WINS is outta here!... sort of. Microsoft's adoption of DNS makes our IT lives much less complicated. Here's a guide to working with it.

DNS, How Do I Love Thee?

WINS is outta here!... sort of. Microsoft's adoption of DNS makes our IT lives much less complicated. Here's a guide to working with it.

• By Harry Brelsford
• 07/01/2000

I love Windows 2000's Domain Name System (DNS), let me count the ways…. First, there's the adoption of an industry standard name resolution mechanism. Second, there's the ability to design a Windows 2000 networking infrastructure around the DNS namespace. Third, the possibilities are seemingly endless when it comes to DNS in Windows 2000, at least when discussing DNS configuration.

In last month's column, I briefly defined DNS as a TCP/IP, standards-based name resolution mechanism in Windows 2000. In a nutshell, DNS is the default name system on the Internet, used to resolve host names to IP addresses, and vice versa. When you type in "www.mcpmag.com" in your Internet Explorer browser, DNS is the mechanism that resolves that name to "209.67.143.112" (or whatever the specific IP address for www.mcpmag.com is this month). I like to think of DNS as some smart phone book that shows host names resolved to IP addresses. Why? In a similar nature, given (or Christian) names are resolved to telephone numbers in the real world. Get it? Don't forget that DNS effectively supplants Windows Internet Naming System (WINS) as the default name resolution system in Windows 2000 (although Win2K still supports WINS for backward compatibility with NT and other legacy Microsoft hosts).

Now, why should you care about DNS? Two reasons: The real world and the MCSE exams (specifically exam 70-216). Fortunately, in both cases, Microsoft has eased the transition to DNS by hiding some DNS complexities behind friendly wizards and also by making DNS act in smart ways, such as dynamically updating itself. With respect to the MCSE certification exams, Microsoft assumes you've yet to earn a PhD in DNS, when in fact, an above average, working knowledge of DNS will suffice. However, implicit in the Microsoft certification exam process is the assumption that you have a good grounding in DNS. At sometime, someone, somewhere taught you the basics of TCP/IP and specifically DNS. Did you take the TCP/IP elective exam to get your MCSE? Unless you took off that day, you should have a basic understanding of DNS.

Master Tip: The Windows 2000 Server online help system is packed full of DNS discussion that'll get you up to speed quickly. You should also consider reading the TCP/IP Core Networking Guide in the Windows 2000 Server Resource Kit. 

I've assumed that you've already installed DNS. It's a safe assumption-DNS is installed almost seamlessly when you install Active Directory on a Windows 2000 Server command. To be honest, installing DNS in Windows 2000 takes nothing more than clicking Next a few times and Finish while in the installation wizard. The real fun happens prior to (the design phase) and after (the configuration phase) installing DNS.

Industry Standard

In the minds of many MCSEs, the use of DNS as the default name resolution system in Windows 2000 is both appreciated and overdue. Many MCSEs are supporting complex Internet connections and non-Microsoft hosts such as Linux workstations. Remember that WINS in the old NT 4.0 days first and foremost supported Microsoft clients. DNS represents Microsoft's willingness to support an industry standard such as DNS. More likely, Microsoft made such as change as much for technical reasons as the fact you and I demanded it as part of the technology community. Microsoft's emphasis on DNS is a bit overdue, given the pervasive reach of the Internet. In fairness to Microsoft, it wasn't blind to DNS; rather, the delay in Windows 2000 effectively delayed the default implementation of DNS in Microsoft's networking solution.

As an industry standard, there's an unexpected benefit to you, the student of DNS: If you've ever worked with it, the knowledge you have about DNS is transferable to Windows 2000. If you've every learned DNS in the Unix world or even a generic networking class in college, you've got it made. 
In DNS, a client machine (known as a host) seeks to use the resources of another machine (also known as a host). This is shown in Figure 1 as a Windows 2000 Professional workstation seeking to download a page from Microsoft Certified Professional Magazine's Web site at www.mcpmag.com.

Figure 1. Basic need-a workstation attempts to use a resource.

