What s New with Windows Server 2003 DNS

What's New with Windows Server 2003 DNS

DNS is certainly not a new service in Windows Server 2003, but it has undergone some changes from both Windows 2000 and Windows NT 4.0. The following list summarizes some of the major changes in DHCP in Windows Server 2003 from Windows 2000 Server and Windows NT 4.0:

• Integrated zones With the Windows Server 2003 DNS server service, you can integrate DNS into Active Directory, and resource records are stored in Active Directory and can be updated by any DC running DNS. This integration is a proprietary feature of the Windows Server DNS, but it can yield a much more secure, robust, and fault-tolerant implementation than standard DNS. Integrated zone files appear in Windows 2000 Server.

• Incremental zone transfers The standard model for DNS zone transfers is to transfer the entire zone whenever an update is made. Transferring entire zones is very inefficient. Windows Server 2003 DNS allows secondary servers to request incremental updates, which contain changes that have occurred only since the last transfer. Incremental zone transfers first appear in Windows 2000 Server.

• Secure DNS updates Changes to records in a zone can be restricted to those coming only from trusted sources.

• DNS/DHCP integration The power of DDNS lies in its integration of DHCP with DNS. Any Windows Server 2003 DHCP client computer is automatically added to the DNS table at the time that its IP address is issued. DNS/DHCP integration first appears in Windows 2000 Server.

• Support for stub zones A stub zone contains only those resource records that are necessary to identify the authoritative DNS servers for that zone.

• Conditional forwarding Conditional forwarding allows administrators to direct DNS requests to other DNS servers based on domain. Previous versions of Microsoft DNS would support only one forwarder, so if forwarding were enabled, all requests would be sent to a single server. Conditional forwarding is used frequently when you want requests made to the internal network to be forwarded to a master DNS server that stores internal DNS zones, but you want to have resolution requests that are made to Internet domains sent to the Internet by using the standard resolution process.

• Enhanced debug logging The Windows Server 2003 DNS service offers extremely detailed debug logging for advanced DNS troubleshooting.

• DNS security (DNSSEC) extensions In keeping with Microsoft's secure computing initiatives, Windows Server 2003 DNS provides basic support for the DNSSEC extensions defined in RFC 2535.

• Additional round-robin DNS capabilities Round-robining of all resource record types is supported under Windows Server 2003 DNS. This additional functionality first appears in Windows 2000 Server.

• Support for application directory partitions An application directory partition stores dynamic, application-specific data. An application directory partition can store any type of object except security principals and is not replicated to the global catalog. Replication of application directory partitions can be tightly controlled, and application directory partitions can be replicated only to a Windows Server 2003 DC.

Exam Alert: Active Directory Relies on DNS

Because Active Directory relies completely on DNS for name resolution and the Active Directory structure is also modeled on DNS, you can expect DNS to make a very good topic for exam questions.