Thursday, April 21, 2011

Modern Wireless Communication

Introduction of Wireless Communication.



Background.






• 1.2 Communication Systems
• 1.3 Physical Layer
• 1.4 The Data-Link Layer
1.4.1 FDMA
1.4.2 TDMA
1.4.3 CDMA
1.4.4 SDMA

In 1864, James Clerk Maxwell Formulated the electromagnetic theory of light and predicted the existence of radio waves
• In 1894, Maxwell and Hertz, Oliver Lodge demonstrated wireless communications
• In 1906, Reginald Fessenden conducted the first radio
broadcast using the technique that came to be known as amplitude modulation (AM) radio. Spread Spectrum techniques made their first
appearance before and during World War II.
• In 1946, the first public mobile telephone systems were introduced in five American cities.
• In 1947, the first microwave relay system consisting of
seven towers became operational.
• In 1958, a new era in wireless communications was
initiated with the launch of the SCORE (Signal Communication by Orbital Relay Equipment). In 1981, the first analog cellular system, “Nordic Mobile. Telephone (NMT)”, was introduced and this was soon followed by the Advanced Mobile Phone Service (AMPS) in North America in 1983.
• In 1988, the first digital cellular system “Global System for Mobile (GSM)” was introduced into Europe.

Communication Systems.



Physical Layer.


Provides the physical mechanism for transmitting bits between any pair of nodes.

Data-link Layer.


Layer for error correction or detection. Responsible for sharing the transmission medium for different
users.
Network Layer.


Determine routing of the information
Determine the quality of service
Flow control

Physical Layer.


Transmitter.



In wireless system. Transmitter shape the signal for efficient use of transmission medium resources.
Due to the power limitation, transmitter must use robust and power efficient modulation techniques.
As the medium is shared with other users, the design should minimize the interference.

Channel.

In wireless system, the channel impairments
include
Channel distortion in form of multipath.
Time-varying nature
Receiver noise

Receiver.

In wireless system:
Estimation of the time-varying nature of the channel is necessary for implementing compensation techniques.
Error-correction technique to improve the reliability.
Maintain synchronization.

The Data-Link Layer.
FDMA




Multiple access strategy:
Sharing the physical resources among the different users.
For wireless system, radio spectrum is the physical resource.
Four multiple access strategies for radio spectrum
FDMA (Frequency-division multiple access)
TDMA (Time-division multiple access)
CDMA (Code-division multiple access)
SDMA (Space-division multiple access)
Radio spectrum is divided into a number of channels.
Each pair of users is assigned a different channel.
Different channel is assigned for each direction of transmission.

The Data-Link Layer.
TDMA



Designed for point-tomultipoint architecture.
Multiple UTs communicate with single BS.
Using analog modulation with a simple push-to-talk protocol.
TDMA is suited only to data applications.

CDMA.



Cellular system
UTs in each cell communicate with a BS located at the center of the cell.
FDMA or TDMA can be used within a cell

SDMA.



Improvements of SDMA:
Reduce the total power needed to be transmitted.
Reduce the amount of interference.
Receiver would receive a stronger signal.
Multibeam antennas are used to separate radio signals by pointing them along different direction.











Economic Issues in Wireless Communications



Economic Issues in Wireless Communications.


Radio spectrum is a natural resource, but one with rather unusual properties. As noted above, it is non-homogeneous, with different parts of the spectrum being best used for different purposes. It is finite in the sense that only part of the electromagnetic spectrum is suitable for wireless communications, although both the available frequencies and the carrying capacity of any transmission system depend on technology. The radio spectrum is non-depletable; using spectrum today does not reduce the amount available for use in the future. But it is non-storable. Under ITU guidance, spectrum has been allocated to specific uses and then assigned to particular users given the relevant use. Traditionally, user assignment was by government fiat. Not infrequently, the user was government owned. Privatizations in the 1980s and 1990s, and the success of (at least limited) mobile telephone competition in some countries, resulted in a more arms-length process of spectrum allocation developing in the 1990s. Users of radio spectrum, and particularly users of 2G and 3G mobile telephone spectrum, have generally been chosen by one of two broad approaches since the early 1990s – a ‘beauty contest’ or an auction.
A ‘beauty contest’ involves potential users submitting business plans to the government (or its appointed committee). The winners are then chosen from those firms submitting plans. There may be some payment to the government by the winners, although the potential user most willing to pay for the spectrum need not be among the winners. For example, the U.K. used a beauty contest approach to assign 2G mobile telephone licenses in the 1990s. Sweden and Spain have used beauty contests to assign France used a beauty contest to assign four 3G licenses. The national telecommunications regulator required firms to submit applications by the end of January 2001. These applications were then evaluated according to preset criteria and given a mark out of 500. Criteria included employment (worth up to 25 points), service offerings (up to 50 points) and speed of deployment (up to 100 points). Winning applicants faced a relatively high license fee set by the government. As a result, there were only two applicants. These firms received their licenses in June 2001, with the remaining two licenses unallocated (Penard, 2002). The concept of using a market mechanism to assign property rights over spectrum and to deal with issues such as interference goes back to at least the 1950s when it was canvassed by Herzel (1951) and then by Coase (1959). But it was more than thirty years before spectrum auctions became common. New Zealand altered its laws to allow spectrum auctions in 1989 and in the early 1990s auctions were used to assign blocks of spectrum relating to mobile telephones, television, radio broadcasting and other smaller services to private management (Crandall, 1998). In August 1993, U.S. law was modified to allow the FCC to use auctions to assign radio spectrum licenses and by July 1996 the FCC had conducted seven auctions and assigned over 2,100 licenses (Moreton and Spiller, 1998). This included the assignment of two new 2G mobile telephone licenses in each region of the U.S. through two auctions.9 In 2000, the U.K. auctioned off five 3G Auctions have involved a variety of formats including ‘second price sealed bid’ in New Zealand, modified ascending bid in the U.S. and a mixed ascending bid and Dutch auction format in the U.K.11 Bidders may have to satisfy certain criteria, such as service guarantees and participation deposits, before they can participate in the auctions. Limits may also be placed on the number of licenses a single firm can win in a particular geographic area, so that the auction does not create a monopoly supplier. From an economic perspective, using an auction to assign spectrum helps ensure that the spectrum goes to the highest value user. While auctions have been used to assign spectrum to different users, they still involve a prior centralized allocation of bands of spectrum to particular uses. Economically, this can lead to an inefficient use of spectrum. A user of a particular frequency band (e.g. for 3G services) might have a much higher willingness-to-pay for neighboring spectrum than the current user of that neighboring spectrum (e.g. a broadcaster or the military). But the prior allocation of frequency bands means that these parties are unable to benefit from mutually advantageous trade. It would violate the existing license conditions to move spectrum allocated to one use into another use even if this is mutually advantageous. Building on the work of Coase (1959), Valletti (2001) proposes a system of tradable spectrum rights, using the market to both allocate spectrum to uses and simultaneously assign it to users. Interference can be dealt with through the assignment of property rights and negotiation between owners of neighboring spectrum. Valletti notes that both competition issues and issues of mandated standards would need to be addressed in a market for spectrum rights. We deal with the issue of standards later in this section while competition issues are considered in section 5 below. Noam (1997) takes the concept of tradable spectrum assignment one stage further. Technological advancements, such as the ability for a signal to be broken into numerous separate digital packets for the purposes of transmission and then reassembled on reception, means that the concept of permanent spectrum assignment may become redundant in the near future. As technology advances, Noam argues, spot and forward markets can be used to assign use within designated bands of spectrum. The price of spectrum use would then alter to reflect congestion of use. DeVany (1998) also discusses market-based spectrum policies, including the potential for a future “open, commoditized, unbundled spectrum market system.” (p.641) Conflicts in the allocation of spectrum allocation arose in the FCC auctions in the U.S. The 1850-1910 MHz and 1930-1990MHz bands to be allocated by these auctions already had private fixed point-to-point users. The FCC ruled that existing users had a period of up to three years to negotiate alternative spectrum location and compensation with new users. If negotiations failed, the existing user could be involuntarily relocated. Cramton, Kwerel and Williams (1998) examine a variety of alternative ‘property rights’ regimes for negotiated reallocation of existing spectrum and conclude that the experience of the U.S. reallocations is roughly consistent with simple bargaining theory.


