dns operational guide

Domain Name System (DNS) Service Product Operations Guide

Managing the Windows Server Platform

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), but only for the purposes provided in the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.

2003 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Visual Basic, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Domain Name System (DNS) Service Product Operations Guide iii

ContentsIntroduction to Product Operations Guide.......................................................................................1

Document Purpose.....................................................................................................................1Intended Audience...................................................................................................................... 1How to Use This Guide...............................................................................................................1Background................................................................................................................................. 2

High-Level Processes for Maintaining Windows Server 2003 DNS Service...................................5Overview..................................................................................................................................... 5Technology Required.................................................................................................................. 6Maintenance Processes Checklist..............................................................................................9

Operating Quadrant................................................................................................................. 9Service Monitoring and Control SMF...................................................................................9Storage Management SMF................................................................................................10

Supporting Quadrant.............................................................................................................11Incident Management SMF................................................................................................11Problem Management SMF...............................................................................................12

Optimizing Quadrant..............................................................................................................13Capacity Management SMF...............................................................................................13Availability Management SMF............................................................................................14

Changing Quadrant...............................................................................................................15Change Management SMF................................................................................................15Configuration Management SMF.......................................................................................16

Detailed Maintenance Actions......................................................................................................17Overview................................................................................................................................... 17Process: Data backup, restore, and recovery operations..........................................................18

Task: Create DNS backup and pull backup files to remote storage.......................................18Option 1—System State.....................................................................................................18Procedure 1: Manual backup to tape or external locally-attached storage.........................18Procedure 2: Scriptable manual copy to remote server directory.......................................19Option 2—System State and Zone File Backup.................................................................20Procedure 1: Manual backup to tape or external locally-attached storage.........................20Procedure 2: Scriptable manual copy to remote server directory.......................................20

Task: Verify previous day's backup job..................................................................................22Procedure 1: Verify the backup job is completed...............................................................22

Process: Data backup, restore, and recovery operations..........................................................23Task: Verify restore................................................................................................................23

Procedure 1: Verify restore configuration of a primary zone..............................................24Procedure 2: Verify restore configuration of a secondary zone..........................................24Procedure 3: Verify restore configuration of a stub zone...................................................25

Process: Design for recovery....................................................................................................26Task: Test the server restoration capability...........................................................................26

Procedure 1: Restoring from backup Active Directory integrated DNS..............................26Procedure 2: Restoring from backup standard primary zone.............................................27

Process: Storage resource management..................................................................................28Task: Monitor disk space for DNS logs and database...........................................................28

Procedure 1: Monitor disk usage and availability...............................................................28Process: Managing resources and service performance...........................................................30

Task: Capture service performance statistics........................................................................30Procedure 1: Configure DNS performance logging............................................................31

Process: Perform monitoring.....................................................................................................34Task: Capture usage performance statistics..........................................................................34

Procedure 1: Configure DNS performance logging............................................................35Task: Capture system performance statistics........................................................................38

Procedure 1: Configure DNS performance logging............................................................38

iv Managing the Windows Server Platform

Process: Managing resources and service performance...........................................................42Task: Create service performance and utilization report........................................................42

Procedure 1: Calculate daily statistics................................................................................42Procedure 2: Store data and reports..................................................................................43

Task: Create system load and utility report............................................................................43Procedure 1: Calculate daily statistics................................................................................43Procedure 2: Store data and reports..................................................................................43

Process: Problem recording and classification..........................................................................44Task: Temporarily enable debug logging options..................................................................44

Procedure 1: Select and enable debug logging options on the DNS server.......................44Procedure 2: Disable debug logging options on the DNS server.......................................44

Task: Diagnose backup conditions........................................................................................45Procedure 1: Enable detailed logging................................................................................45Procedure 2: Review the backup log..................................................................................46

Process: Proactive analysis and review....................................................................................47Task: Monitor DNS event log for critical DNS events.............................................................47

Procedure 1: Access event log...........................................................................................47Procedure 2: Review event log..........................................................................................48

Task: Service check—resolve alerts indicating DNS Server service is down........................51Procedure 1: Verify DNS Server service status..................................................................51Procedure 2: Start the DNS Server service........................................................................52

Task: Service check—manual verification of dynamic record update....................................52Procedure 1: Monitor dynamic client registration...............................................................53

Process: Proactive analysis and review....................................................................................54Task: Verify dynamic DNS record updates—DNS client........................................................54

Procedure 1: Accessing client event log............................................................................54Procedure 2: Reviewing the client event log items.............................................................55

Task: Verify dynamic DNS record updates—DHCP server...................................................55Procedure 1: Review DHCP server log..............................................................................56

Task: Verify dynamic DNS record updates—DNS server......................................................57Procedure 1: Configure DNS debug logging......................................................................57Procedure 2: Review the DNS server log...........................................................................57

Task: Monitor key DNS dependencies (Active Directory and network services)....................58Procedure 1: Monitor Active Directory services..................................................................58Procedure 2: Monitor network infrastructure......................................................................59

Process: Proactive analysis and review....................................................................................60Task: Service check—verify zone transfers...........................................................................60

Procedure 1: Check zone transfer error events..................................................................60Procedure 2: Review event log..........................................................................................61Procedure 3: Simulate and test a zone transfer.................................................................61

Task: Service check—simple and recursive resolution..........................................................61Procedure 1: Simple and recursive test query...................................................................62

Process: Proactive analysis and review....................................................................................63Task: Clear the DNS cache...................................................................................................63

Procedure 1: Clearing the cache........................................................................................63Procedure 2: Clearing the cache from the command line..................................................64

Process: Review configuration items.........................................................................................65Task: Capture DNS configuration snapshot...........................................................................65

Procedure 1: Capture the snapshot...................................................................................65Process: Review configuration items.........................................................................................66

Task: Compliance check—namespace (NS) records............................................................66Procedure 1: Generate DNSLint report of DNS server and NS records.............................66Procedure 2: Verify report of DNS server and NS records.................................................67

Task: Compliance check—root hints.....................................................................................68Procedure 1: Updating root hints........................................................................................68

Task: Compliance check—zone delegations.........................................................................69

Domain Name System (DNS) Service Product Operations Guide v

Procedure 1: Checking delegations...................................................................................69Task: Compliance check—scavenging..................................................................................70

Procedure 1: Reviewing the scavenging parameters.........................................................70Task: Compliance check—aging configuration......................................................................70

Procedure 1: Reviewing the aging parameters..................................................................71Task: Compliance check—administrative user group............................................................71

Procedure 1: Verifying administrative group membership..................................................71Task: Compliance check—architectural standards................................................................72

Procedure 1: Collect information........................................................................................72Procedure 2: Review configuration items...........................................................................73Procedure 3: Update configuration items...........................................................................73

Process: Investigation and diagnosis........................................................................................74Task: Respond to daily service request.................................................................................74

Procedure 1: Acknowledge receipt of service request.......................................................74Procedure 2: Document incident........................................................................................74Procedure 3: Update customer on status of incident..........................................................75Procedure 4: Close incident...............................................................................................75

Task: Respond to weekly service request.............................................................................75Procedure 1: Acknowledge receipt of service request.......................................................75Procedure 2: Document incident........................................................................................76Procedure 3: Update customer on status of incident..........................................................76Procedure 4: Close incident...............................................................................................76

Process: Incident closure..........................................................................................................77Task: Roll up activity report into monthly metric....................................................................77

Procedure 1: Create monthly metric...................................................................................77Process: Change classification and authorization.....................................................................78

Task: Attend CAB meeting....................................................................................................79Procedure 1: Attend change review board meeting...........................................................79

Task: Review emergency change request.............................................................................79Procedure 1: Contact CAB/EC...........................................................................................80

Processes by MOF Role Clusters.................................................................................................83Operations Role Cluster........................................................................................................83Support Role Cluster.............................................................................................................85Release Role Cluster.............................................................................................................85Infrastructure Role Cluster.....................................................................................................86Security Role Cluster.............................................................................................................86Partner Role Cluster..............................................................................................................87

Troubleshooting............................................................................................................................ 89Overview................................................................................................................................... 89

Problem #1: DNS Name Resolution Failure..........................................................................89Problem #2: DNS Client Receives “Name Not Found” Error.................................................91Problem #3: DNS Server Provides Stale Information............................................................92Problem #4: DNS Server Not Responding to Clients.............................................................93Problem #5: Clients Not Providing Dynamic Updates............................................................95Problem #6: Server Not Providing Dynamic Updates............................................................96Problem #7: Zone Delegation Failures..................................................................................97Problem #8: Zone Transfer Failures......................................................................................97

Appendix....................................................................................................................................... 99DNS Log Events—ID Codes.....................................................................................................99

vi Managing the Windows Server Platform

Domain Name System (DNS) Service Product Operations Guide vii

Contributors

Program ManagerJeff Yuhas, Microsoft Corporation

Lead WritersJim Quiggle, Covestic Inc., USA

Michael Sarabosing, Covestic Inc, USA

Other ContributorsMarius Apreutesei, Microsoft Corporation

Jason Popp, Microsoft Corporation

Test ManagerGreg Gicewicz, Microsoft Corporation

QA ManagerJim Ptaszynski, Microsoft Corporation

Lead Technical WriterJerry Dyer, Microsoft Corporation

Lead Technical EditorLaurie Dunham, Microsoft Corporation

Technical EditorPatricia Rytkonen, Volt Technical Services

Production EditorKevin Klein, Volt Technical Services

1Introduction to Product Operations Guide

Document PurposeThis guide describes processes and procedures for improving the management of Microsoft® Windows Server™ 2003 Domain Name System (DNS) Service in your infrastructure.

Intended AudienceThis material should be useful for anyone planning to deploy this product into an existing IT infrastructure, especially one based on the IT Infrastructure Library (ITIL)—a comprehensive set of best practices for IT service management—and Microsoft Operations Framework (MOF). It is aimed primarily at two main groups: IT managers and IT support staff (including analysts and service-desk specialists).

How to Use This GuideThis guide is divided into six chapters. The first chapter provides basic background information. The second chapter provides a high-level checklist of the tasks required for maintaining this product. The third chapter takes a more detailed look at the tasks described in the maintenance chapter. The fourth chapter organizes tasks by the Microsoft Operations Framework (MOF) role cluster responsible for each task. The fifth chapter provides information about common troubleshooting techniques for the Windows Server 2003 DNS Service. The sixth chapter addresses audit logging behavior that applies to the DNS Service provided with Windows Server 2003.

The guide may be read as a single volume, including the detailed maintenance and troubleshooting chapters. Reading the document in this way will provide the necessary context so that later material can be understood more readily. However, some people will prefer to use the document as a reference, only looking up information as they need it.

BackgroundThis guide is based on Microsoft Solutions for Management (MSM). MSM provides a combination of best practices, best-practice implementation services, and best-practice automation, all of which help customers achieve operational excellence as demonstrated by high quality of service, industry reliability, availability, and security, and low total cost of ownership (TCO).

These MSM best practices are based on MOF, a structured, yet flexible approach based on ITIL. MOF includes guidelines on how to plan, deploy, and maintain IT operational processes in support of mission-critical service solutions.

Central to MOF—and to understanding the structure of this guide—are the MOF Process and Team models. The Process Model and its underlying service management functions (SMFs) are the foundation for the process-based approach that this guide recommends for maintaining a product. The Team Model and its role clusters offer guidance for ensuring the proper people are assigned to operational roles.

Figure 1 shows the MOF Process Model combined with the SMFs that make up each quadrant of the Process Model.

Figure 1MOF Process Model and SMFs

Domain Name System (DNS) Service Product Operations Guide 3

Figure 2 shows the MOF Team Model, along with some of the many functional roles or function teams that might exist in service management organizations. These roles and function teams are shown mapped to the MOF role cluster to which they would likely belong.

Security

Release

Infrastructure

Support

Operations

Partner

Change management Release/systems engineering Configuration control/asset

management Software distribution/licensing Quality assurance

Messaging operations Database operations Network administration Monitoring/metrics Availability management

Intellectual property protection Network and system security Intrusion detection Virus protection Audit and compliance admin Contingency planning

Maintenance vendors Environment support Managed services, outsourcers,

trading partners Software/hardware suppliers

Enterprise architecture Infrastructure engineering Capacity management Cost/IT budget management Resource and long-range

planning

Service desk/help desk Production/production support Problem management Service level management

Figure 2MOF Team Model and examples of functional roles or teams

4 Managing the Windows Server Platform

The MOF Team Model is built on six quality goals, which are described and matched with the applicable team role cluster in Table 1.

Table 1. MOF Team Model Quality Goals and Role Clusters

Quality Goal Team Role Cluster

Effective release and change management. Accurate inventory tracking of all IT services and systems.

Release

Management of physical environments and infrastructure tools.

Infrastructure

Quality customer support and a service culture. Support

Predictable, repeatable, and automated system management.

Operations

Mutually beneficial relationships with service and supply partners.

Partner

Protected corporate assets, controlled authorization, and proactive security planning.

Security

Further information about MSM and MOF is available at http://www.microsoft.com/solutions/msm/techinfo/default.asp, or search for the topic on TechNet at http://www.microsoft.com/technet/default.asp. You can also contact your local Microsoft or partner representative.

http://www.microsoft.com/technet/default.asp

http://www.microsoft.com/solutions/msm/techinfo/default.asp

2High-Level Processes for Maintaining Windows Server 2003 DNS Service

OverviewEvery company consists of employees (people), activities that those employees perform (processes), and tools that help them perform those activities (technology). No matter what the business, it most likely consists of people, processes, and technology working together to achieve a common goal. Table 2 illustrates this point.

Table 2. People, Processes, and Technology Working Together

Area People Process Technology

Auto repair industry

Mechanic Repair manual Socket set

Software development industry

Programmer Project plan Compiler; debugger

IT operations IT technician Microsoft Operations Framework

Windows Server 2003 Domain Name System (DNS)

Domain Name System (DNS) is the primary method for name resolution in Windows Server 2003. DNS is also a requirement for deploying Microsoft Active Directory® directory service, but Active Directory is not a requirement for deploying DNS. However, integrating DNS with Active Directory enables DNS servers to take advantage of the security, performance, and fault tolerance capabilities of Active Directory.

Technology RequiredTable 3 lists the tools or technologies used in the procedures described in this guide. All tools should be accessed from a Windows Server 2003 server console, except in those cases where a link is provided.

Table 3. Tools and Technologies Required to Use the Procedures in This Guide

Required Technology

Description Location

Backup Performs backup and restore operations. It is automatically installed with Windows Server 2003.

