Microsoft windows 2000 DNS - Manual

superceded by RFC 1034 (Domain Names–Concepts and Facilities), and RFC 1035 (Domain Names–Implementation and Specification). RFCs that describe DNS security, implementation, and administrative issues later augmented these. The implementation of DNS—Berkeley Internet Name Domain (BIND)—was originally...

com edu gov mil microsoft mydomain mit Managed by N Registration Authority Managed by Microsoft w hitehouse army int/net/org Microsoft D i DNS and Internet The Internet Domain Name System is managed by a Name Registration Authority on the Internet, responsible for maintaining top-level domains that ...

Description Class TTL Type Data Start of Authority Internet (IN) Default TTL is 60 minutes SOA Owner Name, Primary Name Server DNS Name, Serial Number, Refresh Interval, Retry Interval, Expire Time, Minimum TTL Host Internet (IN) Zone (SOA) TTL A Owner Name (Host DNS Name), Host IP Address Name Serv...

• A need to delegate management of a DNS domain to a number of organizations or departments within an organization • A need to distribute the load of maintaining one large DNS database among multiple name servers to improve the name resolution performance as well as create a DNS fault tolerant envir...

www.whitehouse.gov: • Recursive query for www.whitehouse.gov (A RR) • Iterative query for www.whitehouse.gov (A RR) • Referral to the gov name server (NS RRs, for gov); for simplicity iterative A queries by the DNS server (on the left) to resolve the IP addresses of the Host names of the name server...

• Incremental Zone Transfer (IXFR) • Dynamic Update and Secure Dynamic Update • Unicode Character Support • Enhanced Domain Locator • Enhanced Caching Resolver Service • Enhanced DNS Manager Active Directory Storage and Replication Integration In addition to supporting a conventional way of maintain...

Note: Only DNS servers running on domain controllers can load DS integrated zones. The Replication Model Since DNS zone information is now stored in Active Directory service, whenever an update is made to a DNS server, it simply writes the data to Active Directory and continues performing its usual ...

Note that only DNS server supports the Secure Dynamic Updates for the DS- integrated zones. Windows 2000 implementation provides even finer granularity allowing per-name ACL specification. More details we consider ACLs and specific Administrative groups later in “Controlling Update Access to Zones a...

The following diagram details the incremental transfer mechanism. Master DNS Server Slave DNS Server 1 Serial Number 11 Serial Number 10 Serial Number 8 IXFR Seria l Num ber 1 2 cha nges Serial Number 11 changes Serial Number 12 changes Serial Number 10 changes IXFR IXF R Entire zo ne file Zone Log ...

The dynamic update algorithm differs depending on the type of client network adapter engaging in the dynamic update process. The following three scenarios will be examined: • DHCP client • Statically configured client • RAS client DHCP Client When a Windows 2000 DHCP client bootstraps, it negotiates...

client’s PTR RR. Also, the DHCP server will remove the corresponding A records if configured to ”Discard forward lookups when leases expire.” Statically Configured Client A statically configured client does not communicate with the DHCP server and dynamically updates both A and PTR RRs every time it...

In step 1, the client queries the local name server to discover which server is authoritative for the name it is attempting to update, and the local name server responds with the reference to the authoritative server. In step 2, the client queries the authoritative server to verify that it is author...

however, can be changed through the registry. Controlling Update Access to Zones and Names Active Directory controls access to the secure DNS zones and names in them through the ACLs. The ACLs can be specified for either an entire zone or modified for some specific names. By default any authenticate...

DNS Admins Group By default the DNS Admins group has full control of all zones and records in a Windows 2000 domain in which it is specified. In order for a user to be able to enumerate zones in a specific Windows 2000 domain, the user (or a group the user belongs to) must be enlisted in the DNS Adm...

Aging and Scavenging Parameters for Zones Zone Parameter Description Configuration Tool Notes No-refresh interval Time interval, after the last time a record’s timestamp has been refreshed, during which the server does not accept refreshes for the record. (The server still accepts updates.) DNS cons...

The table below lists the server parameters that affect when records are scavenged. You set these parameters on the server. Aging and Scavenging Parameters for Servers Server Parameter Description Configuration Tool Notes Default no-refresh interval This value specifies the no- refresh interval that...

Record Life Span The Figure below shows the life span of a scavengeable record. When a record is created or refreshed on an Active Directory–integrated zone or on a standard primary zone for which scavenging is enabled, a record’s timestamp is written. Because of the addition of the timestamp, a sta...

Usually, the DHCP service requires the longest refresh interval of all services. If you are using the Windows 2000 DHCP service, you can use the default scavenging and aging values. If you are using another DHCP server, you might need to modify the defaults. The longer you make the no-refresh and re...

zone file. Administrators should exercise caution when transferring a zone containing UTF-8 names to a non-UTF–8-aware DNS server. The Domain Locator The Windows 2000 Domain Locator, implemented in the Netlogon service, is a service that enables a client (the machine locating a Domain Controller (DC...

The description of the Windows NT 4 Compatible Domain Locator has been omitted, since it is irrelevant to the DNS and is described in “Windows 2000 Domain Controller Locator IP/DNS Compatible Locator The algorithm behind the IP/DNS Compatible Locator consists of two main parts. First, the domain DC(...

