Windows NT TCP/IP Network Administration Craig Hunt & Robert Bruce Thompson First Edition October 1998 ISBN: 1-56592-377-4, 503 pages Windows NT TCP/IP Network Administration is a complete guide to setting up and running a TCP/IP network on Windows NT. It starts with the fundamentals - the protocols, routing, and setup. Beyond that, it covers all the important networking services provided as part of Windows NT, including IIS, RRAS, DNS, WINS, and DHCP. This book is the NT administrator's indispensable guide. Table of Contents Preface 1 1. Overview of TCP/IP 5 TCP/IP and the Internet A Data Communications Model TCP/IP Protocol Architecture Network Access Layer Internet Layer Transport Layer Application Layer Summary 2. Delivering the Data 19 Addressing, Routing, and Multiplexing The IP Address Subnets The Routing Table Address Resolution Protocols, Ports, and Sockets Summary 3. Network Services 35 Names and Addresses The Host Table LMHOSTS Domain Name System Windows Internet Name Service Mail Services Dynamic Host Configuration Protocol Summary 4. Getting Started 53 To Connect or Not to Connect Basic Information Planning Routing Planning Naming Service Other Services Informing the Users Summary 5. Installing TCP/IP 67 Windows NT Networking Configuring the TCP/IP Protocol Summary 6. Using Dynamic Host Configuration Protocol 85 Why DHCP Is Needed How DHCP Works Planning for DHCP Installing the DHCP Server Service Installing and Configuring the DHCP Relay Agent Managing DHCP with DHCP Manager Maintaining and Troubleshooting DHCP Server Summary Table of Contents (cont...) 7. Using Windows Internet Name Service 111 Why WINS Is Needed How WINS Works Installing the WINS Server Service Managing WINS with WINS Manager Troubleshooting WINS Summary 8. Configuring DNS Name System 138 The Microsoft DNS Server Planning Your DNS Service Installing the DNS Server The DNS Manager Creating a New Zone Building the DNS Database The DNS Files Using nslookup Summary 9. Microsoft Routing and Remote Access Service 156 Routing and Remote Access Service Features Installing Microsoft Routing and RAS Administering Microsoft Routing and RAS Using Dial-Up Networking (DUN) Summary 10. Internet Information Server (IIS) 194 IIS Components Installing IIS Configuring IIS Managing IIS Summary 11. Troubleshooting TCP/IP 247 Approaching a Problem Diagnostic Tools Testing Basic Connectivity Troubleshooting Network Access Checking Routing Checking Name Service Analyzing Protocol Problems Protocol Case Study Simple Network Management Protocol Summary 12. Network Security 270 Security Planning Firewalls Encryption User Authentication Software Security Security Monitoring File Security Words to the Wise Summary Table of Contents (cont...) 13. Information Resources 290 The World Wide Web Anonymous FTP Retrieving RFCs Mailing Lists Newsgroups The White Pages Summary A. PPP Scripting Languages 302 B. DNS Resource Records 312 C. Microsoft DHCP Option Support 323 D. Routing Protocols 329 Colophon 336 Description Windows NT TCP/IP Network Administration is a complete guide to setting up and running a TCP/IP network on Windows NT. Windows NT and TCP/IP have long had a close association, and this is the first book to focus exclusively on NT networking with TCP/IP. It starts with the fundamentals--what the protocols do and how they work, how addresses and routing move data through the network, and how to set up your network connection. Beyond that, all the important networking services provided as part of Windows NT - including IIS, RRAS, DNS, WINS, and DHCP - are presented in detail. This book is the NT administrator's indispensable guide. Contents include: • Overview • Delivering the data • Network services • Getting started • Installing and configuring NT TCP/IP • Using Dynamic Host Configuration Protocol • Using Windows Internet Name Service • Using Domain Name Service • Configuring Email Service • Using Microsoft routing • Using Remote Access Service • Troubleshooting TCP/IP • Network Security • Internet Information Server • Appendixes on the TCP/IP commands, PPP script language reference, and DNS resource records Windows NT TCP/IP Network Administration Preface The protocol wars are over and TCP/IP won. TCP/IP is now universally recognized as the preeminent communications protocol for linking diverse computer systems. The importance of interoperable data communications and global computer networks are no longer debated. But that was not always the case. A few years ago things were different. IPX was far and away the leading PC communications protocol. Microsoft did not bundle communications protocols in their operating systems. Corporate networks were so dependent on SNA that many corporate network administrators had not even heard of TCP/IP. Back then it was necessary to tout the importance of TCP/IP by pointing out that it was used on thousands of networks and hundreds of thousands of computers. How times have changed! Today we count the hosts and users connected to the Internet in the tens of millions. And the Internet is only the tip of the TCP/IP iceberg. The largest market for TCP/IP is in the corporate intranet. An intranet is a private TCP/IP network used to disseminate information within the enterprise. Today, the competing network technologies have shrunk to niche