book

DNS on Windows Server 2003, 3rd Edition

by Cricket Liu, Matt Larson, Robbie Allen

December 2003

Intermediate to advanced

416 pages

13h 50m

English

O'Reilly Media, Inc.

Read now

Unlock full access

A Note Regarding Supplemental Files
Preface
Versions
What’s New in This Edition
Organization
Audience
Obtaining the Example Programs
Viewing Microsoft Knowledge Base Articles
Conventions Used in This Book
Using Code Examples

How to Contact Us
Quotations
Acknowledgments
1. Background
1.1. A (Very) Brief History of the Internet
1.2. On the Internet and Internets
1.2.1. The History of the Domain Name System
1.3. The Domain Name System in a Nutshell
1.4. The History of the Microsoft DNS Server
1.5. Must I Use DNS?
1.5.1. If You’re Connected to the Internet . . .
1.5.2. If You Have Your Own TCP/IP-Based Internet . . .
1.5.3. If You Have Your Own Local Area Network or Site Network . . .
2. How Does DNS Work?
2.1. The Domain Namespace
2.1.1. Domain Names
2.1.2. Domains
2.1.3. Resource Records
2.2. The Internet Domain Namespace
2.2.1. Top-Level Domains
2.2.1.1. Country-code top-level domains2.2.1.2. New top-level domains
2.2.2. Further Down
2.2.3. Reading Domain Names
2.3. Delegation
2.4. Name Servers and Zones
2.4.1. Delegating Subdomains
2.4.2. Types of Name Servers
2.4.3. Datafiles
2.5. Resolvers
2.6. Resolution
2.6.1. Root Name Servers
2.6.2. Recursion
2.6.3. Iteration
2.6.4. Choosing Between Authoritative Name Servers
2.6.5. The Whole Enchilada
2.6.6. Mapping Addresses to Names
2.7. Caching
2.7.1. Time to Live
3. Where Do I Start?
3.1. Which Name Server?
3.1.1. Getting the DNS Server
3.1.2. Handy Mailing Lists and Usenet Newsgroups
3.1.3. Finding IP Addresses
3.2. Choosing a Domain Name
3.2.1. On Registrars and Registries
3.2.2. Where in the World Do I Fit?
3.2.2.1. whois
3.2.3. Back in the U.S.A.
3.2.3.1. The generic top-level domains3.2.3.2. Choosing a registrar
3.2.4. Checking That Your Network Is Registered
3.2.5. Registering Your Zones
4. Setting Up the Microsoft DNS Server
4.1. Our Zone
4.2. Installing the Microsoft DNS Server
4.2.1. Active Directory
4.3. The DNS Console
4.4. Setting Up DNS Data
4.4.1. Adding a New Server to the DNS Console
4.4.2. Creating a New Zone
4.4.2.1. The SOA record4.4.2.2. The NS record4.4.2.3. The A record
4.4.3. Creating a New Reverse-Mapping Zone
4.4.4. Adding Resource Records
4.4.4.1. Aliases4.4.4.2. One more note about PTR records
4.4.5. Where Is All This Information Stored?
4.4.6. The Zone Datafiles
4.4.6.1. Contents of movie.edu.dns4.4.6.2. Contents of 249.249.192.in-addr.arpa.dns4.4.6.3. Contents of 253.253.192.in-addr.arpa.dns
4.4.7. Zone Datafile Format
4.4.7.1. Appending domains4.4.7.2. @ notation4.4.7.3. Repeat last name
4.4.8. The Loopback Address
4.4.9. The Root Hints Data
4.5. Running a Primary Master Name Server
4.5.1. Starting and Stopping the DNS Server
4.5.2. Check the Event Log for Messages and Errors
4.5.3. Testing Your Setup with nslookup
4.5.3.1. Look up a local name4.5.3.2. Look up a local address4.5.3.3. Look up a remote name4.5.3.4. One more test
4.6. Running a Secondary Name Server
4.6.1. Add a New Server to the DNS Console
4.6.2. Create a New Zone
4.6.3. Add an NS Record for the New Secondary Name Server
4.6.4. Don’t Forget the in-addr.arpa Zones!
4.6.5. SOA Values
4.7. Adding More Zones
4.8. DNS Properties
4.8.1. Resource Record Properties
4.8.2. Zone Properties
4.8.3. Server Properties
4.9. What Next?
5. DNS and Electronic Mail
5.1. MX Records
5.2. Adding MX Records with the DNS Console
5.3. What’s a Mail Exchanger, Again?
5.4. The MX Algorithm
5.5. DNS and Exchange
6. Configuring Hosts
6.1. The Resolver
6.2. Resolver Configuration
6.2.1. DNS Suffix
6.2.2. Search List
6.2.2.1. Setting the search list manually
6.2.3. Name Servers to Query
6.2.3.1. Query behavior
6.3. Advanced Resolver Features
6.3.1. Caching
6.3.2. Subnet Prioritization
6.4. Other Windows Resolvers
6.4.1. Windows 95
6.4.2. Windows 98
6.4.3. Windows NT 4.0
6.5. Sample Resolver Configurations
6.5.1. Remote Name Server
