Key Concepts of DNS 1

Key Concepts of DNS

When you implement Domain Name System (DNS) on your network, there are
several steps involved in configuring a DNS name server. These steps can
include:
Configuring a root DNS name server. When the DNS Server service is
installed, the Cache.dns file is created and stored in
systemroot\System32\DNS on a DNS name server. This file contains the
Internet Protocol (IP) address of the root-level DNS name servers for the
Internet. When an iterative query is performed, the DNS name server
contacts one of the root-level DNS name servers. If the DNS name server is
operating behind a proxy server or on an intranet, it must be configured as
the root-level DNS name server for the internal network.
Creating a subdomain in an existing zone. For large networks, you may
want to distribute the administrative workload and the query workload
among multiple DNS name servers. To do this, you create subdomains and
delegate authority to the DNS name servers for those subdomains.
Creating a zone database file. The information that is used to perform name
resolution is stored in a zone database file. Zone database files are used to
resolve, or translate, a host name to an IP address, or to resolve IP addresses
to host names. The entries that are used to perform the different types of
name resolution are stored in two different types of zone database files:
forward lookup zone database files and reverse lookup zone database files.
The entries that are stored in a database file are called resource records.
Configuring standard zones. After the DNS Server service is installed, you
can create a standard primary or standard secondary zone. The type of zone
that you create determines whether a DNS name server is a primary or
secondary DNS name server for a zone database file. Multiple copies of a
zone database file can be placed on multiple DNS name servers to provide
redundancy and to distribute workload. The primary DNS name server
maintains a zone database file and the secondary DNS name server receives
a copy of a zone database file.
After you create either a primary or a secondary zone, you select whether
the zone will be used for forward or reverse lookups. Forward lookup zones
are used to resolve host names to IP addresses, and reverse lookup zones are
used to resolve IP addresses to host names.
To distribute the workload of updating secondary DNS name servers, a
secondary DNS name server can be configured to receive updates to the
zone database file from either a primary or secondary DNS name server.
The server that provides the updated information to the secondary DNS
name server is called a master server. A single DNS name server can be
configured to act as a primary DNS name server for one zone, a secondary
DNS name server for a different zone, and a master server for any zone.
2 Key Concepts of DNS

Configuring a caching-only server. The DNS Server service can be installed

on a DNS name server without creating a zone database file, which limits
the amount of traffic over a network that is generated to update zone
database files. This type of DNS name server is called a caching-only
server. The caching-only server can be configured to perform recursive
queries and store name resolution information in its cache, which is then
used to help resolve queries from DNS clients. The amount of traffic over a
network is reduced because both the client and the caching-only server
perform recursive queries.
Configuring DNS clients. Transmission Control Protocol/Internet Protocol
(TCP/IP) properties on a client computer must be configured to enable
queries to a specific DNS name server. Unlike the iterative query that a
DNS name server performs, the client computer performs a recursive query
to the DNS name server that is specified in the TCP/IP properties of the
client computer.
 Key Concepts of DNS 3

Configuring a Root DNS Name Server

Configure a Root Name Server When
Your intranet will not be connected to the Internet
You are using a proxy service to gain access to the Internet
Root Name Server org.
org.
com.
com.
edu.
edu.
“.” au.
au.

...
...
org.
org. com.
com. contoso.
contoso. edu.
edu.
...
...

contoso.com.

The root DNS name server contains the resource records for all of the top-level
DNS name servers in the domain namespace (for example, the com domain).
The top-level DNS name servers contain the resource records for the second-
level DNS name servers (for example, the contoso.com domain). It is necessary
for you to configure a root DNS name server if:
Your intranet will not be connected to the Internet. Therefore, the root-level
domain is for the intranet only.
You are using a proxy service to gain access to the Internet. Create the root
of your local DNS namespace, and the proxy service will perform the
necessary translations and connections for Internet access.

Note The root DNS name servers on the Internet are listed in the Cache.dns
file on the root DNS name server that you configure.

