This type of configuration continues to be supported in Windows 2000, and is referred to as being a ‘standard’ DNS setup. However, Windows 2000 also supports another type of DNS configuartion, which is new in Windows 2000. This configuration is called Active Directory Integrated DNS. In this setup, information about a DNS zone is stored in Active Directory, instead of being in a separate set of files. As such, DNS information is replicated automatically as part of Active Directory replication, and does not require a separate replication topology setup. This does not mean that every domain controller automatically becomes a DNS server. Instead, it means that every domain controller is capable of becoming a DNS server, if the DNS service is installed on that machine. Active Directory integrated DNS also has a number of other benefits, including the fact that every DNS server is writable, meaning that should a single one fail, DNS updates can still continue to be made. This is not true of a standard DNS setup, where updates cannot be made if the primary server goes offline.
Another big feature of the Windows 2000 DNS is that it is dynamic. That is, hosts can register and unregister records for themselves in DNS, including host name to IP address (A) records and service records (these will be discussed in a bit). The benefit of dynamic DNS is obviously the fact that previous versions of DNS did not support this, and as such, all records needed to be configured manually which could be very time consuming. Many people compare this functionaility with WINS. While the idea is similar, remember that the purpose of WINS is to register NetBIOS names to IP addresses, while DNS maps host names to IP addresses.
DNS is not only used in Windows 2000 to resolve host names to IP addresses. It is also used to allow a system to find services on the network, such as the authentication service of a domain controller. When a person tries to log on to a domain, their Windows 2000 system will query DNS, and try to find a list of one or more domain controllers in the same physical site. A domain controller automatically registers itself in DNS, but also registers records relating to some of the services it is running. In the same manner, a Windows 2000 client can register itself with DNS, but this can also be handled by the DHCP server who gave the client its address. Both of these elements deserve more attention, and will be covered in more details later in the series.
Although this section is only meant as an introduction to DNS, there are a couple of additional notes about DNS that are important:
– Windows 2000 DNS supports IXFR, or incremental zone transfers. In this setup, when a change is made to a zone file, only the changes are replicated to other DNS servers. To contrast, Windows NT DNS only supported AXFR, or full zone transfers, under which any change to a zone file meant that the entire zone file would be replicated to all secondaries.
– If you are using Active Directory integrated DNS, it is possible to enforce something called Secure Dynamic Updates. In this setup, a DNS server will only allow updates or record registrations from systems that have a valid Active Directory computer account. If this is not enforced, any system can make an update to DNS, which could represent a security threat.
And there again is another week on the road to 240 done and gone. Next week I plan to tackle the basics of Active Directory administration, as well as an introduction to DFS and Terminal services if it all fits. I hope you are all enjoying the series and finding it useful – thanks for all the wonderful feedback. In the meantime, if you have any questions or comments, feel free to contact me – I look forward to hearing from you. Also, please be sure to check out my website and free practice exams. I can’t say anything yet, but big big changes are coming to the website, ones that I feel will make it a much more well-rounded daily must-see! In the meantime, best of luck with your studies this week.