802.11 Standard Comparison and Security


Wireless Brief History.



Wireless devices have been a part of everyday life since the early 1980’s.  Wireless devices communicate with one another without the use of any cabling or physical connection.  We use these devices every time we use a remote control to turn on the television or make a call from a cordless or cellular phone.  Much of today’s technology has come from the evolution of the cellular phone network.  Cellular phone communication is the number one application for wireless technology.  The expansion of the Internet has also affected the use of wireless communications.  Businesses everywhere are implementing wireless as the medium of communication on their networks.

IEEE and 802.11.

To insure compatibility of software and hardware, manufacturers must follow specific standards.  The standards allow devices from different manufacturers and vendors to communicate.  The Institute of Electrical and Electronic Engineers (IEEE) defines the standards implemented in these areas of technology.  This paper will discuss the standards for wireless communications, how wireless communications work and will define some of the security issues that have surfaced since the implementation of the wireless local area network (WLAN). The IEEE bases wireless communications on the 802.11 standard.  There are currently two supplements to the 802.11 standard, 802.11a and 802.11b (802.11g is still being finalized).  Other improvements are still being developed, but have not reached the level of IEEE research.

802.11.

802.11 was designed in June of 1997 specifically to support applications that required a higher rate of data across a wireless network.  It was intended for wireless transmissions to communicate at a rate of 1 to 2 Mbps.  802.11 operates in the 2.4 GHz band.  This band is known as the Industrial, Scientific, and Medical (ISM) band.  It is heavily used by electronic products and therefore has a high amount of interference.  This makes transmitting high-end applications like streaming video or voice difficult due to a limited amount of bandwidth.  The 802.11 standard was implemented to place specifications on the parameters of both layers 1 and 2 of the OSI model. Layer 1 can use either a frequency hopping spread spectrum (FHSS) system with 2 or 4 Gaussian frequency-shift keying modulation or direct sequence-spread spectrum (DSSS) system with differential binary phase-shift keying or differential quadrature phase-shift keying base band modulation.  The third alternative for transmission on the physical layer is using an infrared transmission system, but this paper will keep within the scope of radio frequency transmissions. Layer 2 protocols are responsible for maintaining shared medium access.  802.11 stipulates carrier sense multiple access with collision avoidance (CSMA/CA).  The CSMA/CA protocol determines when a node can transmit.  The node will “listen” to the medium to make sure the medium is free.  If the medium is busy the node will wait a specified amount of time before attempting to transmit again.  Once the medium is clear the source node will transmit a ready to send packet, the destination node will reply with an acknowledgement.  Within the acknowledgement is header information that lets the source node know what parameters to stay within while sending its data payload.  The source node responds acknowledging the destination nodes instructions in its header and data packets follow the header accordingly.  This is what’s known as the “three-way-handshake”.  The protocol insures the source node is notified when the destination node is busy, thus minimizing collisions within the network.   

802.11b.

802.11b passed IEEE tests in 1999 and is intended to be an extension to 802.11 using DSSS.  It supports higher data rates than 802.11 at 5.5 to 11 Mbps and many businesses have implemented it on their networks.  802.11b also operates in the 2.4 GHz band.  Competition for bandwidth in this range with other products such as cordless phones, microwaves, and other networks makes 802.11b vulnerable to interference.  The bandwidth of a spread-spectrum channel is 22 MHz; the ISM band has only three non-overlapping channels 25 MHz apart.  802.11b uses hopping mode for three non-overlapping channels at 10 MHz apart. Using the 2.4 GHz band for transmission gives 802.11b a higher range.  Typically 802.11b will perform at ranges of up to 300 feet using a minimal number of access points.  802.11b is a good choice for networks located in a warehouse, store or any expansive business with sparsely populated users.  The fewer users competing for an access point’s bandwidth the better the performance of the network.  For companies with users who do not use high-end applications, 802.11b is a popular choice.

802.11a.



802.11a passed IEEE tests in September of 1999.  Although it is costly and expensive it has much more to deliver for businesses that require high amounts of bandwidth.  802.11a operates in the 5 GHz band, which is known as the unlicensed national information infrastructure (UNII) band.  The standard can use 300 MHz of bandwidth because the spectrum is divided into three smaller bands.  The first 100 MHz is restricted to a maximum output of 50 mW.  The second 100 MHz has 250 mW of output and the third 100 MHz has a maximum output of 1.0 W. 802.11a uses orthogonal frequency division multiplexing (OFDM).  The standard specifies eight non-overlapping channels in the lower two bands, each divided into 52 sub-carriers.  The upper band has four non-overlapping channels.  Modulation methods depend on the rate of the data being supported by channel conditions between source and destination.  There are four modulation methods used by 802.11a, they are BPSK, QPSK, 16-QAM, and 64-QAM.  Figure 1 represents OFDM sub-channels.
802.11a can deliver data rates as high as 54 Mbps.  The drawback to 802.11a is range.  The higher operating frequency gives 802.11a a range of about 60 feet.  To implement this standard in a large area would require a larger number of access points.  Densely populated areas with users competing for the same access point would make the decision of choosing 802.11a or b an easier choice.  If a business requires high performance to send video, voice, or large images/files then 802.11a would be the logical choice and worth the extra expense.

