Microsoft windows 2000 DNS manual Statically Configured Client, RAS Client, Client Reregistration

Page 24

client’s PTR RR. Also, the DHCP server will remove the corresponding A records if configured to ”Discard forward lookups when leases expire.”

Statically Configured Client

A statically configured client does not communicate with the DHCP server and dynamically updates both A and PTR RRs every time it boots up, changes its IP address or per-adapter domain name.

RAS Client

A RAS client behaves in the same manner as a statically configured client in that no interaction occurs between the client and the DHCP server. The client is responsible for dynamically updating both A and PTR RRs. The RAS client attempts to delete both records before closing the connection, but the records remain stale if the update failed for some reason (for example, the DNS server was not running at that time). The records also remain stale if the line goes down unexpectedly. In these cases a RAS server attempts deregistration of the corresponding PTR record.

Client Reregistration

One of the benefits of Dynamic Update is its ability to reregister RRs in DNS, which provides a certain level of fault tolerance in case some records in a zone become corrupted. DHCP server automatically reregisters the DNS records that it registered upon renewal of the lease. The Windows 2000-based clients reregister their DNS records every 24 hours. This value could be changed by specifying REG_DWORD DefaultRegistrationRefreshInterval value under the HKLM\System\ CurrentControlSet\Services\Tcpip\Parameters registry key.

Note: When a client registers in DNS, the associated RRs include TTL, which by default is set to 20 minutes. This can be changed by specifying REG_DWORD DefaultRegistrationTtl value under the HKLM\System\CurrentControlSet\ Services\Tcpip\Parameters registry key.

Dealing with Name Conflicts

If, during Dynamic Update registration, a client discovers that its name is already registered in DNS with an IP address that belongs to some other machine, by default the client deletes the existing registration and registers its own RRs in its place. By using the appropriate registry key, this behavior may be disabled and the client will back out of the registration process and log the error in the Event Viewer. The first scenario allows you to remove stale records, but is vulnerable to malicious attacks. The second scenario has opposite effect. The problem of deletion of existing records when name collision takes place is resolved by using Secure Dynamic Updates (described in the next section). In this case only the owner of the existing record can update it.

Secure Dynamic Update

The DS integrated zones may be configured to use a Secure Dynamic Update. Access Control Lists, as mentioned in “Controlling Access to Zones,” specify the list of groups or users allowed to update resource records in such zones. The Windows 2000 DNS implementation of the Secure Dynamic Update is based on the

Windows 2000 White Paper

18

Image 24
Contents Windows 2000 DNS Microsoft Corporation. All rights reserved Contents Designing a DNS Namespace for the Active Directory Summary Page DNS Fundamentals Name Services in Windows Standards and Additional ReadingHistory of DNS Draft-skwan-gss-tsig-04.txt GSS Algorithm for Tsig GSS-TSIGStructure of DNS Hierarchy of DNS Domain NamesInt/net/org Com Edu Gov Mil Army MicrosoftMit Mydomain DNS and InternetTTL Distributing the Database Zone Files and DelegationReplicating the DNS database Microsoft My domain ftp NtserverNEW Features of the Windows 2000 DNS Querying the DatabaseName Server Resolver Root-server Gov Whitehouse.gov Updating the DNS Database Time to Live for Resource RecordsActive Directory Service Storage Model Active Directory Storage and Replication IntegrationWindows 2000 White Paper Controlling Access to Zones Replication ModelZone Type Conversions Incremental Zone Transfer Protocol DescriptionDynamic Update Zone Log FileMaster DNS Server Slave DNS Server Ixfr and DS IntegrationUpdate Algorithm Dynamic Update of DNS RecordsMixed Environment Dhcp ClientStatically Configured Client Secure Dynamic UpdateRAS Client Client ReregistrationEstablishing a security context by passing security tokens Secure Dynamic Update Policy DnsUpdateProxy Group Controlling Update Access to Zones and NamesDNS Admins Group Aging and ScavengingAging and Scavenging Parameters DefaultEnableScavenging Description Scavenging PeriodRecord Life Span Configuring Scavenging Parameters Scavenging AlgorithmUnicode Character Support Interoperability ConsiderationsDomain Locator Finish DNS Record Registration and Resolver Requirements IP/DNS Compatible LocatorLdap.tcp.dc.msdcs.DnsDomainName Kerberos.tcp.dc.msdcs.DnsDomainName IP/DNS DC Locator Algorithm Discovering Site specific DCs FinishCaching Resolver Name Resolution Fully-Qualified QueryUsing Global Suffix Search Order Unqualified Single-Label QueryUsing Primary and Per-adapter Domain Names Unqualified Multi-Label QueryName Resolution Scenarios Unqualified Single-Label Query ScenariosFully-Qualified Query Scenarios Microsoft Implementation of Negative CachingDNS Server List Management Negative CachingAdministrative Tools WMI Support for DNS Server AdministrationDNS Manager Interoperability Issues Using Wins and Winsr RecordsUsing UTF-8 Characters Format DNS Server Performance Receiving Non-RFC Compliant DataUtilization Server Capacity Planning Hardware components SizingInternet Access Considerations Choosing NamesWindows 2000 White Paper Windows 2000 White Paper Windows 2000 White Paper VPN Com Yyy.com Zzz.com Windows 2000 White Paper Primary Zone YYY corporation ZZZ corporation VPN Firewall Characters in Names Computer NamesFull computer name Per-Adapter NamingIntegrating ADS with Existing DNS Structure Domain name and sites. Active Directory domain name Migration to Windows 2000 DNS DNSDeploying DNS to Support Active Directory Partitioning, and Replication Choosing your ZonesUsing Automatic Configuration Wins ReferralIxfr For More Information IxfrWindows 2000 White Paper