Planning Infrastructure Services

Lesson 2

Skills Matrix
Technology Skill

Objective Domain

Objective #

Planning Infrastructure
Services

Plan infrastructure
services server roles

1.3

Dynamic Host Configuration Protocol

(DHCP)
The Dynamic Host Configuration
Protocol (DHCP) is a service that
automatically configures the Internet
Protocol (IP) address and other TCP/IP
settings on network computers by
assigning addresses from a pool
(called a scope) and reclaiming
them when they are no longer in use.

IP Address Allocation Methods

The DHCP standards define three
different IP address allocation
methods:
Dynamic allocation
Automatic allocation
Manual allocation

DHCP Communications
The DHCP communication protocol defines
eight message types, as follows:
DHCPDISCOVER Used by clients to
request configuration parameters from a
DHCP server.
DHCPOFFER Used by servers to offer IP
addresses to requesting clients.
DHCPREQUEST Used by clients to accept
or renew an IP address assignment.
DHCPACK Used by servers to
acknowledge a clients acceptance of an
offered IP address.

DHCP Communications
DHCPDECLINE Used by clients to
reject an offered IP address.
DHCPNAK Used by servers to reject
a clients acceptance of an offered IP
address.
DHCPRELEASE Used by clients to
terminate an IP address lease.
DHCPINFORM Used by clients to
obtain additional TCP/IP configuration
parameters from a server.

The IPv4 Properties Sheet

DHCP IP Address Assignment Process

Automatic Private IP Addressing

(APIPA)
If a Windows DHCP client is unable to
contact a DHCP server, it self-assigns
an IP address using a feature called
Automatic Private IP Addressing
(APIPA).
Computers on the same subnet can
communicate using APIPA addresses,
but they are not an effective solution
for routed internetworks.

DHCP IP Address Renewal Process

By default, the DHCP Server service
in Windows Server 2008 uses
dynamic allocation, leasing IP
addresses to clients for six-day
periods.
At periodic intervals during the
course of the lease, the client
attempts to contact the server to
renew the lease.

DHCP IP Address Renewal Process

Distributed DHCP Infrastructure

Centralized DHCP Infrastructure

DHCP Relay Agent

A software component that receives
the DHCP broadcast traffic on a
subnet and then sends it on to
particular DHCP servers on one or
more other subnets.
The DHCP servers then process the
incoming DHCPREQUEST messages
in the normal manner and transmit
their replies back to the relay agent,
which sends them on to the DHCP
client.

DHCP Fault Tolerance (80-20)

DHCP Fault Tolerance (Failover

Clustering)
To ensure continued DHCP service
with virtually no downtime, you can
create a failover cluster in which the
DHCP Server service is replicated on
two or more computers.
A failover cluster uses a shared
storage medium, such as an iSCSI or
Fibre Channel storage area network
(SAN), to hold the application data,
which in this case is the DHCP
Servers database.

DHCP Fault Tolerance (Standby Server)

A standby server is a computer with the DHCP
Server role installed and configured, but not
activated.
If one of the active DHCP servers should fail,
an administrator manually activates the
appropriate scopes on the standby server to
take its place.
Because the standby servers are performing
other roles in the meantime, they are an
inexpensive way of providing DHCP fault
tolerance without splitting scopes.
However, because there is no automatic
failover mechanism in this method,
administrators cannot take action until they

Reservations
In a Windows DHCP server, a
manually allocated address is called
a reservation.
You create a reservation by
specifying the IP address you want to
assign and associating it with the
client computers MAC address,
which is hard-coded into its network
interface adapter.

The Reservation Dialog Box

Assigning IPv6 Addresses

IPv6 addresses are notated as follows:
XX:XX:XX:XX:XX:XX:XX:XX

Each X is a hexadecimal representation of

a single byte. Some examples of IPv6
addresses are as follows:

3FFE:2900:D005:3210:FEDC:BA98:7654:32
10
3FFE:FFFF:0:0:8:800:200C:417A

Leading zeros can be omitted from

individual byte values, and repeated zerobyte values can be replaced with the ::
symbol (but only once in an address).
3FFE:FFFF::8:800:200C:417A

Assigning IPv6 Addresses

The DHCP Server service in Windows
Server 2008 supports both IPv4 and IPv6
address assignments.
When you install the DHCP Server role, a
Configure DHCPv6 Stateless Mode page
appears in the Add Roles Wizard, enabling
you to choose from the following two
options:
Enable DHCPv6 stateless mode for this
server IPv6 clients do not obtain
addresses from the DHCP server, but they
can obtain other TCP/IP configuration
settings from the server.
Disable DHCPv6 stateless mode for this
server IPv6 clients obtain addresses, as

Assigning IPv6 Addresses

The DHCP server assumes that IPv6
clients operating in stateless mode
obtain their addresses from an
alternative source, typically either
autoconfiguration or a manually
assigned static address.
In the stateless autoconfiguration
configuration process, routers
advertise prefixes that enable the
host to assign themselves an IPv6
address on the appropriate subnet.