Start > All Programs > Accessories > System Tools > Backup

Or to open the Backup tool using the command line:

Start > Run. In the Open box, type ntbackup and then click OK.

SrvInfo.exe Gathers system information from servers.

Windows Server 2003 Resource Kit

Windows® Management Instrumentation (WMI)

Provides management capabilities. In this guide, it is used specifically within Microsoft Visual Basic® Scripting Edition (VBScript). WMI is automatically installed with Windows Server 2003.

Start > Run. In the Open box, type wmimgmt.msc and then click OK.

DNS Manager Used for modifying DNS parameters. These centralized management and monitoring tools can be found either in Administrative Tools after initial installation of the DNS service, or through Adminpak.msi.

Start > Control Panel > Administrative Tools

Or to open DNS Manager using the command line, type:

%systemroot%\System32\ dnsmgmt.msc


Required Technology


Event Viewer Provides logs for transactional reactive reviews of system and service events. It is automatically installed with Windows Server 2003.

Start > Control Panel > Administrative Tools > Event Viewer

Or to open Event Viewer using the command line:

Start >Run. In the Open box, type eventvwr.msc and then click OK.

System Monitor

(formerly known in Microsoft Windows® 2000 as Performance Monitor)

Provides detailed performance information on key metrics used to troubleshoot bottlenecks and degradation. It is automatically installed with Windows Server 2003.

Start, > Control Panel > Administrative Tools > Performance

Or to open System Monitor using the command line:

Start > Run. In the Open box, type perfmon and then click OK.

Task Manager Offers an immediate view of system activity and performance. This technology is automatically installed with Windows Server 2003.

Right-click an empty space on the taskbar, and then click Task Manager.

Service Controller (Sc.exe)

Allows for general management of Windows services, including startup, shutdown, and status.

\windows\system32\ sc.exe

Or to open Service Controller using the command line:

Start > Run. In the Open box, type sc and then click OK.

Netsh(Netsh.exe)

Manages network services and configuration objects.

\windows\system32\netsh.exe

Or to open Netsh using the command line:

Start > Run. In the Open box, type netsh and then click OK.


Required Technology


Windows Server 2003 Resource Kit Tools

Provides operations tools, scripts, and shortcuts to add and automate administrative functionality for Windows Server 2003. This kit is a separate installable package.

http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en, or search for “Windows Server 2003 Resource Kit Tools” at http://www.microsoft.com.

Microsoft Word, Microsoft Excel, and Microsoft Access XP

Full-featured Microsoft Office desktop applications that can be used to create the reports and manage the data sets listed in this product operations guide.

Microsoft Word, Excel, and Access can be found either as a stand-alone product or as part of Microsoft Office XP.

Microsoft SQL Server™ (optional)

Can be used to manage enterprise-level volumes of management log, performance, and configuration data.

http://www.microsoft.com/sql/

CSVDE Active Directory command-line manipulator and reporting tool.

%systemroot%\system32\csvde.exe

CScript Command-line .vbs script interpreter.

%systemroot%\system32\cscript.exe

Findstr Lexical and expression-based parser.

%systemroot%\system32\findstr.exe

Pathping Ping-based network performance check for each hop along a network path.

%systemroot%\system32\pathping.exe

NSLookup DNS lookup utility for resolving host name and IP.

%systemroot%\system32\nslookup.exe

DNSCmd DNS command-line utility for manipulation and extraction.

Windows Server 2003 Support Tools

DNSLint DNS command-line utility for DNS reporting and check.

Windows Server 2003 Support Tools



http://www.microsoft.com/

http://www.microsoft.com/

http://www.microsoft.com/downloads/details.aspx?familyid=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en




Maintenance Processes ChecklistThe following tables provide a quick reference for those product maintenance processes that need to be performed on a regular basis. These tables offer a high-level view of the processes described in subsequent chapters of this guide. They are limited to those processes required for maintaining the product.

Operating QuadrantThe processes for this chapter are based on the service management functions (SMFs) that make up the MOF Operating Quadrant. Further information about the MOF Process Model and the MOF SMFs is available at http://www.microsoft.com/solutions/msm/techinfo/default.asp, or search for the document title on TechNet at http://www.microsoft.com/technet/default.asp.

Service Monitoring and Control SMF

Daily Processes

Process Name Related SMFs MOF Role Cluster

Perform Monitoring Infrastructure

Weekly Processes


There are no weekly processes for this SMF.

Monthly Processes



As-Needed Processes


There are no as-needed processes for this SMF.




Storage Management SMF

Daily Processes


Data Backup, Restore, and Recovery Options

Operations

Weekly Processes


Storage Resource Management

Operations

Monthly Processes



As-Needed Processes


Data Backup, Restore, and Recovery Options

Operations


Supporting QuadrantThe processes for this section are based on the SMF guides that make up the MOF Supporting Quadrant.

Incident Management SMF

Daily Processes


Proactive Analysis and Review

Support and Operations

Weekly Processes



Monthly Processes


Incident Closure Support

As-Needed Processes




Problem Management SMF

Daily Processes



Support

Weekly Processes



Support

Monthly Processes


There are no monthly processes for this SMF.

As-Needed Processes


Problem Recording and Classification

Operations


Operations


Optimizing QuadrantThe tasks for this section are based on the SMF guides that make up the MOF Optimizing Quadrant.

Capacity Management SMF

Daily Processes


Managing Resources and Service Performance

Operations

Weekly Processes



Monthly Processes


Managing Resources and Service Performance

Operations

As-Needed Processes




Availability Management SMF

Daily Processes


There are no daily processes for this SMF.

Weekly Processes



Monthly Processes


There are no monthly processes for this SMF.

As-Needed Processes


Design for Recovery Operations


Changing QuadrantThe processes for this section are based on the SMF guides that make up the MOF Changing Quadrant.

Change Management SMF

Daily Processes


Change Classification and Authorization

Infrastructure

Weekly Processes



Monthly Processes



As-Needed Processes




Configuration Management SMF

Daily Processes


There are no daily processes for this SMF.

Weekly Processes


Review Configuration Items

Infrastructure

Monthly Processes


Review Configuration Items

Operations

As-Needed Processes



3Detailed Maintenance Actions

OverviewThis chapter provides detailed information about the processes that must be performed in order to maintain Windows Server 2003 DNS services. These processes are arranged according to the MOF quadrant to which they belong and, within each quadrant, by the MOF SMF guides that make up that quadrant.

Those quadrants are:

● Operating Quadrant

● Supporting Quadrant

● Optimizing Quadrant

● Changing Quadrant

Further information about the MOF Process Model and the MOF SMFs is available at http://www.microsoft.com/solutions/msm/techinfo/default.asp, or search for the document title on TechNet at http://www.microsoft.com/technet/default.asp.



Operating Quadrant


Operations Role Cluster

Daily

Process: Data backup, restore, and recovery operations

Description

Storing, restoring, and recovering data are key storage management activities for maintaining company data. Data should be classified by type, and a strategy should be developed to ensure that operations fulfill business requirements and service level objectives. This process should be performed on a daily basis to ensure a viable backup and recovery capability.

Task: Create DNS backup and pull backup files to remote storagePurpose

The intent of these backups is to provide an externally stored restore source that is readily available in the event of local database corruption.

Because there are several options for DNS implementations, there will also be varying data storage requirements. DNS backups will depend on the implementation type. For Active Directory integrated DNS, use Option 1—System State. For standard implementation, use Option 2—System State and Zone File Backups.

Option 1—System State

Procedure 1: Manual backup to tape or external locally-attached storage1. From a Windows Server 2003 with access to a tape device, on the

Start menu, click Run, enter ntbackup.exe and click OK.

2. If Backup or Restore Wizard window is shown, click Advanced Mode.

3. Click Backup Wizard (Advanced).

4. Click the check box to flag for System State backup.

5. Select an appropriate backup destination, such as a SAN-connected tape drive, or choose a directory by clicking Browse. Selecting a directory will enable a shadow copy into a file.

6. Type in a name for the backup job, and click Next.

7. Make sure the appropriate media is loaded or the target directory is accessible, and click Finish.


Procedure 2: Scriptable manual copy to remote server directory

If Procedure 1 backup was targeted to a local storage location, perform this procedure to create a remote copy.

Make sure a share with restricted access has been created for the DNS server’s zone file directory. To create a share with restricted access to the DNS backup directory on the Windows Server 2003 DNS server, follow these steps:

Using Server Management to create a share:

1. Click Start, then All Programs, then Administrative Tools, and then click Server Management.

2. Connect to the specific remote Windows Server 2003 DNS server and create a share specifying the system state backup directory, such as “C:\Backup\SystemState.” Make sure the shares are restricted to allow read-only, and customize permissions to only the group or user responsible for backup and maintenance of the DNS server.

Using a command line to create a share:

1. On the Start menu, click All Programs, then click Accessories, then click Communications, and then click Remote Desktop Connection.

2. Connect to the specific remote Windows Server 2003 DNS server, and on the remote system Start menu, click Run, and type cmd

3. Enter the command:net share dnsSysState=C:\backup\SystemState /GRANT:username,READ /USERS:1 /CACHE:None

Copying backup to remote storage system:


2. Connect to the specific remote Windows Server 2003 DNS server, and on the remote system Start menu, click Run, and type cmd

3. Enter the following commands:net use \\ DNS_Server_hostname\dnsSysState

net use \\Repository_hostname\sharename

xcopy \\DNS_Server_hostname\dnsSysState \\Repository_hostname\sharename /I /V /E /H /K /X /Y

net use \\DNS_Server_hostname\SysState /delete

net use \\Repository_hostname\sharename /delete


Option 2—System State and Zone File Backup

Procedure 1: Manual backup to tape or external locally-attached storage1. From a Windows Server 2003 with access to a tape device, on the

Start menu, click Run, enter ntbackup.exe and click OK.

2. If Backup or Restore Wizard window is shown, click Advanced Mode.

3. Click Backup Wizard (Advanced).

4. Click the check box to flag for System State backup.

5. Expand to the %SystemRoot%\System32\DNS folder on the left tree view, and click its check box to flag for backup.

6. Select an appropriate backup destination, such as a SAN-connected tape drive, or choose a directory by clicking Browse. Selecting a directory will enable a shadow copy into a file.

7. Type in a name for the backup job, and click Next.

8. Make sure the appropriate media is loaded or the target directory is accessible, and click Finish.

Procedure 2: Scriptable manual copy to remote server directory

If Procedure 1 backup was targeted to a local storage location, perform this procedure to create a remote copy.

Make sure a share with restricted access has been created for the DNS server’s zone file directory. To create a share with restricted access to the DNS backup directory on the Windows Server 2003 DNS server, follow these steps:

Using Server Management to create a share:

1. Click Start, then All Programs, then Administrative Tools, and click Server Management.

2. Connect to the specific remote Windows Server 2003 DNS server and create a new share specifying the DNS zone file directory, such as the default “C:\Windows\System32\DNS\.” Create a second share specifying the system state backup directory, such as “C:\Backup\SystemState.” Make sure the shares are restricted to allow read-only, and customize permissions to only the group or user responsible for backup and maintenance of the DNS server.


Using a command line to create a share:


2. Connect to the specific remote Windows Server 2003 DNS server and on the remote system Start menu, click Run, and type cmd

3. Enter the command:net share dnsbackup=%systemroot%\system32\dns /GRANT:username,READ /USERS:1 /CACHE:None

net share dnsSysState=C:\backup\SystemState /GRANT:username,READ /USERS:1 /CACHE:None

Copy backup to remote storage system:


2. Connect to the specific remote Windows Server 2003 DNS server and on the remote system Start menu, click Run, and enter cmd

3. Enter the following commands:net use \\DNS_Server_hostname\dnsbackup

net use \\ DNS_Server_hostname\dnsSysState

net use \\Repository_hostname\sharename

xcopy \\DNS_Server_hostname\dnsbackup \\Repository_hostname\sharename /I /V /E /H /K /X /Y

xcopy \\DNS_Server_hostname\dnsSysState \\Repository_hostname\sharename /I /V /E /H /K /X /Y

net use \\DNS_Server_hostname\dnsbackup /delete

net use \\DNS_Server_hostname\SysState /delete

net use \\Repository_hostname\sharename /delete

Dependencies

System state backups are being performed.

Technology Required

● Windows Server 2003

● Backup

● DNS Manager


Task: Verify previous day's backup jobPurpose

The purpose of this process is to give guidance on how to verify the integrity of the daily scheduled backup job. Regardless of the utility used to provide backup service to the DNS server, the operations team should verify each backup job after it is completed. This verification allows the operations team to resolve issues with backups that may put the organization at risk of data loss.

Backups are typically scheduled during off-peak hours or during maintenance windows. Therefore, this task focuses on verifying the last completed backup run.

Procedure 1: Verify the backup job is completed

You can use Event Viewer to verify whether a backup job started or completed, and if there were errors encountered during the backup operation.

1. Start Event Viewer.

2. Right-click Application Log, select Properties, highlight View, and select Filter.

3. In Event Source, click the drop-down menu, select Backup, and click OK.

4. Search for the following events:

● Event 8000: This event signals the start of a backup on a volume. You should receive this event for each volume in the backup job.

● Event 8001: This event signals the end of a backup on a volume. You should receive n – 1 of this event for a backup job, where n is equal to the number of volumes in the backup job. When a volume has backed up successfully, Event 8001 will be logged as an informational event. When errors are encountered backing up a volume, Event 8001 will be logged as an error event.

● Event 8019: This event signals the end of the backup operation. You should receive one 8019 event per backup job.

Dependencies

● Backup jobs are logged to disk.

● Incident management process.

Technology Required

● Backup

● Event Viewer


Operating Quadrant



As Needed

Process: Data backup, restore, and recovery operations

Description

Storing, restoring, and recovering data are key storage management activities for maintaining company data. Data should be classified by type, and organizations should develop a strategy to ensure that these operations fulfill business requirements and service level objectives.

Task: Verify restorePurpose

When restoring the DNS server, it is important to verify the successful completion of the restoration task. A DNS database can be partitioned into multiple zones. A single DNS server can be configured to host zero, one, or multiple zones. DNS zones may be primary, secondary, or stub (a zone containing only those resource records that are necessary to identify the authoritative DNS servers for that zone). Zones may be converted to Active Directory integrated by using the Active Directory Service as the data storage and replication engine. In a Directory Services (DS) integrated DNS, each DNS zone becomes an Active Directory Service container object (DnsZone). In Windows Server 2003, application directory partitions enable storage and replication of DNS zones stored in the non-domain naming context (NDNC) partition of Active Directory. Only servers running on domain controllers can load DNS integrated zones; consequently, restoration of a DS integrated DNS server is equivalent to a domain controller restoration.

