Chapter 6. Managing Name Resolution

Terms you need to understand:

DNS
Forward lookup zones
Reverse lookup zones
Conditional forwarding
Secure dynamic updates
AD-integrated zone
Stub zone
Round robin

Techniques you need to master:

Installing DNS
Creating forward lookup zones
Creating reverse lookup zones
Configuring DNS conditional forwarding
Configuring DNS zones
Creating DNS stub zones
Managing a DNS server

Windows Server 2003 makes a major leap forward using Domain Name System (DNS) for name resolution! Windows 2000 and Windows 2003 domain controller (DC) servers use DNS to dynamically register their information in Active Directory (AD). Active Directory doesn't work without DNS. Network clients including Windows 2000 Server, Windows 2000 Professional clients, Windows XP Professional clients , and other machines running Windows Server 2003 that are part of the domain query Windows 2003 AD-integrated servers to find AD information.

Windows NT Server previously relied on the Windows Internet Name Service (WINS) to resolve computer or NetBIOS names into IP addresses. DNS resolves Internet domain names into IP addresses. The Internet uses DNS servers exclusively for name resolution.

Windows Server 2003, like Windows 2000 Server, supports four types of DNS servers: primary, secondary, AD-integrated, and caching-only. One primary DNS server is designated for each zone and is authoritative for that zone. Creating your first zone installs a primary DNS server. The primary server hosts the DNS resource record database and is the contact for all secondary DNS servers in the subnet on your network. Secondary DNS servers contain a read-only copy of the primary server's database. The Refresh interval sets the interval at which the secondary servers query the primary server. If the primary server has a higher serial number, the secondary servers will pull a copy of the changes to the database based on the "up-to-datedness" vectors. You can set the primary to send changes immediately by using the Notify feature on the Zone Transfers tab.

You should always install a secondary DNS server for load-balancing. If the primary server fails, it's only a matter of time (default to 1 day) before the secondary will fail as well. On the other hand, Active Directory “integrated zones do provide for fault tolerance because all AD zones are primary. The only way to add more primary servers is to convert them into Active Directory “integrated servers.

Caching-only DNS servers do not host zones and are not authoritative for the domain. They build and maintain a list of domain names and IP addresses learned from DNS forwarders. These are set on the server Properties tabs and can be made conditional forwarders in Windows Server 2003. Caching-only DNS servers are well suited for branch or remote office locations where creating a new domain or subnet isn't feasible .

Active Directory “integrated DNS servers are primary servers in a sense. Each AD domain DNS server uses AD replication and maintains a database that is part of Active Directory's database information.

To increase fault tolerance on your AD domain, install a second AD-integrated server. If one AD-integrated DNS server fails, the remaining AD-integrated DNS server takes over.

This chapter shows you how to install DNS by using the Manage Your Server tool. You also learn how to configure DNS server options and DNS forwarding, as well as create and configure forward and reverse lookup zones. Configuring zone options, zones for secure dynamic update, and Active Directory “integrated zones are discussed.

Two new DNS features added to Windows Server 2003, conditional forwarding and stub zones, are analyzed in detail. Finally, managing a DNS server, including zone settings, record settings, and server options are examined in this chapter.