TechTutorials - Free Computer Tutorials  







DNS, DDNS and DHCP in Windows 2000 
 


Added: 08/15/2000, Hits: 2,753, Rating: 0, Comments: 0, Votes: 0
Add To Favorites | Comment on this article
DNS Overview/Review
For those of you that are new to DNS, we will offer this brief introduction before getting into how it works on Windows 2000. TCP/IP has become the de facto standard network protocol, largely due to the birth and growth of the internet, however, Unix machines have been using TCP/IP and DNS for years. TCP/IP is based on numbers and humans tend to have difficulty remembering them. In an effort to solve this problem, name resolution was invented using HOSTS files which were nothing more than an ASCII text file that listed object names and IP addresses and provided mapping between them. Every network resource had to have an updated HOSTS file that needed to be updated anytime a change, addition or deletion was made to the name resolution table. As networks soon grew larger, this became an unmanageable task. Imagine having to modify HOSTS files on 10,000 computers when a change was made. This problem was soon solved with the creation of the Domain Name Service(DNS). DNS solves this problem by creating a centralized database of host name to IP address mappings.

As an example of what DNS does, check out the following links(they will open in a new window): http://www.mcmcse.com and 206.67.48.195. They are the same website aren't they? A DNS record has been entered into a DNS database that resolves our IP address to our domain name. Without DNS you would have to remember the IP addresses of network resources.

There is a hierarchy that applies to name servers. The highest level, or top level, domains are registered by Internic. Top level domains are the ones that you are probably used to seeing on the internet and are listed in the table below:

NameType
ComCommercial organization
Edu Educational institutions
Gov Government organization(except for military)
Mil Military organizations
Net Networks
NumPhone numbers
Org Non-profit organizations
Arpa Reverse DNS(used for reverse lookup)
xx Two letter country codes.


Underneath this umbrella are subdomains that use different DNS servers. Let's look at an example: When you come to visit our site, you enter www.mcmcse.com as the address. First your computer contacts your DNS server which may be located at your ISP if you are at home or your company's corporate DNS servers if you are at work. These DNS servers probably will not have an entry for our webserver and will forward the request to the Internic to resolve the top level domain mcmcse.com. While the internic is authoritative for mcmcse.com, it is not for the second level domain that represents our web server as signified by the www that precedes it. So when you enter a request for our webserver, the Internic's DNS servers will point to the DNS server of our webhosting company. Our webhosting company's DNS server will point you to the correct server that our site is hosted on by using its local DNS database. Our website is then served in your browsers. Most medium to large companies also have their own internal DNS servers that provide name resolution on their internal networks or intranet.

Now looking closer at internal networks, larger ones are typically divided into different DNS zones. There are several different ways that this can be organized in regards to DNS configuration. When designing any name resolution service it is important to take into account what would happen if a DNS server were to fail. What if your company has an extensive intranet that is vital to the operation of the company and only 1 DNS server? If that server fails, the users will not be able to access any internal resources unless they know the IP address of the resource that they are trying to access(and they won't know). This is why fault tolerance is important in designing your namespace. Have you ever set up your home computer to access your ISP? Have you ever noticed that when configuring your IP settings you are(or should be) given 2 DNS server IP addresses to enter? This provides backup in case of a failure. Of the 2 DNS servers that you enter, 1 of them is primary and 1 is secondary. The secondary server is only contacted if there is a problem with the primary server.

Let's complicate this even more by looking at an example that will illustrate the complexity of designing a enterprise wide DNS namespace. Let's say that the mcmcse.com namespace is divided into 3 zones which are sales, mktg and tech. When setting this up, we have a lot of choices ahead of us. Many of these decisions will depend on the size of the network and amount of network traffic. In our example, we could have 1 DNS server that provides the name resolution for all 3 zones and all of the devices within them. This would not be a good idea as it is not fault tolerant. We could have a primary and secondary nameserver for all zones and resources within them. This may very well work depending on the properties of the network. We could also create 3 DNS servers as follows:

  • DNS1.mcmcse.com - Primary for the sales zone and secondary for the mktg zone.

  • DNS2.mcmcse.com - Primary for the mktg zone and secondary for the tech zone.

  • DNS3.mcmcse.com - Primary for the tech zone and secondary for the sales zone.


  • In this example, 3 DNS servers are used and each zone has a primary and secondary DNS server.

    Intro to DNS in Windows 2000
    Now that we have presented a brief overview or review for those of you familiar with DNS, it is time to look at how things have changed in Windows 2000. If you are unfamiliar with Active Directory, please take a moment to read our paper Introduction to Active Directory Architecture before continuing.