802.11g.

802.11g is scheduled for approval by May of 2003.  802.11g will expand 802.11b’s data rates to 54 Mbps within the same 2.4 GHz band using OFDM (orthogonal frequency division multiplexing). 802.11g will perform in the 2.4 GHz band using 1/3 of that band to transmit its signal.  Just like 802.11b this will decrease the number of AP’s that will not overlap to three.  This creates problems with channel assignment in heavily populated areas that cover expansive regions.  The answer to this problem is lowering the power of the AP’s.  802.11b users can upgrade to 802.11g, but they will need to decrease the range of their current AP’s or provide new AP’s to handle the high data rates.  To supply backward compatibility 802.11b technology will still interface with 802.11g technology.  “…the 802.11 Task Group is looking to iron out about 100 remaining editorial and technical questions at the next meeting of the group in early July.”  [McGarvey]  One of these questions is, “how will 802.11g deal with RF interference?” Currently, the problem with interoperability between 802.11a and b has caused the need for improvements.  An engineering company in London has developed a dual 802.11a/b chipset.  This new chip will allow an end user device to sense if the access point is using 802.11a or 802.11b.  Vice versa, the access point can also send out 802.11a/b allowing any end user to communicate accordingly.

Wireless Local Area Networks.

Devices connect to the network using a Network Interface Card (NIC).  A NIC carries the devices MAC address.  This identifies the device on the network.  In layer two, Address Resolution Protocol (ARP) converts the MAC address to an address recognized by the network, an IP address.  This allows the device to communicate with other devices on the network.  In order to connect to the network without any cabling, a device must have a wireless NIC installed.  The wireless NIC is used to communicate with other devices within range or with an access point.  An AP communicates with devices equipped with wireless network adaptors and connects to the wired network via an RJ-45 port.  AP devices have an average range of 300 feet, this area is known as a cell.  Users can move within the cell freely without being disconnected from the network.

Friday, April 15, 2011

Remote Access Addressing



Remote Access Addressing.



When a client connects to a remote access server, both the client and the server connection must have an address (such as an IP address) to identify it on the network. As part of the remote access configuration, you need to decide how addresses are assigned to remote clients.
Addressing Method
Characteristics
DHCP-delivered
Configure the remote access server and client to obtain an address from a DHCP server. When the client requests a remote access connection for the first time:
  1. The server requests 10 addresses from the DHCP server.
  2. The server uses one address for its own remote access port.
  3. The server assigns other addresses in the range to incoming clients.
  4. If needed, the server requests additional IP addresses in blocks of 10.
Automatic assignment
Configure a range of addresses on the remote access server for its clients. One address is automatically assigned the remote access port on the server. Clients are assigned an IP address from the address pool configured on the server.
Static IP address
You can configure the client with a specific IP address that it uses when it connects to the remote access server. Doing so requires two steps:
  • Configure the IP address for the dial-up connection on the client.
  • Configure the remote access policy to allow IP address requests.
Remote Access Facts.

Keep in mind the following facts about configuring remote access.
  • The number of dial-up modem connections permitted depends on the number of modems that are installed on the remote access server. If you have only one modem installed on the server, you can only have one modem connection at a time.
  • Before shutting a remote access server down, terminate all client idle sessions.
  • To enable clients to receive their addresses from a DHCP server, configure the remote access server to use DHCP for addressing.
  • When you use PPP as the WAN protocol, you can use DHCP for addressing and encryption.
  • To allow remote clients to access resources on both the remote access server and the local network, enable both remote access and LAN routing. To restrict access to only the remote access server, enable only remote access.
  • When you establish a LAN protocol, the client must be configured with all protocols used by all devices on the private network with which it communicates.
  • To access resources on a remote network, users must be given the appropriate permissions.
Authentication Protocol Comparison.

Authentication protocols ensure that remote users have the necessary credentials for remote access. The following table compares the authentication protocols supported by a Windows 2003 remote access server. Protocols are listed in order, from least secure to most secure. As a rule, select the highest level of authentication supported by the clients.
Protocol
Characteristics
Client Support
Password Authentication Protocol (PAP)
Client sends a username and plain text password for authentication.
Password can be easily intercepted.
Use only when no other form of authentication is supported
2003/XP/2000
NT 3.5/4.0
95/98/ME
Shiva Password Authentication Protocol (SPAP)
Used to connect to a Shiva LAN Rover.
Uses an encrypted password for authentication.
Password encryption is easily reversible
2003/XP/2000
NT 3.5/4.0
95/98/ME
Challenge Handshake Authentication Protocol (CHAP)
Uses a three-way handshake (challenge/response).
Uses MD5 hashing of the shared secret for authentication.
2003/XP/2000
NT 3.5/4.0
95/98/ME
Microsoft Challenge Handshake Authentication Protocol version 1 (MS-CHAP v1)
Similar to MS-CHAP v2, uses challenge/response for authentication.
Server authenticates the client (client cannot authenticate the server).
Encrypts the secret used for authentication
2003/XP/2000
NT 3.5/4.0
95/98/ME
Microsoft Challenge Handshake Authentication Protocol version2 (MS-CHAP v2)
Highest level of authentication possible without using EAP.
Uses a challenge/response mechanism for authentication.
Allows both the client and the server to authenticate each other.
Encrypts the secret used for authentication.
2003/XP/2000
NT 4 (SP 4)
98 (SP 1)
95 (with the latest updates for a VPN connection only)
Extensible Authentication Protocol (EAP)
Client and server negotiate the characteristics of authentication.
Used for smart cards or biometric authentication.
2003/XP/2000
For wireless clients, the most secure solution uses Protected EAP (PEAP) for an initial authentication to the wireless access point. When using PEAP, select one of the following two options:
  • PEAP-EAP-TLS. This authentication method uses certificates (either on the local system or on a smart card) to complete the authentication process.
  • PEAP-MS-CHAP v2. This method uses certificates on the server, but simple passwords on the client. Use this method when the client does not have a certificate.
PEAP support is enabled as follows:
  • Windows XP SP1, included as a feature of the service pack.
  • Windows Server 2003.
  • Windows 2000, supported through a special download and install.
Remote Access Client Configuration.



