Installing the DNS Server Service

At one time or another, most of us have typed a universal resource locator (URL) to get to one of our favorite Web sites. But, before you can view the Web site stored on a Web server, the name you typed must be resolved to an IP address, and this is where DNS servers come into play.

You have more than likely at some point heard the term Fully Qualified Domain Name (FQDN) . An FQDN consists of a hostname and a domain name. It uniquely identifies a host within a DNS hierarchy. For example, www.bayside.net is an FQDN. Every FQDN is broken down into different levels. In the preceding example, .net is the top-level domain and bayside is the second-level domain. The top-level domain normally identifies the type of organization, such as a government organization (gov) or an educational organization (edu). The second-level domain indicates a specific domain, and the third level can indicate a specific host within that domain. In any case, DNS servers are used to resolve FQDNs to IP addresses.

There are two processes that DNS can use to resolve queries: recursive and iterative . With a recursive query, the DNS client requires the DNS server to respond with the IP address of the request or an error message that the requested name does not exist. The DNS server cannot refer the client to another DNS server if it is unable to map the request to an IP address. When a DNS server receives a recursive request, it queries other DNS servers until it finds the information or until the query fails.

With an iterative query, the DNS server uses zone information and its cache to return the best possible answer to the client. If the DNS server does not have the requested information, it can refer the client to another DNS server.

For example, when a DNS client enters www.bayside.net into a browser, the following process occurs:

1. A DNS request is sent to the local DNS server. This might be a DNS server on the client's local network or a DNS server at the client's Internet service provider (ISP).

2. Before forwarding the request to a root server, the DNS server checks its local cache to determine whether the name has recently been resolved. If there is an entry in the local cache, the IP address is returned to the client.

3. If no entry exists in the cache for the hostname, the request is sent to a root name server.

4. The root name server refers the request to a name server responsible for the first-level domain within the hostname. For example, the root name server would refer the request to the bayside.net DNS server.

5. The request is referred to second-level DNS servers, and then third-level DNS servers, until one of them can resolve the request to an IP address and return the results to the client.

Now that you have a general idea of what happens when a DNS client attempts to connect to another computer using a hostname, you can take a look at how the DNS service is installed.

Installing DNS

DNS can be installed in several ways. It can be added during the installation of Windows 2000, after installation using the Configure Your Server option located on the Start menu, or through the Control Panel. The only real requirement for installing DNS is Windows 2000 Server, although, if you are using Dynamic Host Configuration Protocol (DHCP) on the network, it's generally a good idea to configure the DNS server with a static IP address instead of a DHCP client.

To install the DNS Server service using the Control Panel, perform the following steps:

1. Click Start, point to Settings, and click Control Panel.

2. Double-click the Add/Remove Programs applet. Click Add/Remove Windows Components .

3. Select Networking Services and click the Details button.

4. From the list of components, select Domain Name System. Click OK. Click Next .

5. After the necessary files are copied , click OK.

Windows 2000 DNS Server Roles

After you've installed the DNS service, you can configure the server in one of three main roles. The role the server plays depends on the configuration of zone files and how they are maintained . (Zone files are discussed later in the chapter.) The three main DNS server configuration roles are as follows :

• Caching-only server

• Primary server

• Secondary server

Keep in mind when you are planning server roles that a single DNS server can perform multiple roles. For example, a DNS server can be the primary server for one zone and at the same time be a secondary server to another DNS server.

Caching-Only Server

All DNS servers maintain a cache.dns file that contains a list of all Internet root servers. Any time a DNS server resolves a hostname to an IP address, the information is added to the cache file. The next time a DNS client needs to resolve the hostname, the information can be retrieved from the cache as opposed to the Internet.

Caching-only servers do not contain any zone information, which is the main difference between primary and secondary DNS servers. The main purpose of a caching-only server (other than providing name resolution) is to build the cache file as names are resolved. They resolve hostnames, cache the information, and return the results to the client. Because these servers hold no zone information, hostnames are either resolved from the cache or another DNS server is required to resolve them.

Caching-only servers are useful when you need to reduce network traffic. Again, because there is no zone information, there is no zone transfer traffic generated. Hostname traffic is also reduced as the cache file is built up.

It's important to understand when caching-only servers should be implemented. Caching-only servers are useful when there are remote locations that have slow WAN links. Configuring a caching-only server in these locations can reduce network traffic that would normally be generated between primary and secondary DNS servers, and speed up hostname resolution once the cache file is established.

Primary Server

A primary DNS server hosts the working copy of a zone file. If you need to make changes to the zone file, it must be done from the server that is designated as the primary server for that zone. For those of you who are familiar with Windows NT 4.0, this is similar to how the Primary Domain Controller (PDC) maintains the working copy of the directory database. Once a server is configured as a primary DNS server for a zone, it is said to be authoritative for that domain. Also, a single DNS server can be the primary DNS server for multiple zones.

A zone file contains the resource records for a portion of the DNS namespace. Resource records map hostnames to IP addresses. Both of these topics are covered later in the chapter.

Secondary Server

A secondary server gets all its zone information from a master DNS server. The secondary DNS server hosts a read-only copy of the zone file, which it gets from the primary server or another secondary DNS server. Through a process known as a zone transfer the master DNS server sends a copy of the zone file to the secondary server.

Previous implementations of DNS supported only full transfers, in which an update to the zone file resulted in the entire zone database being transferred to the secondary servers. Windows 2000 supports incremental zone transfers, so the secondary servers can synchronize their zone files by pulling only the changes. This results in less network traffic.

For example, if Server2 is configured as a secondary server for bayside.net , Server2 would get all its zone information from Server1, the primary DNS server for the zone. Any changes that need to be made to the zone file would have to be performed on Server1. The updated zone file would then be copied to Server2. As already mentioned, a DNS server can be both a primary and a secondary server at the same time. Using this example, Server2 could also be configured as the primary server for riverside.net , and to provide fault tolerance for the zone file, Server1 could be configured as a secondary server for this zone.

Secondary DNS servers provide the following benefits:

• Fault Tolerance Because the secondary server has a copy of the zone file, name resolution can continue if the primary DNS server is unavailable.

• Reduction in Name Resolution Traffic Secondary servers can be placed in remote locations with a large number of users. Clients can then resolve hostnames locally instead of having to contact a primary DNS server using a WAN link.

• Load Balancing Name resolution services for a zone can be provided by the secondary server as well, thereby reducing the load placed on the primary DNS server.

Windows 2000 DNS Interoperability with Non-Microsoft DNS Servers

It is worth discussing briefly how Windows 2000 interoperates with non-Microsoft DNS servers for both exam and on-the-job success. In a perfect world, every network would run one platform throughout the network. However, most networks run a mixture of platforms from Microsoft to Unix to Linux to take advantage of different features provided by each platform. This means there's a good chance that your Windows 2000 DNS servers might need to interoperate with other types of DNS servers.

To interoperate with a Windows 2000 DNS server, the non-Microsoft DNS server must support SRV records (which are used to locate servers running the Netlogon service). Windows 2000 DNS servers, Windows NT 4.0 DNS servers (with Service Pack 4 or later), and BIND 4.9.6 (or later) DNS servers all support the SRV records.

Although support for dynamic updates is not required to interoperate with a Windows 2000 DNS server, it does eliminate the need of having to manually enter SRV records. Windows 2000 DNS and BIND 8.1.3 both support dynamic updates.

There might be cases in which you need to integrate Windows 2000 DNS into an existing DNS infrastructure. Once DNS is installed on a Windows 2000 Server, a subdomain from the existing DNS server can be delegated to the new Windows 2000 DNS server (delegation is covered later in the chapter and entails making another DNS server authoritative for a portion of the DNS namespace). For example, for an existing domain called bayside.net , a subdomain called Win2k.bayside.net can be configured and delegated to the Windows 2000 DNS server. This means the Windows 2000 DNS server will be authoritative over the subdomain and will be responsible for resolving queries within the local domain.

To ensure name resolution outside the local domain, the Windows 2000 DNS server can be configured to use one of the existing DNS servers from the parent domain as a forwarder. This way, any queries outside the scope of the local domain are sent to one of the main DNS servers.

You can enable forwarders and configure the IP address of the DNS server to which non-local queries should be sent through the Properties window for the DNS server.