Deploying a DHCP Server

The DHCP Server service is packaged
as a role in Windows Server 2008,
which you can install using the Add
Roles Wizard, accessible from the
Initial Configuration Tasks windows or
the Server Manager console.
To install the DHCP Server service on
a Windows Server 2008 computer
with Server Manager.

The Select Server Roles Page

The Select Network Connection

Bindings Page

The Specify IPv4 DNS Server Settings

Page

The Add or Edit DHCP Scopes Page

The Add Scope Dialog Box

The Authorize DHCP Server Page

Deploying a DHCP Relay Agent

The Configuration Page of the Routing and

Remote Access Server Setup Page

The Custom Configuration Page

The New Routing Protocol Dialog Box

The New Interface for DHCP

Relay Agent Dialog Box

The DHCP Relay Properties Sheet

The DHCP Relay Agent Properties

Sheet

Host Names
All TCP/IP communication is based on IP
addresses.
Each computer on a network has at least one
network interface, which is called a host, and
each host has an IP address that is unique on
that network.
Every datagram transmitted by a TCP/IP
system contains the IP address of the sending
computer and the IP address of the intended
recipient.
When users access a shared folder on the
network or a Web site on the Internet, they do
so by specifying or selecting a host name, not
an IP address.

Host Files
For TCP/IP systems to use these friendly
host names, they must have some way to
discover the IP address associated with a
specific name.
In the early days of TCP/IP networking,
each computer had a list of names and
their equivalent IP addresses, called a
host table.
At that time, there were few enough
computers on the fledgling Internet for the
maintenance and distribution of a single
host table to be practical.

DNS Server
Today, there are many millions of
computers on the Internet, and the idea of
maintaining and distributing a single file
containing names for all of them is absurd.
Instead of a host table stored on every
computer, TCP/IP networks today use
Domain Name System (DNS) servers to
convert host names into IP addresses.
This conversion process is referred to as
name resolution.
The Domain Name System is a crucial
element of both Internet and Active
Directory communications.

DNS Servers Relay Requests

DNS Domain Hierarchy

The domain name part of a DNS name is
hierarchical, and consists of two or more words,
separated by periods.
The DNS namespace takes the form of a tree
that, much like a file system, has its root at the
top.
Just beneath the root is a series of top-level
domains, and beneath each top-level domain is
a series of second-level domains.
At minimum, the complete DNS name for a
computer on the Internet consists of a host
name, a second-level domain name, and a toplevel domain name, written in that order and
separated by periods.

DNS Domain Hierarchy

Root Name Servers

At the top of the DNS hierarchy are the root name
servers. The root name servers are the highestlevel DNS servers in the entire namespace, and
they maintain information about the top-level
domains.
All DNS server implementations are preconfigured
with the IP addresses of the root name servers,
because these servers are the ultimate source for
all DNS information.
When a computer attempts to resolve a DNS
name, it begins at the top of the namespace
hierarchy with the root name servers, and works
its way down through the levels until it reaches
the authoritative server for the domain in which
the name is located.

Top-Level Domains
Just beneath the root name servers
are the top-level domains. There are
seven traditional primary top-level
domains in the DNS namespace, as
follows:
com, net, org, edu, mil, gov and int

In addition to the seven main toplevel domains, there are also twoletter international domain names
representing most of the countries in
the world, such as it for Italy and de
for Germany (Deutschland).

DNS Name Resolution Process

Name Caching

Reverse Name Resolution

There are occasions when it is
necessary for a computer to convert
an IP address into a DNS name.
To overcome this problem, the
developers of the DNS created a
special domain called in-addr.arpa,
specifically designed for reverse
name resolution.