You should know the following facts about remote access client configuration:
  • The client must be running all networking protocols (such as IP or IPX) that are used on destination computers.
  • Both the remote access client and the remote access server must use a common WAN protocol (such as PPP).
  • If your client and server have multiple modems, you can configure both to use multilink. With multilink, multiple physical connections are established to increase the bandwidth of a single connection. When using multilink, enable Bandwidth Allocation Protocol (BAP) to establish and drop links based on link activity.
  • Callback is a form of security in which the server disconnects the user after authentication then immediately calls the user back. The server can use a preset phone number for each user, or the user can enter a callback phone number after authentication. You cannot use multilink and callback together.
  • To configure remote clients for DNS, configure them with the IP address of the DNS server on the private network. DNS requests will be automatically routed to the DNS server.
Remote Access Policy Facts.

A remote access policy consists of the following components.
Component
Description
Conditions
Remote access conditions identify which policies apply to incoming connections. The remote access server checks the conditions included with a policy. If all conditions match, the server processes the policy and user account settings to determine what access to allow or deny.
Permissions
Permissions determine whether remote access is granted or denied. Permissions come from a combination of settings in the user account and the remote access policy. There are only three possible permission settings:
  • Grant remote access
  • Deny remote access
  • Control access through the remote access policy (only settable in the user account)
Profile
A profile is the list of settings that are applied to the connection once access is granted. Profile settings can reject or restrict remote access to connections that:
  • Use a specific media type
  • Are initiated during specific days and times
  • Use specific authentication protocols
  • Use specific encryption protocols

Network Monitor and System Monitor



Network Monitor and System Monitor.



Two common tools, Network Monitor and System Monitor, are useful in monitoring your system. While both can be used to gather some information related to network performance, Network Monitor is the tool you will use most often to analyze network traffic and gather information about communication between two computers. The following table compares the features of Network Monitor and System Monitor.
Characteristic
Network Monitor
System Monitor
Data collected
Captures packets (or packet fragments) and their contents.
Reports statistics about network traffic.
Monitors system statistics, producing counters and charts of system performance.
Monitors local system components including disk, processor, memory, and network statistics.
Data reports
View contents of sent and received packets.
View network traffic statistics.
View graphs of system performance and counters.
Event tracking
Configure triggers to stop capture or execute a command based on a specific network traffic event (or packet type).
Configure alerts to log an entry, send a message, or run a program when a counter reaches a specific threshold.
Identifying captured data
Configure filters to capture only specific packets or to display only certain packets.
Select objects and counters to identify the statistics you want to track.
You should know the following facts about Network Monitor:
  • The free version of Network Monitor that comes with Windows can only monitor traffic to and from the local computer.
  • To capture all network packets, use the SMS version of Network Monitor.
  • Even when using the SMS version, you cannot capture packets sent to other computers on other segments through a switch. (Switched traffic is only sent to the segment where the destination computer sits.)
  • Use Dedicated Capture mode with Network Monitor to ensure you capture all packets.
TCP/IP Configuration Settings.

The following table summarizes many of the configuration settings for a TCP/IP network.
Parameter
Purpose
IP address
Identifies both the logical host and logical network addresses.
Subnet mask
Identifies which portion of the IP address is the network address.
Default gateway
Identifies the router to which packets for remote networks are sent.
Host name
Identifies the logical name of the local system.
DNS server
Identifies the DNS server that is used to resolve host names to IP addresses.
WINS server
Identifies the WINS server that is used to resolve host names to IP addresses.
MAC address
Identifies the physical address. On an Ethernet network, this address is burned in to the network adapter hardware.
Keep in mind the following regarding TCP/IP configuration:
  • All computers must be assigned a unique IP address.
  • Hosts on the same physical network should have IP addresses in the same address range.
  • The subnet mask value for all computers on the same physical network must be the same.
  • Configure the default gateway value to enable internetwork communication.
  • The default gateway address must be on the same subnet as the host's IP address.
Choosing the Addressing Method.

The table below lists options for assigning IP addresses.
Method
Uses
Static (manual) assignment
Small number of hosts.
Network will not change or grow.
Hosts that must have the same address each time.
For small networks (if the administrative time and cost is acceptable).
For non-DHCP hosts (hosts that cannot accept an IP address from DHCP).
To reduce DHCP-related traffic.
APIPA
Single-subnet network.
No DNS services.
Automatic configuration of IP address and subnet mask only.
Small, non-subnetted networks.
Implementation for which you do not need to customize the default address range.
DHCP
Small, medium, or large networks.
Automatic configuration.
Automatically deliver additional configuration parameters (such as default gateway, DNS servers).
Alternate
A single computer connects to two networks, one without a DHCP server.
A computer is connected to a network using DHCP, but you want it to be properly configured when the DHCP server is unavailable.

You should know the following facts about IP address assignments:
  • By default, all Windows computers try to use DHCP for TCP/IP configuration information.
  • APIPA is used to automatically generate an IP address if the DHCP server is unavailable and if no alternate address is configured.
  • The APIPA range is 169.254.0.1 to 169.254.255.255 with a mask of 255.255.0.0.
  • If the computer assigned itself an IP address (using APIPA), this means the computer could not contact a DHCP server.
  • When you configure a static IP address, you disable DHCP and APIPA.
  • Use an alternate IP address to use DHCP on one network and static addressing on another without reconfiguring the connection.
  • When you configure an alternate IP address, APIPA is no longer used when the DHCP server can't be contacted.
  • You can rely on APIPA for your IP addressing solution, but only for a network with a single subnet. APIPA does not set the default gateway or name server address.
IP Addressing Facts.

The following table lists the default IP addressing classes and masks:
Class
Address Range
Default Mask
A
1.0.0.0 to 126.255.255.255
255.0.0.0
B
128.0.0.0 to 191.255.255.255
255.255.0.0
C
192.0.0.0 to 223.255.255.255
255.255.255.0
D
224.0.0.0 to 239.255.255.255
(multicast addresses)
E
240.0.0.0 to 255.255.255.255
(experimental addresses)
You should also know the following address ranges that are reserved for private addresses. Use these addresses on a private network that is connected to the Internet through a network address translation (NAT) router.
  • 10.0.0.0 to 10.255.255.255
  • 172.16.0.0 to 172.31.255.255
  • 192.168.0.0 to 192.168.255.255
Keep in mind the following facts about IP addresses:
  • The first address in a range on the subnet is the subnet address. Typically, this address is not assigned to hosts.
  • The last address in a range on the subnet is the broadcast address. Typically, this address is not assigned to hosts.

