Microsoft windows 2000 DNS manual DNS Fundamentals

Page 7

DNS FUNDAMENTALS

The designers of the Microsoft ® Windows® 2000 operating system chose the

 

Domain Name System (DNS) as the name service for the operating system.

 

Windows 2000 Server includes an IETF standard-based Domain Name System

 

Server. Because it is RFC compliant it is fully compatible with any other RFC

 

compliant DNS servers. Use of the Windows 2000 Domain Name System server is

 

not mandatory. Any DNS Server implementation supporting Service Location

 

Resource Records (SRV RRs, as described in an Internet Draft “A DNS RR for

 

specifying the location of services (DNS SRV)”) and Dynamic Update (RFC2136) is

 

sufficient to provide the name service for Windows 2000–based computers1.

 

However, because this implementation of DNS is designed to fully take advantage

 

of the Windows 2000 Active Directory® service, it is the recommended DNS server

 

for any networked organization with a significant investment in Windows or extranet

 

partners with Windows-based systems. For example, while conventional DNS

 

Servers use single-master replication, Windows 2000 DNS can be integrated into

 

Active Directory service, so that it uses the Windows 2000 multi-master replication

 

engine. (Note that the Active Directory supports multi-master replication.) In this

 

way, network managers can simplify system administration by not having to

 

maintain a separate replication topology for DNS.

 

DNS in Windows 2000 provides a unique DNS Server implementation that is fully

 

interoperable with other standards-based implementations of DNS Server. Some

 

special interoperability issues are discussed later in this paper.

 

The purpose of this document is to assist network architects and administrators in

 

planning the Windows 2000 Active Directory service DNS deployment strategy. It

 

covers the design, implementation, and migration issues that need to be considered

 

when rolling out a scalable and robust DNS solution as a global name service.

 

While this paper assumes familiarity with DNS, it provides a quick overview of the

 

DNS basics in ”DNS Fundamentals”. The Windows 2000 implementation of DNS

 

supports various new features (as compared to Windows NT® 4.0 operating

 

system) described in ”New Features of the Windows 2000 DNS.” It includes the

 

description of Active Directory integration and incremental zone transfer (IXFR),

 

dynamic (including secure) update and Unicode character support, enhanced

 

Domain Locator, caching resolver service and DNS Manager. It provides the

 

detailed overview of the name resolution process. It also describes the support for

 

secure DNS management. It includes an overview of the various issues associated

 

with designing namespace for the Active Directory. It includes integration of Active

 

Directory with existing DNS structure and migration to the Windows 2000

 

implementation of DNS, design of the private namespaces and necessary DNS

 

support.

1Berkeley Internet Name Domain - BIND 8.1.1 DNS Server implementation supports both SRV RRs and Dynamic Update, but it dumps core when Windows 2000-based clients send certain updates to it. 8.1.2 is the first BIND version that works reliably.

Windows 2000 White Paper

1

Image 7
Contents Windows 2000 DNS Microsoft Corporation. All rights reserved Contents Designing a DNS Namespace for the Active Directory Summary Page DNS Fundamentals Standards and Additional Reading Name Services in WindowsDraft-skwan-gss-tsig-04.txt GSS Algorithm for Tsig GSS-TSIG History of DNSHierarchy of DNS Domain Names Structure of DNSDNS and Internet Int/net/orgCom Edu Gov Mil Army Microsoft Mit MydomainDistributing the Database Zone Files and Delegation TTLMicrosoft My domain ftp Ntserver Replicating the DNS databaseQuerying the Database NEW Features of the Windows 2000 DNSName Server Resolver Root-server Gov Whitehouse.gov Time to Live for Resource Records Updating the DNS DatabaseActive Directory Storage and Replication Integration Active Directory Service Storage ModelWindows 2000 White Paper Replication Model Controlling Access to ZonesZone Type Conversions Protocol Description Incremental Zone TransferSlave DNS Server Ixfr and DS Integration Dynamic UpdateZone Log File Master DNS ServerDynamic Update of DNS Records Update AlgorithmDhcp Client Mixed EnvironmentClient Reregistration Statically Configured ClientSecure Dynamic Update RAS ClientEstablishing a security context by passing security tokens Secure Dynamic Update Policy Controlling Update Access to Zones and Names DnsUpdateProxy GroupAging and Scavenging DNS Admins GroupAging and Scavenging Parameters DefaultEnableScavenging Scavenging Period DescriptionRecord Life Span Scavenging Algorithm Configuring Scavenging ParametersInteroperability Considerations Unicode Character SupportDomain Locator Finish IP/DNS Compatible Locator DNS Record Registration and Resolver RequirementsLdap.tcp.dc.msdcs.DnsDomainName Kerberos.tcp.dc.msdcs.DnsDomainName IP/DNS DC Locator Algorithm Finish Discovering Site specific DCsCaching Resolver Fully-Qualified Query Name ResolutionUnqualified Single-Label Query Using Global Suffix Search OrderUnqualified Multi-Label Query Using Primary and Per-adapter Domain NamesUnqualified Single-Label Query Scenarios Name Resolution ScenariosNegative Caching Fully-Qualified Query ScenariosMicrosoft Implementation of Negative Caching DNS Server List ManagementWMI Support for DNS Server Administration Administrative ToolsDNS Manager Using Wins and Winsr Records Interoperability IssuesUsing UTF-8 Characters Format Receiving Non-RFC Compliant Data DNS Server PerformanceUtilization Hardware components Sizing Server Capacity PlanningChoosing Names Internet Access ConsiderationsWindows 2000 White Paper Windows 2000 White Paper Windows 2000 White Paper VPN Com Yyy.com Zzz.com Windows 2000 White Paper Primary Zone YYY corporation ZZZ corporation VPN Firewall Computer Names Characters in NamesPer-Adapter Naming Full computer nameIntegrating ADS with Existing DNS Structure Domain name and sites. Active Directory domain name DNS Migration to Windows 2000 DNSPartitioning, and Replication Choosing your Zones Deploying DNS to Support Active DirectoryWins Referral Using Automatic ConfigurationIxfr Ixfr For More InformationWindows 2000 White Paper