting

Purpose
The CAB meets to review significant and major changes to the operations
environment. From a DNS server perspective, change requests involving DNS
records, networking, replication, and registry modifications, as well as updating
antivirus software or adding a new DNS/Active Directory server to the environment,
can be evaluated at this weekly meeting.
It is important for a representative of the Infrastructure Role Cluster to attend the
meeting in order to participate in the change management process. Participation in
the process could include providing additional data regarding a particular DNS
service RFC that members of the CAB may not have available to them. Additionally,
it is important to be informed about other RFCs that may have an indirect effect on
the delivery of the DNS Service and to consider these effects when approving an RFC
for change development.
Procedure 1: Attend change review board meeting

1. Regularly attend the CAB meeting.
2. Consider the effect that any RFC may have on DNS.
Dependencies
● A process must be established to initiate a change request in the operations
environment.
● CAB members must have already been chosen.
Technology Required
Operations team educated about MOF/ITIL.
Task: Review emergency change request

Purpose
This task provides guidance to the change advisory board emergency committee
(CAB/EC) on processing an emergency request for change. The number of
emergency change requests should be kept to a minimum because they typically
involve high risk and require a great outlay of time and resources.
Emergency changes to DNS services can have a great impact on a large number of
users and can affect business processes that depend on DNS services. For this reason,
it is very important to create a change request process that emphasizes prioritizing
urgent problems associated with DNS services. The Infrastructure Role Cluster is
responsible for this task, but the request for emergency change can be initiated by
any of the six Team Model role clusters. An emergency change request could involve
the release of updates to the operating system, third-party applications, or
configuration changes.
Procedure 1: Contact CAB/EC

1. Make sure system has a server backup. Before contacting the CAB/EC members,
make sure that the system has a successful server backup.
2. Select CAB/EC members. This should include standing members of the change
advisory board as well as those members who can give the greatest guidance
regarding DNS services.
3. Notify the CAB/EC of the emergency change request. Each member of the
CAB/EC who was identified in step 2 must be notified of the emergency change
request through e-mail, mobile devices, or other communication methods. The
member should be given an expected time in which to respond to a request for a
meeting regarding an emergency change and general information about the
change request.
4. Review the request for change. Collect all information pertaining to changes to
the DNS Service, including asking additional questions of the change initiator.
The CAB should consider the impact the change has on the DNS Service and
should weigh any risks associated with making an emergency change to the DNS
system against making a standard change. Possible changes include:
● Applying service packs or hotfixes.
● Adding a new DNS server.
● Adjusting static versus dynamic records beyond established policy.
● Adjusting zone or Active Directory replication.
● Changing backup and restore procedures.
● Modifying and applying policies.
● Changing a process or script used to administer servers.
Along with change type, collect the configuration item (CI) that will be affected
by the change. (Configuration items, which are any objects that are subject to
change, fall under change management.) For DNS servers, these items include:
● DNS server hardware
● Active Directory hardware and domain controller hardware
● Hardware vendor
● Server role
● Windows Server 2003 software
● Service packs
● Hotfixes
● Monitoring software
● Backup software
● Processes and procedures
● Documentation
● RFCs
Dependencies
● A process must be established to initiate a change request in the operational
environment.
● An identified CAB/EC roster and individuals who are contacted for emergency
changes as they relate to DNS Service.
● An operations team with knowledge about MOF/ITIL.
Technology Required
Basic Windows Server 2003 operating system installed with DNS
4
Processes by MOF Role Clusters
This chapter is designed for those who want to see all processes for a single role
cluster in one place. The information is the same as that in the previous two chapters.
The only difference is that the processes are ordered by MOF role cluster.
Operations Role Cluster

Daily Processes
Process 1: Data backup, restore, and recovery operations
Task 1: Create DNS backup and pull backup files to remote storage
Task 2 : Verify previous day's backup job
Process 2: Managing resources and service performance
Task 1: Capture service performance statistics
Process: 3 Proactive analysis and review
Task 1: Service check—verify zone transfers
Task 2: Service check—simple and recursive resolution

Weekly Processes
Process 1: Storage resource management
Task 1: Monitor disk space for DNS logs and database

Monthly Processes
Process 1: Managing resources and service performance
Task 1: Create service performance and utilization report
Task 2: Create system load and utility report
Process 2: Review configuration items
Task 1: Compliance check—namespace (NS) records
Task 2: Compliance check—root hints
Task 3: Compliance check—zone delegations
Task 4: Compliance check—scavenging
Task 5: Compliance check—aging configuration
Task 6: Compliance check—administrative user group
Task 7: Compliance check—architectural standards