Troubleshooting TCP/IP.

Use the following tips to troubleshoot TCP/IP:
  • Use Ipconfig /all to verify your IP address, subnet mask, default gateway, and other IP configuration values.
  • If the IP address is in the APIPA range (169.254.0.0 to 169.254.255.254), the computer could not contact a DHCP server. Use Ipconfig /renew to try contacting the DHCP server again.
  • Use Ping (Packet Internet Groper) to send small packets to a computer to see if the computer responds. Microsoft recommends the following use of Ping:
    1. Ping the loopback address (127.0.0.1). This verifies that the TCP/IP protocol stack has been properly installed.
    2. Ping the local IP address assigned to the machine. This verifies communication to the NIC.
    3. Ping the default gateway. This verifies connectivity to the default gateway or to another machine on the local network. This verifies that the local network is accessible.
    4. Ping a remote host. This checks the connectivity between the default gateway and the remote host.
  • Use Tracert to see the route packets take through an internetwork between two devices.
  • Use Pathping to view the route of the connection and the connectivity response time. This can help identify where communication latency occurs.
  • Use the Arp -d * command to remove all dynamic ARP entries from the ARP list. (Arp -d clears the ARP cache.)
  • Use the Windows system logs to track DHCP service startup and shutdown as well as critical errors.
DHCP Authorization.



Be aware of the following facts about DHCP server authorization.
  • Authorization is required if you are using Active Directory; no authorization is required, however, for a standalone server.
  • When you authorize a DHCP server, its IP address is added to a list of authorized DHCP server maintained in Active Directory.
  • When a DHCP server starts, its IP address is compared to the Active Directory list. If it is found, the server is allowed to issue IP addresses. If it is not found, the server is not allowed to issue IP addresses, and the server does not respond to DHCP requests.
  • Only Windows 2000 or Windows 2003 servers check for authorization.
  • You can authorize a server before DHCP is installed.
  • Rogue DHCP servers running other operating systems (like Unix, NetWare, or Windows NT) do not check for authorization before assigning addresses.
  • A Windows DHCP server checks for authorization when it boots and reauthorizes every five minutes.
  • You must be a member of the Enterprise Admins group to authorize a server.
  • In some cases, when you install DHCP on a domain controller, it will be authorized automatically.
  • When you install DHCP, the server is added automatically to the DHCP console on the local machine. When it is installed on another machine, you must add it manually to the local DHCP console.
Scope Facts.

You should know the following facts about DHCP scopes:
  • Use exclusions to prevent the DHCP server from assigning certain IP addresses. For example, exclude any IP addresses for devices that are not DHCP clients.
  • Use reservations to make sure a client gets the same IP address each time from the DHCP server. The reservation associates the MAC address with the IP address the client should receive. For example, use a reservation for servers and printers to keep their IP addresses consistent while still assigning the addresses dynamically.
  • When using reservations, do not exclude the addresses you want to assign.
  • To change the subnet mask used by a scope, you must delete and recreate the scope. You cannot selectively change the subnet mask in an existing DHCP scope.
  • The scope must be activated before the DHCP server will assign addresses to clients.
DHCP Option Facts.

Through DHCP, you can deliver a wide range of TCP/IP configuration parameters (not just the IP address and mask). Additional parameters are delivered by configuring DHCP options. Options can be set at the following levels:
  • Server. Options set on the server are delivered to all clients of that DHCP server.
  • Scope. Options set on the scope are delivered to all computers that obtain an IP address from within the scope.
  • Class. A class defines a group of computers that share common characteristics. For example, the vendor class can be used to deliver options to Microsoft Windows clients. Class options are delivered to all computers within the class.
  • Reserved client. Options set on a reservation are delivered to the specific client.
Options are applied in the order listed above. If conflicting settings are delivered, the last parameters delivered will take precedence over the previous settings.
Common options include:
  • 003 Router, the IP address of the default router (the default gateway)
  • 006 DNS Servers, the IP address of DNS server or servers
  • 015 DNS Domain Name, the domain that the client belongs to; used to update DNS server
  • 044 WINS/NBNS Servers, the IP address of WINS server or servers
  • 046 WINS/NBT Node Type, controls the order in which a client uses NetBIOS name servers
DHCP Server Backup and Recovery.

To move the DHCP service from one server to another, you must perform operations on the source and destination machines.
Source machine:
  1. In DHCP Console, back up DHCP. The backup includes:
    • Scopes, exclusions, and reservations.
    • DHCP configurations.
    • DHCP-related registry settings.
  2. Stop and disable the DHCP service.
  3. Copy the DHCP backup files to the destination machine.
On the destination machine:
  1. Install DHCP.
  2. Stop the DHCP service.
  3. In DHCP Console, restore the DHCP backup files.
  4. Verify the DHCP configuration and start DHCP.
DHCP Lease and Renewal Processes.

A DHCP client uses the following process to obtain an IP address:
  1. Lease Request. The client initializes a limited version of TCP/IP and broadcasts a DHCPDISCOVER packet requesting the location of a DHCP server.
  2. Lease Offer. All DHCP servers with available IP addresses send DHCPOFFER packets to the client. These include the client's hardware address, the IP address the server is offering, the subnet mask, the duration of the IP lease, and the IP address of the DHCP server making the offer.
  3. Lease Selection. The client selects the IP address from the first offer it receives and broadcasts a DHCPREQUEST packet requesting to lease the IP address in that offer.
  4. IP Lease Acknowledgment. The DHCP server that made the offer responds and all other DHCP servers withdraw their offers. The IP addressing information is assigned to the client and the offering DHCP server sends a DHCPACK (acknowledgement) packet directly to the client. The client finishes initializing and binding the TCP/IP protocol.
Part of the IP address lease includes a lease duration (or the amount of time the client can use the IP address it has been allocated). Periodically, DHCP clients try to renew their IP address with the DHCP server. Microsoft clients use the following rules when renewing leases:
  • When the lease time reaches 50%, the client tries to renew its lease with the DHCP server. It sends a DHCPREQUEST unicast message to the DHCP server requesting a lease renewal. If the DHCP server does not respond, it continues to use the IP address.
  • When the lease time reaches 87.5%, the client sends a DHCPREQUEST unicast message to renew the lease. If the DHCP server does not respond, it continues to use the IP address.
  • When the lease time expires, the client broadcasts a DHCPREQUEST message to renew the lease.
  • When the client boots, it broadcasts a DHCPREQUEST message to renew the lease.
  • If the server sends a negative acknowledgement (a DHCPNAK packet) during any renewal attempt, the client must reinitialize TCP/IP and restart the DHCP lease at the beginning.
  • Enable BootP forwarding on routers to ensure that lease request broadcast packets are forwarded through the routers.
The following table summarizes the packets exchanged between DHCP clients and servers.
Message
Description
DHCPDISCOVER
Sent from client to server or servers to ask for an IP address. Used when client starts or cannot renew current lease.
DHCPREQUEST
Requests a specific new IP address or renewal of its current IP address. Used to select one lease offer from among multiple offers or to confirm a previous address lease.
DHCPOFFER
Offers to lease of an IP address to a client when it starts on the network. Client can receive multiple offers from multiple DHCP servers but usually selects the first.
DHCPACK
Sent from server to client to acknowledge and complete a client's requested address lease. Contains IP address, lease duration, and possibly other parameters.
DHCPNAK
Sent from server to a client when the requested IP address is not available (negative acknowledgement).
DHCPDECLINE
Used by client to decline the offer of an IP address because of a potential conflict.
DHCPRELEASE
Sent from client to server to release an IP address. Used to cancel a currently active lease. Cancellation can be done manually with the Ipconfig /release command.
DHCPINFORM
Used by a computer to obtain information from a DHCP server for use in its local configuration. Used when the sender already has an IP address, possibly not from DHCP.