DNS Reverse
Lookup Domain

Resolving Internet Names

For Internet name resolution
purposes, the only functions required
of the DNS server are the ability to
process incoming queries from
resolvers and send its own queries to
other DNS servers on the Internet.
A DNS server that performs only
these functions is known as a
caching-only server, because it is
not the authoritative source for any
domain and hosts no resource
records of its own.

Using an ISPs Caching-Only DNS

Server

Using Your Own Caching-Only DNS

Server

DNS Forwarder
As a general rule, if your network requires
no DNS services other than name
resolution, you should consider using offsite DNS servers.
However, it is also possible to split the
name resolution tasks between on-site and
off-site servers by using a DNS
forwarder.
When you configure a DNS server to
function as a forwarder, it receives name
resolution requests from clients and sends
them on to another DNS server, specified

Conditional Forwarding
Conditional forwarding is a
variation included in Windows Server
2008 that enables you to forward
requests for names in certain
domains to specific DNS servers.
Using conditional forwarding, you
can, for example, send all requests
for your Internet domain to your
local, authoritative DNS server, while
all other requests go to your ISPs
DNS server on the Internet.

Hosting Internet Domains

If you plan to host a domain on the
Internet, you must pay an annual fee
to register a second-level domain
name with one of the many
commercial registrars and supply
them with the IP addresses of your
DNS servers.
These servers will be the
authoritative source for information
about your domain. They must
therefore have registered IP
addresses and be accessible from the

Hosting Internet Domains

Because DNS servers cache the
information that they obtain from other
DNS servers, it might sometimes be
possible for Internet users to resolve your
domain name, even though your servers
are offline. However, DNS servers purge
their cached information after a period of
time, so if the authoritative servers are
down for more than a few hours, no one
will be able to resolve your domain name.

Active Directory and DNS

If you plan to run Active Directory on your
network, you must have at least one DNS
server on the network that supports the
Service Location (SRV) resource record,
such as the DNS Server service in
Windows Server 2008.
When you install the Active Directory
Domain Services role on a Windows Server
2008 computer, the Active Directory
Domain Services Installation Wizard
checks for an appropriate DNS server, and
the wizard offers to install one if none is

DHCP and DNS

To resolve a DNS name into an IP
address, the DNS server must have a
resource record for that name, which
contains the equivalent address.
The original DNS specifications call
for administrators to manually create
the DNS resource records.
The dynamic update standard
enables a DNS server to modify
resource records at the request of
DHCP servers and clients.

Creating Internet Domains

Choose a different domain name.
Register the name in a different toplevel domain.
Attempt to purchase the domain
name from its current owner.

Selecting Names for your Internal

Domain
Keep domain names short.
Avoid an excessive number of
domain levels.
Create a naming convention and
stick to it.
Avoid obscure abbreviations.
Avoid names that are difficult to
spell.

Designing Internal DNS Namespace

Use Registered domain names.
Do not use top-level domain names
or names of commonly known
products or companies.
Use only characters that are
compliant with the Internet standard.

Creating Subdomains
Owning a second-level domain that
you have registered gives you the
right to create any number of
subdomains beneath that domain.
The primary reason for creating
subdomains is to delegate
administrative authority for parts of
the namespace.

Combining Internal and External

Domains
Use the same domain name
internally and externally.
Create separate and unrelated
internal and external domains.
Make the internal domain a
subdomain of the external domain.

Combining Internal and External

Domains

Creating Host Names

Create easily remembered names.
Use unique names throughout the
organization.
Do not use case to distinguish
names.
Use only characters supported by all
of your DNS servers.

DNS Manager Console

Creating Zones
A zone is an administrative entity you
create on a DNS server to represent a
discrete portion of the DNS namespace.
Administrators typically divide the DNS
namespace into zones to store them on
different servers and to delegate their
administration to different people.
Zones always consist of entire domains or
subdomains.
You can create a zone that contains
multiple domains, as long as those
domains are contiguous in the DNS
namespace.

