Welcome to the 18th installment
of “Learn Active Directory Design and Administration in 15 Minutes a Week,” a
weekly series aimed at current IT professionals preparing to write the new
Windows Active Directory Design and Administration exams (70-219 and 70-217
respectively), as well as newcomers to the field who are trying to get a solid
grasp on this new and emerging directory service from Microsoft.
Part 18 of Jason Zandri’s ‘Learn Active Directory Design and Administration in 15 Minutes a Week’ series takes a second look at Microsoft DNS and reverse lookups and caching, as well as some of the local records that the DNS server holds.
This installment takes another look at Microsoft DNS and reverse lookups, caching, and some of the local records that the DNS server holds.
Microsoft DNS – Part 1 we looked at iterative and recursive lookups and
overviewed DNS zones.
[NOTES FROM THE FIELD] –
Microsoft DNS is not a requirement for Active Directory. Microsoft DNS on Windows 2000 is RFC-compliant and allows for the deployment of Active Directory under other DNS implementations. It has been tested to work with Windows NT 4.0, BIND 8.2, BIND 8.1.2, and BIND 4.9.7.
Microsoft DNS under Windows 2000 supports some features not supported under other implementations of DNS.
Windows NT 4.0
|Support for the IETF Internet-Draft “A DNS RR
for specifying the location of services (DNS SRV).” (SRV records)
|Yes||Yes (with SP 4)||Yes||Yes||Yes|
|Support for dynamic update||Yes||No||Yes||Yes||No|
|Support for secure dynamic update based on the
|Support for WINS and WINS Record||Yes||Yes||No||No||No|
|Support for fast zone transfer||Yes||Yes||Yes||Yes||Yes|
|Support for incremental zone transfer||Yes||No||Yes||No||No|
|Support for UTF||Yes||No||No||No||No|
BIND version 4.9.7 is the
earliest version of BIND supported for a Windows 2000 Active Directory
environment for DNS support.
When a DNS client requests a reverse DNS lookup it is effectively requesting to resolve a host name of a known IP address. In the standard DNS namespace, there is no connection between host names and IP addresses, and only a thorough search of all domains will allow for the reverse resolution.
The addr.arpa domain was created to avoid this type of query load on DNS
systems. Listings for system names in the in-addr.arpa domain is by their
respective IP addresses. Because the design of IP addresses is such that they
become more significant from left to right, and domain names get less significant
from left to right, the order of IP address in the in-addr.arpa domain are
listed in reverse order.
Pointer (PTR) records are added to the host names and IP addresses and the
corresponding host name. To perform a successful reverse lookup of a given IP
address, such as 220.127.116.11, the DNS server performing the query looks for a PTR record for 10.113.41.121.inaddr.arpa which will have the host
name and IP address 18.104.22.168.
[NOTES FROM THE FIELD] – A Web site,
http://remote.12dt.com/rns/, created by
allows users to punch up an IP address, and it will perform the reverse
lookup and return the name of the resolved address to you.
Microsoft Knowledge Base Article – Q245574 HOWTO: Configure REMOTE_HOST to
Perform a Reverse DNS Lookup in IIS outlines the steps to Perform a Reverse
DNS Lookup in IIS.