There are no "secret relations" between Active Directory and DNS. All that Active Directory requires from DNS is a standard-resolving of DNS names (including some system names) into IP addresses. The following two postulates are related to Active Directory and DNS:
Active Directory requires a DNS infrastructure. Active Directory uses DNS as a locator service, and thus uses the DNS hierarchical name for naming domains, computers, and many other Active Directory objects. (Windows Internet Naming Service, WINS, used in Window NT domains, is now regarded as supplementary and can be used in mixed environments comprising pre-Windows 2000 computers. This is why WINS will not be considered in this book.)
Active Directory does not necessary require a Microsoft DNS Server (on either Windows 2000 or Windows .NET platforms).
To meet Active Directory requirements, a DNS server must have two of the following features:
The server must support resource records of the SRV type according to RFC 2052 ("A DNS RR for specifying the location of services (DNS SRV)"), since SRV records are widely used by domain clients and domain controllers for locating various directory resources, such as domain controllers, Global Catalog servers, Kerberos servers, and so on.
The server must permit use of underscores ("_") in the DNS names, since this character is used in the reserved system DNS names (e.g.,_gc._tcp.domain.com). (See examples of system DNS names in the last section of this chapter.)
One more feature is eagerly required for deploying Active Directory; however, it is not mandatory.
The server should support dynamic updates of resource records according to RFC 2136 ("Dynamic Updates in the Domain Name System (DNS UPDATE)"). By default, all Active Directory domain controllers and clients automatically register and update the appropriate records of SRV, CNAME, and A types. If dynamic updates are not supported, an administrator must manually manage all records, which is a difficult task in a large network.
Any DNS server that meets at least the first two requirements can be used in an Active Directory environment (e.g., Windows NT 4.0 DNS Server with SP 4 or higher; however, that server does not support dynamic updates). For example, according to many sources, the DNS BIND 8.2.2 server or later is suitable for work with Active Directory.
Reverse zones are not necessary for Active Directory to work; and Active Directory Installation Wizard will not create them. However, it is recommended that you create the applicable reverse zones so that various DNS utilities and tools (e.g., Nslookup or Ping) can work well.
As a rule, on both client computers and domain controllers running Windows 2000 or later systems, the IP address(es) of the same preferred DNS server(s) that holds the authoritative zone for a domain should be entered into the TCP/IP properties on the DNS tab in the Advanced TCP/IP Settings window. This address must not be the Internet Service Provider (ISP) DNS server's address. If necessary, the preferred server should forward clients' queries for external domains to the ISP's DNS servers.
Active Directory allows administrators to change IP addresses of DNS servers and domain controllers, since the Active Directory infrastructure is linked to LDAP, DNS, or GUID names. If the IP address of a DNS server is changed (or if another server is selected), you need to specify the new address in the preferred DNS server settings on all client computers and domain controllers, and re-register the appropriate resource records on the DNS server. If the IP address of a domain controller is changed, you need to re-register its A and SRV records on the preferred server. Keep in mind that the DNS client (resolver) on Windows 2000/XP/.NET systems caches both successful and failed DNS query responses, and this caching may affect name resolving (for example, a domain controller can hold the outdated IP address of its replication partner, which may result in replication errors).