As-Needed Processes
Process 1: Data backup, restore, and recovery operations
Task 1: Verify restore
Process 2: Design for recovery
Task 1: Test the server restoration capability
Process 3: Problem recording and classification
Task 1: Temporarily enable debug logging options
Task 2: Diagnose backup conditions
Process 4: Proactive analysis and review
Task 1: Clear the DNS cache

Support Role Cluster

Daily Processes
Task 1: Monitor DNS event log for critical DNS events
Task 2: Service check—manual verification of dynamic record update
Task 3: Service check—resolve alerts indicating DNS Server service is down

Weekly Processes
Task 1: Verify dynamic DNS record updates—DNS client
Task 2: Verify dynamic DNS record updates—DHCP server
Task 3: Verify dynamic DNS record updates—DNS server
Task 4: Monitor key DNS dependencies (Active Directory and network)

Monthly Processes
Process 1: Incident closure
Task 1: Roll up activity report into monthly metric

As-Needed Processes
There are no as-needed processes for this role cluster.
Release Role Cluster

Daily Processes
There are no daily processes for this role cluster.

Weekly Processes
There are no weekly processes for this role cluster.

Monthly Processes
There are no monthly processes for this role cluster.

As-Needed Processes

Infrastructure Role Cluster

Daily Processes
Process 1: Perform monitoring
Task 1: Capture usage performance statistics
Task 2: Capture system performance statistics
Process 2: Change classification and authorization
Task 1: Attend CAB meeting
Task 2: Review emergency change request

Weekly Processes
Process 1: Review configuration items
Task 1: Capture DNS configuration snapshot

Monthly Processes

As-Needed Processes
Security Role Cluster

Daily Processes

Weekly Processes

Monthly Processes

As-Needed Processes

Partner Role Cluster

Daily Processes

Weekly Processes

Monthly Processes

As-Needed Processes

5
Troubleshooting
Overview
The following table contains troubleshooting tips that should be useful in
maintaining this product. The tips are based on known issues and follow the best
practices for troubleshooting and problem management outlined by the Incident
Management SMF and the Problem Management SMF, both found in the MOF
Supporting Quadrant.
Problem #1: DNS Name Resolution Failure

Description of Problem
The DNS server does not resolve names or may not resolve them correctly.
Possible Causes and Resolutions of Problem
Possible Cause of Problem (1)

The DNS server provides incorrect data for queries it successfully answers.
Resolution of Problem (1)
Determine the cause of the incorrect data:
● Resource records were not dynamically updated in the zone.
● An error was made when manually updating or modifying static resource
records in the zone.
● Stale resource records in the DNS server database, left from cached lookups or
zone records, were not updated with current information or removed when
they were no longer needed.
The DNS server does not resolve names for computers or services outside of your
immediate network, such as those located on external networks on the Internet.

The server has a problem based on its ability to correctly perform recursion. For
successful recursion, all DNS servers used in the path of a recursive query must be
able to respond to and forward correct data. If not, a recursive query can fail for
any of the following reasons:
● The recursive query times out before it can be completed.
● A remote DNS server fails to respond.
● A remote DNS server provides incorrect data.
The DNS server is not configured to use other DNS servers to assist it in resolving
queries.
Check whether the DNS server can use both forwarders and recursion.
Recursion might be disabled if the server is configured to use forwarders and
recursion has been specifically disabled for that configuration. If recursion is
disabled on the DNS server, you will not be able to use forwarders on the same
server.
Current root hints for the DNS server are not valid.
Check whether the root hints are valid and update if necessary.
The DNS server does not have network connectivity to the root servers.
Test for connectivity to the root servers.
Problem #2: DNS Client Receives “Name Not Found” Error

When a DNS client attempts to resolve a name, a "Name not found” error is
returned from the server.

The DNS client computer does not have a valid IP configuration for the network.
Verify that the TCP/IP configuration settings on the client computer are correct,
particularly those used for DNS name resolution. Use the ipconfig\all command to
verify that the IP configuration is correct. If the configuration is incorrect, perform
the following:
● For dynamically configured clients, run the ipconfig\renew command.
● For statically configured clients, modify the client TCP/IP properties to use
valid configuration settings.
The client was not able to contact a DNS server.
Verify that the client computer has a valid functioning network connection by
checking hardware (cables and network adapters) using the ping command.
● Verify that the client can ping other computers on the network.
● Verify that the client can ping the preferred or alternate DNS server.
The DNS server is not running or responding to queries.
Verify that the DNS server is started and able to listen for and respond to client
requests by using the nslookup command.
The queried DNS server is not authoritative for the name and cannot locate the
server authoritative for the name.
Confirm whether the DNS server is authoritative for the name. If the server is
authoritative for the failed name and loads the applicable zone, confirm that the
resource record is contained within the zone.
If the server is not authoritative for the name, verify that the DNS server forwarder
configuration is correct.
Problem #3: DNS Server Provides Stale Information

Clients receive stale or incorrect information in response to DNS queries.


