The Domain Name System (DNS) is a staple of the public Internet and is the name resolution system of choice for both large and small networks. DNS is a directory of IP addresses and their corresponding hostnames, much like a phonebook in functionality. However, DNS is more complex than a phonebook and it stores many types of mappings as well as information on services provided by servers on your network.
Whereas Windows NT relied on the Windows Internet Naming Service (WINS) for name resolution, Windows 2000 and Windows Server 2003 depend on DNS. In fact, DNS is required for anyone that wants to use Active Directory—DNS lies at the heart of Active Directory, and they’re inseparable. WINS is obsolesced if you have an Active Directory network with all machines running Windows 2000 or later and DNS-aware applications.
In this chapter, I’ll discuss the fundamentals of DNS, its structure, and the various types of data it supports and requires, and then I’ll proceed through installing and configuring a Windows DNS server and describe how you can integrate it with Active Directory.
Let’s go through the basic building blocks of DNS first before we break into more advanced concepts. I’m going to provide you with a very fundamental, introductory look at DNS, and then in the following sections I’ll break down each part with more detailed explanations and examples. Think of this as an abstract or executive summary, just so we’re all on the same page before I move on to more technical topics.
The main premise of
DNS is to provide name resolution services—that is, to resolve
friendly textual hostnames to their associated IP addresses. DNS is
the de facto standard for name resolution on the Internet and in
modern networks that use TCP/IP as the transmission protocol. DNS is
based on domains, which are simply textual names that refer to
computers. There are top-level domains (TLDs), including some that
are probably familiar to you: .COM, .NET, .ORG, and the like. There
are also second-level domains, which are less inclusive and usually
take the form of
name.tld. For example, my
domain is jonathanhassell.com. O’Reilly has a domain
name of oreilly.com. CNN’s domain is
Politically, there is an organization called ICANN, short for the Internet Consortium of Assigned Names and Numbers, which keeps track of all the top-level domains. This keeps utter confusion from breaking out when thousands upon thousands of top-level domains might be issued. Individuals and businesses are allowed to register second-level domain names beneath top-level domains—hasseltech.net, for example.
DNS resolves names based on zones. Zones
contain information on computers, services, and IP addresses for a
collection of computers. Zones typically correspond to DNS domains,
but they certainly do not have to. The DNS server or servers in a
zone that contain a readable and writeable copy of the zone file
(which contains all that information on computers, services, and
addresses) is considered to be
You must have at least one authoritative server per zone for DNS to
function. Any other DNS servers within this zone are considered to be
secondary servers, meaning they hold only a readable copy of the DNS
Finally, there are two types of zones:
forward lookup zones, which resolve hostnames to
IP addresses, and
reverse lookup zones, which do
the opposite and resolve IP addresses to hostnames. Reverse lookup
zones fall under a special top-level domain named in-addr.arpa, which
ordinary users and clients never see in the course of their
Now, let’s take a closer look at these elements of DNS.