CHAPTER 8
USING WINDOWS 2000 DOMAIN NAME SERVICE
Servers refer to their zones (also called DNS database files) to resolve names. The zones contain
resource records that comprise the resource information associated with the DNS domain. For
example, some resource records map friendly names to Internet Protocol (IP) addresses, and
others map IP addresses to friendly names. Some resource records not only include information
about servers in the DNS domain, but also server to define the domain by specifying which servers
are authoritative to which zones.
Delegating Zones
A DNS database can be partitioned into multiple zones. A zone is a portion of the DNS database that
contains the resource records with the owner names that belong to the contiguous portion of the DNS
name space. Zone files are maintained on DNS servers.
A single DNS server can be configured to host zero, one, or multiple zones. Each zone is anchored
at a specific domain name referred to as the zone’s root domain. A zone contains information about
all names that end with the zone’s root domain name. A DNS server is considered authoritative for
a name if it loads the zone containing that name.
The first record in any zone is the SOA or state of authority resource record. The SOA resource
record identifies a primary DNS name server for the zone as the best source of information for the
data within that zone and as an entity processing the updates for the zone.
Names within a zone can also be delegated to other zones. Delegation is a process of assigning
responsibility for a portion of a DNS name space to a separate entity. In technical terms, delegating
means assigning authority over portions of your DNS name space to other zones. Delegating across
multiple zones was part of the original design goal of DNS. The following list is the reasons for
delegating:
departments within an organization.
name servers to improve the name resolution performance as well as create a DNS
fault-tolerant environment.
=====================================================================
wininf8.html PAGE
2 2002/03/21
The name server’s resource records facilitate delegation by identifying DNS servers for each zone.
hey appear in all forward and reverse lookup zones.
NOTE: If multiple name server records exists for a delegated zone identifying multiple DNS servers
available for querying, the Windows 2000 DNS servers will be able to select the closest DNS server
based on the round-trip intervals measured over time for every DNS server.
Understanding DNS Zones and Domains
Domain name servers store information about part of the domain name space called a zone. The name
server is authoritative for a particular zone.
A zone is simply a portion of a domain. For example, the domain Microsoft.com may contain all of
the data for Microsoft.com, marketing.Microsoft.com and development.Microsoft.com. However,
the zone Microsoft.com contains only information for Microsoft.com and references to the
authoritative name servers for the subdomain.
The zone Microsoft.com can contain the data for subdomains of Microsoft.com if they have not
been delegated to another server. For example, marketing.Microsoft.com may manage its own
delegated zone. The parent, Microsoft.com, may manage development.Microsoft.com. If there
are no subdomains, then the zone and domain are essentially the same. In this case the zone
contains all data for the domain.
NOTE: All domains (or subdomains) that appear as part of the applicable zone delegation must be
created in the current zone prior to performing delegation as described here. As necessary, use the
DNS console to first add domains to the zone before completing this procedure.
Configuring Zones for Dynamic Update
Originally, DNS was designed to support only static changes to a zone database.
Because of the design limitations of static DNS, the ability to add, remove or modify resource
records could only be performed manually by a DNS system administrator.
Windows 2000 provides client and server support for the use of dynamic updates. Dynamic
updates enable DNS client computers to register and dynamically update their resource records
with a DNS server whenever changes occur.
=====================================================================
wininf8.html PAGE
3 2002/03/21
By default, computers that run Windows 2000 and are statically configured for TCP/IP attempt
to dynamically register host and pointer resource records for IP addresses configured and used
by their installed network connections. Dynamic updates can be sent for any of the following
reasons or events:
An IP address is added, removed, or modified in the TCP/IP properties configuration for any one
of the installed network connections.
An IP address lease changes or renews with the DHCP server any one of the installed network
connections; for example, when the computer is started or if the Ipconfig/renew command is used.
The ipconfig/registerdns command is used to manually force a refresh of the client name registration
in DNS.
When the computer is turned on.
Dynamic Update Requirements
For DNS servers, the DNS service allows dynamic updates to be enabled or disabled on a per-zone
basis at each server configured to load either a standard primary or directory-integrated zone. By
default, client computers running under any version of Windows 2000 dynamically update their host
resource records in DNS when configured for TCP/IP. When DNS zones are stored in Active
Directory, DNS is
configured by default to accept dynamic updates.
NOTE: Windows 2000 DNS servers support dynamic updates. The DNS server provided with
Windows NT Server 4.0 does not.
For a request for a dynamic update to be performed, several prerequisite conditions can be
configured. Each prerequisite must be satisfied for an update to occur.
to an update.
prior to an update.
resource record set.
For client computers to be registered and updated
dynamically with DNS server, either:
=====================================================================
wininf8.html PAGE
4 2002/03/21
Lesson Summary:
to a separate entity.
resource records with a DNS server whenever changes occur.
Lesson 2:
Working with Servers
Because DNS servers are of critical importance in most environments, it is important to continually
monitor them.
Overview of DNS Servers and Caching
As DNS servers process client queries using recursion or iteration, they discover and acquire a
significant store of information about the DNS name space. The server then caches this information.
As DNS servers make recursive queries on behalf of clients, they temporarily cache resource
records. Cached resource records contain information obtained from DNS servers that are
authoritative for DNS domain names learned while making iterative queries to search and fully
answer a recursive query performed on behalf of a client.
When information is cached, a Time to Live (TTL) value applies to all cached resource records.
As long as the TTL for a cached resource record doe not expire, a DNS server can continue to
cache and use the resource record again when answering queries by its clients that match these
resource records. By
default, the minimum TTL is 3600 seconds (1 hour), but can be adjusted
or it needed, individual caching TTLs can be set at each resource record.
Implementing a Caching-Only server
Although all DNS name servers cache queries that they have resolved, caching servers are DNS
name servers that only perform queries, cache the answers, and return the results. They are not
authoritative for any domains and the information that they contain is limited to what has been
ached while resolving queries.
=====================================================================
wininf8.html PAGE
5 2002/03/21
When a DNS server starts, it needs a list of root servers, “hints”. These hints are name server
(NS) and address (A) records for the root servers, which have historically been called the cache
file.
Monitoring DNS Server Performance
Because DNS servers are of critical importance in most environments, monitoring their performance
can provide a useful benchmark for predicting, estimating, and optimizing DNS server performance.
Windows 2000 Server provides a set of DNS server performance counters that can be used with
System Monitor to measure and monitor various aspects of server activity.
DNS Server Performance Counters
Windows 2000 Server provides a set of DNS server performance counters that can be used to
measure and monitor various aspects of server activity, such as the following:
responses processed by a DNS server.
responses that
are processed using either of these transport protocols, respectively.
and update activity generated by dynamic clients.
responses when the DNS Server service uses recursion to lookup and fully resolve
DNS names on behalf of requesting clients.
update notification activity.
Managing DNS Servers Remotely
DNS is an Internet and TCP/IP standard name service that enables a server running the DNS
service to enable client computers on your network to register and resolve DNS domain names.
With Windows Administration Tools, included on the Windows 2000 Server and Windows 2000
Advanced Server, you can manage a server remotely from any computer that is running Windows
2000.
=====================================================================
wininf8.html PAGE
5 2002/03/21
Use the MMC snap-in for managing the terminal remotely.
Lesson Summary:
servers are
DNS name servers that only perform queries, cache the answers, and return the results.
administrative console to perform tests on the DNS server.
remotely from any computer that is running Windows 2000.