The DNS server the client is using does not have authority for the name and is
using stale information from its local DNS database.
If the preferred DNS server is authoritative for the name and answered using
incorrect data, it indicates that the applicable zone might have outdated or stale
information in the applicable resource record data. If this is the case, modify and
update the resource record or force a dynamic registration at the client using the
ipconfig /registerdns command.
If the DNS server is not authoritative for the queried name, it likely answered the
query based on information obtained and cached during an earlier recursive
lookup. Clearing the server’s name cache will compel the server to use new
recursive queries and will rebuild and update the name cache resource record data.
The preferred DNS server is a secondary server for the zone containing the
targeted name and has outdated information.
For an immediate solution, initiate a zone transfer at the secondary server from the
master.
A long-term solution will require the following:
● Specify additional master servers for the secondary zone.
● Adjust the refresh interval on the zone slightly to decrease the length of time
that all authoritative servers for the zone can use the zone before they are
required to refresh it.
● Configure a notify list at a master server that acts as the zone source for the
secondary server and enable it to notify the server when the zone changes.
Problem #4: DNS Server Not Responding to Clients

Clients are unable to utilize DNS Server services.


DNS server is affected by a network failure.
Verify that the DNS server has a valid functioning network connection by checking
hardware (cables and network adapters).
Using the ping command:
● Verify that the server can ping other computers on the network.
● Verify that the server can ping the default gateway or routers on the network.
DNS server has been configured to limit service to a specific list of IP addresses
that do not include the current client addresses.
Test the server for a response from a client address that has been confirmed to be
in the restricted IP address list. If the DNS server responds, add the missing
address to the list.
DNS server has been configured to disable use of the automatically created reverse
lookup zones.
To verify that the reverse lookup zones have been created:
3. On the left-tree view, choose Reverse Lookup Zones.
4. On the right-tree view, verify that the following reverse lookup zones are
present:
● 0.in-addr.arpa
● 127.in-addr.arpa
● 255.in-addr.arpa
If the zones are not present, in- depth analysis will be necessary. Disabling of
automatic reverse lookup zone creation requires advanced manual DNS
configuration, including registry edits. These configurations and the reasons they
where initially made should be included within the analysis.

The DNS server is configured to use a non-standard service port or an advanced
security or firewall configuration.
Verify that the server is configured to use a non-standard port. If it uses a non-
standard port, then a packet forwarder/proxy may be used to redirect port 53
requests to the DNS server.
Determine whether any intermediate firewall or proxy configuration is used to
block traffic on standard service ports used by DNS. If not, packet filters may be
added to network configurations to allow DNS traffic to pass.
Problem #5: Clients Not Providing Dynamic Updates

DNS server clients are not performing dynamic updates to the DNS server
authoritative for the zone.

The client or its DHCP server do not support the use of DNS dynamic update
protocol.
Verify that the clients and DHCP servers support the DNS dynamic update
protocol.
By default, the DNS client on Windows XP does not attempt dynamic update over
a Remote Access Service (RAS) or Virtual Private Network (VPN) connection.
By default, the DNS client does not attempt dynamic update of top-level domain
(TLD) zones. To configure the DNS client to allow the dynamic update of TLD
zones, use the Update Top Level Domain Zones policy setting or modify the
registry.
Windows 2000 and later systems natively support client-side dynamic DNS
updates.
The client was not able to register with the DNS server because of intermittent
problems with either the DNS server or the network.
At the client computer:
● Use ipconfig\regsiterdns to force a dynamic update to the DNS server.
● Use ipconfig/renew to force a dynamic update utilizing a DHCP server.
The client was not able to register and update with the DNS server due to missing
or incomplete DNS configuration.
Verify that the client is fully and correctly configured for DNS, and update the
configuration as necessary. A common cause of the client failing to update is that
the DNS suffix is not configured. To update the suffix configuration:
● Configure a primary DNS suffix at the client computer for static TCP/IP clients.
● Configure a connection-specific DNS suffix for use at one of the installed
network connections at the client computer.
Problem #6: Server Not Providing Dynamic Updates

DNS server is not performing dynamic updates.