markets where they fill special needs, while TCP/IP has grown to be the communications software that links the world. Windows NT and TCP/IP have a close association. Windows NT was the first Microsoft operating system that included TCP/IP as part of the basic system. And TCP/IP has been a part of NT from the very first release of the operating system. The availability of TCP/IP for Windows NT has helped to make NT a popular choice as a network server. The acceptance of TCP/IP as a worldwide standard and the size of its global user base have created an explosion of books about TCP/IP and the Internet. Today, NT administrators can choose from a large number of books that have TCP/IP and the Internet as a theme. However, there are still too few books that concentrate on what an NT system administrator really needs to know about TCP/IP administration and too many books that try to tell you how to surf the Web. In this book we strive to keep focused on TCP/IP and NT, and not to be distracted by the phenomenon of the Internet. This book is the combined effort of Craig Hunt and Robert Bruce Thompson. Craig is an expert on TCP/IP and is the author of the best-seller TCP/IP Network Administration. Robert is an expert on Windows NT. He is the author of several books, three of which are books on Windows NT including the recently released Windows NT Server 4.0 for NetWare Administrators. This new book is the Windows NT version of TCP/IP Network Administration: the book that Byte magazine called "the definitive volume on the subject" of creating your own TCP/IP network. If you're familiar with that book you will see the similarities, particularly in the background material about the TCP/IP protocols. However, all of the examples are Windows NT-specific. On the other hand, this new book is much more than an NT version of an existing book. Extensive amounts of Windows NT-specific material have been added. Coverage of NetBIOS, Windows Internet Name Service (WINS), Routing and Remote Access Service (RRAS), Internet Information Server (IIS), and Microsoft's implementations of Domain Name Service (DNS) and Dynamic Host Configuration Protocol (DHCP) all combine to make this a unique book in its own right. The combination of Windows NT and TCP/IP expertise provides the perfect blend for a book about TCP/IP for Windows NT. This book covers the issues that are most important to the Windows NT system administrator who is building a TCP/IP network. The use of Windows NT systems to provide TCP/IP network services is growing rapidly. This book provides practical, detailed TCP/IP network information for the NT system administrator. It is a book about building your own network based on TCP/IP and NT servers. It is both a tutorial covering the why and how of TCP/IP networking and a reference providing the details about specific network programs. pa ge 1 Windows NT TCP/IP Network Administration Audience This book is intended for everyone who has an NT computer connected to a TCP/IP network. This obviously includes the network managers and the system administrators who are responsible for setting up and running computers and networks, but the audience also includes any user who wants to understand how a computer communicates with other systems. The distinction between a system administrator and an end-user is a fuzzy one. You may think of yourself as an end-user, but if you have an NT workstation on your desk, you're probably also involved in system administration tasks. We assume that you have a good understanding of computers and their operation, and that you're generally familiar with NT system administration. In recent years there has been a rash of books for "dummies" and "idiots." If you really think of yourself as an "idiot" when it comes to NT, this book is not for you. Likewise, if you are a network administration genius, this book is probably not suitable. However, if you fall anywhere in between these two extremes, this book has something to offer you. Conventions This book uses the following typographical conventions: Italic is used for the names of files, directories, host names, domain names, URLs, and to emphasize new terms when they are first introduced. bold is used for command names. constant-width is used to show the contents of files or the output from commands. constant-bold is used in examples to show commands or text that would be typed literally by you. constant-italic is used in examples to show variables for which a context-specific substitution should be made. (The variable filename, for example, would be replaced by some actual filename.) [ option ] When showing command syntax, we place optional parts of the command within brackets. For example, ls [ -l ] means that the -l option is not required. pa ge 2 Windows NT TCP/IP Network Administration Organization This book is divided into three parts: fundamental concepts, tutorial, and reference. The first three chapters are a basic discussion of the TCP/IP protocols and services. This discussion provides the fundamental concepts necessary to understand the rest of the book. The remaining chapters provide a how-to tutorial. Chapter 4 and Chapter 5 discuss how to plan a network installation and configure the basic software necessary to get a network running. Chapter 6 through Chapter 10 