The tasks below describe the verification steps of a standard primary, secondary, and stub zone restore.


Procedure 1: Verify restore configuration of a primary zone1. Start the Backup utility.

2. On the Tools menu, select Reports.

3. In the Backup Reports window, select the report that contains the Restore Job, and click View.

4. Search the log for the “Operation: Restore” string.

5. Verify that the restore location and restore files are in the location specified in the initial restore request. The .DNS file with the zone data is located in the %SystemRoot%\System32\DNS folder.

6. Start the DNS Manager from Administrative Tools.

7. From the left-tree view, select the applicable DNS server.

8. Verify that the zone is listed, which signifies it was restored.

9. Select the applicable DNS server from the left-tree view. On the Action menu, select Properties.

10.Select the Monitoring tab.

11.Select Simple and Recursive queries. Select Run Now.

12.Results may be viewed in the Test Results dialog box.

Procedure 2: Verify restore configuration of a secondary zone1. Start the Backup utility.


3. In the Backup Reports window, select the report that contains Restore Job, and click View.




7. Select the applicable secondary zone.

8. On the Action menu, click Transfer from Master. The zone is then updated from the configured master zone.

9. Verify that the zone data has been restored by checking Selected Records.

10.Select the applicable DNS server from the left-tree view. On the Action menu, select Properties.





Procedure 3: Verify restore configuration of a stub zone1. Start the Backup utility.


3. In the Backup Reports window, select the report that contains Restore Job, and click View.




7. Select the applicable stub zone.

8. On the Action menu, click Reload from Master. The zone is then reloaded from the configured master.

9. Verify that the zone data has been restored by checking Selected Records.

10.Select the applicable DNS server from the left-tree view. On the Actions menu, select Properties.




Dependencies

Scheduled zone file and system state backups are being performed.

Technology Required

● Backup

● DNS Manager


Optimizing Quadrant

Availability Management SMF


As Needed

Process: Design for recoveryDescription

Designing for recovery ensures that the appropriate processes, procedures, and technologies are in place to efficiently recover IT services and bring them back to operating levels. Its role is to examine each state in the incident’s life cycle and to minimize the time spent in each area.

Task: Test the server restoration capabilityPurpose

A comprehensive recovery plan should include periodic testing of the backups to ensure that the backup media, data, and type of data collected are sufficient to ensure the complete recovery of a DNS server.

Procedure 1: Restoring from backup Active Directory integrated DNS

Please refer to the Active Directory Service Product Operations Guide for detailed information on Active Directory restore. The following is high-level guidance from a directory services integrated DNS perspective.

1. Build and configure a stand-alone Windows Server 2003 server, preferably with a hardware configuration identical to the production server.

2. Ensure that the server is not connected to the production network. (Many organizations maintain a standing data recovery [DR] lab environment that has been isolated from the networks it supports.)

3. Perform the steps necessary for normal Active Directory restore using system state backup data.

4. Validate restore by testing DNS functionality. Since the restored service is in a DR lab environment, the server may not retain full functionality. Where functionality is not testable, check the configuration items—such as the forwarder IP addresses—against production DNS servers.


Procedure 2: Restoring from backup standard primary zone1. Build and configure a stand-alone Windows Server 2003 server with

hardware configuration as close as possible to that of the production server.

2. Ensure that the server is not connected to the production network. (Many organizations maintain a standing DR lab environment that has been isolated from the networks it supports.)

3. Restore the system state for a stand-alone Windows Server 2003 server or perform the tasks necessary for a normal Active Directory restore if the server is a domain controller.

4. Restore the DNS zone files that were backed up in "Task: Create DNS backup and pull backup files to remote storage.”

5. Validate restore by testing DNS functionality. Since the restored service is in a DR lab environment, the server may not retain full functionality. Where functionality is not testable, check the configuration items—such as the forwarder IP addresses—against production DNS servers.

Dependencies

Scheduled zone file and system state backups are being performed.

Technology Required

● DR lab or similar equipment

● Backup


Operating Quadrant



Weekly

Process: Storage resource managementDescription

Storage resource management (SRM) is a key storage management activity focused on ensuring that important storage devices, such as disks, are formatted and installed with appropriate DNS systems. In addition, SRM includes using management technologies to monitor storage resources to ensure that they meet availability, capacity, and performance requirements.

Task: Monitor disk space for DNS logs and databasePurpose

This task ensures that the DNS zone files can grow as appropriate. Because of the relatively small size of zone files, DNS server disk space is normally not an issue. DNS debug logging is disk-resource intensive. Before enabling and configuring DNS debug logging, review disk availability.

Procedure 1: Monitor disk usage and availability

Using the Explorer GUI:

1. Click Start, click Run; in the Run box, type explorer and then click OK.

2. On the left-tree view, browse to the drive where the DNS server files are stored. The default location is C:\Windows\System32\DNS.

3. Right-click the drive and select Properties.

Using a WMI script:

The script below illustrates another way to collect resource information similar to the way described in Procedure 1. This script does not continuously collect and store formatted performance information, but serves as a sample base for writing an operations script that may be integrated with an enterprise Management Pack or as a scheduled job.

1. Copy and paste the script to Notepad.exe and save to a file such as “DNSChkSpace.vbs.”

2. Run the script by typing the following command:

cscript DNSChkSpace.vbs


The following is the script listing for multiple server checks:

rem – DNS Check Disk Space for Log and DB Drive ---------------------

On Error Resume Next

rem ---------------------------------------------------------------------------------rem -- List all DNS Servers in the strDNSServer array in quotesrem -- and separated by commas. use "." for localsystem. rem --rem -- Example:rem -- strDNSServer=array("dnssvr01","dnssvr02","192.168.23.21")rem -- arrDNSSvr = array( ".","dnssvr01")rem ---------------------------------------------------------------------------------

For Each strComputer in arrDNSsvr

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")Set colItems = objWMIService.ExecQuery("Select * from Win32_LogicalDisk",,48)For Each objItem in colItems Wscript.Echo "DeviceID: " & objItem.DeviceID Wscript.Echo "FreeSpace: " & objItem.FreeSpace Wscript.Echo "VolumeName: " & objItem.VolumeNameNextNextrem – END OF SCRIPT --

The following is the script listing for a single server with a specific drive check:

rem – DNS Check Disk Space for Log and DB Drive ----------------


rem – Replace “.” with the DNS server’s hostname or IP.strComputer="."

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

rem – Replace ‘c:’ with the DNS server’s appropriate directoryrem --Set colItems = objWMIService.Get("Win32_LogicalDisk.DeviceID='c:'")

Wscript.Echo "DeviceID: " & colItems.DeviceID Wscript.Echo "FreeSpace: " & colItems.FreeSpace Wscript.Echo "VolumeName: " & colItems.VolumeNamerem – END OF SCRIPT –

Dependencies

None

Technology Required

● Basic Windows Server 2003 operating system installed with DNS

● Windows Management Instrumentation (WMI) infrastructure

● CScript


Optimizing Quadrant



Daily

Process: Managing resources and service performance

Description

Capacity management is concerned with the optimized use of IT resources in order to achieve the level of performance agreed upon with the client. The process of capacity management can be either reactive or proactive. Iterative activities, such as monitoring, analyzing, tuning, and reporting, are also important in the process of managing resources and service performance. The present and future capacity requirements for a service are documented in service level agreements (SLAs). These requirements are broken down into individual operating level agreements (OLAs) for each of the key IT layers in the technical infrastructure.

The tasks included in this process use comma-delimited files for storing data as a base reference. For larger environments that include 10 or more servers, administrators should use Microsoft SQL Server™ or Microsoft Operations Manager 2000 (MOM) as an effective centralized repository for events.

Task: Capture service performance statisticsPurpose

The following activity captures empirical data on DNS service performance. This data, which is collected daily (or multiple times a day) will be reviewed weekly. It will also be used to create monthly reports that are reviewed quarterly for service level agreement (SLA) compliance. Service performance statistics are different from system or usage performance statistics in that they measure the characteristics of the DNS services, not the underlying infrastructure, such as disk, memory, and processor.


Procedure 1: Configure DNS performance logging

Using the System Monitor GUI:

1. Start the System Monitor from Administrative Tools or click Start, click Run; in the Run box, type perfmon and then click OK.

2. On the left-tree view, expand the Performance Logs and Alerts branch and click Counter Logs. The view in the right pane will display all log settings.

3. Right-click Counter Logs, and select New Log Settings.

4. Enter a name such as “DNS Service Performance,” and click OK.

5. Click the Add Counters button, which will bring up the Add Counters dialog box.

6. Click the Select Counter objects from computer radio button, and select or enter the appropriate DNS server in the pull-down box.

7. In the Performance Object pull-down box, select DNS.

Click Secure Update Failure, Secure Update Received, Zone Transfer Failure, Zone Transfer Request Received, Dynamic Update Queues, Dynamic Update Received/sec, Recursive Queries/sec, Recursive Query Failure/sec, Recursive TimeOut/sec, TCP Query Received/sec, TCP Response Sent/sec, UDP Query Received/sec, UDP Response Sent/sec. There are no instances associated with these counters.

8. Click Add.

9. Verify that the new counters were added to the logging.

(The Add Counters window may be blocking the previous DNS Service Load and Util window.)

10.In the Sample data every: area, specify an appropriate interval—such as 10 minutes.

11.Select the Log Files tab on this window.

12.In the Log file type: area, select Text File (Comma delimited), and click Configure.

13.Specify the appropriate location for the log file. Ideally, this should be a remote directory from a reliable file server with ample disk space to store three to five months' worth of DNS Service Perf logs.

14.In the File name: area, enter an appropriate name, such as “DNSSvcPerf” and verify that the log file size is set to Maximum limit. Click OK.

15.Enable End File names with: and select [yyyymmdd] in the pull-down selector.

16.Add an appropriate comment such as “DNS Service Perf Log v1.”

17.Click Apply, and then click OK.


Using a WMI VBScript:

The following script approach illustrates the collection of service performance information in a way similar to the method described in Procedure 1. This script does not continuously collect and store formatted performance information, but serves as a sample base for writing an operations script that may be integrated with an enterprise Management Pack.

1. Copy and paste the script below to an editor such as Notepad and save it using a file name such as “DNSServicePerf.vbs.”

2. Run the script by typing the following command:cscript //nologo DNSServicePerf.vbs

The following is a sample script listing:

rem – DNS Server Service Performance Logging ---------------------


rem ---------------------------------------------------------------------------------rem -- List all DNS Servers in the strDNSServer array in quotesrem -- and separated by commas. use "." for localsystem. rem --rem -- Example:rem -- arrDNSSvr=array("DNSsvr01","dnssvr02","192.168.23.21")rem --

arrDNSSvr = array( ".","DNSsvr01")

rem ---------------------------------------------------------------------------------For Each strComputer in arrDNSsvr

Wscript.Echo “—“ & strComputer & “------------------------------“

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")Set colItems = objWMIService.ExecQuery("Select * from Win32_PerfFormattedData_DNS_DNS",,48)For Each objItem in colItems Wscript.Echo "SecureUpdateFailure: " & objItem.SecureUpdateFailure Wscript.Echo "SecureUpdateReceived: " & objItem.SecureUpdateReceived Wscript.Echo "ZoneTransferFailure: " & objItem.ZoneTransferFailure Wscript.Echo "ZoneTransferRequestReceived: " & objItem.ZoneTransferRequestReceived Wscript.Echo "DynamicUpdateQueued: " & objItem.DynamicUpdateQueued Wscript.Echo "DynamicUpdateReceivedPersec: " & objItem.DynamicUpdateReceivedPersec Wscript.Echo "RecursiveQueriesPersec: " & objItem.RecursiveQueriesPersec Wscript.Echo "RecursiveQueryFailurePersec: " & objItem.RecursiveQueryFailurePersec Wscript.Echo "RecursiveTimeOutPersec: " & objItem.RecursiveTimeOutPersec Wscript.Echo "TCPQueryReceivedPersec: " & objItem.TCPQueryReceivedPersec Wscript.Echo "TCPResponseSentPersec: " & objItem.TCPResponseSentPersec Wscript.Echo "UDPQueryReceivedPersec: " & objItem.TCPQueryReceivedPersec Wscript.Echo "UDPResponseSentPersec: " & objItem.TCPResponseSentPersec

NextNext

To format the script similar to the System Monitor format:

1. At the top of the script, add the following lines:

m=Month(Now)d=Day(Now)


s=Second(Now)If (m<10) Then m="0" & mEnd IfIf (d<10) Then d="0" & dEnd IfIf (s<10) Thens="0" & sEnd IfstrFormattedDate = chr(34) & m & "/" & d & "/" & Year(Now) & " " & Hour(Now) & ":" & Minute(Now) & ":" & s & ".000" & chr(34)

2. After the line “For Each objItem in colItems” all the way to “Next” are the output commands to echo the results to screen. Select the objects you would like to log and replace the “Wscript.Echo …” lines with concatenated and formatted output, including formatting such as “ (quotes) represented by chr(34) and , (commas). For example, to create a System Monitor-style output for DNS TotalQueryReceived/sec, TotalResponseSent/sec, and ZoneTransferSuccess, the result would be:…For Each objItem in colItemsWscript.Echo strFormattedDate & “,” & chr(34) & objItem.TotalQueryReceivedPersec & chr(34) & “,” & chr(34) & objItem.TotalResponseSentPersec & chr(34) & “,” & chr(34) & objItem.ZoneTransferSuccess & chr(34)Next…

Dependencies

None

Technology Required


● WMI infrastructure

● CScript


Operating Quadrant

Service Monitoring and Control SMF

Infrastructure Role Cluster

Daily

Process: Perform monitoringDescription

The purpose of service monitoring and control is to observe the end-to-end health of IT services in order to detect and prevent service exceptions and to gather data used by other SMFs to optimize IT services. The perform monitoring process continuously monitors the IT infrastructure and components that deliver the end-to-end service.

The tasks included in this process use comma-delimited files for storing data as a base reference. For larger environments that include 10 or more servers, administrators should use Microsoft SQL Server or Microsoft Operations Manager (MOM) as an effective centralized repository for events.

Task: Capture usage performance statisticsPurpose

The following activity captures empirical data on DNS services performance. This data, which is collected daily (or multiple times a day) will be reviewed weekly. It will also be used to create monthly reports that are reviewed quarterly for service level agreement (SLA) compliance. Usage performance is different from system or DNS service performance statistics in that it measures the utilization of the DNS Service, not the underlying infrastructure, such as disk, memory, and processor or DNS service-related items.