Only the Windows 2000 and Windows Server 2003 DNS Server service supports
dynamic updates. The DNS Server service provided by Microsoft Windows NT®
4.0 does not.
Verify that DNS server implementations support dynamic updates.
DNS server is not configured to accept dynamic updates.
Verify that the primary zone where clients require updates is configured to allow
updates.
The default for a new primary zone is to not accept dynamic updates. At the DNS
server that loads the applicable primary zone, modify zone properties to allow
updates.
The zone database is not available.
Verify that the zone exists:
● For a standard primary zone, verify that the zone file exists at the server and
that the zone is not paused.
● For an Active Directory integrated zone, verify that the DNS server is running
as a domain controller and has access to the Active Directory database where
the zone data is stored.
Secondary zones do not support dynamic updates.
The DNS server is configured to allow only secure dynamic updates and has a
security-related problem.
Verify that zone or resource record security does not block or prevent dynamic
updates at the server.
Secure dynamic update does not prevent new records from being created or added
to a zone, but it does restrict who is given default permissions to update or modify
records.
Problem #7: Zone Delegation Failures

Use of zone delegation appears to be broken.

Cause of Problem
Zone delegations are not configured correctly.

Resolution of Problem
Review how zone delegations are utilized and revise configurations as needed.
For each sub-domain delegated to its own zone, the parent zone needs to have
delegation records added to it. Use the New Delegation Wizard to simplify the
addition of these records.
Problem #8: Zone Transfer Failures

DNS zone transfers are not occurring or are incomplete.


DNS service stopped or the zone is paused.
Verify that the master and secondary servers involved with the transfer of the zone
are both started and that the zone is not paused at either server.
DNS servers involved with the transfer do not have network connectivity with
each other.
Using the ping command, ping each server by its IP address from its remote
counterpart.
The serial number is the same at both the source and destination servers.
Therefore, a zone transfer will not occur.

To change the zone serial number, perform the following:
3. On the left-tree view, expand Forward Lookup Zones.
4. Select the applicable zone.
6. On the Zone Property page, select the State of Authority (SOA) tab.
7. Click the Increment box to increment the serial number.
After the zone serial number has been successfully incremented, initiate a zone
transfer from the master at the secondary server.
The zone has resource records or other data that cannot be interpreted by the DNS
server.
Verify that the zone does not contain incompatible data, such as unsupported
resource record types or data errors.
Verify that the server is configured to prevent loading a zone when bad data is
found:
4. Click the Advanced tab.
5. In Server options box, verify that Fail on load if bad zone data is checked.
6
Appendix
DNS Log Events—ID Codes
The audit logging behavior discussed in this chapter applies only to the DNS Service
provided with Windows Server 2003 and replaces the previous DNS logging
behavior used in earlier versions of Windows NT Server.
The following is a partial list of events that may be recorded in the DNS server log.
Event Description
ID
2 The DNS server has started.

This message generally appears at startup when either the server
computer is started or the DNS Server service is manually started. For
more information, see To start or stop a DNS server.
3 The DNS server has shut down.