    Both DNS and Active Directory both necessarily possess a similar hierarchical nature as DNS is very tightly bundled with Windows 2000. While WINS is still supported, it is on the way out largely due to its proprietary nature and scalability issues that can be attributed to NetBIOS. We haven't seen the last of NetBIOS yet and probably won't for some time. There are still services and applications that will continue to use NetBIOS.

    Most of you are familiar with NT 4.0's use of NetBIOS naming in which a computer is identified primarily by a NetBIOS name which is used to identify the machine on a Lan Manager network. With Windows 2000, the naming system has changed quite a bit with the introduction of active directory. Now a computer will mainly be identified by its full computer name, which is a DNS fully qualified domain name(FQDN). The first portion of the computer name is known as the host name, and the remaining portions of the FQDN form the primary DNS suffix. Let's take a look at an example of this. Let's say that you have a client with a NetBIOS(WINS) name of computer. Now you decide to get rid of WINS and move to DNS so you replace WINS with DNS on your network and register "computer" in your DNS database in the domain sales.mcmcse.com. The name "computer" becomes computer's host name and by default will have the primary DNS suffix sales.mcmcse.com added to make the fully qualified domain name computer.sales.mcmcse.com. Let's take this a step further. We decide to make "computer" multihomed(multiple network adapters) and being used as a router. In this example we'll say that there are 2 adapters and each is a member of a different domain(one of them could even be connected to the internet). Adapter1 is part of sales.mcmcse.com and Adapter2 is part of ds.techtutorials.net. Connection specific DNS suffixes can be applied to each such that each has their own FQDN. Adapter1 would be computer.sales.mcmcse.com and Adapter2 would be computer.ds.techtutorials.net. Connection specific DNS entries can be created in the Advanced TCP/IP Settings dialog box.

    DNS and Active Directory
    In the example above at the end of the DNS overview, we were discussing Primary and Secondary DNS servers. While both of these types of servers are still supported as well as caching servers, Windows 2000 presents a new kind of DNS server known as "integrated". This refers to a DNS server that is being used in conjunction with Active Directory. Both DNS and Active Directory(AD) are distributed databases that work together. In fact, if you do are not using DNS, you can't use AD. Windows 2000 DNS provides the Active Directory Installation wizard which installs and configures AD and will also automatically set up your DNS server. Now remember that Active Directory treats everything on a network as an object and this is no different for DNS. When AD is used, each DNS zone becomes an Active Directory container called "DnsZone". The DnsZone object will contain DnsNode leaf objects for all unique resource names within that particular zone. Each of these leaf objects represents an entry for a network resource that is registered in both the AD and DNS databases.

    Replication:
    So what if changes are made to a DNS database? This is why the concept of zone transfer or replication is important. DNS servers can be configured to replicate changes to secondary name servers which is a process referred to as zone transfer. In Windows 2000, AD will handle the replication of the DNS database between servers using multi-master replication. This means that changes to the DNS database can be replicated to any DNS server that participates in AD and the information will be sent to all domain controllers. The copy of the zone file that the secondary DNS server receives is read-only. In previous implementations, the primary DNS server had to handle communication with all secondary servers that required updates. Zone transfer can be either full transfer in which the entire zone file is transferred or incremental in which it only transmits the changes that have occured.

    Resource Records:
    DNS uses database entries called Resource Records to categorize various network resources. Below is a list of these resources and their function. Although it is not a complete list, it includes the more common/important records. For a complete list go to here. Keep in mind that additional resource records can be created using the DNS management snap-in tool.

    RecordDescription
    AAddress record. This entry maps host names to IP addresses.
    AAAAAddress record. Same as above, but for use with IPv6.
    SOADefines the primary nameserver and its parameters for a given zone and is the first database record seen in any zone.
    CNAMECanonical Name. This is an alias that points to another DNS record.
    NSName Server. Defines name servers on the network.
    SRVA DNS entry that allows a Windows 2000 aware client to find a server or DC. This is a new resource record that did not exist in the NT 4.0 implementation.
    MXMail Exchange. Defines a mail server.
    PTRPointer record used for reverse DNS lookups. Created in the In-addr.arpa DNS domain.
    TXTText record which contains descriptive text about a given resource such as location, owner, etc.
    RTRoute Through specifies a "middle man"(computer or other network device) that routes packets to a given host. The RT record is used together with the ISDN and X25 resource records.
    X25The X25(X.25) record is similar to the A(address) record. Instead of mapping a host name to an IP address, it maps the name to an X.121 address. Used in conjunction with the RT record.
    ISDNThe ISDN record is similar to the A(address) record. Instead of mapping a host name to an IP address, it maps the name to an ISDN address. Used in conjunction with the RT record.

