Introduction


The Domain Name System (DNS) is one of the most critical services on your network. When DNS isn't working, users are unable to browse the web, send or receive email, and, in the case of Active Directory, log on to a domain. Both clients and domain controllers use DNS to locate domain controllers in a particular site or that serve a particular function. Fortunately, the Microsoft DNS Server has steadily improved over the years to the point where it is robust and reliable.

DNS has been around since the early 1980s, so it is a mature protocol. Rarely does DNS change in a significant way. However, Active Directory introduced an innovative change to how DNS data is stored. Instead of using the antiquated primary and secondary zone transfer method to replicate zone data between servers, Active Directory-integrated zones store zone data in Active Directory and take advantage of the same replication process domain controllers use to replicate data. This adds multimaster capabilities to DNS that current standards do not allow for. The one catch with Active Directory-integrated zones is that the DNS Server must run on a domain controller. Overloading DNS Server responsibilities on your domain controllers may not be something you want to do if you plan on supporting a large volume of DNS requests, but it is definitely something to consider for medium to small sites.

For more on the Microsoft DNS Server beyond what this chapter covers, I recommend DNS on Windows Server 2003 (O'Reilly). There are also numerous web sources for learning about DNS. Here are some of the ones I recommend:

  • DNS Resources Directory (http://www.dns.net/dnsrd/)

  • RFC 1032Domain Administrators Guide

  • RFC 1033Domain Administrators Operations Guide

  • RFC 1034Domain NamesConcepts and Facilities

  • RFC 1035Domain NamesImplementation and Specification

  • Kirkpatrick, Gil (CTO of Netpro). "Authentication Topology: Configure DNS SRV Records to Speed Authentication," Windows & .Net Magazine, March 2003. Available for free download from http://www.netpro.com/forum/files/Authentication_Topology.pdf.

Using a Graphical User Interface

The primary graphical user interface for managing the DNS Server is the DNS snap-in (dnsmgmt.msc). This MMC snap-in is installed under Administrative Tools when you install the DNS Server.

The DNS snap-in communicates to the DNS Server over RPC to the DNS Server service. That means if the DNS Server service is stopped, you won't be able to configure DNS using the snap-in.

The DNS snap-in works fine when you are dealing with small zones, but performance is pretty bad when you want to modify or add a resource record in a zone that has several thousand resource records. Consider using dnscmd.exe instead if you find yourself in that situation.

Using a Command-Line Interface

The command-line counterpart to the DNS snap-in is dnscmd.exe, which is available in the Support Tools on the Windows Server 2003 or Windows 2000 Server CD. dnscmd.exe includes the proverbial kitchen sink of options for managing a Microsoft DNS Server. Most of the command-line examples in this chapter use dnscmd.exe, but I'll also cover other useful utilities such as sysocmgr.exe, for installing the DNS server; and sc.exe, which can be used to query, start, and stop the DNS server. See Table 13-1 for the complete list of command-line tools covered in this chapter.

Table 13-1. Command-line tools used in this chapter

Command

Windows Server 2003

Windows 2000 Server

Recipes

dnscmd.exe

Windows Server 2003 Support Tools

Windows 2000 Support Tools

13.2-11, 13.13-16

ipconfig.exe

%SystemRoot%\system32

%SystemRoot%\system32

13.14

nslookup.exe

%SystemRoot%\system32

%SystemRoot%\system32

13.10, 13.12, 13.14

sc.exe

%SystemRoot%\system32

Windows 2000 Resource Kit

13.2

sysocmgr.exe

%SystemRoot%\system32

%SystemRoot%\system32

13.1


The DNS server is one of the few Microsoft services that can be configured completely from a command line. The dnscmd.exe utility has been around since Windows NT. Microsoft has added new options with every major operating system release. With it, you can modify server settings and create, query, and manipulate zones and resource records. In the Windows Server 2003 version, there are even dnscmd.exe commands for managing Active Directory application partitions.

Using VBScript

The WMI DNS Provider was first released as part of Windows 2000 Resource Kit Supplement 1, but unfortunately it wasn't ready for prime time. That version was buggy, didn't include all the documented features, and in several cases, behaved differently from what the documentation described. Also, since the DNS Provider was included as part of a Resource Kit, it was not fully supported by Microsoft, which meant that if you encountered problems you were largely on your own. That said, much of the functionality you probably need is present in the Windows 2000 version, so it may be suitable for your use.

With Windows Server 2003, the DNS Provider is fully functional and supported, although some discrepancies still exist between the Microsoft documentation and the implementation, at least in the version that was available at the time this book went to press. It is installed automatically whenever you install the DNS Server service.

The three main areas of interest when it comes to managing DNS include server configuration, zone management, and the creation and deletion of resource records. The DNS Provider has several classes available to manipulate each of these components, all stored under the root\MicrosoftDNS namespace. With the MicrosoftDNS_Server class, you can manipulate server configuration settings, start and stop the DNS Server service, and initiate scavenging. The MicrosoftDNS_Zone class allows you to create, delete, and modify zone configuration. The MicrosoftDNS_ResourceRecord class and child classes provide methods for manipulating the various resource record types.

Several additional classes supported by the DNS Provider manage other aspects of DNS including the root hints (MicrosoftDNS_RootHints), DNS server cache (MicrosoftDNS_Cache), and server statistics (MicrosoftDNS_Statistics) classes. For more information on these classes, including sample scripts in VBScript and Perl, check out the following section in the Microsoft Developer Network Library (http://msdn.microsoft.com/library/): Win32 and COM Development Domain Name System (DNS).



Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net