Windows Server 2008 – DNS
The principles for DNS in Windows Server 2008 are much the same as they were for Windows Server 2003.
Active Directory absolutely requires DNS. In particular, Active Directory relies on DNS to find resources such as Global Catalog and Kerberos. In Windows Server 2008, DNS combines support for standard DNS protocols with the benefits of integration with Active Directory Domain Services (AD DS).
DNS enables we humans to use meaningful names such as ‘BigServer’ instead of pure dot decimal IP addresses. (Or colon hex numbers for IPv6). The DNS server responds to requests from clients such as XP or Vista to provide the IP address associated with a mail or web server’s DNS domain name. The beauty of DNS is that it’s scaleable because the domain names can be organized into a hierarchy.
Practical Tasks for DNS in Windows Server 2008
Your first decision is one of approach. Do you take the simplistic approach? In which case accept the defaults and go with the simple choices. When you create a Domain Controller (see Add roles) it is automatically configured to use the appropriate DNS servers for name resolution.
This method either works incredibly easily, or else it goes spectacularly wrong; in which case you have to go back to the drawing board, and probably you should ask for guidance from someone who has installed and configured DNS before.
The other approach is to practice with DNS on a test network, have one hand on the keyboard and the other hand thumbing a text book.
For both approaches, the first task is plan your names. What will be the name of your Active Directory domain? Will it be the same name as your DNS domain?
The second task is to install the DNS service. Start with the Server Manager, and the Add roles and let the wizard install and configure the DNS role.
Wherever possible choose Active Directory Integrated DNS. Microsoft Active Directory, working with Microsoft DNS must be better than mixing Microsoft AD with UNIX DNS.
Mr Average and Mr In-a-Hurry do not need to study DNS in depth. It’s near enough the same as DNS in Windows Server 2003. The main thing to know is that Microsoft’s Windows Server 2008 DNS is compliant with RFC (Refer For Comments) standards, for example RFC 2136 for Dynamic DNS.
SolarWinds’ Config Generator is a free tool, which puts you in charge of controlling changes to network routers and other SNMP devices. Boost your network performance by activating network device features you’ve already paid for.
Guy says that for newbies the biggest benefit of this free tool is that it will provide the impetus for you to learn more about configuring the SNMP service with its ‘Traps’ and ‘Communities’. Try Config Generator now – it’s free!
What’s New In Windows Server 2008’s DNS
The best feature of DNS in Windows Server 2008 is that it’s ready for IPv6. For example it can handle the 32 hex digits in the IP address. Furthermore it employs the quad-A (AAAA) resource records for forward name resolution. While reverse lookup is handled by the new IP6.ARPA domain.
You may have read else where about the new Windows Server 2008 RODC Read Only Domain Controller. The implications for DNS are that these servers hold a read only copy of the ForestDNSZones, and DomainDNSZones.
Link-local multicast name resolution is an intelligent system whereby Vista clients and W2K3 member servers can resolve names on the local subnet even when the DNS server is down.
This is a new way for Vista clients to contact their local Domain Controller. Principally a mechanism for laptops. With XP laptops could get ‘locked on’ to a distant server, when the laptop returns to base it still fixates on the distant DC. With Vista, it occasionally tries to find the nearest DC, thus breaking an inappropriate 20 hop link with a distant DC when there is a perfectly good Domain Controller in the same building.
Windows Server 2008 loads Active Directory in the background, this helps DNS servers with zillions of records who reboot often. While this is progress, I wonder how common that scenario of frequent reboots and lots of zone records is?
GlobalNames Zone (GNZ)
Is a way of incorporating WINS resolution within DNS. My mate ‘Mad’ Mick says, ‘Those bright enough to figure out GlobalNames are bright enough to have phased out WINS’. However, if you are a techie genius who is weighted down by old applications that rely on NetBIOS over TCP/IP then you can add appropriate single-label records as CNAME records in DNS. The idea of GlobalNames is to replace the static WINS records for mail servers or possibly web servers.
Should you need to experiment with GlobalNames, then you need to create a particular zone, this is how you perform the action from the command-line:
Dnscmd ServerName /config /Enableglobalnamessupport 1
Alternatively, you could use the DNS GUI and create a zone called precisely: GlobalNames (not case sensitive).
Once you have created this special zone called GlobalNames, then add CNAMES which point to the FQDN of the appropriate mail or web server.
Useful DNS Features First Introduced in W2K3 (Windows Server 2003)
DNS Integrated with Active Directory
The biggest breakthrough with DNS was to integrate its database with that of Active Directory. This made it much easier to replicate. This integration started in Windows 2000 and there have been minor advancements in Windows Server 2003 and now in Server 2008. e.g RODC, Security and new site location flags.
DNS Stub Zones
A stub zone holds a copy of only the resource records that are necessary to identify the authoritative (child) DNS servers for that zone. The idea is to help maintain DNS name-resolution efficiency.
Dynamic Update Protocol
Clients such as XP and Vista can tell the DNS Server service to dynamically update their resource records. Dynamic DNS (DDNS) introduces the one good feature of WINS into DNS. The result is no need to manually update DNS ‘A’ Host records.
Incremental Zone Transfer (IXFR)
These days we take for granted the idea of only updating records that have changed. However, back in NT 4.0 days one change in a host record resulted the whole of the DNS database being replicated. Very inefficient.
Here is another efficient idea if the server does not have a record for a specific domain, it forwards the request onto a server that is authoritative for that domain. Requests for other domains would not be treated in this way, hence Conditional Forwarding.
If you like this page then please share it with your friends