    Resolvers
    In Windows 2000 DNS works differently in how names are resolved. NT 4.0 was programmed to try NetBIOS(WINS) resolution first and then DNS. In Windows 2000, it is a very complicated process that will require a separate tutorial to cover it, but the important things to remember are that by default a name resolution query will attempt to be resolved with DNS before NetBIOS and a that DNS queries are now cached by the resolver in order to reduce network traffic and increase the speed of name resolution by keeping a local cache of DNS queries, which can be either recursive or iterative. Furthermore, the hosts file is now preloaded into the DNS cache on the resolver. There is a certain period of time that this information will be stored before it is discarded known as a TTL(Time To Live) for the DNS cache. The hosts file is not assigned a TTL, however, it will be reloaded when changes occur. The DNS caching service is enabled by default and is the same as any other service in that it can be controlled in the Component Services Console.

    DHCP Overview
    We wanted to write a separate tutorial for DHCP, but in order to discuss Dynamic DNS, we have to cover it here. First we will present a review/overview of DHCP and then we will discuss DDNS.

    DHCP stands for Dynamic Host Configuration Protocol and provides a solution that automatically assigns IP addresses to computers on a network. When a client is configured to receive an IP address automatically, It will send out a broadcast to the DHCP server requesting an address. The server will then issue a "lease" and assign it to that client. The time period that a lease will last can be specified at the DHCP server. Some of the benefits of DHCP include the following:
    • Prevents incorrect gateway or subnet masks from being entered.

    • Decreases amount of time spent configuring computers especially in environments where computers get moved around or reconfigured all the time.

    • Can be helpful in situations where a certain portion of the staff works in the field and doesn't need an address all of the time. Especially handy when IP addresses are scarce.

    More information about DHCP can be found in our TCP/IP Guide


    Dynamic DNS(DDNS)
    DDNS was a necessary addition to Windows 2000. Imagine a primarily DHCP based network using a static DNS server for name registration and resolution. It would be impossible even for a team of administrators to update the DNS database every time a client received a new IP address. How would they know when the addresses had changed? Essentially DDNS is a combination of DHCP and DNS and client registration working together. DHCP is responsible for dynamic updates, and hence, you will find the DHCP service running on every Windows 2000 computer whether it is a DHCP client or not.

    By default, DHCP clients will attempt to register their A records while the DHCP Server will take care of registering the PTR records, however, there are other possible configurations. The DHCP server can be configured to update both A and PTR records or if DHCP dynamic updates are disabled, then the client will take care of updating both the PTR and A records.

    So what if a Windows 2000 client is getting its IP address from an NT 4.0 server. Well obviously the NT 4.0 server doesn't support dynamic update so the client will register the records with the DNS server itself. Now in the opposite situation, if the client is a Win9x or NT machine trying to register with a Windows 2000 DHCP server, both the A and PTR records will be updated only if the "Do updates for down-level DHCP clients" option is selected at the DHCP server.

    Finally, clients with static IP addresses will also register their A and PTR records with the DNS database as they will not be in contact with the DHCP server.

    Secure Update
    Zones that are integrated with active directory may be set up to use a secure Dynamic Update with the help of Access Control Lists(ACLs). These lists specify groups and users that have permissions to update RRs in a zone. This prevents unauthorized users from modifying records and giving themselves access to network resources.

    Tools
    nslookup - An application that queries a DNS database for information about DNS objects.
    ipconfig /displaydns - Displays the contents of the local DNS cache.
    ipconfig /flushdns - Clears the DNS cache.
    ipconfig /registerdns - Manually register a client in the DNS database.
    Event Viewer - May contain DNS error information.

    Additional Notes:
  • If a Windows 2000 DHCP client is unable to connect to a DHCP server and get an IP address, it will be randomly selected from a private range of 169.254.0.0. - 169.254.255.0 and will use a subnet mask, 255.255.0.0. If the client can't find an available IP address in this range after 10 tries, it will resort to attempting to contact the DHCP server every 5 minutes.

  • Win2K uses DNS names that use the underscore character.


  • Each part of an address can use no more than 24 characters. For example, in techtutorials.mcmcse.com, there are 3 parts separated by periods each of which is less than 24 characters.





  • Comments (0)

    Be the first to comment on this article


    Related Items








    7 Seconds Resources, Inc.




    IT Showcase