Time
3 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
4

Video Description

Configuring DNS Zone Transfers This lesson covers properly configuring and enabling DNS zone transfers using the DNS console using Adatum.com. Participants learn how to apply zone transfers and fully qualified domain names. In this lab-based lesson, participants learn how to configure and enable DNS zone transfers via the instructor's screen by screen instructions, so they can follow along.

Video Transcription

00:17
after creating our d. N. A zone is infrastructure. We've created a primary zone. We have established a secondary zone, and we have, obviously, Stubbs owes conditional forgers. After creating all that, the one thing we need to make sure for our secondary Stubbs owns to work is to make sure that zone transfers are properly enable that probably configured.
00:36
So we're transfers o data
00:38
between once over the next. We need to make sure that they have a relationship that allows that to happen. So we're gonna go ahead back on our server here, and we're gonna bring up our D. A s consul Guardians Council would bring it up and go and expand that out here. We'll go expand out our four look. Observers here.
00:56
Yeah, we're gonna actually select the deity Zillah that we want to work with. So this particular case would have worked with are a datum dot com d Unless it were gonna right click on that, we're gonna choose our properties option. It's a down here with you. Choose properties to configure Zillah Chancers.
01:11
So first thing we need to do is click on that Zod transfer tab
01:14
and we have to actually allow zone transfers, knows by default is not allowed, and you don't need to allow it for 80 integrated DEA desk. It will happen through the 80 replication process, so go and click on allows own transfers. We don't like to any server. That's not a very secure approach on Lee. This service listed on the day of service tab
01:34
fairly secure approach. I can actually
01:36
control the Daves. Have a tab that we actually have their working actually implement only to the follow, sir. I could actually be really add it in.
01:42
So we're actually the only to service listed in the Dave server tab. So go ahead and click on that.
01:49
Yeah, we're gonna have to click here on. Apply
01:52
that. There were actually gonna go back and look at our name server tab
01:55
to see what names servers around there. So far, there's only one name, sir. Brother. That's the local machine. So we need to actually get a second name server in there. So we're gonna go ahead and click on adhered added on the name server.
02:07
It's gonna ask us to type in a fully qualified debate, Dave.
02:13
So that's what we want to do. is, you actually type in the fully qualified to be Dave, So we're gonna put it Here
02:17
are other server A lead Dash S v R. One
02:23
right dot says it's fully qualified Domain name. We actually have to have
02:29
the full dave dot com. So we have a date of dot com
02:32
here we go ahead, click on
02:35
resolve here. Right. So that we cook our resolve.
02:38
It tells us to survey on P addresses, not authoritative for the zone. And that's correct. Because the server were on is authoritative for their zone. So that's what we expected to have happened. So you want to go ahead and click out? Okay,
02:50
but then
02:51
you actually have this in here for actually transferred. So basically on the name service tab, we know it didn't actually authenticate because it's not authoritative. And it shouldn't be authoritative, because in this particular case, this server, our best year, what is not authoritative
03:07
to server D C. One is it or Tater?
03:10
So that case, we actually have it done so that it's actually okay. And then we actually would click on okay here and actually sets it up, and then the transfer. What is actually the next step of the process. We also could do the saved everything if we actually wanted to, in this particular case,
03:28
to our power shell so we could actually come into our power shell.
03:30
And we actually have the ability to use a power shall come here for the same type of say so Stop this step. Today we're actually here to set it up for the environment that we want to do it. So we have our set
03:43
D It s server. Right?
03:46
Then we have a primary Zod.
03:51
So we start with our communal it set dina server primary Zod. That's what we're gonna start with. And then we actually have tohave a name associated with that. So we don't actually are Dave argument,
04:00
but then we actually have to provide a day. That's what The times we actually use quotation marks because there's special characters. It or spaces in the debate.
04:11
The neighbor or so, if here were using a datum dot com, so said Deanna server primaries own name a date of dot com.
04:17
All right, then we're going to choose to
04:19
do you have notification, so notify. All right.
04:23
And they were going to say
04:26
notify and we're gonna do notify
04:29
either. No, no fire, No notify. So we actually have to put in there twice. So notifies argument we're gonna choose to notify. And then obviously
04:36
we're gonna have our secondary servers, so we have to actually put in our secondary servers Information. So,
04:44
secondary
04:46
server
04:46
it was that secondary servers.
04:48
It's plural
04:50
that we actually use our
04:53
quotation marks again. So we need to put our quotations, because once again, it's dots in it. 172.16 dot zero that 21. And in our quotation marks
05:02
that we actually have to decide how we're gonna do this s so we're gonna have
05:08
secure right
05:11
secondary.
05:12
So we're going to secure our secondary
05:15
secondary is actually because we're gonna we're gonna use more than one in the future. So secure secondaries
05:20
and ed were to say,
05:23
transfer
05:25
two
05:27
secure
05:29
servers.
05:30
So now we have
05:31
in our environment, we've actually said Okay, set d n a server primary zone. The name a datum dot com who want to notify which we actually have to fulfill the arguments and notifies notify It's not yes or true. Has notified, notified and then secondary servers
05:46
become
05:48
the
05:49
process here of
05:51
Tell you which the secondary server is that secure secondary is a chance for to secure servers.