1. Start the System Monitor from Administrative Tools, or click Start, click Run; in the Run box, type perfmon and then click OK.

2. On the left-tree view, expand the Performance Logs and Alerts branch, and click Counter Logs. The view in the right pane will display all log settings.


4. Enter a name such as “DNS Usage Performance,” and click OK.

5. Click the Add Counters button, which will bring up the Add Counters dialog box.

6. Click the Select Counter objects from computer radio button, and select or enter the appropriate DNS server in the pull-down box.

7. In the Performance Object pull-down box, select DNS.

8. Click Total Response Sent/sec, Total Query Received/sec, WINS Lookup Received/sec, WINS Response Sent/sec, WINS Reverse Lookup Received/sec, WINS Reverse Response Sent/sec. There are no instances associated with these counters.

9. Click Add.

10.Verify that the new counter was added to the logging.

(The Add Counters window may be blocking the previous DNS Usage Load and Util window.)



13.In Log file type: area, select Text File (Comma delimited), and click Configure.

14.Specify the appropriate location for the log file. Ideally, this should be a remote directory from a reliable file server with ample disk space to store three to five months' worth of DNS Service Perf logs.

15.In the File name: area, enter an appropriate name, such as “DNSUsagePerf” and verify that the log file size is set to Maximum limit. Click OK.


17.Add an appropriate comment such as “DNS Usage Perf Log v1.”




1. Copy and paste the script below to Notepad.exe and save to a file such as “DNSUsagePerf.vbs.” The script illustrates the collection of performance information in a way that is similar to the one described in Procedure 1. This script does not continuously collect and store formatted performance information, but serves as a sample base for writing an operations script that may be integrated with an enterprise Management Pack or as a scheduled job.

2. Run the script by typing the following command:cscript //nologo DNSUsagePerf.vbs

The following is a sample script listing:

On Error Resume NextstrComputer = "."Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")Set colItems = objWMIService.ExecQuery("Select * from Win32_PerfFormattedData_DNS_DNS",,48)For Each objItem in colItems Wscript.Echo "TotalQueryReceivedPersec: " & objItem.TotalQueryReceivedPersec Wscript.Echo "TotalResponseSentPersec: " & objItem.TotalResponseSentPersec Wscript.Echo "WINSLookupReceivedPersec: " & objItem.WINSLookupReceivedPersec Wscript.Echo "WINSResponseReceivedPersec: " & objItem.WINSResponseReceivedPersec Wscript.Echo "WINSReverseResponseSentPersec: " & objItem.WINSReverseResponseSentPersec Wscript.Echo "WINSReverseLookupReceivedPersec: " & objItem.WINSReverseLookupReceivedPersec Next



1. At the top of the script, add the following lines:

m=Month(Now)d=Day(Now)s=Second(Now)If (m<10) Then m="0" & mEnd IfIf (d<10) Then d="0" & dEnd IfIf (s<10) Thens="0" & sEnd IfstrFormattedDate = chr(34) & m & "/" & d & "/" & Year(Now) & " " & Hour(Now) & ":" & Minute(Now) & ":" & s & ".000" & chr(34)

2. Between “For Each objItem in colItems” and “Next” are the output commands to echo the results to screen. Select the objects you would like to log and replace the “Wscript.Echo …” lines with concatenated and formatted output, including formatting such as “ (quotes) represented by chr(34) and , (commas). For example, to create a System Monitor-style output for DNS TotalQueryReceived/sec, TotalResponseSent/sec, and ZoneTransferSuccess, the result would be:

…For Each objItem in colItemsWscript.Echo strFormattedDate & “,” & chr(34) & objItem.TotalQueryReceivedPersec & chr(34) & “,” & chr(34) & objItem.TotalResponseSentPersec & chr(34) & “,” & chr(34) & objItem.ZoneTransferSuccess & chr(34)Next…

Dependencies

None

Technology Required

● DNS server


● CScript


Task: Capture system performance statisticsPurpose

The following activity captures empirical data on the DNS server. This data, which is collected daily (or multiple times a day) should be reviewed weekly. It will also be used to create monthly reports that are reviewed quarterly for SLA/OLA compliance. System utilization statistics are different from service or usage metrics in that they measure the usage characteristics of the underlying infrastructure of the DNS server system, such as disk, memory, or processor.



1. Start the System Monitor from Administrative Tools or click Start, click Run; in the Run box, type perfmon and then click OK.

2. On the left-tree view, expand the Performance Logs and Alerts branch and click Counter Logs. The view in the right pane will display all log settings.


4. Enter a name such as “DNS Server Load and Util,” and click OK.

5. Click the Add Counter button; this will bring up the Add Objects dialog box.

6. Verify that the applicable DNS server is listed in the Select counters from computer: pull-down box.

7. Verify that the Select counters from list: radio button is selected.

8. In the Performance Object pull-down box, select Processor.

9. Click %Processor Time, %Privileged Time, and %User Time from the counters and choose the _Total instance.

10.Click Add.


(The Add Counters window may be blocking the previous DNS Server Load and Util window.)

12.In the Performance Object pull-down box, select Process.

13.Click %Processor Time, Private Bytes, and Page File Bytes from the counters and choose dns as the instance.

14.Click Add.




16.In the Performance Object pull-down, select Memory.

17.Click Available Bytes, Pages Input/sec, Pages Output/sec, Page Reads/sec, and Page Writes/sec. There are no instances associated with these counters.

18.Click Add.



20.In the Performance Object pull-down, select PhysicalDisk.

21.Click Current Disk Queue Length from the counters and choose _Total as the instance.

22.Click Add.



24.In the Performance Object pull-down, select Network Interface.

25.Click Bytes Total/sec and choose the appropriate interface instance(s) utilized by the DNS server.

26.Click Add.





30.In the Log file type: area, select Text File (Comma delimited), and click Configure.

31.Specify the appropriate location for the log file. Ideally, this should be a remote directory from a reliable file server with ample disk space to store three to five months' worth of DNS server system load and util logs.

32.In the File name: area, enter an appropriate name such as “DNSSysUtil” and verify that the log file size is set to Maximum limit. Click OK.


34.Add an appropriate comment such as “DNS System Perf and Util Log v1.”




1. Copy and paste the script below to Notepad.exe and save to a file such as “DNSServerPerf.vbs.” The script illustrates another way to collect performance information similar to that described in Procedure 1. This script does not continuously collect and store formatted performance information, but serves as a sample base for writing an operations script that may be integrated with an enterprise Management Pack or as a scheduled job.

2. Run the script by typing the following command:cscript //nologo DNSServerPerf.vbs

The following is a script listing:

rem – DNS Server System Load and Utilization Basic Collector ------------


rem ----------------------------------------------------------------------rem -- List all DNS Servers in the strDNSServer array in quotesrem -- and separated by commas. use "." for localsystem. rem --rem -- Example:rem -- strDNSServer=array("dnssvr01","dnssvr02","192.168.23.21")rem --

arrDNSSvr = array( ".","dnssvr01")

rem ----------------------------------------------------------------------For Each strComputer in arrDnssvr

Wscript.Echo “—“ & strComputer & “------------------------------“

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")Set colItems = objWMIService.ExecQuery("Select * from Win32_PerfFormattedData_PerfOS_Processor",,48)For Each objItem in colItems Wscript.Echo "PercentPrivilegedTime: " & objItem.PercentPrivilegedTime Wscript.Echo "PercentProcessorTime: " & objItem.PercentProcessorTime Wscript.Echo "PercentUserTime: " & objItem.PercentUserTimeNext

Set colItems = objWMIService.ExecQuery("Select * from Win32_PerfFormattedData_PerfProc_Process where Name = ‘dns’ ",,48)For Each objItem in colItems Wscript.Echo "PageFileBytes: " & objItem.PageFileBytes Wscript.Echo "PercentProcessorTime: " & objItem.PercentProcessorTime Wscript.Echo "PercentUserTime: " & objItem.PercentUserTimeNext

Set colItems = objWMIService.ExecQuery("Select * from Win32_PerfFormattedData_PerfOS_Memory",,48)For Each objItem in colItems Wscript.Echo "AvailableBytes: " & objItem.AvailableBytes Wscript.Echo "PageReadsPersec: " & objItem.PageReadsPersec Wscript.Echo "PagesInputPersec: " & objItem.PagesInputPersec Wscript.Echo "PagesOutputPersec: " & objItem.PagesOutputPersec Wscript.Echo "PageWritesPersec: " & objItem.PageWritesPersecNextSet colItems = objWMIService.ExecQuery("Select * from Win32_PerfFormattedData_PerfDisk_PhysicalDisk",,48)For Each objItem in colItems


Wscript.Echo "CurrentDiskQueueLength: " & objItem.CurrentDiskQueueLengthNext

Set colItems = objWMIService.ExecQuery("Select * from Win32_PerfFormattedData_Tcpip_NetworkInterface",,48)For Each objItem in colItems Wscript.Echo "BytesTotalPersec: " & objItem.BytesTotalPersecNextNext


1. At the top of the script, add the following lines:m=Month(Now)d=Day(Now)s=Second(Now)If (m<10) Then m="0" & mEnd IfIf (d<10) Then d="0" & dEnd IfIf (s<10) Thens="0" & sEnd IfstrFormattedDate = chr(34) & m & "/" & d & "/" & Year(Now) & " " & Hour(Now) & ":" & Minute(Now) & ":" & s & ".000" & chr(34)

2. Between “For Each objItem in colItems” and “Next” are the output commands to echo the results to screen. Select the objects you would like to log and replace the “Wscript.Echo …” lines with concatenated and formatted output, including formatting such as “ (quotes) represented by chr(34) and , (commas). For example, to create a PerfMon-style output for DNS Server AvailableBytes, PageReadsPersec, and PagesOutputPersec, the result would be:…For Each objItem in colItemsWscript.Echo strFormattedDate & “,” & chr(34) & objItem.AvailableBytes & chr(34) & “,” & chr(34) & objItem.PageReadsPersec & chr(34) & “,” & chr(34) & objItem.PagesOutputPersec & chr(34)Next…

Dependencies

None

Technology Required


● Windows Script Host



Optimizing Quadrant



Monthly

Process: Managing resources and service performance

Description

Capacity management is concerned with optimized utilization of IT resources in order to achieve the level of performance agreed to with the client. Support organizations supply these resources to ensure that the requirements of the business are met. The process of capacity management can be either reactive or proactive. Iterative activities, such as monitoring, analyzing, tuning, and reporting, are also important in the process of managing resources and service performance. The type of data for each activity differs. For example, the level of utilization of individual components in the infrastructure is relevant to IT resource management, while the transaction throughput rates and response time are pertinent to service-performance management.

Task: Create service performance and utilization reportPurpose

This task captures service performance and utilization in data that can be used to support decision making.

In this task, Microsoft Excel is used for analysis and visualization. Alternatively, System Monitor may be used to load statistics if stored in binary logs instead of csv. For larger environments that include 10 or more servers, administrators should use Microsoft SQL Server or Microsoft Operations Manager (MOM) as an effective centralized repository and analysis tool for events.

Procedure 1: Calculate daily statistics 1. Import performance and utilization logs into Microsoft Excel.

2. Calculate the daily performance average for each counter collected in the log.

3. In a new worksheet, record the daily average of the counters for each day of the month.

4. Use the graphing feature in Excel to create visuals that illustrate trends in performance.

For clarity, it may be easier to calculate the daily statistics on the basis of performance objects. You should also consider that these reports will be pertinent to the measuring of service level agreements (SLAs), operating level agreements (OLAs), and underpinning contracts (UCs).


Procedure 2: Store data and reports1. Store each month’s data in a single workbook for future reference.

2. Save the workbook to a file share on a file server that is under regular backup maintenance.

Dependencies

Capturing service performance in performance logs.

Technology Required

Microsoft Excel or third-party spreadsheet application

Task: Create system load and utility reportPurpose

This task captures the usage of print-server resources in data that can be used to support decision making and resource allocation.

Procedure 1: Calculate daily statistics1. Import service usage statistics into Excel.

2. Calculate the daily average for each counter collected in the log.

3. In a new worksheet, record the daily average of the counters for each day of the month.

4. Use Excel’s graphing feature to create visuals that illustrate trends in performance.

For clarity, it may be easier to calculate the daily statistics on the basis of performance objects.

Procedure 2: Store data and reports1. Store each month’s data in a single workbook for future reference.

2. Save the workbook to a file share on a file server that is under regular backup maintenance.

Dependencies

Capturing service performance in performance logs.

Technology Required

Excel or third-party spreadsheet application


Supporting Quadrant



As Needed

Process: Problem recording and classificationDescription

The problem recording and classification process deals with the initial detection and recording of a problem, which can originate from a variety of sources and mediums. Problems may be reported through the incident management process or as a result of analysis from the data collected by the problem management team.

Log files and event logging facilities commonly provide support for this process.

Task: Temporarily enable debug logging optionsPurpose

DNS debug logging creates a Dns.log file that contains debug logging activity. By default, it is located in the C:\Windows\System32\DNS folder. Using debug logging options impacts DNS server performance. For this reason, all debug logging options are disabled by default and should be enabled only for specific monitoring operations.

Procedure 1: Select and enable debug logging options on the DNS server1. Start the DNS Manager from Administrative Tools.


3. On the Action menu, click Properties.

4. Click the Debug Logging tab.

5. Select Log packets for debugging, and then select the events that you want the DNS server to record for debug logging.

6. Select applicable criteria including Packet direction, Transport protocol, and type.

7. Specify the log file name, location, and maximum file size. Note that the file name will be cached and, if re-used, will append to the log instead of overwriting. This will cause the log file to take up more disk space.

8. Click OK.

Procedure 2: Disable debug logging options on the DNS server1. Start the DNS Manager from Administrative Tools.




5. Click Reset To Default, and then OK.


Dependencies

DNS Service

Technology Required

DNS Manager

Task: Diagnose backup conditionsPurpose

The intent of this task is to perform detailed investigation on the backup jobs. This task goes beyond the summary information that “Task: Verify previous day’s backup job” provides.

Procedure 1: Enable detailed logging

Backup logs can be vital to troubleshooting and recording status of the backup operation. The default setting in Windows Server 2003 is for backup logs to contain summary information—for example, loading a tape, starting the backup, files backed up, bytes backed up, or failing to open a file. Some environments require more detailed information, such as which files are being backed up for a particular backup job.

For more detailed logging in the backup logs:

1. Start the Backup utility.

2. On the Tools menu, click Options.

3. In the Options window, click the Backup Log tab, select Detailed, and click OK.

Backup logs will now contain detailed information regarding the backup operations.