Troubleshooting DHCP.

For a Windows 2003 Server DHCP server to deliver IP addresses, the following conditions must be met:
  • The server must be authorized.
  • The DHCP service must be running (the DHCP server is started).
  • The scope must be started.
  • There must be IP addresses in the scope that are free to be assigned, or a reservation for the client must be defined.
  • The client must be configured to receive its IP address from the DHCP server.
One useful tool for troubleshooting and fixing DHCP lease problems is Ipconfig. The following table lists the command switches useful in troubleshooting DHCP.
Command
Use
Ipconfig /all
View TCP/IP configuration including the IP address, mask, default gateway, and any other DHCP-delivered parameters.
In addition, the command shows the IP address of the DHCP server from which configuration information was received.
Ipconfig /renew
Renew DHCP configuration for specific or multiple adapters.
Ipconfig /release
Releases DHCP configuration and discards IP address configuration for specific or multiple adapters.
An address IP address in the 169.254.0.0 range indicates that the client could not contact the DHCP server and has used APIPA to assign itself an address.
You should recognize the following symptoms of a rogue server:
  • Incorrect IP configuration information.
  • Duplicate addresses assigned.
  • Ipconfig /all shows the DHCP server address incorrectly.
  • DHCPNAK messages at the client during lease renewal.
If the client has an address from the wrong server, remove the rogue server, then do Ipconfig /release followed by Ipconfig /renew.

DNS Name Resolution Process.



You should be familiar with the DNS name resolution process:
  1. When a DNS name resolution request is forwarded to a DNS server, the DNS server examines its local DNS cache for the IP address.
  2. If the IP address is not in the DNS server's cache, it checks its Hosts file. (Since the Hosts file is a static text file, it is not commonly used.)
  3. If the DNS server is not authoritative and configured for forwarding, the DNS server forwards the request to a higher-level DNS server.
  4. If the DNS server cannot forward the request, or if forwarding fails, the DNS server uses its Root Hints file (also known as Cache.dns). The Root Hints file lists the 13 root DNS servers.
  5. The root DNS server responds with the address of a com, edu, net, or other DNS server type (depending on the request).
  6. The DNS server forwards the request to the high-level DNS server, which can respond with a variety of IP addresses.
You should know the following facts about DNS:
  • DNS translates a hostname to an IP address.
  • The DNS hierarchy is made up of the following components:
    • . (dot) domain (also called the root domain)
    • Top Level Domains (TLDs) (.com, .edu, .gov)
    • Domains
    • Hosts
  • A fully qualified domain name (FQDN) must include the name of the host and the domain, not just the domain.
  • A forward lookup uses the host name (or the FQDN) to find the IP address.
  • A reverse lookup uses the IP address to find host name (or FQDN).
  • A DNS server can forward a DNS request to an upstream DNS server if it cannot resolve a host name to an IP address.
  • An authoritative server is a DNS server that has a full, complete copy of all the records for a particular domain.
  • A caching-only DNS server has no zone information; it is not authoritative for any domains.
  • The Root Hints file (also called the Cache.DNS file) lists the 13 root DNS servers. A DNS server uses the Root Hints file to forward a request to a Root DNS server as a last resort to resolve a host name to an IP address.
  • A Root DNS server refers DNS servers to .com or .edu or .gov level DNS servers.
  • Recursion is the process by which a DNS server or host uses root name servers and subsequent servers to perform name resolution. Most client computers do not perform recursion, rather they submit a DNS request to the DNS server and wait for a complete response. Many DNS servers will perform recursion.
Zone Types.

The table below lists the types of DNS zones:
Zone Type
Description
Standard primary
Host name-to-IP address name resolution.
Data is stored in a flat text file.
Read-write copy of the data.
Standard secondary
Host name-to-IP address name resolution.
Data is copied from another DNS server.
Read-only copy of the data.
Reverse lookup
IP address to host name resolution.
Can be both primary and secondary zones.
Active Directory-integrated
Data is stored in Active Directory.
Data is shared between domain controllers.
Data is read-write on all servers with the data.
Provides automatic replication, fault tolerance, and distributed administration of DNS data.
You should also know the following facts about zones:
  • To configure reverse lookup for a subnetted IP network, enable the Advanced view in the DNS console.
  • Reverse lookup zones for IPv6 addresses should be created in the ip6.arpa namespace.
·         Common Resource Records.

·         The table below lists the most common resource records.
Record Type
Use
A (host address)
The A record maps a DNS host name to an IP address. This is the most common resource record type.
CNAME (canonical name)
The CNAME record provides alternate names (or aliases) to hosts that already have an A record.
MX (Mail Exchanger)
The MX record identifies servers that can be used to deliver mail.
NS (name server)
The NS resource record identifies all name servers that can perform name resolution for the zone. Typically, there is an entry for the primary server and all secondary servers for the zone.
PTR (pointer)
In a reverse lookup zone, the PTR record maps an IP address to a host name (i.e. "points" to an A record).
SOA (Start of Authority)
The first record in any DNS database file is the SOA. It defines the general parameters for the DNS zone. The SOA record includes parameters such as the authoritative server and the zone file serial number.
SRV (service locator)
The SRV record is used by Windows 2003 to register network services. This allows clients to find services (such as domain controllers) through DNS. Windows 2003 automatically creates these records as needed.

