Interoperability issues
DNS servers running Windows Server 2003
are compliant with most of the
Request for Comments (RFC)
An official document of the Internet Engineering
Task Force (IETF) that specifies the details for
protocols included in the TCP/IP family.
specifications used to define the DNS protocol.
This provides clear benefits for operating DNS servers
in mixed or heterogeneous environments. For more
information about RFCs, see
DNS RFCs.
The primary benefits for interoperability in these
environments include:
- Full interoperability with other DNS server
implementations that implement RFC-compliant
behavior for DNS name service.
- Use of Windows DNS servers to provide DNS
service on the Internet.
For interoperability testing, the Windows Server 2003
DNS development team has tested Windows Server 2003 DNS
Server and Client services with the following versions
of the Berkeley Internet Name Domain (BIND) DNS server
implementation:
- BIND 4.9.7
- BIND 8.1.2
- BIND 8.2
- BIND 9.1.0
Interoperability and configuration issues related to
using Windows Server 2003 DNS with other various
environments, or when using DNS servers on the Internet,
are covered in the following sections.
DNS is required for network resources to locate
Active Directory domain controllers. You can elect to
set up the DNS Server service as part of the
installation of Active Directory using the Active
Directory Installation Wizard. When you install Active
Directory on a server, the server is promoted to the
role of a domain controller.
When you install Active Directory on a server, the
Active Directory Installation Wizard provides the option
to automatically install the DNS Server service and add
new zones locally. When you select the option to install
and configure a DNS server using the Active Directory
Installation Wizard, zones are created based on the DNS
name you have specified in the wizard.
A simple method of redundancy and fault tolerance
planning is to have a DNS server running on each domain
controller. For each subnet, have two domain controllers
running the DNS Server service and hosting Active
Directory-integrated zones.
When transferring a zone between two Windows DNS
servers, the DNS Server service always uses a fast
transfer method that uses compression. This method
includes multiple resource records (RRs) in each message
sent to complete the transfer of the zone between
servers. For DNS servers running Windows Server 2003,
this is the default method used when initiating transfer
with other DNS server implementations.
If necessary, DNS servers running Windows Server 2003
can be configured to transfer a zone using the slower
uncompressed transfer format. This enables successful
zone transfers to be made with DNS servers that do not
support the faster transfer method, such as BIND servers
prior to version 4.9.4.
When you select the Bind Secondaries check box
in advanced server properties, no fast transfers are
made. By default, the check box is cleared to enable
fast transfers. For more information, see
To enable or disable fast transfer format during zone
transfers.
In many large organizations, DNS is already
implemented using other solutions, such as UNIX DNS
servers that run legacy versions of BIND software. In
some cases, these DNS servers are not equipped to
support the DNS requirements for deploying Active
Directory. This issue can be addressed in one of two
ways:
- Upgrade any BIND DNS servers to version 8.1.2 or
later of the BIND software to meet the DNS
requirements for Active Directory support.
- Use the DNS Server service provided with
Windows Server 2003
family, migrating, if possible, any of your current
DNS zones to DNS servers running Windows
Server 2003.
Although the DNS Server service is recommended to
support Active Directory, you can use other DNS server
implementations for this purpose. These other
implementations should, however, support the following
standard specifications:
- The service location (SRV) resource record, as
described in the Internet draft, "A DNS RR for
specifying the location of services (DNS SRV)."
- Dynamic updates in DNS, as described in RFC
2136.
Support for dynamic updates is recommended but not
essential. Support for the SRV resource record is
mandatory because it is required to provide basic DNS
support to Active Directory. For example, a DNS server
that does not support dynamic updates, like that
provided with Windows NT Server 4.0 (updated to Service
Pack 4 or later) supports the DNS requirements of Active
Directory because SRV resource record support was added
with Service Pack 4.
Additional manual administration of SRV resource
records is needed for DNS configuration support of
Active Directory to function properly on a DNS server
that does not support dynamic updates. For more
information, see
Service location (SRV) resource records.
Interoperating Windows DNS servers with other DNS
server implementations
If you decide to use the Windows DNS Server service
and manage it with a split DNS configuration in which:
- Existing DNS servers for root zones are not to
be upgraded or migrated to other DNS solutions.
- Windows Server 2003 DNS is to be deployed and is
to provide management of any DNS domain names
required to register, update, and support for use
with Active Directory.
You can modify your DNS namespace design plans in
either of the following ways:
- Create a single new subdomain in your current
DNS domain namespace to root your first Active
Directory domain.
For example, if your organization has registered
and is using a second-level domain name, such as
microsoft.com, you can create a single subdomain
such as example.microsoft.com and use this domain to
root the DNS domain namespace used by Active
Directory. The DNS Server service is automatically
configured to support Active Directory when you
install the first domain controller.