Procedure 2: Review the backup log1. Start the Backup utility.

2. On the Tools menu, click Reports.

3. In the Backup Report dialogue box, select the previous night’s backup report and click View.

● Event 8000 is not logged for the specific items being backed-up. When these events are not present, the backup did not run. When this occurs, the DNS server is at risk of data loss. Verify the backup job has not been deleted. Review the start time for the job to verify it has not been modified.

● Event 8001 is logged as a warning event in the application log. Review the backup log by searching for the “Warning:” string in the body of the log. Record what the warning is and the reason for the warning.

● Event 8019 is not logged for the specific items being backed-up. This means the backup job is still running. Review the application log and record the last volume to trigger a successful 8001 informational event. Record the last volume to trigger an 8000 event.

Dependencies

● Backup jobs are logged to disk.

● Problem management process.

Technology Required

● Backup

● Third-party backup software


Supporting Quadrant


Support Role Cluster

Daily

Process: Proactive analysis and reviewDescription

Proactive analysis activities are concerned with identifying and resolving problems and known errors before incidents occur, thus minimizing the adverse impact on the service and business as a whole. After a major incident or a major problem has occurred, a review of all the events and actions that took place should be conducted. This review provides a means of gathering useful data for future analysis and ensures that all important lessons are identified and recorded.

The tasks below use a manual method for tracking and analyzing events and are usable for all operations. However, for larger environments having 10 or more servers, it is best to use a centralized event management system such as Microsoft Operations Manager (MOM).

Task: Monitor DNS event log for critical DNS eventsPurpose

This task reviews DNS event log monitoring procedures to identify and correct any escalating issues. DNS debug logging is utilized only for troubleshooting specific DNS issues and is not included as a periodic monitoring function.

Procedure 1: Access event log

Using the Event Viewer GUI:

1. Click Start, click Run; in the Run box, type dnsmgmt.msc and then click OK.


3. Expand Event Viewer.

4. Click DNS Events.

Using a command line:

1. Click Start, click Run; in the Run box, type cmd and then click OK.

2. At the command prompt, type:CSCRIPT %systemroot%\System32\eventquery.vbs /S \\computer name /U domain\user /P password /V /L system /FO LIST /FI “source eq dnsapi”


Procedure 2: Review event log

Check for the following critical events:

Event ID

Description

140

The DNS server could not initialize the Remote Procedure Call (RPC) service. If it is not running, start the RPC service or reboot the computer. For specific error code, see the Record Data page on the Event Viewer.

In order for DNS to run, the Remote Procedure Call (RPC) service must be running on the DNS server.

1. Verify that the Remote Procedure Call (RPC) service has been started.

2. Open Administrative Tools, and double-click Services.

3. If the service has been started, try restarting the server.

4. If the error continues, remove and reinstall the RPC Configuration service by using the Services tab network connection in Network and Dial-up Connections in Control Panel.

403

The DNS server could not create a Transmission Control Protocol (TCP) socket. Restart the DNS server or reboot the computer. For the specific error code, see the Record Data page.

The Wsock32.dll might be incompatible with a third-party TCP/IP stack. This problem can also occur if the TCP/IP protocol is not bound to the network adapter.

If you are using a third-party TCP/IP protocol, verify that the protocol is compatible with the Wsock32.dll.

Check the bindings of the protocol stack. It is a good idea to have TCP/IP bound at the top of the stack. If the error continues, remove and reinstall the TCP/IP protocol, and then try again.

1. Open Control Panel, and then double-click Network and Dial-up Connections.

2. Right-click the connection, and then click Properties.

3. Verify that the bindings for all protocols to network adapters are enabled and that no broken connections exist in the stack.


Event ID

Description

407

DNS server could not bind the main datagram socket. The data is the error.

This error can occur if there is a mismatch between the configured IP address in the Advanced IP Addressing dialog box and the addresses listed in the Server Properties dialog box for the DNS server. This problem can also occur if the TCP/IP protocol is not bound to the network adapter.

Verify that the TCP/IP addresses configured in the Advanced IP Addressing dialog box match those configured in the Server Properties dialog box in DNS Manager:

1. Open Control Panel, and double-click Network.

2. Click the Protocols tab, and click TCP/IP Protocol in the Network Protocols list.

3. Click Properties, and then click Advanced.

Match the IP addresses to those displayed in the DNS server Properties dialog box:

1. In DNS Manager, right-click the DNS server name, and then click Properties.

2. Compare the IP addresses with those from the Advanced IP Addressing dialog box. If there are no IP addresses configured in the Advanced IP Addressing dialog box or on the Interfaces tab of the Server Properties dialog box, enter the IP address of your network adapter. Use the ipconfig -all command to obtain your IP address.

Check the binding of the TCP/IP protocol to the network adapter:

1. Open Control Panel, and double-click Network.

2. Click the Bindings tab.

3. Verify that the bindings for all protocols to network adapters are enabled and that no broken connections exist in the stack.


Event ID

Description

408

DNS server could not open socket for address [IP address of server].

The DNS server could not open a socket with the current TCP/IP and DNS service configurations.

Verify that this is a valid IP address on this machine.

If the IP is not valid:

1. Use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces.

2. Stop and restart the DNS server. (If this was the only IP interface on this machine, the DNS server may not have started as a result of this error. In that case, remove the DNS\Parameters\ListenAddress value in the services section of the registry and restart.)

If the IP is valid:

Verify that no other application (for example, another DNS server) is running that would attempt to use the DNS port.

4000

The DNS server was unable to open Active Directory.

The DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.

Check that Active Directory is functioning properly and reload the zone.

4001

The DNS server was unable to open zone domain name in Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.

Check that Active Directory is functioning properly and reload the zone.

4004

The DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.

Check that Active Directory is functioning properly and repeat enumeration of the zone.

4007

The DNS server was unable to open zone <zone name> in Active Directory from the application directory partition <partition name>. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that Active Directory is functioning properly and reload the zone. The event data is the error code.

4016

The DNS server timed out attempting an Active Directory service operation on <distinguished name>. Check Active Directory to see that it is functioning properly. The event data contains the error.


Events 403, 407, and 408 are usually triggered together, as well as 4000, 4001, and 4004.

Dependencies

None

Technology Required

● CScript

● Event Viewer

● DNS server

● Windows 2000, Windows XP, or Windows Server 2003 operating systems

Task: Service check—resolve alerts indicating DNS Server service is downPurpose

If the DNS Server service is not running, name resolution cannot be dispensed. To determine the status of the DNS Server service, perform the following procedures.

Procedure 1: Verify DNS Server service status

Using the Computer Management GUI:

1. Start Computer Management from Administrative Tools or click Start, click Run; in the Run box, type compmgmt.msc and then click OK.

2. On the Action menu, click Connect to another computer.

3. Select the applicable DNS server.

4. On the left-tree view, expand Services and Applications.

5. Click Services.

6. On the right-tree view, select DNS Server, right-click and select Properties.

7. Check and review the service status.



2. At the command prompt, enter:SC “\\DNS_Server” QUERY DNS

Service Control should return a state indicating "4 Running."


Procedure 2: Start the DNS Server service

If the DNS Server service is not running, name resolution cannot be dispensed. Investigate why the service is stopped and log a service ticket as appropriate.

To start the service using the Windows interface:

1. Click Start, click Control Panel, click Administrative Tools, and then click Services.

2. Find DNS server, right-click the service, and then click Start.

3. Verify that the status of the DNS server is Started.

To start the service using the command line:

1. Open a command-prompt window (Start > Run, type cmd and click OK).

2. Enter the Service Control command, replacing DNSServerName with the name of the DNS server:sc.exe “\\<DNSServerName>” start DNSsc.exe “\\<DNSServerName>” query DNS

3. Service Control should return a state indicating "4 Running."

Dependencies

None

Technology Required

DNS server

Task: Service check—manual verification of dynamic record updatePurpose

This task is designed to track a specific dynamic update of a DNS record from a client or a DHCP server. This validates that the dynamic update capability is functioning normally or quickly isolates problem areas within this process. This process assumes that detailed logging facilities, established in "Task: Verify dynamic DNS record updates—DNS server," are in place.


Procedure 1: Monitor dynamic client registration

The following procedure will stop and flush the client cache and force a dynamic update. The procedure is performed on the client computer either locally or remotely. This procedure will work on client-side dynamic DNS-capable systems, such as Windows 2000 and later.

1. On a Windows 2000 or later system, click Start, click Run; in the Run box, type cmd and then click OK.

2. In the shell, type:ipconfig /flushdns ipconfig /registerdns

Or, at the command prompt, type:net stop "dhcp client" net start "dhcp client"

3. Review logs. The success or failure of the dynamic update may be viewed by the client’s Event Viewer, as well as the DNS server log. Refer to "Task: Verify dynamic DNS record updates—DNS server" and "Task: Verify dynamic DNS record updates—DNS client."

Dependencies

● DNS/DHCP client

● DNS server

● DHCP server

Technology Required

● DNS Service

● DHCP Service


Supporting Quadrant



Weekly


Proactive analysis activities are concerned with identifying and resolving problems and known errors before incidents occur, thus minimizing the adverse impact on the service and business as a whole. After a major incident or a major problem occurs, a review should be conducted to examine the events and actions that took place. This review provides a means of gathering useful data for future analysis and ensures that all important lessons are identified and recorded.

Task: Verify dynamic DNS record updates—DNS client Purpose

Dynamic DNS clients can automatically send updates to the name server that is authoritative for their records. The change can be adding records, deleting records, or modifying records. If the update fails because the server is not available, the client logs a message in its event log, which can be viewed by using Event Viewer. The Event Viewer can be used to check the system log for any event messages that explain why attempts by the client to dynamically update its host (A) or pointer (PTR) resource records failed.

Procedure 1: Accessing client event log

Using the Event Viewer GUI:

1. Click Start, click Run; in the Run box, type eventvwr.msc and then click OK.

2. To view the log of a remote system, on the Action menu, click connect to another computer.

3. Enter the client computer name, such as \\DomainName\ComputerName, or browse to the client computer.

4. Click OK.

5. Open the System Log.

6. On the View menu, select Filter and choose dnsapi in the Event Source pull-down box.

7. Click OK to view filtered events.

Using a command line from a Windows Server 2003 host:


2. In the command shell, enter:CSCRIPT %systemroot%\System32\eventquery.vbs /S \\compuetr name /U domain\user /P password /V /L system /FO LIST /FI “source eq dnsapi”


Procedure 2: Reviewing the client event log itemsFrom the log data accessed in Procedure 1, look for the following events:

ID number

DNS Event

11150 The system failed to register network adapter with settings:

The cause of this DNS registration failure was that the DNS update request timed out after being sent to the specified DNS server. This is probably because the authoritative DNS server for the name being updated is not running.

You can manually retry registration of the network adapter and its settings by typing ipconfig /registerdns at the command prompt.

11180 The system failed to update and remove registration for the network adapter with settings.

The reason for this failure is that the DNS server the system sent the update request to timed out. The most likely cause of this failure is that the authoritative DNS server for the zone where the registration was originally made is either not running or is unreachable through the network at this time.

Dependencies

Dynamic DNS is enabled on a DDNS-capable system.

Dynamic DNS Refresh setting is enabled on the DNS server

Technology Required


● CScript

Task: Verify dynamic DNS record updates—DHCP serverPurpose

DHCP servers are able to register A and PTR resource records on behalf of DHCP clients. The DHCP server log should be monitored to ensure that active updates performed on behalf of the DHCP clients are successful. When the DHCP server is configured to perform DNS dynamic updates on behalf of DHCP clients, you can use the DHCP audit logs to monitor update requests by the DHCP server to the DNS server, DNS record update successes, and DNS record update failures.


Procedure 1: Review DHCP server log

Interactive viewing using the log file and Excel:

1. Using Microsoft Excel, import the DHCP log (named by date) located by default on the DHCP server’s \Windows\System32\DHCP directory.

2. Search for the following:

ID number

DNS Event

30 DNS dynamic update request.

31 DNS dynamic update failed. The DHCP server was unable to dynamically update DNS. This failure should be handled within incident management and processed with DHCP administrators.

32 DNS dynamic update successful.

Searching the log file from the command line:


2. Type the following command lines to create a local directory, mount the share, execute a remote copy, and unmount. It is assumed that the DHCP log file is shared to the user with appropriate permissions:md c:\DHCP_Lognet use \\DHCPServer_hostname\LogFileSharenamexcopy \\DHCPServer_hostname\LogFileSharename c:\DHCP_Log /I /V /E /H /K /X /Ynet use \\Repository_hostname\sharename /delete

3. Type the following command lines to search the log(s) for dynamic update information:Findstr “DNS dynamic update request” c:\DHCP_Log\DHCPSrvLogName.Day Findstr “DNS dynamic update failed” c:\DHCP_Log\DHCPSrvLogName.DayFindstr “DNS dynamic update successful”c:\DHCP_Log\DHCPSrvLogName.Day

Dependencies

● Dynamic DNS is enabled on a DDNS-capable system.

● DHCP services are available.

Technology Required


● CScript

● Findstr


Task: Verify dynamic DNS record updates—DNS serverPurpose

It is possible to view dynamic update activity of clients by utilizing the DNS server log (Dns.log). The log will include server-side information; client-side information will be intuitive only.

Procedure 1: Configure DNS debug logging

To create a log file that records dynamic update events:

1. Click Start, click Run; in the Run box, type dnsmgmt.msc and then click OK.




5. Select Log packets for debugging.

6. Select Incoming and Outgoing Packet direction.

7. Select UDP and TCP Transport protocol.

8. Select Updates Packet contents.

9. Select Request and Response Packet types.

10.Select Details.

11.Click OK to begin debug logging.

Warning Do not leave DNS logging on during normal operations because it consumes both processing and hard disk resources.

Procedure 2: Review the DNS server log

Client update information received by the DNS server will be contained within the DNS server log. The log file is in rich text format and may not be opened while in use. The following procedures assume that DNS debug logging is enabled and the file is in use.

Using the Explorer GUI:

1. Click Start, click Run; in the Run box, type explorer and then click OK.

2. Browse to the default Dns.log location: C:\Windows\System32\DNS\.

3. Copy the Dns.log file.

4. Paste the Dns.log file. By default the file is renamed to Copy of Dns.log.

5. Open Copy of Dns.log with WordPad.




2. In the command shell, type:cd\cd windows\system32\dnscopy dns.log %systemroot%\system32\dns\copy_of_dns.log /Vtype copy_of_dns.log

Dependencies

● DNS server.