This message generally appears when either the server computer is shut
down or the DNS Server service is stopped manually.
Event Description
ID
408 The DNS server could not open socket for address [IPaddress]. Verify that
this is a valid IP address for the server computer.
To correct the problem, you can do the following:
If the specified IP address is not valid, remove it from the list of restricted
interfaces for the server and restart the server. For more information, see
To restrict a DNS server to listen only on selected addresses.
If the specified IP address is no longer valid and was the only address
enabled for the DNS server to use, the server might not have started as a
result of this configuration error. To correct this problem, delete the
following value from the registry and restart the DNS server:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\P
arameters\ListenAddress
If this is a valid IP address for the server computer, verify that no other
application that would attempt to use the same DNS server port (such as
another DNS server application) is running. By default, DNS uses TCP
port 53.
413 The DNS server will send requests to other DNS servers on a port other
than its default port (TCP port 53).
This DNS server is multi-homed and has been configured to restrict DNS
Server service to only some of its configured IP addresses. For this reason,
there is no assurance that DNS queries made by this server to other
remote DNS servers will be sent using one of the IP addresses enabled for
the DNS server.
This might prevent query answer responses returned by these servers
from being received on the DNS port that the server is currently
configured to use. To avoid this problem, the DNS server sends queries to
other DNS servers using an arbitrary non-DNS port, and the response is
received regardless of the IP address used.
If you want to limit the DNS server to using only its configured DNS port
for sending queries to other DNS servers, use the DNS console to perform
one of the following changes in the server properties configuration on the
Interfaces tab:
● Select All IP addresses to enable the DNS server to listen on all
configured server IP addresses.
● Or, if you continue to select and use Only the following IP addresses,
limit the IP address list to a single server IP address.
For more information, see To restrict a DNS server to listen only on selected
addresses.
Event Description
ID
414 The server computer currently has no primary DNS suffix configured. Its
DNS name is currently a single label host name. For example, its currently
configured name is "host" rather than "host.example.microsoft.com" or
another fully qualified name.
While the DNS server has only a single label name, default resource
records created for its configured zones use only this single label name
when mapping the host name for this DNS server. This can lead to
incorrect and failed referrals when clients and other DNS servers use
these records to locate this server by name.
In general, the DNS server should be reconfigured with a full DNS
computer name appropriate for its domain or workgroup use on your
network. For more information, see To configure the primary DNS suffix for a
client computer.
708 The DNS server did not detect any zones of either primary or secondary
types. It will run as a caching-only server.
A DNS server that does not host any DNS zones but performs name
resolution and stores the results in its cache will not be authoritative for
any zones.
For more information, see Using caching-only servers.
315 The DNS server wrote a new version of zone [zonename] to file [filename].
0 You can view the new version number by clicking the Record Data tab.
This event should appear only if the DNS server is configured to operate
as a root server. For more information, see DNS-related files.
652 Zone [zonename] expired before it could obtain a successful zone transfer
7 or update from a master server acting as its source for the zone. The zone
has been shut down.
This event ID might appear when the DNS server is configured to host a
secondary copy of the zone from another DNS server acting as its source
or master server. Verify that this server has network connectivity to its
configured master server.
If the problem continues, consider one or more of the following actions:
Delete the zone and recreate it, specifying either a different master server
or an updated and corrected IP address for the same master server.
For more information, see Add and remove zones.
If zone expiration continues, consider adjusting the expire interval.
For more information, see To adjust the expire interval for a zone.
For more information, see Understanding zones and zone transfer.

DNS Service Pog

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

DNS Service Pog

Enviado por

Direitos autorais:

Formatos disponíveis

Managing the Windows Server Platform

Domain Name System (DNS) Service

This document is for informational purposes only. MICROSOFT MAKES NO

Microsoft may have patents, patent applications, trademarks, copyrights, or other

Unless otherwise noted, the example companies, organizations, products, domain

 2003 Microsoft Corporation. All rights reserved.

Task: Create service performance and utilization report ....................................................... 42

Task: Compliance check—scavenging .................................................................................. 70

Lead Technical Writer

Lead Technical Editor

How to Use This Guide

 Maintenance vendors  Service desk/help desk

Effective release and change management. Accurate inventory Release

Management of physical environments and infrastructure Infrastructure

Quality customer support and a service culture. Support

Predictable, repeatable, and automated system management. Operations

Mutually beneficial relationships with service and supply Partner

Protected corporate assets, controlled authorization, and Security

Further information about MSM and MOF is available at

Auto repair Mechanic Repair manual Socket set

Software Programmer Project plan Compiler;

IT operations IT technician Microsoft Windows Server

Backup Performs backup and Start > All Programs >

SrvInfo.exe Gathers system information Windows Server 2003

Windows® Provides management Start > Run. In the Open box,

Required Technology Description Location

System Monitor Provides detailed Start, > Control Panel >

Task Manager Offers an immediate view of Right-click an empty space

Service Allows for general \windows\system32\ sc.exe

Netsh Manages network services \windows\system32\netsh.ex

Windows Provides operations tools, http://www.microsoft.com/d

Microsoft Word, Full-featured Microsoft Microsoft Word, Excel, and

Required Technology Description Location

Microsoft SQL Can be used to manage http://www.microsoft.com/sq

CSVDE Active Directory command- %systemroot%\system32\csv

CScript Command-line .vbs script %systemroot%\system32\csc

Findstr Lexical and expression- %systemroot%\system32\fin

Pathping Ping-based network %systemroot%\system32\pat

NSLookup DNS lookup utility for %systemroot%\system32\nsl

DNSCmd DNS command-line utility Windows Server 2003

DNSLint DNS command-line utility Windows Server 2003

Maintenance Processes Checklist

Service Monitoring and Control SMF

Perform Monitoring Infrastructure

There are no weekly

There are no weekly

There are no as-needed

Storage Management SMF

Data Backup, Restore, Operations

Storage Resource Operations

There are no weekly

Data Backup, Restore, Operations

Incident Management SMF

Proactive Analysis and Support and Operations

There are no weekly

Incident Closure Support

There are no as-needed

Problem Management SMF

Proactive Analysis and Support

Proactive Analysis and Support

There are no monthly

Problem Recording and Operations

Proactive Analysis and Operations

Capacity Management SMF