Dynamic DNS Facts.

For a Windows 2000/XP/2003 client, the following process is used to dynamically update the DNS database.
  1. The client boots and receives an IP address from the DHCP server.
  2. The client sends a DNS update request to update the forward lookup record.
  3. The DHCP server sends an update request to update the reverse lookup record.
For non-dynamic update clients, the DHCP server sends both the forward and reverse lookup updates. You can also configure the DHCP server to perform both tasks for Windows clients.
To enable dynamic updates, use the following steps:
  1. On the Windows DNS server, open the Zone Properties dialog box and enable dynamic updates.
  2. In the TCP/IP Properties of the client, make sure dynamic DNS is enabled (enabled is the default setting).
Note: You may also need to enable dynamic updates on the DHCP server if you're doing dynamic updates by proxy.
You should know the following facts about secure dynamic DNS:
  • Secure dynamic updates are only available for Active Directory-integrated zones.
  • To use secure DDNS, a client must be a member of the same Active Directory domain as the DDNS server.
  • Only the original client can alter or remove records when using secure DDNS.
DNS Client Settings.

DNS uses fully qualified domain names (FQDN) to identify a computer. FQDNs are composed of the host name and the domain name (also called a suffix). Windows client computers can be identified using two different DNS suffixes:
  • Primary suffix, set through the System properties.
  • Connection-specific suffix, configured through the TCP/IP properties for the network adapter.
With dynamic DNS, client computers can update the DNS database with their host name. Keep in mind the following facts about client dynamic updates:
  • By default, Windows 2000/XP/2003 clients register their DNS name with the DNS server.
  • In the TCP/IP properties, Advanced settings, DNS tab, the Register this connection's addresses in DNS setting controls whether the client dynamically registers its name with DNS.
  • With dynamic DNS enabled on the client, the computer will register its full DNS name from the configuration on the Network Identification tab of the System applet (using the primary suffix).
  • You can configure the client to register two different DNS names with the DNS server. To do this, in the TCP/IP properties, Advanced settings, DNS tab, identify an additional DNS suffix for the client and enable the Use this connection's DNS suffix in DNS registration option. When enabled, the client will register its name with the connection-specific suffix as well as the primary suffix.
You can also configure the client with custom search suffixes.
  • By default, when you submit a DNS query without using the fully qualified domain name (FQDN), the client computer appends the computer's domain to the name to perform the DNS lookup. The client will also use parent suffixes to try the request multiple times.
  • Edit the Advanced TCP/IP properties to customize the search suffixes. You can specify search suffixes outside of the parent suffixes, and modify the order in which suffixes are used for searches.
AD-Integrated Zone Facts.



Using Active Directory to manage zone information has the following advantages:
  • No single point of failure. Changes are made to multiple rather than individual servers.
  • Fault tolerance. Each host server maintains up-to-date zone information.
  • Single replication topology. Zone transfers occur through Active Directory replication.
  • Secure dynamic updates. Only authorized computers can update dynamically.
  • Simplified management. Any authorized computer can initiate changes to the zone file (not just the primary server).
In Windows 2000, all DNS data is replicated with all domain controllers. With 2003, you have the following options:
Replication Option
Where data is replicated
2000 Default
All domain controllers in a domain receive the information whether or not they have DNS installed.
DomainDNSZones
All domain controllers with DNS in the domain receive the information.
ForestDNSZones
All domain controllers with DNS in the forest receive the information. (Used most effectively when you have very important records that need to be available throughout the forest.)
Application Partitions
All domain controllers within the application partition. By using an application partition, you can customize which domain controllers will receive the DNS data.
Root Hint Facts.

Keep in mind the following facts regarding root hints.
  • The Cache.dns file holds the 13 root hint addresses for the Internet root servers. The Cache.dns file can be found in two locations:
    • %SystemRoot%\system32\dns\Cache.dns (the copy in use)
    • %SystemRoot%\system32\dns\backup\Cache.dns (the copy reserved in the backup location)
  • If you have a root zone configured on a DNS server, the server will act as a root zone server.
  • A DNS server configured as a root zone server will never use the root hints file (Cache.dns). It considers itself authoritative. Consequently, the server won't access the Internet to forward DNS queries.
  • If you want the DNS server to access the Internet, delete the root zone in the DNS Console.
  • You can configure root hints through the properties of a DNS server or by configuring the DNS server's Cache.dns file. If the server is configured to load data from Active Directory, you must configure root hints using the DNS snap-in because the local Cache.dns is not used (the root hints data is stored in AD).
Stub Zones and Forwarding Facts.

You should know the following facts about DNS performance:
  • A stub zone holds copies of the following DNS record types:
    • NS records for all DNS servers (primary and secondary).
    • SOA record for the primary server.
    • DNS A records (also called glue records) for the DNS servers.
  • A stub zone is dynamic. It will update itself with changes.
  • Use a stub zone to provide quick access to the name server list and to provide a method of keeping the name server list updated without replicating zone data.
  • Conditional forwarding allows DNS queries to be forwarded to specific DNS servers that have specific zones.
  • Conditional forwarding is static. You set up an IP address which handles a specific type of query.
  • Conditional forwarding must be updated when changes to forwarders are made.
  • If a DNS server is configured to use forwarders, you can disable recursion on the DNS server. This means the server submits requests to the forwarder and waits for a response.


Zone Transfer Facts.