● DNS audit logging enabled.

Technology Required

Microsoft Excel

Task: Monitor key DNS dependencies (Active Directory and network services)Purpose

This task monitors key DNS dependencies, including Active Directory and network services. If this infrastructure becomes unavailable, DNS is also adversely impacted.

Procedure 1: Monitor Active Directory services

Information about Active Directory service monitoring can be found in the Active Directory Service Product Operations Guide.


Procedure 2: Monitor network infrastructure

Network infrastructure is typically managed using tools compatible with the infrastructure vendor—for example, CiscoWorks for Cisco-brand network infrastructure. SNMP v1-3 protocols are commonly used to monitor and tune these devices.

Netsh and pathping commands can be used for a quick check of connectivity to local DNS servers.

1. Open a command-prompt window (Start > Run, type cmd and click OK) or make a batch-file script.

Run netsh:netsh diag ping dns

2. Verify that the desired DNS server is in the list and accessible within appropriate performance levels.

3. For larger environments that require resolutions to traverse multiple networks, check each hop using the Pathping utility:pathping dnsserver_hostname

4. Verify that the specified DNS server is accessible within appropriate performance and reliability levels, especially packet loss.

Dependencies

None

Technology Required

● Netsh and Pathping are included with Windows Server 2003.

● DNS server.


Supporting Quadrant



Daily


Proactive analysis activities are concerned with identifying and resolving problems and known errors before incidents occur, thus minimizing the adverse impact on the service and business as a whole. After a major incident or a major problem occurs, a review should be conducted to examine the events and actions that led to the incident or problem. This review provides a means of gathering useful data for future analysis and ensures that all important lessons are identified and recorded.

Task: Service check—verify zone transfersPurpose

With Directory Services (DS) integrated DNS, all DNS servers within the domain can modify the zone and then replicate the changes to other domain controllers. Therefore, the procedures for verifying zone transfers of a DS integrated DNS server is equivalent to Active Directory replication verification procedures.

Although Active Directory-integrated zones are transferred by using Active Directory replication, you can also perform standard zone transfers to secondary servers similar to standard DNS zone transfers. The procedures below describe the verification of zone transfers.

Procedure 1: Check zone transfer error events

Using the DNS Manager GUI:

1. Start the DNS Manager from Administrative Tools or click Start, click Run; in the Run box, type dnsmgmt.msc and then click OK.

2. On the left-tree view, select and expand Event Viewer.

3. Select DNS Events.



2. At the command prompt, enter:CSCRIPT %systemroot%\System32\eventquery.vbs /S \\compuetr name /U domain\user /P password /V /L system /FO LIST /FI “source eq dnsapi”


Procedure 2: Review event log

Check for the following critical events:

Event ID

Description

6527

Zone expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone. The zone has been shut down.

This event ID might appear when the DNS server is configured to host a secondary copy of the zone from another DNS server acting as its source or master server. Verify that this server has network connectivity to its configured master server.

If the problem continues, consider one or more of the following options:

1. Delete the zone and recreate it, specifying either a different master server, or an updated and corrected IP address for the same master server.

For more information, see Add and remove zones.

2. If zone expiration continues, consider adjusting the expire interval.

For more information, see To adjust the expire interval for a zone.

For more information, see Understanding zones and zone transfer.

6004

The DNS server received a zone transfer request from %1 for a non-existent or non-authoritative %2.

Procedure 3: Simulate and test a zone transfer1. Click Start, click Run; in the Run box, type cmd and then click OK.

2. At the command prompt, enter:Nslookup –d2In the NSLookup prompt: Ls –d <Domain Name>

3. Check for any output of Can’t list Domain <Domain Name>: parameter description, which indicate a failed simulated transfer.

Dependencies

Network connectivity

Technology Required

● NSLookup

● DNS server

● CScript

Task: Service check—simple and recursive resolutionPurpose

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_DNS_und_ZoneTransfers.asp


http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_DNS_pro_AdjustExpireInterval.asp


http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_DNS_pro_WorkingWithZonesNode.asp


To insure that DNS name resolution is functioning within specifications, periodic testing should be performed.

Procedure 1: Simple and recursive test query


1. Start the DNS Manager from Administrative Tools; or click Start, click Run, in the Run box, type dnsmgmt.msc and then click OK.

2. Select from the console tree the applicable DNS server.

3. On the Action menu, select Properties.

4. Click the Monitoring tab.

5. Check the Simple Query check box.

6. Click Test Now. The results may be viewed in the Test Results dialog box.

7. Uncheck the Simple Query check box and check the Recursive Query check box.

8. Click Test Now. The results are displayed in the Test Results dialog box.



2. To perform a simple or recursive query, in the command shell enter:NSLookup <HostName> <DNS Server>

A simple query may be initiated by using a Hostname command that makes the DNS server authoritative for the record. A recursive query test would include a Hostname command that makes the DNS server not authoritative for the record. A comprehensive recursive test may also involve a flushing of the name cache to ensure that DNS forwarding is utilized during the recursive test.

Dependencies

None

Technology Required

● DNS server

● NSLookup


Supporting Quadrant



As Needed


Proactive analysis activities are concerned with identifying and resolving problems and known errors before incidents occur, thus minimizing the adverse impact on the service and business as a whole.

After a major incident or a major problem occurs, a review should be done to examine the events and actions that led up to the incident or problem. This review provides a means of gathering useful data for future analysis and ensures that all important lessons are identified and recorded.

Task: Clear the DNS cachePurpose

DNS cache pollution can occur if Domain Name System (DNS) spoofing has been encountered. Spoofing describes the sending of non-secure data in response to a DNS query. It can be used to redirect queries to a rogue DNS server and can be malicious in nature. Window Server 2003 DNS server is configured by default to "Secure cache against pollution." With this setting, the DNS server ignores DNS resource records that come from servers that are not authoritative for them. Although it can cause extra DNS queries, the security benefits far outweigh the cost of the extra queries.

Clearing the cache forces the DNS server to query authoritative sources for resolution on records it does not maintain. Clearing should be performed when pollution is identified, such as when a fully qualified domain name (FQDN) is associated with an invalid IP. This is typically identified through a service desk-escalated incident.

Procedure 1: Clearing the cache1. Start the DNS Manager from Administrative Tools.


3. On the Action menu, click Clear Cache.


Procedure 2: Clearing the cache from the command line1. Run cmd

2. At the prompt, type:Dnscmd DNS_Server_Name /clearcache

Dependencies

DNS Service

Technology Required

● DNS Manager

● DNSCmd


Changing Quadrant Configuration Management SMF


Weekly

Process: Review configuration itemsDescription

Because the accuracy of the information stored in the configuration management database (CMDB) is crucial to the success of Change Management, Incident Management, and other SMFs, a review process should be set up to ensure that the database accurately reflects the production IT environment.

Task: Capture DNS configuration snapshotPurpose

The intent of a configuration snapshot is to provide a readily available, externally stored reference of past and present DNS server configurations. The procedures below assume that a SQL storage repository is not being utilized. Efficient storage of and custom query retrieval of snapshot data would include a management system consisting of automatic snapshots stored in a SQL storage repository.

Procedure 1: Capture the snapshot

This snapshot may be run locally on the DNS server, which stores the configuration item (CI) snapshot on local storage. The snapshot can also be run remotely, whereby the CI snapshot is stored on the remote server.


2. At the command prompt, type:dnscmd \\dns_server_name /info > %systemroot%\dns_backupdirectory\ DNSConfigItems_infoyyyymmdd.txt

Dependencies

Formalized configuration management process

Technology Required

● DNS server

● DNSCmd


Changing Quadrant Configuration Management SMF


Monthly

Process: Review configuration itemsPurpose

Because the accuracy of the information stored in the configuration management database (CMDB) is crucial to the success of Change Management, Incident Management, and other SMFs, a review process should be set up to ensure that the database accurately reflects the production IT environment.

Task: Compliance check—namespace (NS) recordsPurpose

To ensure that DNS namespace (NS) records are current, the DNS records are checked and compared against a reference source such as the CMDB. An input file is used for this task, which has information pulled from a reference source such as a CMDB.

Procedure 1: Generate DNSLint report of DNS server and NS records

This procedure utilizes DNSLint’s /ql (Query List) option. DNSLint reads instructions from a specified text file (Inputfile.txt) and, once it has verified it is a valid input file, runs the queries that are specified within the file and reports the results in an easy-to-read HTML report (and optionally in a text report). This input file allows administrators to customize which DNS servers to query and exactly which DNS records to look for on each server. The file must start with the word “DNSLint” at the top of it. This is the first thing DNSLint looks for when the input file is opened. If it is not the first word read when the file is opened, the specified input file is rejected and an error is generated.



2. At the command prompt, type:Cd\Cd \program files\Support ToolsDnslint \ql inputfile.txt /v

The format of the inputfile.txt file is as follows:

DNSLint[dns server] 169.254.46.138www.reskit.com,a,r 169.254.197.1,ptr,r[dns~server] 169.254.46.200reskit.com,cname,rreskit.com,mx,r _kerberos._tcp.dc._msdcs.reskit.com,srv,r


This line: [dns server] 169.254.46.138 specifies the IP address of a DNS server to send queries to. [dns server] must be specified followed by a valid IP address. If either of these two components is missing, an error is generated and the specified input file is rejected.

Subsequent lines indicate the queries to send to the specified DNS server:

www.reskit.com,a,r 169.254.197.1,ptr,r

Format of the queries:

The first field in the line is the name to query—for example, www.reskit.com. The name is then immediately followed by a comma. No spaces are allowed on either side of the comma.

The second field follows the comma immediately after the name to query. The second field is the type of record to query for. Valid types are as follows:

● a = host

● ptr = pointer

● cname = alias

● mx = mail exchange

● srv = service location

The type of record is then immediately followed by a comma. No spaces are allowed on either side of the comma.

The third field is the type of query. This field immediately follows the comma after the type of record. Valid query types are as follows:

● r = recursive

● i = iterative

Nothing else is required to follow the third field. All three fields are required, and no spaces are allowed anywhere within the query line. A fourth field is optional. Appending “,tcp” to the third field will make DNSLint send the specified query using the TCP protocol instead of the default UDP protocol. Again, no spaces are allowed and nothing should follow this field if it is used.

Procedure 2: Verify report of DNS server and NS records

DNSLint will generate a report of the specified DNS server and its NS records. This report should be verified for accuracy and compared against a known set of good data such as that which is captured in a CMDB.

Dependencies

Configuration management database (CMDB)

Technology Required

● DNS server

● DNSLint

● Windows Server 2003 Support Tools


Task: Compliance check—root hintsPurpose

By default, the DNS Server service implements root hints using a file, Cache.dns, stored by default in C:\Windows\System32\DNS folder on the server computer. This file normally contains the NS and A resource records for the Internet root servers.

If, however, you are using the DNS Server service on a private network, you can edit or replace this file with similar records that point to your own internal root DNS servers. This information should also be maintained in a CMDB.

Also note that in a directory services (DS) integrated environment, DNS will first use the Active Directory published root hints and, if the root hints are not available, will then use the root hints file.

Procedure 1: Updating root hints1. Start the Computer Management from Administrative Tools; or

click Start, click Run, in the Run box, type dnsmgmt.msc and then click OK.



4. Click the Root Hints tab.

5. Modify server root hints as follows:

● To add a root server to the list, click Add, then specify the name and IP address of the server to be added to the list.

● To modify a root server in the list, click Edit, then specify the name and IP address of the server to be modified in the list.

● To remove a root server from the list, select it in the list and click Remove.

Dependencies

CMDB

Technology Required

● DNS server

● DNS Manager


Task: Compliance check—zone delegationsPurpose

Delegation is a process of assigning responsibility for a portion of a DNS namespace to a separate entity. This separate entity could be another organization, department, or workgroup within your company. Such delegation is represented by the NS record that specifies the delegated zone and the DNS name of the server authoritative for that zone. A DNS server is considered authoritative for a name if it loads the zone containing that name. The procedure below describes the steps necessary to check zone delegations.

Procedure 1: Checking delegations1. Click Start, click Run; in the Run box, type cmd and then click OK.

2. At the command prompt on the server that you are testing, type the following:NSLookup

3. At the NSLookup prompt, enter:server <server IP address>set norecursionset querytype=<resource record type><FQDN >

…where resource record type is the type of resource record that you were querying for in your original query, and FQDN is the FQDN for which you were querying (terminated by a period).

● If the response includes a list of NS and A resource records for delegated servers, repeat step 1 for each server and use the IP address from the A resource records as the server IP address.

● If the response does not contain an NS resource record, you have a broken delegation.

● If the response contains NS resource records, but no A resource records, type set recursion and query individually for A resource records of servers listed in the NS records. If you do not find at least one valid IP address of an A resource record for each NS resource record in a zone, you have a broken delegation.

Dependencies

Network connectivity

Technology Required

● DNS server

● NSLookup


Task: Compliance check—scavenging Purpose

When scavenging is enabled, the configuration parameters should be reviewed and checked. Otherwise, the server may delete records that it should retain. If a name is accidentally deleted, not only do users fail to resolve queries for that name, but any user can create that name and then take ownership of it, even on zones configured for secure dynamic update.

Procedure 1: Reviewing the scavenging parameters


1. Start the DNS Manager from Administrative Tools; or click Start, click, Run, in the Run box, type dnsmgmt.msc and then click OK.


3. On the Action menu, select Set Aging/Scavenging for all Zones.

4. Verify the Scavenging Parameters in the dialog box that is displayed.



2. At the command prompt, type:Cd\Cd \program files\support toolsDnscmd \\DNS Server /info

Dependencies

None

Technology Required

● DNS server

● DNSCmd

Task: Compliance check—aging configurationPurpose

When aging and scavenging are enabled, the configuration parameters should be reviewed and checked. DNS server uses a record time stamp along with aging parameters to determine when to scavenge records. By default, the time stamps of records that are created by any method other than dynamic update are set to zero. A zero value indicates that the time stamp must not be refreshed and the record must not be scavenged. An administrator can manually enable aging of such records.


Procedure 1: Reviewing the aging parameters




3. On the Action menu, select Set Aging/Scavenging for all Zones.

4. Verify the Aging parameters in the dialog box that is displayed.



2. At the command prompt type:Cd\Cd \program files\support toolsDnscmd \\DNS Server /info

Dependencies

None

Technology Required

● DNS server

● DNSCmd

● DNS Manager

Task: Compliance check—administrative user group Purpose

DNS administrative user group access must be checked and updated to ensure that users responsible for DNS administrative tasks have the proper access rights. User group access lists should be compared to an authoritative list such as the CMDB.