Creating Zones

Create a Zone

Primary Zone
Secondary Zone
Stub Zone
Active Directory Integrated

Create a Zone

The Zone Name Page

The Zone File Page

The Master DNS Servers Page

The Dynamic Update Page

Replicating Zone Data

When you create primary and secondary
zones, you must configure zone transfers
from the primary to the secondaries, to
keep them updated.
In a zone transfer, the server hosting the
primary zone copies the primary master
zone database file to the secondary zone
so that their resource records are identical.
This enables the secondary zone to
perform authoritative name resolutions for
the domains in the zone, just as the
primary can.
You can configure zone transfers to occur
when you modify the contents of the
primary master zone database file, or at

Replicating Zone Data

When you add a new DNS server to the
network and configure it as a new
secondary master name server for an
existing zone, the server performs a full
zone transfer (AXFR) to obtain a full
copy of all resource records for the zone.
Then, at specified times, the DNS server
hosting the primary zone transmits the
database file to all the servers hosting
secondary copies of that zone.
File-based zone transfers use a relatively
simple technique, in which the servers
transmit the zone database file in its

Replicating Zone Data

The Windows Server 2008 DNS Server also
supports incremental zone transfer
(IXFR), a revised DNS zone transfer process
for intermediate changes.
This zone transfer method provides a more
efficient way of propagating zone changes
and updates.
With incremental transfers, DNS servers use
an IXFR query instead.
IFXR enables the secondary master name
server to pull only those zone changes it
needs to synchronize its copy of the zone with
its source, either a primary master or another
secondary master copy of the zone

Active Directory-Integrated Zones

In Active Directoryintegrated zones, the zone
database is replicated automatically to other
domain controllers, along with all other Active
Directory data.
Active Directory uses a multiple master
replication system so that copies of the
database are updated on all domain controllers
in the domain.
You can modify the DNS resource records on
any domain controller hosting a copy of the
zone database, and Active Directory will update
all of the other domain controllers
automatically.
You dont have to create secondary zones or
manually configure zone transfers, because

Active Directory-Integrated Zones

Active Directory conserves network
bandwidth by replicating only the DNS
data that has changed since the last
replication, and by compressing the data
before transmitting it over the network.
The zone replications also use the full
security capabilities of Active Directory,
which are considerably more robust than
those of file-based zone transfers.

Summary
The Dynamic Host Configuration
Protocol (DHCP) is a service that
automatically configures the Internet
Protocol (IP) address and other TCP/IP
settings on network computers by
assigning addresses from a pool
(called a scope) and reclaiming them
when they are no longer in use.

Summary
DHCP consists of three components:
A DHCP server application that
responds to client requests for TCP/IP
configuration settings.
A DHCP client that issues requests to
the server and applies the TCP/IP
configuration settings it receives to
the local computer.
A DHCP communications protocol that
defines the formats and sequences of
the messages exchanged by DHCP
clients and servers.

Summary
DHCP standards define three
different IP address allocation
methods:
Dynamic allocation, in which a DHCP
server assigns an IP address to a
client computer from a scope for a
specified length of time.
Automatic allocation, in which the
DHCP server permanently assigns an
IP address to a client computer from a
scope.
Manual allocation, in which a DHCP

Summary
In a distributed DHCP infrastructure, you
install at least one DHCP server on each of
your subnets so that all of your clients
have access to a local DHCP server.
In a centralized DHCP infrastructure, the
DHCP servers are all placed in a single
location, such as a server closet or data
center.
To enable the broadcast traffic on each
subnet to reach the DHCP servers, you
must install a DHCP relay agent on each
subnet.

Summary
TCP/IP networks today use Domain
Name System (DNS) servers to
convert host names into IP
addresses.
This conversion process is referred to
as name resolution.

Summary
The DNS consists of three elements:
The DNS namespace, which takes the
form of a tree structure and consists
of domains containing resource
records that contain host names, IP
addresses, and other information.
Name servers, which are applications
running on server computers that
maintain information about the
domain tree structure.
Resolvers, which are client programs
that generate DNS queries and send

Summary
The hierarchical nature of the DNS
namespace is designed to make it
possible for any DNS server on the
Internet to locate the authoritative
source for any domain name, using a
minimum number of queries.
This efficiency results from the fact
that the domains at each level of the
hierarchy are responsible for
maintaining information about the
domains at the next lower level.

Summary
In a recursive query, the DNS server
receiving the name resolution
request takes full responsibility for
resolving the name.
In an iterative query, the server that
receives the name resolution request
immediately responds with the best
information it possesses at the time.

Summary
For Internet name resolution
purposes, the only functions required
of the DNS server are the ability to
process incoming queries from
resolvers and to send its own queries
to other DNS servers on the Internet.
A DNS server that performs only
these functions is known as a
caching-only server because it is not
the authoritative source for any
domain and hosts no resource
records of its own.