05:57
That's part of the debate. So we can actually do this so that we go ahead. We hit. Enter.
06:03
There we go. We hit, enter
06:10
and of process it and at that point is finished it. So now we want to actually go to our secondary server. I see the alternative, Dina Dina, servants, see if we actually have any success. So actually flip over here to our d. N s server on the other environment. So we're back in there and we're going to go to the
06:28
You are four. Look, observers here,
06:30
and we have four look up zones and a date on there. And you notice on this server because we've now done it. We actually have a transfer of data between the past. When we actually originally set this up, we actually got an ex telling us that it was unable to communicate. Now we actually get a replication. So revocations
06:47
actually his own transfer. So it's a copy is not really replication
06:50
of the information in the d. N a zone Now I cannot modify are at it from here. It's actually managed by the primaries owed. So that's where it's done. Now, in terms of
07:01
doing that, we could actually also
07:04
do information in terms of our power shell. It's like, what Would you have a power shell option for virtually everything that we do in argue. We actually have a power shell option for everything we do the DUI.
07:15
So if we wanted to
07:17
actually control this, So what we did was updated zone. Look at it now. If we want to do a power shell from our environment, we actually want to be on the server. We're gonna add a secondary zone, so on file. So we could actually do the inverse of this in terms of what we've done
07:33
are committed. Prompt. Here turns the secretary would be ad
07:40
dash. Right,
07:42
Louis ad
07:45
dash hopes extra letter there.
07:46
Add a dash
07:48
D. It s right server secondary zone.
07:53
So that's what type it add dashed over secondary Zod. Right.
07:57
And then I would have a name for that Zod
08:00
dash
08:01
nave space quotation marks again because once again, we have special characters of space. Is a datum
08:07
dot com. Um, they think they're quotation marks that we have a
08:13
dash
08:13
zone file
08:15
because that's really what days D and S Zoe's are there, actually, Zod files
08:18
that we actually have to
08:22
put in what the zone file is. So those old file would be,
08:24
um, a date of dot com in this case,
08:28
it ate him dot nut, huh?
08:35
They didn't come. And obviously, after a datum dot com, we're gonna put in that D It s
08:41
because that's what they're called
08:43
and it are
08:45
quotations.
08:46
And then we actually have toe say who the *** servers are. So this case,
08:50
we have to have toe our argument for master or servers. Right?
08:54
So that's our master servers argument. And they would say the master servers are ups that's supposed to be a dash here, not 100 score.
09:03
So Master servers.
09:05
Right. So there's a master service that we actually have to put in the I. P. Address. No, this particular case,
09:11
we don't necessarily need
09:15
our quotation marks. The StairMaster service that we go ahead hit enter
09:18
it actually will give us our
09:22
information. So here he says. Lt creates own Etienne recovers server loaded server character. One, right. It says resource exists. So if we try to do this
09:31
and we're trying to create something, it's already existing. We'll get this error message, which just basically talks. It's already there, so we don't have to worry about having it there. The future. So we actually already covered that.
09:41
So we're at this point. We're actually still have the same results as we have here
09:46
and that, obviously, if we do that and have it all set up and then we want to update the primary zone and then verify the change of secondary zone, we could do that. Fairly straightforward. We could actually come into our environment here, get back over our to our
10:00
71
10:01
It will get going to our environment here and just make a change here. So we can actually, on our environment, go ahead and do a do
10:11
actual
10:11
host was gonna create a,
10:15
um,
10:15
test host here.
10:16
So we're gonna test this to see if it happens. Head, We're gonna have an I p. Address. Uh,
10:22
let's have a two.
10:24
See this.
10:24
172 Right.
10:26
You want to keep it in our same address? Space. So if you want to make sure we're in the same address face here.
10:33
So get that where we could see it was over to that
10:35
16.0 that
10:39
we'll just call it 100 so we could see it's significant difference and add host.
10:43
Those record was successfully created, so we're done.
10:48
So now we have this host record in here. Now it's just day
10:52
created. Host record is not natural machine at this point, we don't have a machine that's online with that information. So now if we want to,
10:58
uh, actually replicate that to our zone, we actually want to make sure that our server one gets a save information. So if you come in here and we do a refresher on this and we just do a simple refresh
11:11
that a couple of here to refresh,
11:13
we get our updated information, and that gives us the information on both our service, which is ultimately what our goal was to stand the same information hobble servers because the 2nd 1 is actually going to give us the information. We want to have done that. So we could actually we did that with the host name. We could do a scene? A. We could go in any number of ways.
11:31
That's just one of the possibilities.
11:33
And that's basically how we're gonna work with our
11:35
Zo chancer we actually go into. We configure the information properly. So once again, just remember your zone transfer. You're working with the
11:43
Zod transfers tab
11:46
on your server and the nave service tab. Notice in this one, the day of service tab get replica did get duplicated out to our secondary deities box, but no transfers didn't because we don't actually have allows own transfers of any kind in that box. But that's our debt is owed transfer process.

Up Next

Strategic DNS Ops and Security

Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses

Instructed By

Instructor Profile Image
Anthony Harris
Systems Analyst and Administrator at SAIC
Instructor