Procedure 1: Verifying administrative group membership

Using the Active Directory Users and Computers GUI:

1. Start Active Directory Users and Computers from Administrative Tools; or click Start, click Run, in the Run box, type dsa.msc and then click OK.

2. On the left-tree view, browse to the applicable DNS Security Group.


4. Click the Members tab.

5. Verify the membership displayed against an authoritative list such as the CMDB.


Using a WMI script:

The script below will return a list of all members of the DNSAdmins security group.


2. On the command shell enter:csvde –m –f Output.CSV –v –d “cn=DNSAdmins,cn=Users,dc=yourdomain,dc=com” –r “(objectClass=group)” –p Subtree

3. Replace dc=yourdomain,dc=com with the appropriate LDAP-compliant domain name. This command line requires sufficient rights to query administrative areas of Active Directory.

4. Open the Output.csv file in Microsoft Excel. Verify the membership displayed against an authoritative list such as the CMDB.

Dependencies

● Active Directory domain-implemented

● CMDB

Technology Required

● CSVDE

● DNS server

● Microsoft Excel

Task: Compliance check—architectural standards Purpose

This preventative task audits service artifacts in order to detect and correct configuration drift. DNS server, service, and utilization statistics, in addition to Active Directory and network infrastructure data, must be compiled to produce a complete picture of the current DNS operations environment. This information should be reviewed to ensure compliance with original architectural intent and working standards.

Procedure 1: Collect information 1. Compile server, service, and utilization statistical data collected from

System Monitor captures.

2. Gather configuration snapshot data.


Procedure 2: Review configuration items

Review the current DNS operations environment compared to predefined architectural standards with consideration given to the ongoing change management queue. Configuration items (CIs) for review and consideration should include: network topology, Active Directory design principles, Active Directory architecture and engineering specifications, system configurations, and optimal DNS server configurations. The optimal configuration for any DNS server will vary greatly depending on the server hardware, implementation of the DNS server (Active Directory integrated, primary, secondary, or stub zones), and the network topology it operates within.

1. Access the current DNS operations environment.

2. Audit configuration management database (CMDB) to review mapping of configuration items (CIs) for any changes within the operating environment.

Procedure 3: Update configuration items1. Address out-of-compliance CIs.

2. Propose solutions for ongoing issues.

3. Propose CI modifications to address any operational environment changes.

4. Update defined architectural and configuration items.

Dependencies

● Formalized architectural standard, stored in the CMDB.

● Performance monitoring and configuration snapshots are performed regularly.

● Collaboration and communication are required between operations teams.

Technology Required

None


Supporting Quadrant


Support and Operations Role

Clusters

Daily and weekly

Process: Investigation and diagnosisDescription

This process investigates incidents and gathers diagnostic data. The aim of the process is to identify how to resolve the incident as quickly as possible.

The process allows for management escalation or functional escalation if either becomes necessary in order to meet SLA targets.

Task: Respond to daily service requestPurpose

This task ensures that all incidents are answered and that there is an incident owner responsible for the incident life cycle. This serves the organization in two ways:

● The customer understands that, when an incident is reported, he or she will receive a confirmation that someone from the incident management team has reviewed the request. This ensures that customers will continue to use the organization’s incident-support channel.

● Each incident will have an owner responsible for collecting background information and doing preliminary troubleshooting. The owner is responsible for contacting other technical specialists to assist the customer in resolving the incident, documenting the incident, and making sure contributing technicians add their comments to the incident request. The act of designating an owner ensures that there is a single point of contact (SPOC) for the incident from both the customer’s and the organization’s perspective.

Procedure 1: Acknowledge receipt of service request1. Send customer an e-mail message confirming receipt of incident

request.

2. Give customer an incident case number prior to collecting data and troubleshooting the incident.

Procedure 2: Document incident

Document the issue, the system affected, any actions taken to troubleshoot the problem, and plans to resolve the incident. The following are systems that can be affected in a DNS server environment:

● DNS, Active Directory, WINS, and DHCP servers

● Static entries/maps

● Replication partners

● IP/config


● Domain accounts/service permissions

Procedure 3: Update customer on status of incident

Send the customer e-mail confirming the problem, systems affected, actions taken to troubleshoot, and the current plan to resolve the incident. If another technician is involved in troubleshooting, make sure that technician’s notes are part of the case documentation.

Procedure 4: Close incident

If the incident is not resolved following the customer’s initial request for incident management, follow up with the customer and other technicians until the incident is resolved.

Dependencies

● Incident ticketing system.

● An SLA on how customers can request incident management—for example, through e-mail or with a service phone number.

Technology Required

● Third-party tools that provide incident management ticketing functionality.

● A Microsoft Access or SQL Server database can also be used to create incident tickets.

Task: Respond to weekly service requestPurpose

This task ensures that all incidents are answered and that there is an incident owner responsible for the incident life cycle. This serves the organization in two ways:

● The customer understands that, when an incident is reported, he or she will receive a confirmation that someone from the incident management team has reviewed the request. This ensures that customers will continue to use the organization’s incident-support channel.

● Each incident will have an owner responsible for collecting background information and doing preliminary troubleshooting. The owner is responsible for contacting other technical specialists to assist the customer in resolving the incident, documenting the incident, and making sure contributing technicians add their comments to the incident request. The act of designating an owner ensures that there is a single point of contact (SPOC) for the incident from both the customer’s and the organization’s perspective.

Procedure 1: Acknowledge receipt of service request1. Send customer an e-mail message confirming receipt of incident

request.

2. Give customer an incident case number prior to collecting data and troubleshooting the incident.


Procedure 2: Document incident

Document the issue, the systems affected, any actions taken to troubleshoot the problem, and plans to resolve the incident. The following are items that can be affected in a DNS server environment:

● DNS, Active Directory, WINS, and DHCP servers

● Static entries/maps

● Replication partners

● IP/config

● Domain accounts/service permissions

Procedure 3: Update customer on status of incident

Send customer e-mail confirming the problem, systems affected, actions taken to troubleshoot, and the current plan to resolve the incident. If another technician is involved in troubleshooting, make sure that technician’s notes are part of the case documentation.

Procedure 4: Close incident

If the incident is not resolved following the customer’s initial request for incident management, follow up with the customer and other technicians until the incident is resolved.

Dependencies

● Incident ticketing system.

● An SLA on how customers request incident management—for example, by e-mail or with a service phone number.

Technology Required

● Third-party tools that provide incident management ticketing functionality.

● A Microsoft Access or SQL Server database can also be used to create incident tickets.


Supporting Quadrant



Monthly

Process: Incident closureDescription

This process ensures that the customer is satisfied that the incident has been resolved prior to closing the incident record. It also checks that the incident record is fully updated and assigns a closure category.

Task: Roll up activity report into monthly metricPurpose

The objective of this task is to provide utilization and turnover metrics to assist in planning staffing levels and checking the Incident Management SMF against other SMFs. These reports can be used in conjunction with other SMFs (such as Service Level Management, Financial Management, and Workforce Management) and can also be used by members of the six MOF role clusters (such as Operations, Support, and Release).

Procedure 1: Create monthly metric

The details of this task should show the cost of the incident management process and where resources should be allocated to optimize its performance. The following metrics should be provided:

● Percent closed incidents. This metric is created by taking the total number of cases closed for a month and dividing it by the number of cases opened for the month.

● Percent incidents closed on first contact. This metric is created by taking the total number of cases closed on first contact and dividing it by the number of cases opened for the month.

● Mean time to resolution. This metric measures the effectiveness of the incident management process. It is calculated by taking the total time spent on incident resolution and dividing it by the total number of cases closed. SLAs can be compared to this metric.

The numbers reported should then be analyzed to assess the incident management process and to determine how to improve effectiveness and efficiency.

Dependencies

● Responding to daily service request.

● Weekly service request activity report.

Technology Required

Microsoft Excel


Changing Quadrant Change Management SMF


Daily

Process: Change classification and authorizationDescription

After a request for change (RFC) has passed the initial screening, the change manager must classify and authorize the request for change. The category assigned to the RFC is a reflection of the impact the change is likely to have on the IT environment. The priority level set for an RFC is a reflection of its urgency and determines how quickly the change advisory board (CAB) will review it.

There are four change categories: minor, standard, significant, and major. There are also four levels of priority: low, medium, high, and emergency.

Once an RFC has been classified, it must be authorized. The process of authorizing a change request depends on the category and priority of the change:

● Emergency priority changes are escalated to the CAB/EC for fast-track approval.

● Standard changes are approved automatically and progress directly to the change development and release phases.

● Minor changes can be approved by the change manager without reference to the CAB.

● All other changes must be approved by the CAB.

The two tasks that follow—attending a CAB meeting and reviewing an emergency change request—are among several tasks that would be associated with classification and authorization. Attending a CAB meeting is singled out because it is common to much of the change process. Reviewing an emergency change request is singled out because emergency changes typically involve high risk and require a great outlay of time and resources.

More information about the other tasks, and about the change management process in general, is available at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/msm/smf/smfchgmg.asp, or search for “Change Management SMF” on TechNet at http://www.microsoft.com/technet/default.asp.


http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/msm/smf/smfchgmg.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/msm/smf/smfchgmg.asp


Task: Attend CAB meetingPurpose

The CAB meets to review significant and major changes to the operations environment. From a DNS server perspective, change requests involving DNS records, networking, replication, and registry modifications, as well as updating antivirus software or adding a new DNS/Active Directory server to the environment, can be evaluated at this weekly meeting.

It is important for a representative of the Infrastructure Role Cluster to attend the meeting in order to participate in the change management process. Participation in the process could include providing additional data regarding a particular DNS service RFC that members of the CAB may not have available to them. Additionally, it is important to be informed about other RFCs that may have an indirect effect on the delivery of the DNS Service and to consider these effects when approving an RFC for change development.

Procedure 1: Attend change review board meeting1. Regularly attend the CAB meeting.

2. Consider the effect that any RFC may have on DNS.

Dependencies

● A process must be established to initiate a change request in the operations environment.

● CAB members must have already been chosen.

Technology Required

Operations team educated about MOF/ITIL.

Task: Review emergency change requestPurpose

This task provides guidance to the change advisory board emergency committee (CAB/EC) on processing an emergency request for change. The number of emergency change requests should be kept to a minimum because they typically involve high risk and require a great outlay of time and resources.

Emergency changes to DNS services can have a great impact on a large number of users and can affect business processes that depend on DNS services. For this reason, it is very important to create a change request process that emphasizes prioritizing urgent problems associated with DNS services. The Infrastructure Role Cluster is responsible for this task, but the request for emergency change can be initiated by any of the six Team Model role clusters. An emergency change request could involve the release of updates to the operating system, third-party applications, or configuration changes.


Procedure 1: Contact CAB/EC1. Make sure system has a server backup. Before contacting the

CAB/EC members, make sure that the system has a successful server backup.

2. Select CAB/EC members. This should include standing members of the change advisory board as well as those members who can give the greatest guidance regarding DNS services.

3. Notify the CAB/EC of the emergency change request. Each member of the CAB/EC who was identified in step 2 must be notified of the emergency change request through e-mail, mobile devices, or other communication methods. The member should be given an expected time in which to respond to a request for a meeting regarding an emergency change and general information about the change request.

4. Review the request for change. Collect all information pertaining to changes to the DNS Service, including asking additional questions of the change initiator. The CAB should consider the impact the change has on the DNS Service and should weigh any risks associated with making an emergency change to the DNS system against making a standard change. Possible changes include:

● Applying service packs or hotfixes.

● Adding a new DNS server.

● Adjusting static versus dynamic records beyond established policy.

● Adjusting zone or Active Directory replication.

● Changing backup and restore procedures.

● Modifying and applying policies.

● Changing a process or script used to administer servers.

Along with change type, collect the configuration item (CI) that will be affected by the change. (Configuration items, which are any objects that are subject to change, fall under change management.) For DNS servers, these items include:

● DNS server hardware

● Active Directory hardware and domain controller hardware

● Hardware vendor

● Server role

● Windows Server 2003 software

● Service packs

● Hotfixes

● Monitoring software

● Backup software

● Processes and procedures

● Documentation

● RFCs

Dependencies


● A process must be established to initiate a change request in the operational environment.

● An identified CAB/EC roster and individuals who are contacted for emergency changes as they relate to DNS Service.

● An operations team with knowledge about MOF/ITIL.

Technology Required

Basic Windows Server 2003 operating system installed with DNS

4Processes by MOF Role Clusters

This chapter is designed for those who want to see all processes for a single role cluster in one place. The information is the same as that in the previous two chapters. The only difference is that the processes are ordered by MOF role cluster.

Operations Role ClusterDaily Processes

Process 1: Data backup, restore, and recovery operations

Task 1: Create DNS backup and pull backup files to remote storage

Task 2 : Verify previous day's backup job

Process 2: Managing resources and service performance

Task 1: Capture service performance statistics

Process: 3 Proactive analysis and review

Task 1: Service check—verify zone transfers

Task 2: Service check—simple and recursive resolution

Weekly Processes

Process 1: Storage resource management

Task 1: Monitor disk space for DNS logs and database

Monthly Processes

Process 1: Managing resources and service performance

Task 1: Create service performance and utilization report

Task 2: Create system load and utility report

Process 2: Review configuration items

Task 1: Compliance check—namespace (NS) records

Task 2: Compliance check—root hints

Task 3: Compliance check—zone delegations

Task 4: Compliance check—scavenging

Task 5: Compliance check—aging configuration

Task 6: Compliance check—administrative user group

Task 7: Compliance check—architectural standards

As-Needed Processes

Process 1: Data backup, restore, and recovery operations

Task 1: Verify restore

Process 2: Design for recovery

Task 1: Test the server restoration capability

Process 3: Problem recording and classification

Task 1: Temporarily enable debug logging options

Task 2: Diagnose backup conditions

Process 4: Proactive analysis and review

Task 1: Clear the DNS cache


Support Role ClusterDaily Processes


Task 1: Monitor DNS event log for critical DNS events

Task 2: Service check—manual verification of dynamic record update

Task 3: Service check—resolve alerts indicating DNS Server service is down

Weekly Processes


Task 1: Verify dynamic DNS record updates—DNS client

Task 2: Verify dynamic DNS record updates—DHCP server

Task 3: Verify dynamic DNS record updates—DNS server

Task 4: Monitor key DNS dependencies (Active Directory and network)

Monthly Processes

Process 1: Incident closure

Task 1: Roll up activity report into monthly metric

As-Needed Processes

There are no as-needed processes for this role cluster.