There are two methods available for configuring the root DNS name server.
When you open the DNS console for the first time, the DNS Server
Configuration wizard will prompt you to configure the server as a root DNS
name server, and it will guide you through the process of configuring a DNS
name server.
After initial configuration of a DNS name server, you can change the server to a
root DNS name server (that will be the root of the tree for the Internet) by
creating a new standard primary forward lookup zone that is represented by a
period (.).
4 Key Concepts of DNS

Creating a Subdomain in an Existing Zone

Create a Subdomain to Better Organize Your Namespace
Delegate Authority of a Subdomain to
Delegate management of portions of the namespace
Distribute the load among multiple name servers
Allow for organizational affiliation of hosts
“.”
“.”

org.
org. com.
com. edu.
edu. au.
au.

contoso.com.
training.contoso.com.

training.contoso.com.

Subdomain
Subdomain Second-Level
Second-Level Domain
Domain Top-Level
Top-Level Domain
Domain Root
Root

A subdomain is a domain contained within a domain. You can create

subdomains to better organize and provide structure to your namespace.
Subdividing your namespace to include subdomains can be compared to
creating folders and subfolders on a hard disk. Subdomains are generally based
on departmental or geographic divisions within an organization.
To create a subdomain, open the DNS console, and expand the Forward
Lookup Zones or Reverse Lookup Zones folder. Click the name of the zone
in which you want to create a subdomain. Right-click the zone name, point to
New, and then click Domain. Type the name of the subdomain in the New
Domain dialog box, and then click OK.
After you have created a subdomain, you can delegate authority of the
subdomain to a different DNS name server that you want to manage that
portion of your DNS namespace. Delegation allows you to:
Delegate management of a DNS domain to a number of departments within
an organization (subdomains).
Distribute the load of maintaining one large DNS database among multiple
DNS name servers to improve name resolution performance and create a
fault-tolerant environment.
Allow for organizational affiliation of hosts by including them in the
appropriate domains.
NS (name server) resource records facilitate delegation by identifying the DNS
name servers for each zone. NS resource records for all of the DNS name
servers in your namespace appear in all forward and reverse lookup zones.
Whenever a DNS name server needs to query DNS name servers in a different
zone, it will refer to the NS resource records to find a DNS name server in the
target zone.
 Key Concepts of DNS 5

To delegate authority for a subdomain, open the DNS console and expand the
Forward Lookup Zones or Reverse Lookup Zones folder. Click the name of
the domain for which you want to delegate authority. Right-click the domain
name, point to New, and then click Delegation.
The Add New Delegation wizard will guide you through the process of
specifying the name of the domain to which you are delegating authority, and
adding the names and IP address of the server or servers that will host the
delegated zone.
6 Key Concepts of DNS

Zone Database File

Resource Records in a Zone Database File Can

Contain a Computer’s
FQDN
IP address Record
Record
Alias @
@ NS
NS casablanca.africa1.contoso.com.
casablanca.africa1.contoso.com.
casablanca
casablanca AA 192.168.11.1
192.168.11.1
marrakech
marrakech CNAME
CNAME casablanca.africa1.contoso.com.
casablanca.africa1.contoso.com.
Name Server 11.1.168.192 PTR casablanca.africa1.contoso.com.
11.1.168.192 PTR casablanca.africa1.contoso.com.

Zone
Zone
Database
Database
File
File
Zone

A zone database file contains the name resolution data for a zone, including
resource records that contain information for answering DNS queries. Resource
records contain various attributes, such as the fully qualified domain name
(FQDN) of a computer, an IP address, or an alias. There are various resource
record types that are defined for the DNS database.
The following table lists some of the more common types of resource records.
Resource record Purpose

SOA (start of Identifies the DNS name server that is the authoritative source of
authority) information for data within a domain.
NS (name server) Provides a list of DNS name servers that are assigned to a domain.
A (host) Resolves a host name to an IP address.
PTR (pointer) Resolves an IP address to a host name.
CNAME Creates an alias for a specified host name.
(canonical name)
SRV (service) Locates servers that host a particular service. For example, if a
client must find a server to validate logon requests, it can send a
query to a DNS name server that supports the use of SRV
resource records to obtain a list of domain controllers and
associated IP addresses.

Note SRV resource records are new in the DNS Server service in Microsoft®
Windows 2000®. For more information on SRV resource records, see RFC
2052 under Additional Reading on the Web page on the Student Materials
compact disc.
 Key Concepts of DNS 7

The zone database file name is the zone name with a .dns extension (for
example, Contoso.com.dns). To migrate a zone from another server, you can
import the existing zone database file. You must place the existing file in the
systemroot\System32\DNS folder on the target computer before you create the
new zone.