Now, take the view in Figure 1 to the next level. In Figure 2, the DNS servers that provide the name resolution are introduced. The DNS server is a Windows 2000 Server running on the local area network. Having received the request for www.mcpmag.com, it resolves the request.

Figure 2. A DNS name resolution scenario with DNS running on a Windows 2000 Server on a local area network.

Master Tip: There are two query types in a DNS scenario, both of which are fair game on the 70-216 MCSE exam. An iterative query is when a client machine asks a DNS name server to resolve a name resolution request. The DNS name server attempts a "best effort" approach, using the information contained in its cache or zone data. If no close match is found (the best effort fails), the DNS name server returns a verdict to the client machine advising it to try another DNS server. This typically takes the form of the client machine trying the next DNS server listed in the TCP/IP configuration (on the client machine). A recursive query type is more straightforward. If the initial DNS name server can't resolve the query, it polls the next DNS name server higher up (its authoritative server) for a result to the query. If that doesn't work, the next DNS name server is polled, etc.

Design Considerations

You as a Windows 2000 MCSE must decide what your name space will be on your Windows 2000 network. It's an important decision, and one with several factors: the size of your organization, the Internet domain names you have the rights to use, political considerations, and so on. In general, you should start with a single domain and a single DNS server, a configuration that will meet the needs of most small (SORG) and medium-sized (MORG) organizations. (See Figure 3.)

Figure 3. A single domain with a single DNS server.

Master Tip: The Internet domain name you use is typically the same as your internal domain name (the Win2K/NT-type). However, the names can be separate.

If you work at the enterprise-level, you already know that I've oversimplified the DNS design discussion. Clearly the DNS name space issue can become much more complex and include:

• Introduction of subdomains; you'd recognize this as a third-level domain name (e.g. certs.mcpmag.com).
• Use of DNS servers on either or both sides of a firewall.
• Issues surrounding interoperability with Unix-based DNS
• Placement of a DNS server at each Active Directory site to boost overall network performance.

Kevin Kocis's article, "Team Effort: Integrating Windows 2000 DNS with Unix DNS," in the May 2000 issue, offers some more advanced discussion of DNS in an integrated Unix/NT/Win2K environment. 

Configuration

How 'bout some hands-on stuff? This column isn't complete without providing you an opportunity to try out something. Let's create a new DNS zone and then dynamically update it via the Win2K dynamic DNS feature. Again, I've assumed that you've installed DNS when you built your Win2K Server and implemented Active Directory.

1. Launch the DNS Microsoft Management Console (MMC) from the Administrative Tools program group. 
2. Right-click on the server object in the left part of the DNS MMC and select New Zone. The New Zone Wizard launches. 
3. Click Next.
4. Select a Zone Type, as seen in Figure 4. The preferred zone, assuming you will interact with live DNS servers running on Windows 2000 Server machines is the Active Directory integrated zone. The default selection is Standard Primary which has greater interoperability capabilities. Click Next.

Figure 4. Selecting a zone type. Note the zone types are defined in the dialog box.

5. Create either a forward lookup zone or a backward lookup zone (see Figure 5). Typically you'll want to create a forward lookup zone as that's the way most of us live in the real world (names are resolved to IP addresses). Click Next.

Figure 5. Selecting either a forward or reverse lookup zone. Note the lookup zone options are defined in the dialog box.

6. Name the zone, typically with your Internet domain name (e.g. expectationmanangement.com) Click Next.
7. Click Finish. You've just created a zone. 

Next, you'll allow the zone to be dynamically updated: 

1. Right-click the zone you created above by expanding the Forward Lookup Zones folder in the left pane of the DNS MMC. 
2. Select Properties. The property sheet for your zone will appear. 
3. On the General tab sheet, you will elect whether or not to allow dynamic updates. By selecting either "Only secure updates" or "Yes", you have implemented dynamic DNS for this zone. See Figure 6.

Figure 6. Implementing Windows 2000 Server's dynamic DNS features is as simple as making a dialog box selection. Here, the secure updating capability has been selected.

4. Click OK. You have now implemented dynamic DNS. 

That's it! Now you know why I love DNS: Although it takes some advanced planning before you implement it, DNS can simplify your life. Now, aren't you glad I devoted a whole column to it?