Windows 7 / Networking

Deploy and configure the DNS service

DNS is a crucial element of both Internet and Active Directory communications. All TCP/IP communication is based on IP addresses. Each computer on a network has at least one network interface, which is called a host, in TCP/IP parlance, and each host has an IP address that is unique on that network. Every datagram transmitted by a TCP/IP system contains the IP address of the sending computer and the IP address of the intended recipient. However, when users access a shared folder on the network or a website on the Internet, they do so by specifying or selecting a host name, not an IP address. This is because names are far easier to remember and use than IP addresses.

This objective covers how to:

  • Configure Active Directory integration of primary zones
  • Configure forwarders
  • Configure root hints
  • Manage DNS cache
  • Create A and PTR resource records

Understanding the DNS architecture

For TCP/IP systems to use these friendly host names, they must have some way to discover the IP address associated with a specific name. In the early days of TCP/IP networking, each computer had a list of names and their equivalent IP addresses, called a host table. At that time, there were few enough computers on the fledgling Internet for the maintenance and distribution of a single host table to be practical.

Today, there are many millions of computers on the Internet, and the idea of maintaining and distributing a single file containing names for all of them is absurd. Instead of a host table stored on every computer, TCP/IP networks today use DNS servers to convert host names into IP addresses. This conversion process is referred to as name resolution.

At its core, the DNS is still a list of names and their equivalent IP addresses, but the methods for creating, storing, and retrieving those names is very different from those in a host table. The DNS consists of three elements:

  • The DNS namespace: The DNS standards define a tree-structured namespace in which each branch of the tree identifies a domain. Each domain contains a collection of resource records that contain host names, IP addresses, and other information. Query operations are attempts to retrieve specific resource records from a particular domain.
  • Name servers: A DNS server is an application running on a server computer that maintains information about the domain tree structure and (usually) contains authoritative information about one or more specific domains in that structure. The application is capable of responding to queries for information about the domains for which it is the authority, and also of forwarding queries about other domains to other name servers. This enables any DNS server to access information about any domain in the tree.
  • Resolvers: A resolver is a client program that generates DNS queries and sends them to a DNS server for fulfillment. A resolver has direct access to at least one DNS server and can also process referrals to direct its queries to other servers when necessary.

In its most basic form, the DNS name resolution process consists of a resolver submitting a name resolution request to its designated DNS server. When the server does not possess information about the requested name, it forwards the request to another DNS server on the network. The second server generates a response containing the IP address of the requested name and returns it to the first server, which relays the information in turn to the resolver. In practice, however, the DNS name resolution process can be considerably more complex, as you will learn in the following sections.

DNS communications

Although all Internet applications use DNS to resolve host names into IP addresses, this name resolution process is easiest to see when you're using a web browser to access an Internet site. When you type a URL containing a DNS name (for example, www.microsoft.com) into the browser's Address box and press the Enter key, if you look quickly enough, you might be able to see a message that says something like "Finding Site: www.microsoft.com." Then, a few seconds later, you might see a message that says "Connecting to," followed by an IP address. It is during this interval that the DNS name resolution process occurs.

From the client's perspective, the procedure that occurs during these few seconds consists of the application sending a query message to its designated DNS server that contains the name to be resolved. The server then replies with a message containing the IP address corresponding to that name. Using the supplied address, the application can then transmit a message to the intended destination. It is only when you examine the DNS server's role in the process that you see how complex the procedure really is.

To better explain the relationship of the DNS servers for various domains in the namespace, the following procedure diagrams the Internet name resolution process.

  1. A user on a client system specifies the DNS name of an Internet server in an application such as a web browser. The application generates an application programming interface (API) call to the resolver on the client system, and the resolver creates a DNS recursive query message containing the server name, which it transmits to the DNS server identified in computer's TCP/IP configuration.
  2. The client's DNS server, after receiving the query, checks its resource records to see if it is the authoritative source for the zone containing the requested server name. If it is not, which is typical, the DNS server generates an iterative query and submits it to one of the root name servers. The root name server examines the name requested by the client's DNS server and consults its resource records to identify the authoritative servers for the name's top-level domain. The root name server then transmits a reply to the client's DNS server that contains a referral to the top-level domain server addresses.
  3. The client's DNS server, now in possession of the top-level domain server address for the requested name, generates a new iterative query and transmits it to the top-level domain server. The top-level domain server examines the second-level domain in the requested name and transmits a referral containing the addresses of authoritative servers for that second-level domain back to the client's DNS server.
    Note: In the DNS name resolution process just described, the process of resolving the top-level and second-level domain names is portrayed in separate steps, but this is often not the case. The most commonly used top-level domains, such as com, net, and org, are actually hosted by the root name servers, which eliminates one entire referral from the name resolution process.
  4. The client's DNS server generates yet another iterative query and transmits it to the second-level domain server. If the second-level domain server is the authority for the zone containing the requested name, it consults its resource records to determine the IP address of the requested system and transmits it in a reply message back to that client's DNS server.
  5. The client's DNS server receives the reply from the authoritative server and transmits the IP address back to the resolver on the client system. The resolver relays the address to the application, which can then initiate IP communications with the system specified by the user.

Depending on the name the client is trying to resolve, this process can be simpler or considerably more complex than the one shown here. If, for example, the client's DNS server is the authority for the domain in which the requested name is located, no other servers or iterative requests are necessary. On the other hand, if the requested name contains three or more levels of domains, additional iterative queries might be necessary.

This procedure also assumes a successful completion of the name resolution procedure. If any of the authoritative DNS servers queried returns an error message to the client's DNS server stating, for example, that one of the domains in the name does not exist, then this error message is relayed back to the client and the name resolution process is said to have failed.

[Previous] [Contents] [Next]

In this tutorial:

  1. Deploying and configuring core network services
  2. Configure IPv4 and IPv6 addressing
  3. Classless Inter-Domain Routing
  4. IPv4 subnetting
  5. Assigning IPv4 addresses
  6. IPv6 addressing
  7. IPv6 address types
  8. Assigning IPv6 addresses
  9. Planning an IP transition
  10. Tunneling
  11. Configure servers
  12. DHCP communications
  13. Deploying a DHCP serve
  14. Using PXE
  15. Deploying a DHCP relay agent
  16. Deploy and configure the DNS service
  17. DNS server caching
  18. DNS forwarders
  19. Deploying a DNS server
  20. Creating resource records