Note Traditionally, zone database files are stored on DNS name servers. In
Microsoft Windows 2000, zone data can be stored in the Active Directory™
directory service rather than in a zone database file on a name server. In this
case, the zone is called an Active Directory integrated zone.

Zone database files contain the necessary information that a DNS name server
uses to perform two different tasks: resolving host names to IP addresses or
resolving IP addresses to host names. The zone lookup types that are associated
with these tasks are:
Forward lookup zones. Contain records that resolve a host name to an IP
address. The forward lookup zone answers forward lookup queries that
request the IP address of a server. You enable forward lookup queries when
you add a forward lookup zone. The A resource record is the most common
type of record that is used for DNS forward lookup zones.
Reverse lookup zones. Contain records that resolve an IP address to a host
name. The reverse lookup zone answers reverse lookup queries that request
the server name that is associated with a particular IP address. You enable
reverse lookup queries when you add a reverse lookup zone. Reverse lookup
zones use PTR resource records to register hosts by IP address.
8 Key Concepts of DNS

Configuring Standard Zones

You can configure a DNS name server to host standard primary
zones, standard secondary zones, or any combination of zones
You can designate a primary server or a secondary server as a
master server for a standard secondary zone

Zone A Zone B
Name Primary
Server Secondary
(master)

Zone Transfer Zone Transfer

Name Zone A Zone B
Server Secondary Primary
(master) (master)

Zone Transfer Zone Transfer

Name Zone A Zone B
Server
Secondary Secondary

Computers that are running the DNS Server service can host standard primary
and standard secondary zones. You can configure DNS name servers to host:
One or more standard primary zones.
One or more standard secondary zones.
Any combination of standard primary and standard secondary zones.
For each zone, the server that maintains the standard primary zone database
files is called the primary server, and the servers that host the standard
secondary zone database files are called secondary servers. A DNS name server
can host the standard primary zone database file (as the primary server) for one
zone and the standard secondary zone database file (as the secondary server) for
another zone.
If you are creating a new zone, a standard primary zone must be created before
creating a standard secondary zone. To create a zone, open the DNS console,
right-click the name of the server to which you want to add the zone, and then
click Create a new Zone to start the Create New Zone wizard. The wizard
prompts you to select a zone type—either standard primary or standard
secondary—and specify the domain name for the zone.

Configuring Lookup Zones

After you have determined whether a DNS name server will act as a primary or
secondary DNS name server for the zone, you must select whether the zone will
be used for forward lookups or reverse lookups.

Forward Lookup Zones

To configure a forward lookup zone, click Forward lookup on the Select the
Zone Lookup Type page of the Create New Zone wizard. The wizard then
guides you through the process of naming the zone and the zone database file.
The wizard then automatically creates the zone, the zone database file, and the
SOA, NS, and A resource records.
 Key Concepts of DNS 9

Reverse Lookup Zones

To configure a reverse lookup zone, click Reverse lookup on the Select the
Zone Lookup Type page of the Create New Zone wizard. The wizard then
guides you through the process of specifying network identification and a
subnet mask, and verifying the name of the zone database file. The wizard then
automatically creates the zone, the zone database file, and the SOA, NS, and A
resource records.

Note To comply with RFC standards, the reverse lookup zone name requires
the in-addr.arpa domain suffix, which is a reserved domain to support reverse
lookup. For example, if the network uses the class B network ID of 172.16.0.0,
the reverse lookup zone name becomes 16.172.in-addr.arpa.
For more information on the in-addr.arpa domain suffix, see RFC 2317 under
Additional Reading on the Web page on the Student Materials compact disc.

Specifying a Master Server

When you add a standard secondary zone, you must designate a DNS name
server from which to obtain the zone information. The designated server is
referred to as a master server. A master server transfers zone information to the
secondary DNS name server. You can designate a primary server or another
secondary server as a master server for a standard secondary zone.
To specify a master server, on the Master Servers page of the Create New
Zone wizard, type the IP address of the master server in the Master server IP
addresses box, and then click Add.
To specify more than one master server, add any additional master server IP
addresses to the list. You can sort the list in the order in which you want the
master servers to be contacted by clicking an IP address, and then clicking Up
or Down. When you are finished adding IP addresses to the list, click Next, and
then click Finish.

