One of the major changes to Windows 2000 is its reliance on DNS as a locator service ”not just for the traditional servers and hosts , but also for operating system services such as Kerberos and the Lightweight Directory Access Protocol (LDAP). Under Windows NT, NetBIOS name services are used instead of DNS. A NetBIOS name is a 16-character string, in which the first 15 characters identify the computer and the 16th character contains a hexadecimal value identifying specific services. A Microsoft networking host computer would register itself with one or more NetBIOS service records, using the 16th character of the NetBIOS name to identify the services available on that particular machine. But reliance on NetBIOS has been one of the major criticisms of Windows NT over the years , and Microsoft has moved to reduce the need for NetBIOS in Windows 2000. As a result, Windows 2000 and Active Directory depend on a reliable DNS infrastructure for proper operation. Although NetBIOS naming is retained in Windows 2000 for backward-compatibility with older Microsoft operating systems such as NT and Windows 98, DNS has become the primary name resolution mechanism. Domains and computers are given DNS names, with NetBIOS names derived from their DNS counterparts. Previously, computer or domain names could be almost anything as long as all names were unique, but Windows 2000 forces a more standardized naming approach. Names must conform to DNS standards, as spelled out in RFCs 1034, 1035, and 1123 ” especially in organizations where Microsoft and non-Microsoft DNS servers will coexist. Naming standards are discussed later in this chapter. Microsoft first included an "official" DNS server component with the release of NT 4. The Windows 2000 DNS implementation is a far more ambitious product. With an eye toward supporting the needs of Active Directory and an enterprise-wide deployment of Windows 2000 servers and workstations, Microsoft has added a slew of features to its new DNS, including the following:
Only one of these technologies is required by Windows 2000, namely SRV record support. The SRV records replace the NetBIOS service registration records found in Windows NT, and they provide some additional functionality as well. Windows 2000 hosts use site SRV records to locate nearby servers and resources, thus minimizing wide area network traffic. Although not mandatory, dynamic update capability is very strongly recommended on primary DNS servers. When a Windows 2000 server is being promoted to domain controller (DC), it registers a large number of SRV records during the process. These records must be manually entered into DNS if dynamic update capabilities are not available on the primary DNS server. Delegation of the Active Directory zones to Windows 2000 DNS servers can provide a workaround in this case, however. Finally, it is not even necessary to use Windows 2000 DNS. You can instead use Berkeley Internet Name Daemon (BIND), the most prevalent Unix-based DNS service. Many versions of BIND are available; these are discussed in the following sections. As is the case with much of Active Directory design, a successful implementation starts with an analysis of the business requirements of an organization. Let's look into some of the business needs that influence the DNS and AD designs. |