At one time or another, most of us have typed a universal resource locator (URL) to get to one of our favorite Web sites. But, before you can view the Web site stored on a Web server, the name you typed must be resolved to an IP address, and this is where DNS servers come into play. You have more than likely at some point heard the term Fully Qualified Domain Name (FQDN) . An FQDN consists of a hostname and a domain name. It uniquely identifies a host within a DNS hierarchy. For example, www.bayside.net is an FQDN. Every FQDN is broken down into different levels. In the preceding example, .net is the top-level domain and bayside is the second-level domain. The top-level domain normally identifies the type of organization, such as a government organization (gov) or an educational organization (edu). The second-level domain indicates a specific domain, and the third level can indicate a specific host within that domain. In any case, DNS servers are used to resolve FQDNs to IP addresses. There are two processes that DNS can use to resolve queries: recursive and iterative . With a recursive query, the DNS client requires the DNS server to respond with the IP address of the request or an error message that the requested name does not exist. The DNS server cannot refer the client to another DNS server if it is unable to map the request to an IP address. When a DNS server receives a recursive request, it queries other DNS servers until it finds the information or until the query fails. With an iterative query, the DNS server uses zone information and its cache to return the best possible answer to the client. If the DNS server does not have the requested information, it can refer the client to another DNS server. For example, when a DNS client enters www.bayside.net into a browser, the following process occurs:
Now that you have a general idea of what happens when a DNS client attempts to connect to another computer using a hostname, you can take a look at how the DNS service is installed. Installing DNSDNS can be installed in several ways. It can be added during the installation of Windows 2000, after installation using the Configure Your Server option located on the Start menu, or through the Control Panel. The only real requirement for installing DNS is Windows 2000 Server, although, if you are using Dynamic Host Configuration Protocol (DHCP) on the network, it's generally a good idea to configure the DNS server with a static IP address instead of a DHCP client. To install the DNS Server service using the Control Panel, perform the following steps:
Windows 2000 DNS Server RolesAfter you've installed the DNS service, you can configure the server in one of three main roles. The role the server plays depends on the configuration of zone files and how they are maintained . (Zone files are discussed later in the chapter.) The three main DNS server configuration roles are as follows :
Keep in mind when you are planning server roles that a single DNS server can perform multiple roles. For example, a DNS server can be the primary server for one zone and at the same time be a secondary server to another DNS server. Caching-Only ServerAll DNS servers maintain a cache.dns file that contains a list of all Internet root servers. Any time a DNS server resolves a hostname to an IP address, the information is added to the cache file. The next time a DNS client needs to resolve the hostname, the information can be retrieved from the cache as opposed to the Internet. Caching-only servers do not contain any zone information, which is the main difference between primary and secondary DNS servers. The main purpose of a caching-only server (other than providing name resolution) is to build the cache file as names are resolved. They resolve hostnames, cache the information, and return the results to the client. Because these servers hold no zone information, hostnames are either resolved from the cache or another DNS server is required to resolve them. Caching-only servers are useful when you need to reduce network traffic. Again, because there is no zone information, there is no zone transfer traffic generated. Hostname traffic is also reduced as the cache file is built up.
Primary ServerA primary DNS server hosts the working copy of a zone file. If you need to make changes to the zone file, it must be done from the server that is designated as the primary server for that zone. For those of you who are familiar with Windows NT 4.0, this is similar to how the Primary Domain Controller (PDC) maintains the working copy of the directory database. Once a server is configured as a primary DNS server for a zone, it is said to be authoritative for that domain. Also, a single DNS server can be the primary DNS server for multiple zones.
Secondary ServerA secondary server gets all its zone information from a master DNS server. The secondary DNS server hosts a read-only copy of the zone file, which it gets from the primary server or another secondary DNS server. Through a process known as a zone transfer the master DNS server sends a copy of the zone file to the secondary server.
For example, if Server2 is configured as a secondary server for bayside.net , Server2 would get all its zone information from Server1, the primary DNS server for the zone. Any changes that need to be made to the zone file would have to be performed on Server1. The updated zone file would then be copied to Server2. As already mentioned, a DNS server can be both a primary and a secondary server at the same time. Using this example, Server2 could also be configured as the primary server for riverside.net , and to provide fault tolerance for the zone file, Server1 could be configured as a secondary server for this zone. Secondary DNS servers provide the following benefits:
Windows 2000 DNS Interoperability with Non-Microsoft DNS ServersIt is worth discussing briefly how Windows 2000 interoperates with non-Microsoft DNS servers for both exam and on-the-job success. In a perfect world, every network would run one platform throughout the network. However, most networks run a mixture of platforms from Microsoft to Unix to Linux to take advantage of different features provided by each platform. This means there's a good chance that your Windows 2000 DNS servers might need to interoperate with other types of DNS servers. To interoperate with a Windows 2000 DNS server, the non-Microsoft DNS server must support SRV records (which are used to locate servers running the Netlogon service). Windows 2000 DNS servers, Windows NT 4.0 DNS servers (with Service Pack 4 or later), and BIND 4.9.6 (or later) DNS servers all support the SRV records. Although support for dynamic updates is not required to interoperate with a Windows 2000 DNS server, it does eliminate the need of having to manually enter SRV records. Windows 2000 DNS and BIND 8.1.3 both support dynamic updates. There might be cases in which you need to integrate Windows 2000 DNS into an existing DNS infrastructure. Once DNS is installed on a Windows 2000 Server, a subdomain from the existing DNS server can be delegated to the new Windows 2000 DNS server (delegation is covered later in the chapter and entails making another DNS server authoritative for a portion of the DNS namespace). For example, for an existing domain called bayside.net , a subdomain called Win2k.bayside.net can be configured and delegated to the Windows 2000 DNS server. This means the Windows 2000 DNS server will be authoritative over the subdomain and will be responsible for resolving queries within the local domain. To ensure name resolution outside the local domain, the Windows 2000 DNS server can be configured to use one of the existing DNS servers from the parent domain as a forwarder. This way, any queries outside the scope of the local domain are sent to one of the main DNS servers.
|