Overview of DNS and Windows 2000

Previous page
Table of content
Next page

One of the major changes to Windows 2000 is its reliance on DNS as a locator service ”not just for the traditional servers and hosts , but also for operating system services such as Kerberos and the Lightweight Directory Access Protocol (LDAP). Under Windows NT, NetBIOS name services are used instead of DNS. A NetBIOS name is a 16-character string, in which the first 15 characters identify the computer and the 16th character contains a hexadecimal value identifying specific services. A Microsoft networking host computer would register itself with one or more NetBIOS service records, using the 16th character of the NetBIOS name to identify the services available on that particular machine. But reliance on NetBIOS has been one of the major criticisms of Windows NT over the years , and Microsoft has moved to reduce the need for NetBIOS in Windows 2000. As a result, Windows 2000 and Active Directory depend on a reliable DNS infrastructure for proper operation.

Although NetBIOS naming is retained in Windows 2000 for backward-compatibility with older Microsoft operating systems such as NT and Windows 98, DNS has become the primary name resolution mechanism. Domains and computers are given DNS names, with NetBIOS names derived from their DNS counterparts. Previously, computer or domain names could be almost anything as long as all names were unique, but Windows 2000 forces a more standardized naming approach. Names must conform to DNS standards, as spelled out in RFCs 1034, 1035, and 1123 ” especially in organizations where Microsoft and non-Microsoft DNS servers will coexist. Naming standards are discussed later in this chapter.

Microsoft first included an "official" DNS server component with the release of NT 4. The Windows 2000 DNS implementation is a far more ambitious product. With an eye toward supporting the needs of Active Directory and an enterprise-wide deployment of Windows 2000 servers and workstations, Microsoft has added a slew of features to its new DNS, including the following:

  • SRV record support ” Service locator (SRV) records are used to locate services running on specific Windows 2000 servers. The concept is similar to having services register NetBIOS names with a special 16th character under prior Microsoft networking products.

  • Dynamic update ” Dynamic update allows host computers to automatically update DNS. Optionally, these updates can be secured, thus preventing unauthorized modifications to DNS.

  • Incremental zone transfers ” Incremental transfers reduce the amount of data moved over the network during a zone transfer between the primary and a secondary DNS server. Instead of having a scheduled transfer of an entire zone file, which is initiated by the secondary, with incremental transfer, only new and updated records are sent down to the secondary server. Also, the transfer occurs when updates are made, and the primary DNS server notifies the secondary.

  • Active Directory integration ” Probably the most controversial feature of Windows 2000 DNS is AD integration. Converting a zone to Active Directory integration means that updates can occur at any AD-integrated DNS server, not just a primary server. Also, zone transfers follow the AD replication topology rather than a separate DNS topology.

Only one of these technologies is required by Windows 2000, namely SRV record support. The SRV records replace the NetBIOS service registration records found in Windows NT, and they provide some additional functionality as well. Windows 2000 hosts use site SRV records to locate nearby servers and resources, thus minimizing wide area network traffic.

Although not mandatory, dynamic update capability is very strongly recommended on primary DNS servers. When a Windows 2000 server is being promoted to domain controller (DC), it registers a large number of SRV records during the process. These records must be manually entered into DNS if dynamic update capabilities are not available on the primary DNS server. Delegation of the Active Directory zones to Windows 2000 DNS servers can provide a workaround in this case, however.

Finally, it is not even necessary to use Windows 2000 DNS. You can instead use Berkeley Internet Name Daemon (BIND), the most prevalent Unix-based DNS service. Many versions of BIND are available; these are discussed in the following sections.

As is the case with much of Active Directory design, a successful implementation starts with an analysis of the business requirements of an organization. Let's look into some of the business needs that influence the DNS and AD designs.


Previous page
Table of content
Next page
MCSE Active Directory Services Design. Exam Cram 2 (Exam Cram 70-219)
MCSE Windows 2000 Active Directory Services Design Exam Cram 2 (Exam Cram 70-219)
ISBN: 0789728648
EAN: 2147483647
Year: 2003
Pages: 148
Authors: Dennis Scheil, Diana Huggins, Ed Tittel
BUY ON AMAZON
The CISSP and CAP Prep Guide: Platinum Edition
FileMaker Pro 8: The Missing Manual
Cisco CallManager Fundamentals (2nd Edition)
Programming Microsoft ASP.NET 3.5
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
Telecommunications Essentials, Second Edition: The Complete Global Source (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy