Chapter 4. Domain Name System

The Domain Name System (DNS) is a staple of the public Internet and is the name resolution system of choice for both large and small networks. DNS is a directory of IP addresses and their corresponding hostnames, much like a phonebook in functionality. However, DNS is more complex than a phonebook and it stores many types of mappings as well as information on services provided by servers on your network.

Whereas Windows NT relied on the Windows Internet Naming Service (WINS) for name resolution, Windows 2000 and Windows Server 2003 depend on DNS. In fact, DNS is required for anyone that wants to use Active Directory—DNS lies at the heart of Active Directory, and they’re inseparable. WINS is obsolesced if you have an Active Directory network with all machines running Windows 2000 or later and DNS-aware applications.

In this chapter, I’ll discuss the fundamentals of DNS, its structure, and the various types of data it supports and requires, and then I’ll proceed through installing and configuring a Windows DNS server and describe how you can integrate it with Active Directory.

Nuts and Bolts

Let’s go through the basic building blocks of DNS first before we break into more advanced concepts. I’m going to provide you with a very fundamental, introductory look at DNS, and then in the following sections I’ll break down each part with more detailed explanations and examples. Think of this as an abstract or executive summary, just so we’re all on the same page before I move on to more technical topics.

The main premise of DNS is to provide name resolution services—that is, to resolve friendly textual hostnames to their associated IP addresses. DNS is the de facto standard for name resolution on the Internet and in modern networks that use TCP/IP as the transmission protocol. DNS is based on domains, which are simply textual names that refer to computers. There are top-level domains (TLDs), including some that are probably familiar to you: .COM, .NET, .ORG, and the like. There are also second-level domains, which are less inclusive and usually take the form of name.tld. For example, my domain is O’Reilly has a domain name of CNN’s domain is

Politically, there is an organization called ICANN, short for the Internet Consortium of Assigned Names and Numbers, which keeps track of all the top-level domains. This keeps utter confusion from breaking out when thousands upon thousands of top-level domains might be issued. Individuals and businesses are allowed to register second-level domain names beneath top-level domains—, for example.

DNS resolves names based on zones. Zones contain information on computers, services, and IP addresses for a collection of computers. Zones typically correspond to DNS domains, but they certainly do not have to. The DNS server or servers in a zone that contain a readable and writeable copy of the zone file (which contains all that information on computers, services, and addresses) is considered to be authoritative. You must have at least one authoritative server per zone for DNS to function. Any other DNS servers within this zone are considered to be secondary servers, meaning they hold only a readable copy of the DNS zone file.

Finally, there are two types of zones: forward lookup zones, which resolve hostnames to IP addresses, and reverse lookup zones, which do the opposite and resolve IP addresses to hostnames. Reverse lookup zones fall under a special top-level domain named, which ordinary users and clients never see in the course of their mainstream work.

Now, let’s take a closer look at these elements of DNS.

Get Learning Windows Server 2003 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.