Creating Resource Records

You can manually populate the zone database file with resource records for the
other computers within the zone that you created. Create the following resource
records on the primary DNS name server for the zone:
The A resource record. In the DNS console, right-click the name of the zone
to which you want to add the A resource record, point to New, and then
click Host. In the New Host dialog box, type the host name and IP address,
and then click Add Host.
The PTR resource record. In the DNS console, right-click the name of the
zone to which you want to add the PTR resource record, point to New, and
then click Pointer. In the Create New Record dialog box, type the host
name and IP address, and then click OK.

Note You can automatically populate a reverse lookup zone when adding an A
resource record. To automatically populate a reverse lookup zone, select the
Create associated PTR record check box in the New Host dialog box.
10 Key Concepts of DNS

Configuring Additional Zone Properties

You can configure and modify additional zone properties in the Properties
dialog box for the zone. You can modify zone properties to:
Change a zone from standard primary to standard secondary or from
standard secondary to standard primary by clicking Change on the General
tab.
Configure a forward lookup zone to use the Windows Internet Name
Service (WINS) for name resolution by selecting the Use WINS resolution
check box and specifying the IP address for the WINS server on the WINS
tab. A WINS resource record is then placed at the top of the zone database
file.
Configure a reverse lookup zone to use WINS for name resolution by
selecting the Use WINS reverse lookup check box and specifying a domain
name on the WINS-R tab. A WINS-R resource record is then placed at the
top of the zone database file.

Configuring Zone Transfer Properties

Zone transfers occur when names and IP address mappings change within your
domain. You configure standard primary and standard secondary zones with the
information that is necessary to initiate and request zone transfers. To do this,
use the Start of Authority (SOA) and Zone Transfer tabs in the Properties
dialog box for the zone.
You configure how often a zone transfer occurs by modifying settings on the
Start of Authority (SOA) tab. The following values affect zone transfer:
Serial number. Tracks updates to the zone database file. Each time a zone
database file is modified, the serial number is increased by a value of one,
which indicates a new version of the zone database file. DNS name servers
compare serial numbers during zone refresh requests to determine if a zone
transfer is necessary.
Refresh interval. Controls how often a secondary server will query its
master server for new data.
Retry interval. Controls how often a server will retry a refresh. If a
secondary server cannot contact its master server, the retry interval
determines how long the secondary server will wait before attempting to
contact its master server again.
Expire interval. Controls the length of time that a secondary server will use
its current zone data to answer queries if it cannot contact its master server.
At the end of the expire interval, if the secondary server cannot contact its
master server, it will stop performing name resolution.
Minimum TTL. Specifies the Time to Live (TTL) interval, or the minimum
amount of time for which a response to a query is valid. The DNS name
server that performs the name resolution sets this value.
 Key Concepts of DNS 11

Configuring DNS Notify

You can configure a master server to include a list of one or more secondary
servers that should be notified when changes to the zone database file are made.
If a secondary server receives notification from its master server that changes
have been made to the zone database file, it can initiate a zone transfer to ensure
that its records are up-to-date.
The notification process can help improve the consistency of zone data among
secondary servers. DNS Notify allows you to configure a master server to notify
one or more secondary servers whenever changes to the zone database file
occur. The secondary servers then determine if they need to initiate a zone
transfer.
The following information describes the order of the notification process:
1. When the zone database file is updated on the hard disk on a master server,
the serial number is updated to indicate that the zone database file has been
changed.
2. The master server then sends a notify message to the secondary DNS name
servers that are included in its notify list.
3. All secondary servers that receive the notify message respond by initiating
an SOA refresh to their master server in order to start the replication
process.

Note For more information on DNS Notify, see RFC 1996 under Additional
Reading on the Web page on the Student Materials compact disc.