discuss how to set up various important network services. The final chapters, Chapter 11 through Chapter 13, cover how to perform the ongoing tasks that are essential for a reliable network: troubleshooting, security, and keeping up with changing network information. This book contains the following chapters: Chapter 1 gives the history of TCP/IP, a description of the structure of the protocol architecture, and a basic explanation of how the protocols function. Chapter 2 describes addressing, and how data passes through a network to reach the destination. Chapter 3 discusses the relationship between clients and server systems, and the various services that are central to the function of a modern internet. Chapter 4 begins the discussion of network setup and configuration. This chapter discusses the preliminary configuration planning needed before you configure the systems on your network. Chapter 5 provides details of how NT TCP/IP is installed and configured. This chapter describes the various dialogues used to configure TCP/IP, and the meaning and use of all of the configuration choices available in those dialogues. Chapter 6 describes how to install and configure the Windows NT DHCP server. Chapter 7 describes how to administer the WINS name server program that converts NetBIOS computer names to Internet addresses. Chapter 8 describes how to configure the Microsoft DNS name server program that converts TCP/IP host names to IP addresses. Chapter 9 describes how to install and configure the RRAS software that permits a Windows NT server to run a wide variety of TCP/IP routing protocols. In addition to providing advanced routing support, RRAS is used to turn an NT server into a PPP server for remote dial-up Internet access. RRAS also provides the security protocols needed to create encrypted connections. Chapter 10 describes how to install and configure the IIS software. IIS is the heart of any Internet server built on a Windows NT system. The Internet Information Server software provides Web services, an FTP server, an SMTP email server, and more. Chapter 11 tells you what to do when something goes wrong. It describes the techniques and tools used to monitor the system and troubleshoot it when problems develop. Chapter 12 discusses how to live on the Internet without excessive risk. This chapter covers the security threats brought by the network, and the plans and preparations you can make to meet them. Chapter 13 describes the information resources available on the Internet and how you can make use of them. Appendix A is a reference guide to the scripting language used on a Windows NT system to create dial- up serial connections for PPP. Appendix B is a reference for the records used to build a Domain Name Service database. Appendix C is a reference for the configuration parameters that a Dynamic Host Configuration Protocol (DHCP) server can provide to configure a client. Appendix D provides a detailed description of the interior routing protocols most commonly used on enterprise networks. pa ge 3 Windows NT TCP/IP Network Administration Acknowledgments In addition to thanking the O'Reilly production folks, who are listed individually in the Colophon, we want to thank Mark Friedman, who reviewed most of the manuscript and made numerous helpful corrections and suggestions. We would also like to thank Cricket Liu for his help in improving the DNS material. No one knows DNS better than Cricket! Their efforts allowed us to catch and fix outright errors and ambiguous statements that would otherwise have appeared in print. Any errors that remain are ours alone. We also want to single out one of our technical reviewers for special thanks. AEleen Frisch, the author of several O'Reilly Unix and Windows NT books, went far above and beyond the call of duty. In addition to devoting a great deal of time and effort to doing a detailed technical review, AEleen made many valuable suggestions about the overall content and structure of the book. This is a better book because she took the time to help us make it so. Finally, we want to thank our editor, Robert Denn. Robert initiated the project, drove it through the rough patches, and co-ordinated the work of two authors who had not worked together previously. Robert is the best editor that any author could hope for. Without his efforts, you would not be reading this book. We'd Like to Hear from You We have tested and verified the information in this book to the best of our ability, but you may find that features have changed (which may in fact resemble bugs). Please let us know about any errors you find, as well as your suggestions for future editions, by writing to: O'Reilly & Associates, Inc. 101 Morris Street Sebastopol, CA 95472 1-800-998-9938 (in U.S. or Canada) 1-707-829-0515 (international/local) 1-707-829-0104 (fax) You can also send us messages electronically. To be put on our mailing list or request a catalog, send email to: • [email protected] To ask technical questions or comments on the book, send email to: • [email protected] If you want to contact one of us directly, we can be reached at: • [email protected] • [email protected] We also have a web site for the book, where we'll list errata and plans for future editions: • http://www.ttgnet.com/rbt/books/nttcp/nttcp_error.html pa ge 4