Before you have created a zone for the new
subdomain at a computer running the DNS Server
service, you can delegate these subdomains away at
the primary zone for your second-level domain, such
as "microsoft.com." In some cases, you might only
need to notify another DNS or UNIX system
administrator in your organization to make the
delegation for you. For more information, see
Delegating zones.
- Create multiple subdomains based on your DNS
second-level domain to support registration of
Active Directory in DNS.
For example, if your organization has a
registered second-level DNS domain name already in
use (such as microsoft.com), you can create
additional subdomains that are delegated to Windows
DNS servers and used only for registering DNS names
related to Active Directory.
This method is more complex to implement, but
enables less change to your currently deployed DNS
infrastructure that is not Windows-based. With this
namespace design, you create only those additional
subdomains and appropriate zones needed to support
your Active Directory deployment. For example, in
this configuration, the domain name microsoft.com is
both the root DNS and the root Active Directory
domain name for your organization.
For this configuration, you first need to create
zones for the following subdomains using the DNS
Microsoft Management Console (MMC) console on a DNS
server running Windows Server 2003:
child1.microsoft.com
child2.microsoft.com
Before these zones are created, you can delegate
these subdomains away at the primary zone for your
parent or second-level domain name or notify another
DNS administrator who manages these zones for your
organization to do so. For more information, see
Delegating zones.
To establish a presence on the Internet, an
individual or business must first apply for and register
a second-level domain name with an authorized DNS domain
name registration authority. Your Internet service
provider (ISP) can often perform this function and
obtain a name on your behalf, usually for an additional
fee.
To register your domain name, there are several
required tasks, including:
- Selecting and researching a second-level domain
name that is not currently registered or in use.
This can easily be done if you have Internet
access by using a WHOIS query engine provided at the
Web site for your applicable Internet DNS domain
name registrar. Be prepared to select an alternate
name if your WHOIS query indicates that your
preferred selection is already registered and in
use.
- Registering and obtaining at least one IP
address valid for use on the Internet.
This address is needed for the DNS server on the
Internet that you want to establish as the host for
the primary copy of the zone based on your
second-level domain name. In many cases, if you are
using an ISP to register a domain name on your
behalf, they can specify the IP addresses for one or
two of their servers as primary and secondary for
the Internet.
As part of the registration process, an applicant
must provide at least two currently active DNS
servers that are used on the Internet as the primary
and secondary servers designated for the new domain.
This requirement is necessary to ensure proper
Internet root server configuration and referral for
others that query for your registered DNS domain
name on the Internet.
After one IP address has been obtained, you can
sometimes arrange (or your ISP can do so on your
behalf) to use another company or ISP's DNS server
as a secondary server for the zone. If you still
need to obtain an IP address directly for use in the
United States, a valid IP address can be obtained
through the American Registry for Internet Numbers (ARIN).
In other countries or regions, you might contact
your local Internet service or telephony provider to
find out how to register and acquire an IP address
if one is needed.
- Complete the registration application form and
submit it with your registration fee to the
appropriate Internet DNS domain name registration
authority. Registrations are typically in force for
a finite period of time and must be periodically
renewed.
For more information about selecting and registering
your Internet DNS name, see the
VeriSign Global Registry Services Web site.
Windows Server 2003 DNS provides several
interoperability options with other TCP/IP services. The
following options can be used to reduce the amount of
time you need to spend administering your DNS
infrastructure:
- WINS forward and reverse lookups.
The DNS Server service provides for the use of
WINS lookup. This feature enables configured DNS
zones to refer queries not answered from current
zone information to a WINS server for further
resolution. With this added search of the WINS
namespace, both DNS and WINS are used to complete a
full search of registered names for a matched
response.
WINS lookup is supported for both forward and
reverse lookup zones and can be enabled on a
per-zone basis or configured for selected zones.
This feature should also be configured to prevent
replication or zone transfer of WINS resource
records to servers with other DNS implementations
that do not recognize the WINS resource records.
- Dynamic integration with DHCP servers.
For Windows Server 2003 DNS, the DHCP service
provides default support to register and update
information for legacy DHCP clients in DNS zones.
Legacy clients typically include other Microsoft
TCP/IP client computers that were released prior to
Windows 2000. The Windows Server 2003 DNS-DHCP
integration enables a DHCP client that is unable to
dynamically update DNS resource records directly to
have this information updated in DNS forward and
reverse lookup zones by the DHCP server.
Notes
-
Web addresses can change, so you might be unable to
connect to the Web site or sites mentioned here.
- Dynamic integration with the DHCP service is
only available on DNS servers running Windows 2000
and Windows Server 2003. DNS-DHCP integration is not
supported by DHCP servers running under Windows NT
Server 4.0 and earlier.
- By default, a zone hosted on a DNS server
running Windows Server 2003 will only allow a zone
transfer to authoritative DNS servers listed in the
name server (NS) resource records for the zone