Replication through standard zones takes place through zone transfers. Secondary servers contact their master servers for new zone information. You should know the following facts about zone transfers:
  • The zone serial number is modified when changes are made to the zone file.
  • Zone transfer is initiated when a secondary server checks the master server and finds an incremented zone serial number.
  • Zone transfer notification occurs when the master server contacts the secondary server when changes have been made.
  • By default, a DNS server replicates the entire zone database (called a full zone transfer or AXFR).
  • A partial zone transfer, in which only the changed information is replicated, is also called an incremental zone transfer or IXFR.
  • To initiate a manual transfer, increment the serial number first. Otherwise, no transfer will occur (a transfer only occurs when the serial number has changed).
  • You can improve DNS performance by placing multiple DNS servers on your network. For example, you can place a secondary server on the other side of a WAN link to reduce WAN traffic caused by name resolution. However, zone replication traffic must still cross the WAN link.
  • A caching only server runs DNS but has no zones configured. Use a caching only server to improve performance while eliminating zone transfers.
  • An Active Directory-integrated zone stores DNS information in Active Directory rather than in a zone file. Zone information is copied automatically when AD replicates.
  • If a zone is Active Directory-integrated and has no secondary servers, you can disable zone transfers. Zone data will continue to be replicated through Active Directory.
Normally, zone transfers happen automatically at periodic intervals. You can force an update of zone data through the DNS console or by using the Dnscmd command. The following table lists some actions you can take to refresh zone data manually.
DNS Console Action
Dnscmd Option
Result
Reload
Dnscmd /ReloadZone
The server reloads zone data from its local copy (it reads the data back in from the zone file on the hard disk).
Transfer from Master
Dnscmd /Refresh
Initiates a normal zone transfer. The DNS server compares its version number with the version of the zone master. If the version numbers are the same, no zone transfer takes place.
Reload from Master
N/A
The DNS server dumps its copy of the data and reloads the entire data from the master server.
To force a zone transfer, you can either update the sequence number on the master server and then transfer the data from the master, or you can simply reload the data from the master.

DNS Design Guidelines.



Keep in mind the following facts about DNS namespace design:
  • Active Directory requires DNS.
  • A split-brain DNS solution allows you to run internal DNS and external DNS that don't communicate with one another. This helps to maintain internal security.
  • Following are three split-brain DNS configuration options:
    • Set up the same DNS name internally and externally.
    • Set up different DNS names internally and externally.
    • Set up the internal DNS as a subdomain of the external DNS.
  • The purpose of a split-brain DNS solution is to:
    • Allow external clients to access only external resources.
    • Allow internal clients to access all resources.
The table below lists the split-brain DNS configurations.
Split-brain DNS Configuration
Implementation
Same Internal and External DNS Names
Set both DNS servers as primary to prevent zone transfer traffic.
Allow internal client access to external resources by copying external resource records to the internal DNS server.
Different Internal and External DNS Names
To allow internal clients to access external resources, set up a forwarder, either a regular forwarder or a conditional forwarder.
Internal DNS Name as Subdomain of External DNS Name
One possible advantage is that you can run separate DNS infrastructures (e.g., an external Unix infrastructure and an internal Microsoft infrastructure).
One danger is that outside queries could include the internal namespace. Use the firewall to block these types of queries.
Set up a forwarder to allow internal clients to access external resources.
DNS Solutions.

You have a wide variety of tools to help you in designing a DNS solution. The following table lists various zone types and configuration options and when to use each.
Solution
Use
Primary zone
Select a primary zone to manage zone data on non-domain controllers or non-Windows DNS servers.
Secondary zone
Select a secondary zone to copy read-only zone data from another server. For example, your Windows server can be a secondary server to a non-Windows server, or a non-Windows server can be a secondary server to an Active Directory-integrated zone. Secondary zone servers accomplish three tasks:
  1. Fault tolerance
  2. Load balancing
  3. Reduce name resolution traffic over WAN links
Reverse lookup zone
Use a reverse lookup zone to find the host name for a given IP address. For example, use a reverse lookup zone if you need to identify the host name of clients who connect to a server or services. Following are reasons to set up reverse lookup zones:
  • To use Nslookup by using the IP address.
  • To use IP filtering in IIS.
  • To accommodate applications that rely on reverse lookups.
Active Directory-integrated zone
Use when you have DNS servers that are also domain controllers. AD-I zones allow multi-master updates to the DNS database, automatically replicate data through Active Directory (rather than conventional DNS replication), secures zone updates, and allow secure dynamic client registration.
Caching only server
Use to reduce DNS name resolution traffic over WAN links without the zone transfer traffic.
Zone delegation
Use to subdivide a zone into multiple zones. This allows other administrators to manage parts of your name space.
Forwarders
Use to send DNS queries to other servers when the current server does not hold the data.
Conditional forwarding
Use to forward DNS queries based on the domain name characteristics. Without conditional forwarding, all requests are forwarded to the same servers. With conditional forwarding, requests are forwarded based on the domain name.
Stub zone
Use when you need to automatically update lists of name servers for a domain but do not want to replicate zone data.
Root zone
Use to make your DNS server authoritative for the entire name space. For example, you can configure a root zone to prevent name queries from being forwarded to the Internet root zone servers.
Root hints
Root hints point to the root zone servers. Normally root hints point to the Internet root zone servers. If you have a custom root zone, make sure root hints on internal servers point to your root zone servers.
Dynamic DNS
Use to allow clients to update DNS records.
Secure updates
Use to prevent unauthorized changes to dynamically-created DNS records. When enabled, only domain members can register DNS records, and only the same computer can modify those records. Secure updates are available only on Active Directory-integrated zones.

DNS Troubleshooting Tools.



You should know how to use the tools listed in this table:
Tool
Use
Nslookup
Use the Nslookup tool to perform DNS name resolution. Enter the name of the host, and Nslookup performs DNS queries to report the host's IP address.
Dnscmd
Dnscmd displays the properties of DNS servers, zones, and resource records. You can also use Dnscmd to modify these properties, create and delete zones and resource records, and force replication.
Ping
Use Ping to determine if an IP address is accessible. If you can ping an IP address, try to ping the logical name of the host. If the logical name test fails, you should troubleshoot the name resolution system.
Network Monitor
Use Network Monitor to analyze and monitor network traffic.
Ipconfig
You can use Ipconfig without switches to display the IP address, subnet mask, and default gateway for all adapters. However, the following switches are useful when troubleshooting DNS.
  • /Displaydns, to display the contents of the local DNS cache.
  • /Flushdns, to flush the local DNS cache.
  • /Registerdns, to force a client to register its DNS information.
DNSLint
The DNSLint utility helps you to isolate and diagnose DNS problems. You must use one of the three following switches with DNSLint.
  • /d, to perform domain name tests
  • /ad, to perform AD tests
  • /ql, to perform DNS query tests from a list
To provide fault tolerance for DNS servers, use one of the following strategies:
  • Use Active Directory-integrated zones. If one DNS server goes down, zone data is still stored in Active Directory. Be sure to analyze the replication scope to make sure you have at least two servers holding the DNS data for each zone.
  • Create secondary zones. If the primary server goes down, you can change one of the secondary zones to the primary zone.
  • Back up the DNS database. If you have only one DNS server, be sure to back up the DNS database. For non-Active Directory-integrated zones, you can back up the DNS files or copy them to another location. For Active Directory-integrated zones, you must back up the system state data (because DNS is stored in Active Directory).