6.5.2. Local Name Server
7. Maintaining the Microsoft DNS Server
7.1. What About Signals?
7.2. Logging
7.3. Updating Zone Data
7.3.1. Adding and Deleting Resource Records by Hand
7.3.2. SOA Serial Numbers
7.3.3. Additional Records
7.3.3.1. General text information7.3.3.2. Responsible Person
7.3.4. Keeping cache.dns Current
7.4. Zone Datafile Controls
7.4.1. Changing the Origin in a Datafile
7.4.2. Including Other Datafiles
7.4.3. Keeping Everything Running Smoothly
7.4.4. Common Event Log Messages
7.4.5. Understanding Name Server Statistics
7.5. Aging and Scavenging
7.5.1. Configuring Aging and Scavenging
7.5.2. When Scavenging Occurs
7.5.3. Other Notes on Aging and Scavenging
8. Integrating with Active Directory
8.1. Active Directory Domains
8.1.1. Domains, Domain Trees, and Forests
8.1.2. Domain Models
8.1.3. Three Options for the Root Domain Name
8.1.3.1. Same name as an existing DNS domain8.1.3.2. Subdomain of an existing DNS domain8.1.3.3. Disjoint or private name
8.2. Storing Zones in Active Directory
8.2.1. The Impact on Replication
8.2.2. Using Application Partitions
8.2.3. Securing Dynamic Updates
8.3. DNS as a Service Location Broker
8.3.1. The SRV Resource Record
8.3.2. DC Locator
8.3.3. Resource Records Used by Active Directory
9. Growing Your Domain
9.1. How Many Name Servers?
9.1.1. Where Do I Put My Name Servers?
9.1.2. Capacity Planning
9.2. Adding More Name Servers
9.2.1. Active Directory Integration
9.2.2. Secondary Servers
9.2.3. Caching-Only Servers
9.2.4. Partial-Secondary Servers
9.3. Registering Name Servers
9.4. Changing TTLs
9.4.1. Changing Other SOA Values
9.5. Planning for Disasters
9.5.1. Outages
9.5.2. Recommendations
9.6. Coping with Disaster
9.6.1. Long Outages (Days)
9.6.2. Really Long Outages (Weeks)
10. Parenting
10.1. When to Become a Parent
10.2. How Many Children?
10.3. What to Name Your Children
10.4. How to Become a Parent: Creating Subdomains
10.4.1. Creating a Subdomain in the Parent’s Zone
10.4.2. Creating and Delegating a Subdomain
10.4.2.1. An fx.movie.edu secondary10.4.2.2. On the movie.edu primary master name server10.4.2.3. Delegating an in-addr.arpa zone10.4.2.4. Adding a movie.edu secondary
10.5. Subdomains of in-addr.arpa Domains
10.5.1. Subnetting on an Octet Boundary
10.5.2. Subnetting on a Nonoctet Boundary
10.5.2.1. Class A and B networks10.5.2.2. /24 (Class C-sized) networks10.5.2.2.1. Solution 110.5.2.2.2. Solution 210.5.2.2.3. Solution 3
10.6. Good Parenting
10.6.1. Using DNSLint
10.6.2. Managing Delegation
10.6.2.1. Managing delegation with stubs
10.7. Managing the Transition to Subdomains
10.7.1. Removing Parent Aliases
10.8. The Life of a Parent
11. Advanced Features and Security
11.1. New Ways to Make Changes
11.1.1. Dynamic Update
11.1.2. NOTIFY (Zone Change Notification)
11.1.3. Incremental Zone Transfer
11.1.4. More Efficient Zone Transfers
11.2. WINS Linkage
11.2.1. Configuring WINS Lookup
11.2.2. Using WINS Lookup and WINS Reverse Lookup
11.3. Building Up a Large, Sitewide Cache with Forwarders
11.3.1. A More Restricted Forwarding Name Server
11.4. Load Sharing Between Mirrored Servers
11.5. The ABCs of IPv6 Addressing
11.5.1. IPv6 Forward and Reverse Mapping
11.6. Securing Your Name Server
11.6.1. Preventing Unauthorized Zone Transfers
11.6.2. Disabling Recursion on Delegated Name Servers
12. nslookup and dig
12.1. Is nslookup a Good Tool?
12.1.1. Multiple Servers
12.1.2. Timeouts
12.1.3. The Search List
12.1.4. Zone Transfers
12.1.5. Using NetBIOS Names
12.2. Interactive Versus Noninteractive
12.3. Option Settings
12.4. Avoiding the Search List
12.5. Common Tasks
12.5.1. Looking Up Different Data Types
12.5.2. Authoritative Versus Nonauthoritative Answers
12.5.3. Switching Servers
12.6. Less Common Tasks
12.6.1. Seeing the Query and Response Messages
12.6.2. Querying Like a Name Server
12.6.3. Zone Transfers
12.7. Troubleshooting nslookup Problems
12.7.1. Looking Up the Right Data
12.7.2. No PTR Data for Name Server’s Address
12.7.3. Timeouts
12.7.4. Query Refused
12.8. Best of the Net
12.9. Using dig