Send a DNS query specifying one of the criteria specific DNS host names Does the DNS query response contain at least one DC? Quit indicating the reason No Among all DCs returned in the DNS response is there at least one non-pinged one? Yes No Among all DCs returned by the DNS server, that has not be...

A client might have multiple network adapters and thus might have multiple IP addresses. That could theoretically put the client in multiple sites. The design above ignores this remote possibility. Rather, it assumes that the client is in the site corresponding to the adapter, which was used to ping...

resolution. The following summarizes the name resolution algorithm: • The query is issued to the lead server on the preferred adapter's server list. • If no response was received within a one second interval, the query is issued to the lead server(s) on all lists, including the one on the preferred ...

• The query is processed as a fully-qualified query. • If the result is a positive response, the response is returned to the caller. • If the result is a timeout, then a timeout is returned to the caller. • If the result is a negative response, the next suffix is appended and the algorithm is restar...

• The response is returned to the client. Name Resolution Scenarios This section provides name resolution scenarios for a multi-homed machine using unqualified single-label and fully qualified queries. In this scenario the Global suffix search list is not specified. The following table displays the ...

Registry key HKEY_Local_Machine\System\CurrentControlSet\Services\ DNSCache\Parameters . Disabling the Caching Resolver There are two ways to disable the caching resolver: • Manually disable the caching resolver service by typing “net stop dnscache” at the command prompt. This disables DNS server or...

hardware components can provide information and notification of events. WMI simplifies the instrumentation of various drivers and applications written for Windows, provides detailed and extensible information that is consistent across different vendors' products, and allows for consistent access to ...

Receiving Non-RFC Compliant Data If a Windows 2000 server supports a secondary zone and receives unknown resource records, then it drops such records and continues zone replication. It also drops a circular CNAME resource records if receives them. DNS Server Performance The statistics presented belo...

Hardware components Sizing Number of processors Two Processor Intel Pentium II 400 MHz Amount of RAM 256 MB (megabytes) Hard disk drive space 4 GB (gigabytes) These measurements were based on the server computer running a DNS server and with no other services in use. Where other hardware specificati...

namespace and DNS architecture to support it, and then revising the ADS and DNS design if unforeseen, or undesirable consequences are uncovered. The Windows 2000 Active Directory Namespace Design white paper describes the ADS namespace, including the forest and tree domain structure, organizational ...

zone, that is, zzz.com., must also contain the zones containing all (internal and external) names of the merged companies. Now take a look at a private namespace design and the configuration of the DNS servers, zones and clients for the YYY Corporation. The private namespace includes a private root,...

forwards the query to the DNS server containing the zzz.com. zone (Step 2). This server finds a delegation to the third.zzz.com. in the zzz.com. zone. It sends the query to that server (Step3) receives back the response (Step 4), passes it to the previous server (Step 5), which finally returns it to...

First it finds that the name myname.zzz.com. is internal, based on the PAC file. Therefore, it submits a query to the assigned DNS server (Step 1). If the cache contains the necessary data, the server will respond to the client. Otherwise, the server will query a root server (Step 2). The root serve...

Active Direct ory Domain: MyCompany.com Host name: MyComput er Primary DNS suff ix – MyCompany.com Full computer name : MyComputer.MyCompany.com Public Net work 10BaseT Int ernal Backup Net work 100BaseT DNS Names: MyComputer.MyCompany.com MyComputer.example2.com Adapt er- specific DNS suf f ix: exa...

If existing DNS tree is implemented by Windows NT 4.0 DNS, the solution is to upgrade the Windows NT 4.0 DNS servers to the Windows 2000 implementation of DNS. If a non-Microsoft DNS implementation is in place and it does not support SRV RRs and Dynamic Update, then the question is: can it be upgrad...

D o y ou hav e D N S D es ign/ D eploy W indow s 2000 D N S T opology Yes No Overlap F inis h W hat is y our D N S N am ing plat f orm & t opology ? W indow s N T 4 D N S in Plac e U pgrade t o W indow s 2000 D N S D es ign/ D eploy W indow s 2000 D N S T opology F inis h C hoos e Ac t iv e D ir...

Using Automatic Configuration The Windows 2000 implementation of DNS offers a DNS Server Configuration wizard, which greatly simplifies the DNS server installation and configuration process. For example, it offers an elegant way of priming the root hints for a new DNS server. The Server Configuratio...

In the picture above, a WINS referral zone called wins.mydomain.microsoft.com. has been created and pointed to the WINS database. Assume that a Windows NT 4.0-based client has a name client1 . A Windows 2000-based client belongs to the mydomain.microsoft.com. If the Windows 2000-based client has rec...

• Enhanced Caching Resolver Service • Enhanced DNS Manager To properly deploy DNS in the Windows 2000-based environment, it is recommended to start with the ADS design and then support it with the appropriated DNS namespace. For ADS design refer to the Windows 2000 Active Directory Namespace Design ...

UCS-2 –Also known as Unicode is a character encoding protocol. UTF-8 –A character encoding protocol, specified in RFC 2044 WINS –Windows Name System (WINS) is the pre-DNS name system. It is still supported in the Windows 2000 in order to maintain interoperability between the different generations of...