Everything you wanted to know about DNS                       

Source:

searchWin2000

Date:

02 Oct 2001

Author:

Tom Shinder

Domain Name Service (DNS) layout is one of the biggest trouble spots for Win2000 migration and Active Directory. In a followup to his searchWin2000 live expert Q&A, author Tom Shinder answers user questions on DNS, WINS, DHCP and how to design and administer them for optimal performance. Be sure to scroll down to the end of the page for links to specific advice from Shinder on BIND, Dynamic DNS, Active Directory and more.

searchWin2000:

Is there any way to make WINS get its information from DNS?

Shinder:

DNS can get information from WINS, but WINS can’t get information from DNS.

searchWin2000:

We have plans to use one Win2k domain for all our locations. We are planning to install primary Win2k DNS in all locations first and then continue with our Win2k upgrade. Is that a good approach?

Shinder:

Using a single domain, your best approach would be to use Active Directory integrated DNS servers. Remember that if you want to use Standard Primaries, there can only be one of them and the rest will have to be Secondaries. Only AD integrated zones can have multiple Primary DNS servers for the same domain.

searchWin2000:

If you have a Linux Firewall which is handling the DCHP on the network with DNS there is a pass through on port 80 to the internal server which is the Web server. If DNS is set up on the internal Win2000 Advanced Server, will this conflict with Linux or will it just not communicate with the outside world?

Shinder:

There should be no conflicts. Make sure the Win2k DNS server can resolve Internet Host names . You should be in good shape after you open UDP (and perhaps TCP) port 53 outbound.

searchWin2000:

What are the advantages and disadvantages of having a UNIX DNS?

Shinder:

The advantage of UNIX DNS is that it has a long history of stability and reliability. There are many highly skilled and experienced UNIX DNS administrators. The disadvantage of the UNIX implementations is that they must be managed by manipulating text files, which are more prone to error than automating configuration through a GUI interface, which you can do with Win2k DNS servers.

searchWin2000:

How can I populate a Windows 2000 Server from an existing Windows 2000 DNS server located on another part of our campus?

Shinder:

Make the Win2k Server a secondary of the existing Win2k Server. The zone records will be populated automatically during the zone transfer.

searchWin2000:

I want to use DNS Round Robin on my network for load balancing DNS requests. I test out the Round Robin features by using ping requests but I always end up pinging the same IP address. I’ve got it configured correctly in the DNS console. Is there something else I need to do?

Shinder:

The problem is probably related to Netmask ordering, which is done by default on the Win2k DNS server. Check out this advice from Microsoft’s Product Support knowledge base.

searchWin2000:

We have a Windows 4.0 DNS server and our Windows 2000 Pro clients have issues resolving DNS. Can we solve the issue by renewing the ipconfig/renew?

Shinder:

This sounds more like a DHCP problem. Remember that the WinNT DNS server cannot accept dynamic updates. Also, keep in mind that the WinNT DHCP server cannot perform proxy updates for DHCP client machines.

searchWin2000:

Is it best to have internal and external DNS names?

Shinder:

It is definitely best to have different internal and external domain names. It leads to much less confusion and makes domain management much simpler. Your external resources should be separate and distinct from your internal resources.

searchWin2000:

When we setup a WINS server we get the error message “WINS could not read from the user datagram protocol (UDP) socket.” What is this and how can we fix it?

Shinder:

Interesting problem. It could be that NetBIOS is not enabled on the WINS server’s interface. Many problems are related to multihomed WINS servers, so you might check that out too.

searchWin2000:

Can you explain what the Primary DNS Suffix does?

Shinder:

The Primary DNS Suffix is used in queries sent by DNS clients. The clients will first append the Primary DNS Suffix to an unqualified name that needs to be resolved by DNS. Remember, the DNS server will only accept Fully Qualified Domain Names in a query. So, the DNS client service complies with this requirement by appending domain names to the unqualified name, beginning with the Primary DNS Suffix.

searchWin2000:

We are currently running an NT 4.0 DNS server. What is the best practice to migrate to a Win2k server.