12.9.1. dig’s Output Format
12.9.2. Zone Transfers with dig
12.9.3. dig Options
13. Managing DNS from the Command Line
13.1. Installing the DNS Server
13.2. Stopping and Starting the DNS Server Service
13.3. Managing the DNS Server Configuration
13.3.1. dnscmd Server Commands
13.3.2. dnscmd Zone Commands
13.3.3. dnscmd Application Partition Commands
13.3.4. dnscmd Resource Record Commands
13.4. An Installation and Configuration Batch Script
13.5. Other Command-Line Utilities
13.5.1. nslookup
13.5.2. ipconfig
13.5.3. netdiag
13.5.4. dcdiag
13.5.5. DNSLint
13.5.6. dnsdiag
14. Managing DNS Programmatically
14.1. WMI and the DNS Provider
14.1.1. Quick Overview
14.2. WMI Scripting with VBScript and Perl
14.2.1. Referencing an Object
14.2.2. Enumerating Objects of a Particular Class
14.2.3. Searching with WQL
14.2.4. Authentication with WMI
14.3. Server Classes
14.3.1. Listing a Name Server’s Properties
14.3.2. Configuring a Name Server
14.3.3. Restarting the DNS Server Service
14.3.4. Putting It Together: Configuration Check Script
14.3.5. Monitoring Server Performance
14.4. Zone Classes
14.4.1. Creating a Zone
14.4.2. Configuring a Zone
14.4.3. Listing the Zones on a Server
14.5. Resource Record Classes
14.5.1. Finding Resource Records in a Zone
14.5.2. Creating Resource Records
15. Troubleshooting DNS
15.1. Is DNS Really Your Problem?
15.2. Checking the Cache
15.3. Using DNSLint
15.4. Potential Problem List
15.4.1. 1. Forget to Increment Serial Number
15.4.2. 2. Forget to Restart Primary Master Server
15.4.3. 3. Name Server Loses Manual Changes
15.4.4. 4. Secondary Server Can’t Load Zone Data
15.4.5. 5. Add Address to Zone, but Forget to Add Corresponding PTR Record
15.4.6. 6. Wrong Domain Name in RDATA of Record
15.4.7. 7. Loss of Network Connectivity
15.4.8. 8. Missing Subdomain Delegation
15.4.9. 9. Incorrect Subdomain Delegation
15.5. Interoperability Problems
15.5.1. The WINS and WINS-R Records
15.5.2. BIND Secondaries for Active Directory-Integrated Zones
15.6. Problem Symptoms
15.6.1. Can’t Look Up Local Name
15.6.2. Can’t Look Up Remote Names
15.6.3. Wrong or Inconsistent Answer
15.6.4. Lookups Take a Long Time
16. Miscellaneous
16.1. Using CNAME Records
16.1.1. CNAMEs Attached to Interior Nodes
16.1.2. CNAMEs Pointing to CNAMEs
16.1.3. CNAMEs in the Resource Record Data
16.1.4. Looking Up CNAMEs
16.1.5. Finding Out a Host’s Aliases
16.2. Wildcards
16.3. A Limitation of MX Records
16.4. DNS and Internet Firewalls
16.4.1. Types of Firewall Software
16.4.1.1. Packet filters16.4.1.2. Application gateways
16.4.2. A Bad Example
16.4.3. Internet Forwarders
16.4.3.1. The trouble with forwarding16.4.3.2. Using stub zones
16.4.4. Internal Roots
16.4.4.1. Where to put internal root name servers16.4.4.2. Forward-mapping delegation16.4.4.3. in-addr.arpa delegation16.4.4.4. The root.dns file16.4.4.5. Configuring other internal name servers16.4.4.6. How internal name servers use internal roots16.4.4.7. The trouble with internal roots
16.4.5. A Split Namespace
16.4.5.1. Configuring the bastion host
16.5. Dial-up Connections
16.5.1. Simple Dial-up
16.5.2. Dial-on-Demand
A. DNS Message Format and Resource Records
A.1. Master File Format
A.1.1. Time to Live
A.1.2. Character Case
A.1.3. Types
A.1.4. New Types from RFC 1183
A.1.5. New Types from RFC 1886
A.1.6. New Types from RFC 2052
A.1.7. Classes
A.2. DNS Messages
A.2.1. Message Format
A.2.2. Header Section Format
A.2.3. Question Section Format
A.2.4. Answer, Authority, and Additional Section Format
A.2.5. Data Transmission Order
A.3. Resource Record Data
A.3.1. Data Format
B. Converting from BIND to the Microsoft DNS Server
B.1. Step 1: Change the DNS Server Startup Method to File
B.2. Step 2: Stop the Microsoft DNS Server
B.3. Step 3: Change the Zone Datafile Naming Convention
B.4. Step 4: Copy the Files
B.5. Step 5: Get a New Root Name Server Cache File
B.6. Step 6: Restart the DNS Server
B.7. Step 7: Change the DNS Server Startup Method to Registry
C. Top-Level Domains
Index
About the Authors
Colophon
Copyright

