Integrating DNS with Other Windows Server 2003 Services

When you deploy Windows Server 2003 DNS, it is important to integrate the DNS service with other Windows Server 2003 services, such as DHCP and WINS. DNS administrators are responsible for integrating DNS with WINS and DHCP. Figure 3.11 shows the process for integrating Windows Server 2003 DNS with other Windows Server 2003 services.

Figure 3.11: Integrating DNS with Other Windows Server 2003 Services

Integrating DNS with DHCP

Windows Server 2003 DNS supports DHCP by means of the dynamic update of DNS zones. By integrating DHCP and DNS in a DNS deployment, you can provide your network resources with dynamic addressing information stored in DNS. To enable this integration, you can use the Windows Server 2003 DHCP service.

The dynamic update standard, specified in RFC 2136: Dynamic Updates in the Domain Name System (DNS UPDATE), automatically updates DNS records. Both Windows Server 2003 and Windows 2000 support dynamic update, and both clients and DHCP servers can send dynamic updates when their IP addresses change.

Dynamic update enables a DHCP server to register address (A) and pointer (PTR) resource records on behalf of a DHCP client by using DHCP Client FQDN option 81. Option 81 enables the DHCP client to provide its FQDN to the DHCP server. The DHCP client also provides instructions to the DHCP server describing how to process DNS dynamic updates on behalf of the DHCP client.

The DHCP server can dynamically update DNS A and PTR records on behalf of DHCP clients that are not capable of sending option 81 to the DHCP server. You can also configure the DHCP server to discard client A and PTR records when the DHCP client lease is deleted. This reduces the time needed to manage these records manually and provides support for DHCP clients that cannot perform dynamic updates. In addition, dynamic update simplifies the setup of Active Directory by enabling domain controllers to dynamically register SRV resource records.

If the DHCP server is configured to perform DNS dynamic updates, it performs one of the following actions:

• The DHCP server updates resource records at the request of the client. The client requests the DHCP server to update the DNS PTR record on behalf of the client, and the client registers A.

• The DHCP server updates DNS A and PTR records regardless of whether the client requests this action or not.

By itself, dynamic update is not secure because any client can modify DNS records. To secure dynamic updates, you can use the secure dynamic update feature provided in Windows Server 2003. To delete outdated records, you can use the DNS server aging and scavenging feature.

Integrating DNS with WINS

When you upgrade to Windows Server 2003 DNS from an earlier version of Windows, you might need to continue support an existing WINS infrastructure. Windows Server 2003 DNS enables you to support an existing WINS deployment by allowing you to configure a DNS server to query a WINS server as a DNS zone setting.

WINS provides dynamic NetBIOS name resolution. If your organization supports clients and applications that use WINS for NetBIOS name resolution, you need to continue to support WINS. If some of your clients are registered in WINS and other clients need to resolve their names but are not capable of NetBIOS name resolution, you can use WINS lookup to enable your DNS server to look up names in the WINS namespace.

This feature is particularly useful if some of your clients that require NetBIOS name resolution cannot use WINS or if some of your clients cannot register with DNS (for example, clients that run the Microsoft Windows 95 or Windows 98 operating system). Use WINS referral if some of your DNS servers do not support the resource records used for WINS lookup and WINS reverse lookup.

WINS Lookup and WINS Reverse Lookup

By configuring your DNS server for WINS lookup, you can direct DNS to query WINS for name resolution, so that DNS clients can look up the names and IP addresses of WINS clients. To direct DNS to query WINS for name resolution, add a WINS lookup record to the authoritative zone. An authoritative DNS server checks that zone when it receives a query for a name. If the DNS server does not find the name in the authoritative zone, but the zone contains a WINS lookup record, the DNS server queries the WINS server. If the name is registered with WINS, the WINS server returns the associated record to the DNS server.

The DNS server then compiles and returns the corresponding DNS record in response to the original DNS request. DNS clients do not need to know whether a client is registered with WINS or DNS, and they do not need to query the WINS server.

You can also configure your DNS server for WINS reverse lookups. Reverse lookups work slightly differently. When an authoritative DNS server is queried for a nonexistent PTR record, and the authoritative zone contains the WINS-R record, the DNS server uses a NetBIOS node adapter status lookup.

Configuring WINS Referral

Computers that are running third-party implementations of DNS do not support the records used for WINS lookup and WINS reverse lookup. If you attempt to use a combination of Microsoft and third-party DNS servers to host a zone containing these records, the mixture can cause data errors or failed zone transfers at the third-party DNS servers.

If you have such a combination, you can use WINS referral to create and delegate a special WINS zone that refers DNS lookups to WINS. This zone does not perform any registrations or updates. Next, you configure all DNS clients to append the WINS referral zone name to unqualified queries. That way, the client can query both DNS and WINS at the same time, using a DNS query. To simplify administration, you can use DHCP or Group Policy to configure the clients to perform the configuration. Deploying this configuration overrides the default DNS client resolver behavior, requiring you to finish populating the suffix search order with combinations of suffixes, such as the primary DNS suffix, the primary DNS suffix devolved, and connection specific suffixes.

For more information about DHCP, see "Deploying DHCP" in this book. For more information about Group Policy, see "Designing a Group Policy Infrastructure" in Designing a Managed Environment of this kit.