Configuring the Notify List

To configure the notify list, open the Properties dialog box for the zone, click
the Zone Transfers tab, and then click the Notify button. Click Notify these
servers only, type the IP address of the secondary server to notify when the
zone is updated, and then click Add. Repeat this process to add more than one
secondary server to the notify list.
The notify list can also be used to restrict access to secondary servers that
attempt to request zone updates. On the Zone Transfers tab, click Allow only
from this list to limit requests for zone update transfers to only those servers
that are included in the Notify dialog box.
12 Key Concepts of DNS

Configuring a Caching-Only Server

Caching-Only Servers
Perform name resolution on behalf of clients and cache the results
Can be used to reduce DNS-related traffic across a WAN

Query

Result
Name Server

Result

Name Server Cache

Caching-only servers perform name resolution on behalf of clients and then

cache, or store, the results. They are not configured to be authoritative for a
zone, so they do not store standard primary or standard secondary zones. The
cache is populated with the most frequently requested names, and these names
and their associated IP addresses are available from the cache for answering
subsequent client queries.
To configure a caching-only server, install the DNS Server service on a
computer running Windows 2000 Server and do not configure any forward or
reverse lookup zones.
Caching-only servers help to reduce traffic across a wide area network (WAN)
in the following ways:
A caching-only server will first attempt to locate information in its cache to
resolve client requests. If the required information is not in its cache, the
caching-only server will perform a query across the WAN to locate the
necessary information and update its cache.
The greater the amount of information that is stored in its cache, the less
likely it is that the caching-only server will need to perform a query, thus
reducing traffic across the WAN. Entries that are stored in cache are purged
when the TTL interval for that record expires.
A caching-only server does not maintain or store a copy of a zone database
file, as does a primary or secondary DNS name server. Therefore, no zone
transfer traffic is generated.
 Key Concepts of DNS 13

You can change the type of queries that a caching-only server performs to
further reduce network traffic. There are two types of queries that can be
performed in DNS:
Iterative. A query made to a DNS name server, in which the requester
instructs the name server to return the best answer it can give based on its
cache or zone data. If the queried name server does not have an exact match
for the request, the best information it can provide is a pointer to an
authoritative name server in a lower level of the domain namespace. The
requester can then query the authoritative name server it was referred to.
The requester continues this process until it locates a name server that is
authoritative for the requested name, or until an error or time-out condition
is met.
Recursive. A query made to a DNS name server, in which the requester asks
the name server to assume the full workload and responsibility for providing
a complete answer to the query. The server will then perform separate
iterative queries to other servers (on behalf of the requester) to assist in
answering the recursive query.

When a remote office has a limited amount of available bandwidth for

connecting to a corporate office, a caching-only server should be configured at
the remote office to send recursive queries to a DNS name server at the
corporate office. The DNS name server at the corporate office has a greater
amount of available bandwidth for connecting to the Internet or an intranet.
You can configure a caching-only server to perform recursive rather than
iterative queries by configuring it to use forwarders. A forwarder is a DNS
name server that is designated by other DNS name servers to forward queries
for resolving external domain names. This reduces the amount of traffic across
the WAN for performing name resolution.
To forward queries to another server, open the DNS console and open the
Properties dialog box for the server on which you want to configure
forwarding. On the Forwarders tab, select the Enable Forwarder(s) check
box. Type the IP address of the server that you want to forward to, click Add,
and then click OK.
14 Key Concepts of DNS

Configuring DNS Clients

Internet Protocol (TCP/IP) Settings
General

You can get IP setting assigned automatically if your network supports

this capability. Otherwise, you need to ask your network administrator
for the appropriate IP settings.
Obtain an IP address automatically
Use the following IP address:
IP address: 192 . 168 . 2 . 15
Subnet mask: 255 . 255 . 255 . 0
Default gateway:
Provided
Provided by
by DHCP
DHCP
Obtain DNS server address automatically
or
or Use the following DNS server address:
Manually
Manually Configured
Configured Preferred DNS server: 192 . 168 . 1 . 2
Alternate DNS server:

Advanced...

OK Cancel

A DNS client (sometimes called a resolver) uses a DNS name server to resolve
queries and locate resources on TCP/IP networks. In Windows 2000,
configuring a computer as a DNS client involves only one configuration
parameter: the IP address of the DNS name server.
To configure a client to use a DNS name server for host name resolution, open
the Properties dialog box for the connection, and then open the Internet
Protocol (TCP/IP) Properties dialog box:
If you want DNS name server addresses to be provided by a DHCP server,
click Obtain DNS server address automatically.
If you want to manually configure an IP address for a DNS name server,
click Use the following DNS server addresses. Type the IP address of the
primary server in the Preferred DNS server box. If you are configuring a
second DNS name server, type the IP address of the additional DNS name
server in Alternate DNS server box.