Release Role ClusterDaily Processes

There are no daily processes for this role cluster.

Weekly Processes

There are no weekly processes for this role cluster.

Monthly Processes

There are no monthly processes for this role cluster.

As-Needed Processes



Infrastructure Role ClusterDaily Processes

Process 1: Perform monitoring

Task 1: Capture usage performance statistics

Task 2: Capture system performance statistics

Process 2: Change classification and authorization

Task 1: Attend CAB meeting

Task 2: Review emergency change request

Weekly Processes

Process 1: Review configuration items

Task 1: Capture DNS configuration snapshot

Monthly Processes


As-Needed Processes


Security Role ClusterDaily Processes


Weekly Processes


Monthly Processes


As-Needed Processes



Partner Role ClusterDaily Processes


Weekly Processes


Monthly Processes


As-Needed Processes


5Troubleshooting

OverviewThe following table contains troubleshooting tips that should be useful in maintaining this product. The tips are based on known issues and follow the best practices for troubleshooting and problem management outlined by the Incident Management SMF and the Problem Management SMF, both found in the MOF Supporting Quadrant.

Problem #1: DNS Name Resolution FailureDescription of Problem

The DNS server does not resolve names or may not resolve them correctly.

Possible Causes and Resolutions of Problem

Possible Cause of Problem (1)

The DNS server provides incorrect data for queries it successfully answers.

Resolution of Problem (1)

Determine the cause of the incorrect data:

● Resource records were not dynamically updated in the zone.

● An error was made when manually updating or modifying static resource records in the zone.

● Stale resource records in the DNS server database, left from cached lookups or zone records, were not updated with current information or removed when they were no longer needed.


The DNS server does not resolve names for computers or services outside of your immediate network, such as those located on external networks on the Internet.



The server has a problem based on its ability to correctly perform recursion. For successful recursion, all DNS servers used in the path of a recursive query must be able to respond to and forward correct data. If not, a recursive query can fail for any of the following reasons:

● The recursive query times out before it can be completed.

● A remote DNS server fails to respond.

● A remote DNS server provides incorrect data.


The DNS server is not configured to use other DNS servers to assist it in resolving queries.


Check whether the DNS server can use both forwarders and recursion.

Recursion might be disabled if the server is configured to use forwarders and recursion has been specifically disabled for that configuration. If recursion is disabled on the DNS server, you will not be able to use forwarders on the same server.


Current root hints for the DNS server are not valid.


Check whether the root hints are valid and update if necessary.


The DNS server does not have network connectivity to the root servers.


Test for connectivity to the root servers.


Problem #2: DNS Client Receives “Name Not Found” Error

Description of Problem

When a DNS client attempts to resolve a name, a "Name not found” error is returned from the server.



The DNS client computer does not have a valid IP configuration for the network.


Verify that the TCP/IP configuration settings on the client computer are correct, particularly those used for DNS name resolution. Use the ipconfig\all command to verify that the IP configuration is correct. If the configuration is incorrect, perform the following:

● For dynamically configured clients, run the ipconfig\renew command.

● For statically configured clients, modify the client TCP/IP properties to use valid configuration settings.


The client was not able to contact a DNS server.


Verify that the client computer has a valid functioning network connection by checking hardware (cables and network adapters) using the ping command.

● Verify that the client can ping other computers on the network.

● Verify that the client can ping the preferred or alternate DNS server.


The DNS server is not running or responding to queries.


Verify that the DNS server is started and able to listen for and respond to client requests by using the nslookup command.


The queried DNS server is not authoritative for the name and cannot locate the server authoritative for the name.


Confirm whether the DNS server is authoritative for the name. If the server is authoritative for the failed name and loads the applicable zone, confirm that the resource record is contained within the zone.

If the server is not authoritative for the name, verify that the DNS server forwarder configuration is correct.


Problem #3: DNS Server Provides Stale Information Description of Problem

Clients receive stale or incorrect information in response to DNS queries.



The DNS server the client is using does not have authority for the name and is using stale information from its local DNS database.


If the preferred DNS server is authoritative for the name and answered using incorrect data, it indicates that the applicable zone might have outdated or stale information in the applicable resource record data. If this is the case, modify and update the resource record or force a dynamic registration at the client using the ipconfig /registerdns command.

If the DNS server is not authoritative for the queried name, it likely answered the query based on information obtained and cached during an earlier recursive lookup. Clearing the server’s name cache will compel the server to use new recursive queries and will rebuild and update the name cache resource record data.


The preferred DNS server is a secondary server for the zone containing the targeted name and has outdated information.


For an immediate solution, initiate a zone transfer at the secondary server from the master.

A long-term solution will require the following:

● Specify additional master servers for the secondary zone.

● Adjust the refresh interval on the zone slightly to decrease the length of time that all authoritative servers for the zone can use the zone before they are required to refresh it.

● Configure a notify list at a master server that acts as the zone source for the secondary server and enable it to notify the server when the zone changes.


Problem #4: DNS Server Not Responding to ClientsDescription of Problem

Clients are unable to utilize DNS Server services.



DNS server is affected by a network failure.


Verify that the DNS server has a valid functioning network connection by checking hardware (cables and network adapters).

Using the ping command:

● Verify that the server can ping other computers on the network.

● Verify that the server can ping the default gateway or routers on the network.


DNS server has been configured to limit service to a specific list of IP addresses that do not include the current client addresses.


Test the server for a response from a client address that has been confirmed to be in the restricted IP address list. If the DNS server responds, add the missing address to the list.


DNS server has been configured to disable use of the automatically created reverse lookup zones.


To verify that the reverse lookup zones have been created:



3. On the left-tree view, choose Reverse Lookup Zones.

4. On the right-tree view, verify that the following reverse lookup zones are present:

● 0.in-addr.arpa

● 127.in-addr.arpa

● 255.in-addr.arpa

If the zones are not present, in- depth analysis will be necessary. Disabling of automatic reverse lookup zone creation requires advanced manual DNS configuration, including registry edits. These configurations and the reasons they where initially made should be included within the analysis.




The DNS server is configured to use a non-standard service port or an advanced security or firewall configuration.


Verify that the server is configured to use a non-standard port. If it uses a non-standard port, then a packet forwarder/proxy may be used to redirect port 53 requests to the DNS server.

Determine whether any intermediate firewall or proxy configuration is used to block traffic on standard service ports used by DNS. If not, packet filters may be added to network configurations to allow DNS traffic to pass.


Problem #5: Clients Not Providing Dynamic UpdatesDescription of Problem

DNS server clients are not performing dynamic updates to the DNS server authoritative for the zone.



The client or its DHCP server do not support the use of DNS dynamic update protocol.


Verify that the clients and DHCP servers support the DNS dynamic update protocol.

By default, the DNS client on Windows XP does not attempt dynamic update over a Remote Access Service (RAS) or Virtual Private Network (VPN) connection.

By default, the DNS client does not attempt dynamic update of top-level domain (TLD) zones. To configure the DNS client to allow the dynamic update of TLD zones, use the Update Top Level Domain Zones policy setting or modify the registry.

Windows 2000 and later systems natively support client-side dynamic DNS updates.


The client was not able to register with the DNS server because of intermittent problems with either the DNS server or the network.


At the client computer:

● Use ipconfig\regsiterdns to force a dynamic update to the DNS server.

● Use ipconfig/renew to force a dynamic update utilizing a DHCP server.


The client was not able to register and update with the DNS server due to missing or incomplete DNS configuration.


Verify that the client is fully and correctly configured for DNS, and update the configuration as necessary. A common cause of the client failing to update is that the DNS suffix is not configured. To update the suffix configuration:

● Configure a primary DNS suffix at the client computer for static TCP/IP clients.

● Configure a connection-specific DNS suffix for use at one of the installed network connections at the client computer.


Problem #6: Server Not Providing Dynamic UpdatesDescription of Problem

DNS server is not performing dynamic updates.



Only the Windows 2000 and Windows Server 2003 DNS Server service supports dynamic updates. The DNS Server service provided by Microsoft Windows NT® 4.0 does not.


Verify that DNS server implementations support dynamic updates.


DNS server is not configured to accept dynamic updates.


Verify that the primary zone where clients require updates is configured to allow updates.

The default for a new primary zone is to not accept dynamic updates. At the DNS server that loads the applicable primary zone, modify zone properties to allow updates.


The zone database is not available.


Verify that the zone exists:

● For a standard primary zone, verify that the zone file exists at the server and that the zone is not paused.

● For an Active Directory integrated zone, verify that the DNS server is running as a domain controller and has access to the Active Directory database where the zone data is stored.

Secondary zones do not support dynamic updates.


The DNS server is configured to allow only secure dynamic updates and has a security-related problem.


Verify that zone or resource record security does not block or prevent dynamic updates at the server.

Secure dynamic update does not prevent new records from being created or added to a zone, but it does restrict who is given default permissions to update or modify records.

Problem #7: Zone Delegation FailuresDescription of Problem

Use of zone delegation appears to be broken.


Cause of Problem

Zone delegations are not configured correctly.

Resolution of Problem

Review how zone delegations are utilized and revise configurations as needed.

For each sub-domain delegated to its own zone, the parent zone needs to have delegation records added to it. Use the New Delegation Wizard to simplify the addition of these records.

Problem #8: Zone Transfer FailuresDescription of Problem

DNS zone transfers are not occurring or are incomplete.



DNS service stopped or the zone is paused.


Verify that the master and secondary servers involved with the transfer of the zone are both started and that the zone is not paused at either server.


DNS servers involved with the transfer do not have network connectivity with each other.


Using the ping command, ping each server by its IP address from its remote counterpart.


The serial number is the same at both the source and destination servers. Therefore, a zone transfer will not occur.




To change the zone serial number, perform the following:



3. On the left-tree view, expand Forward Lookup Zones.

4. Select the applicable zone.


6. On the Zone Property page, select the State of Authority (SOA) tab.

7. Click the Increment box to increment the serial number.

After the zone serial number has been successfully incremented, initiate a zone transfer from the master at the secondary server.


The zone has resource records or other data that cannot be interpreted by the DNS server.


Verify that the zone does not contain incompatible data, such as unsupported resource record types or data errors.

Verify that the server is configured to prevent loading a zone when bad data is found:




4. Click the Advanced tab.

5. In Server options box, verify that Fail on load if bad zone data is checked.

6Appendix

DNS Log Events—ID CodesThe audit logging behavior discussed in this chapter applies only to the DNS Service provided with Windows Server 2003 and replaces the previous DNS logging behavior used in earlier versions of Windows NT Server.

The following is a partial list of events that may be recorded in the DNS server log.

Event ID

Description

2 The DNS server has started.

This message generally appears at startup when either the server computer is started or the DNS Server service is manually started. For more information, see To start or stop a DNS server.

3 The DNS server has shut down.

This message generally appears when either the server computer is shut down or the DNS Server service is stopped manually.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_DNS_pro_StartStopServer.asp

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_DNS_pro_StartStopServer.asp

Event ID

Description

408

The DNS server could not open socket for address [IPaddress]. Verify that this is a valid IP address for the server computer.

To correct the problem, you can do the following:

If the specified IP address is not valid, remove it from the list of restricted interfaces for the server and restart the server. For more information, see To restrict a DNS server to listen only on selected addresses.

If the specified IP address is no longer valid and was the only address enabled for the DNS server to use, the server might not have started as a result of this configuration error. To correct this problem, delete the following value from the registry and restart the DNS server:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters\ListenAddress

If this is a valid IP address for the server computer, verify that no other application that would attempt to use the same DNS server port (such as another DNS server application) is running. By default, DNS uses TCP port 53.

413

The DNS server will send requests to other DNS servers on a port other than its default port (TCP port 53).

This DNS server is multi-homed and has been configured to restrict DNS Server service to only some of its configured IP addresses. For this reason, there is no assurance that DNS queries made by this server to other remote DNS servers will be sent using one of the IP addresses enabled for the DNS server.

This might prevent query answer responses returned by these servers from being received on the DNS port that the server is currently configured to use. To avoid this problem, the DNS server sends queries to other DNS servers using an arbitrary non-DNS port, and the response is received regardless of the IP address used.

If you want to limit the DNS server to using only its configured DNS port for sending queries to other DNS servers, use the DNS console to perform one of the following changes in the server properties configuration on the Interfaces tab:

● Select All IP addresses to enable the DNS server to listen on all configured server IP addresses.

● Or, if you continue to select and use Only the following IP addresses, limit the IP address list to a single server IP address.

For more information, see To restrict a DNS server to listen only on selected addresses.

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_DNS_pro_RestrictInterfaces.asp





Event ID

Description

414

The server computer currently has no primary DNS suffix configured. Its DNS name is currently a single label host name. For example, its currently configured name is "host" rather than "host.example.microsoft.com" or another fully qualified name.

While the DNS server has only a single label name, default resource records created for its configured zones use only this single label name when mapping the host name for this DNS server. This can lead to incorrect and failed referrals when clients and other DNS servers use these records to locate this server by name.

In general, the DNS server should be reconfigured with a full DNS computer name appropriate for its domain or workgroup use on your network. For more information, see To configure the primary DNS suffix for a client computer.

708

The DNS server did not detect any zones of either primary or secondary types. It will run as a caching-only server.

A DNS server that does not host any DNS zones but performs name resolution and stores the results in its cache will not be authoritative for any zones.

For more information, see Using caching-only servers.

3150

The DNS server wrote a new version of zone [zonename] to file [filename]. You can view the new version number by clicking the Record Data tab.

This event should appear only if the DNS server is configured to operate as a root server. For more information, see DNS-related files.

6527

Zone [zonename] expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone. The zone has been shut down.

This event ID might appear when the DNS server is configured to host a secondary copy of the zone from another DNS server acting as its source or master server. Verify that this server has network connectivity to its configured master server.

If the problem continues, consider one or more of the following actions:

Delete the zone and recreate it, specifying either a different master server or an updated and corrected IP address for the same master server.

For more information, see Add and remove zones.

If zone expiration continues, consider adjusting the expire interval.

For more information, see To adjust the expire interval for a zone.

For more information, see Understanding zones and zone




http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_DNS_pro_WorkingWithZonesNode.asp

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_DNS_add_RelatedFiles.asp

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_DNS_add_RelatedFiles.asp

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_DNS_imp_CachingOnlyServers.asp

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_DNS_pro_ConfigClientPrimarySuffix.asp

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/proddocs/entserver/sag_DNS_pro_ConfigClientPrimarySuffix.asp

Event ID

Description

transfer.



dns operational guide

Documents