Shinder:

Make the Win2k DNS server a secondary to the WinNT DNS server. The records will be transferred automatically and you can change the DNS server type in the DNS Management Console after the zone transfer is complete.

searchWin2000:

Can you elaborate on the idea of a dedicated WINS referral zone?

Shinder:

The WINS referral zone allows a single “empty” zone to perform WINS queries. This is helpful in that when you run Nslookup queries, the returned domain will always be the domain assigned to the WINS referral zone. That way you know that it was a WINS query that resolved the name, and that the actual FQDN of the host is not defined by Resource Records in the DNS server’s zone files.

searchWin2000:

With per attribute replication, is the serial number still changed on the zone record?

Shinder:

Yes. The serial number is changed even though a single attribute in a Resource Record has changed.

searchWin2000:

I can never get names to resolve correctly when I use the Nslookup command. Its always adding an extra domain name to the request. Is there a way to get this working correctly?

Shinder:

Remember that when you use the Nslookup command that you need to use the “true” FQDN, which always ends with a period. So, add a period to your lookups when doing running Nslookup queries.

searchWin2000:

What’s the best way to move the current DNS files from WinNT to a Win2k server (I’m upgrading hardware as well)?

Shinder:

The way I like to do it is to make the Win2k server a standard secondary to the WinNT server. That way the zone transfer can take place from the WinNT to the Win2k Server. After the zone transfer is complete, you can change the type of DNS server at the Win2k Server. For example, if you want it to become the new standard primary for the domain, you can make that change in the DNS console.

searchWin2000:

How does DNS relate and configure to RAS in Windows 2000?

Shinder:

RAS clients can be assigned DNS settings by the internal interface you select on the RAS server. The RAS clients can obtain DNS settings from the internal interface of the RAS server.

A:Make sure the server is using itself as a DNS server. If this is the first Domain Controller in the domain, there won’t be any information about the domain in DNS. This is a normal error and you can dismiss it. Make sure the DNS server is configured to accept Dynamic updates and when you restart the server the AD records will be placed in DNS.

Q: How much or little do you subdomain your Active Directory DNS domains? At what point do you receive negligible returns to efficiency, administration, maintenance, hardware costs (5-7 DNS subdomains on one end of the spectrum vs. 49 DNS subdomains on the opposite end) For example: the two schools of thought are 1) Subdomain down to the office level (we have 49 global locations, proposing an ADI DNS domain for each of these locations, resulting in 49 domains) OR 2) manage ADI DNS domains from a higher levelminimal approach of North America.Synopsys.com, Europe.synopsys.com, Asia.synopsys.com, India.synopsys.com.

A: The ideal situation is to have a single internal domain, and then, using organizational units to manage resources on the internal network. Managing domains at an office level is too unwieldy. The regional approach is best. You should also consider the link speeds that join the DCs in the same domain and the costs of those links. That might help you optimize your domain partitioning scheme.

Q: Does Win2k based DHCP need to be employed to provide consistency in the Active Direcgtory/DNS/DHCP integration, or can router based (Cisco) DHCP be employed?

A:I recommend using the Win2k DHCP. The router-based DHCP will not integrate with Active Directory or the Win2k DDNS and cannot proxy update records for downlevel clients or Win2k clients.

Q:My old NT network consisted of two domains, one for the internal network and one for the Web server. I am converting to Win2k server. Should I keep two separate domains and install AD/DNS on my Web server (separate domain). How should I configure this?

A:If you have a dedicated domain for the Web Server, you might want to leave your name resolution scheme as it is. You probably don’t need DDNS for the external domain, and you can easily get away with static entries for a small zone. You will benefit more by using DDNS on your internal network, and therefore you should consider installing Active Directory and DDNS servers on the AD internal network.

Q: What is the best way to use DNS with Windows 2000 when it is already established in a UNIX environment, and the Unix team will not give up control of DNS to a Microsoft product. The UNIX DNS server is V8.2.1 or higher.

A:The best way to deal with this situation is to create a subdomain dedicated to the Win2k Active Directory environment. For example, if the corporate domain is corp.com, you can create a subdomain called win2k.corp.com or something similar. The UNIX guys can create a referred to your Win2k DNS servers for the win2k.corp.com domain.