Understanding DNS

DNS organizes groups of computers into domains . These domains are organized into a hierarchical structure, which can be defined on an Internet-wide basis for public networks or on an enterprise-wide basis for private networks (also known as intranets and extranets). The various levels within the hierarchy identify individual computers, organizational domains, and top-level domains. For the fully qualified host name omega.microsoft.com, omega represents the host name for an individual computer, microsoft is the organizational domain, and com is the top-level domain.

Top-level domains are at the root of the DNS hierarchy and are therefore also called root domains . These domains are organized geographically , by organization type, and by function. Normal domains, such as microsoft.com, are also referred to as parent domains . They're called parent domains because they're the parents of an organizational structure. Parent domains can be divided into subdomains, which can be used for groups or departments within an organization.

Subdomains are often referred to as child domains . For example, the fully qualified domain name (FQDN) for a computer within a human resources group could be designated as jacob.hr.microsoft.com. Here, jacob is the host name, hr is the child domain, and microsoft.com is the parent domain.

Integrating Active Directory and DNS

As stated in Chapter 6 , "Using Active Directory," Active Directory domains use DNS to implement their naming structure and hierarchy. Active Directory and DNS are tightly integrated, so much so that you must install DNS on the network before you can install Active Directory.

During installation of the first domain controller on an Active Directory network, you'll have the opportunity to automatically install DNS if a DNS server can't be found on the network. You'll also be able to specify whether DNS and Active Directory should be integrated fully. In most cases you should respond affirmatively to both requests . With full integration, DNS information is stored directly in Active Directory. This allows you to take advantage of Active Directory's capabilities. The difference between partial integration and full integration is very important:

• Partial integration

  With partial integration, the domain uses standard file storage. DNS information is stored in text-based files that end with the .dns extension, and the default location of these files is %SystemRoot%\System32\ Dns. Updates to DNS are handled through a single authoritative DNS server. This server is designated as the primary DNS server for the particular domain or area within a domain called a zone . Clients that use dynamic DNS updates through DHCP must be configured to use the primary DNS server in the zone. If they aren't, their DNS information won't be updated. Likewise, dynamic updates through DHCP can't be made if the primary DNS server is offline.

• Full integration

  With full integration, the domain uses directory-integrated storage. DNS information is stored directly in Active Directory and is available through the container for the dnsZone object. Because the information is part of Active Directory, any domain controller can access the data and a multimaster approach can be used for dynamic updates through DHCP. This allows any domain controller running the DNS Server service to handle dynamic updates. Furthermore, clients that use dynamic DNS updates through DHCP can use any DNS server within the zone. An added benefit of directory integration is the ability to use directory security to control access to DNS information.

When you look at the way DNS information is replicated throughout the network, you also see advantages to full integration with Active Directory. With partial integration, DNS information is stored and replicated separately from Active Directory. By having two separate structures, you reduce the effectiveness of both DNS and Active Directory and make administration more complex. Because DNS is less efficient than Active Directory at replicating changes, you might also increase network traffic and the amount of time it takes to replicate DNS changes throughout the network.

Enabling DNS on the Network

To enable DNS on the network, you need to configure DNS clients and servers. When you configure DNS clients, you tell the clients the IP addresses of DNS servers on the network. Using these addresses, clients can communicate with DNS servers anywhere on the network, even if the servers are on different subnets.

When the network uses DHCP, you should configure DHCP to work with DNS. To do this, you need to set the DHCP scope options 006 DNS Servers and 015 DNS Domain Name as specified in the section entitled "Setting Scope Options" in Chapter 18 , "Running DHCP Clients and Servers."

Additionally, if computers on the network need to be accessible from other Active Directory domains, you need to create records for them in DNS. DNS records are organized into zones, where a zone is simply an area within a domain.