DNS and Active Directory Integration

Understanding DNS Name Resolution

The DNS service provides name resolution for clients running Windows 2000. With name resolution, users can access servers by name rather than having to use IP addresses that are difficult to remember. This lesson introduces you to the name resolution process.

After this lesson, you will be able to

• Explain the name resolution process

Name Resolution

Name resolution is the process of resolving DNS names to IP addresses. Name resolution is similar to looking up a name in a telephone book, where the name is associated with a telephone number. For example, when you connect to the Microsoft Web site, you use the name www.microsoft.com. DNS resolves www.microsoft.com to its associated IP address, 207.46.130.149. The mapping of names to IP addresses is stored in the DNS distributed database.

IP Addressing

An IP address identifies each host that communicates by using TCP/IP. Each 32-bit IP address is separated internally into two parts—a network ID and a host ID.

• The network ID, also known as a network address, identifies a single network segment within a larger TCP/IP internetwork (a network of networks). All the systems that attach and share access to the same network have a common network ID within their full IP address. This ID is also used to uniquely identify each network within the larger internetwork.
• The host ID, also known as a host address, identifies a TCP/IP node (a workstation, server, router, or other TCP/IP device) within each network. The host ID for each device identifies a single system uniquely within its own network.

Reverse Lookup Query

A reverse lookup query maps an IP address to a name. Troubleshooting tools, such as the NSLOOKUP command-line utility, use reverse lookup queries to report back host names. Additionally, certain applications implement security based on the ability to connect to names, not IP addresses.

Because the DNS distributed database is indexed by name and not by IP address, a reverse lookup query would require an exhaustive search of every domain name. To solve this problem, a special second-level domain called in-addr.arpa was created.

The in-addr.arpa domain follows the same hierarchical naming scheme as the rest of the domain namespace; however, it is based on IP addresses, not domain names:

• Subdomains are named after the numbers in the dotted-decimal representation of IP addresses.
• The order of the IP address octets is reversed.
• Companies administer subdomains of the in-addr.arpa domain based on their assigned IP addresses and subnet mask.

Understanding and Configuring Zones

The DNS service allows a DNS namespace to be divided up into zones that store name information about one or more DNS domains. The zone becomes the authoritative source for information about each DNS domain name included in a zone. This lesson introduces you to DNS zones and how they are configured.

After this lesson, you will be able to

• Identify zone types
• List the benefits of Active Directory integrated zones
• Explain zone delegation
• Configure zones
• Configure Dynamic Domain Name Service (DDNS) for a zone

Zones

The DNS service provides the option of dividing up the namespace into one or more zones, which can then be stored, distributed, and replicated to other DNS servers. The DNS namespace represents the logical structure of your network resources, and DNS zones provide physical storage for these resources.

Zone Planning

When deciding whether or not to divide your DNS namespace to make additional zones, consider the following reasons to use additional zones:

• Is there a need to delegate management of part of your DNS namespace to another location or department within your organization?
• Is there a need to divide one large zone into smaller zones for distributing traffic loads among multiple servers, improve DNS name resolution performance, or create a more fault-tolerant DNS environment?
• Is there a need to extend the namespace by adding numerous subdomains at once, such as to accommodate the opening of a new branch or site?

If you can answer "yes" to one of these questions, it may be useful to add or restructure your namespace into additional zones. When choosing how to structure zones, you should use a plan that meets the needs of your organization.

Zone Type

There are three types of zones that you can configure:

• Active Directory-integrated. An Active Directory-integrated zone is the master copy of a new zone. The zone uses Active Directory to store and replicate zone files.
• Standard primary. A standard primary zone is the master copy of a new zone stored in a standard text file. You administer and maintain a primary zone on the computer on which you create the zone.
• Standard secondary. A standard secondary zone is a replica of an existing zone. Secondary zones are read-only and are stored in standard text files. A primary zone must be configured to create a secondary zone. When creating a secondary zone, you must specify the DNS server, called the master server, that will transfer zone information to the name server containing the standard secondary zone. You create a secondary zone to provide redundancy and to reduce the load on the name server containing the primary zone database file.

Master DNS Servers

For the standard secondary forward lookup zone type you must specify the DNS server(s) from which you want to copy the zone. You must enter the IP address of one or more DNS servers.

Reverse Lookup Zones

A reverse lookup zone enables reverse lookup queries. Reverse lookup zones are not required. However, a reverse lookup zone is required to run troubleshooting tools, such as NSLOOKUP, and to record a name instead of an IP address in Internet Information Services (IIS) log files.

To create a new reverse lookup zone

1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.

2. Expand the DNS server.

3. Right-click the Reverse Lookup Zone folder and click New Zone. The New Zone Wizard guides you through the process of setting up a reverse lookup zone. The wizard presents the following configuration options: Zone Type, Reverse Lookup Zone, Zone File, and Master DNS Servers.