Content preview from DNS on Windows Server 2003, 3rd Edition

Storing Zones in Active Directory

One of Microsoft’s innovative uses of Active Directory is for storing (and replicating) DNS zone data. A traditional name server stores copies of the zones it supports in files on a local disk. In this model, you have a primary master name server that replicates the zone data to secondary name servers. A secondary can process updates to a zone from its master name server in two different ways. The original method supported by DNS is zone transfer, which allows secondary name servers to request a full copy of a zone. A newer method, which is an improvement on the zone transfer process, is incremental zone transfer. With incremental zone transfer, a secondary name server can request just the updates to the zone that occurred since its last transfer.

Active Directory provides another method for replicating zone content, albeit only for name servers running on domain controllers. You can make a zone AD-integrated, which means that instead of storing zone content in text files, it is stored in the Active Directory database. This makes a lot of sense because you take advantage of Active Directory’s multimaster replication scheme, which means that any domain controller that is also a primary name server for the AD-integrated zone can update it directly, like a primary name server. With AD-integrated zones, replication is handled automatically, so you don’t need to develop your own zone transfer replication topology.

One other note about Active Directory-integrated ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0596005628Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

DNS on Windows Server 2003, 3rd Edition

by Cricket Liu, Matt Larson, Robbie Allen

Storing Zones in Active Directory

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

Windows Server 2016: Unleashed

Installing and Configuring Windows 10: 70-698 Exam Guide

Windows Server 70-741: Networking with Windows Server 2016

Mastering VMware vSphere 6.7 - Second Edition

Publisher Resources