Configuring Domain Name System for Active Directory

Exam: Microsoft 70-640 - Windows Server 2008 Active Directory, Configuring

Configuring Domain Name System for Active Directory

In most modern networks, TCP/IP is the primary networking protocol used to communicate between systems. All devices and their location are identified through a unique number they all have on an IP network. This is called an IP address. IP addresses are four octets long and are commonly expressed in dotted-decimal notation, such as 192.168.10.1.

One way to access a resource is through its IP address. However, when a computer system identifies resources using 32-bit numbers, expecting a user to access a resource by using its IP address would be cumbersome at best. This is where DNS comes into play. DNS is a distributed name resolution service that provides name resolution for an Active Directory domain.

In addition to an IP address, all computers are given a DNS host name upon installation. Although the host name helps you define a device's location or purpose, it needs to be translated into a value that computers can understand. This is why you need DNS. DNS maps a computer's host name to its IP address. When a user or application references a computer's host name, DNS provides the translation of the host name to an IP address, thereby allowing the traffic to be routed appropriately to the correct destination.

DNS is a foundational requirement for Active Directory; the domain controller role cannot be installed onto a server unless dial server can locate an appropriate DNS server on the same machine or somewhere on the network.

In addition to providing computer host name-to-IP address mappings on the network, DNS plays a much larger role in the functionality of Active Directory. Active Directory relies on DNS to provide a locator service for clients on the network. This locator service provides direction for clients that need to know which server performs what function. For example, if a user were attempting to log on to the network, the locator service would attempt to provide the client with the host name and IP address of the domain controller located in the same site as the client workstation if possible.

This locator service is necessary within Active Directory because Active Directory is a multi-master directory service. Therefore, the same server might not always provide network services. Fault tolerance, load balancing, and redundancy are among die reasons for setting up every network, even a small network, with multiple servers, which makes this locator service essential for clients to be able to access domain controllers and other Active Directory resources.

In many cases, organizations will rely on the built-in DNS server role within Windows Server 2008 to provide DNS name resolution for Active Directory. In some cases, though, a company may already have a third-party DNS service in place, such as the BIND DNS service offered by UNIX. When deploying Active Directory with third-party DNS, you need to ensure that the DNS server can support SRV records. SRV records enable clients to locate an Active Directory domain controller, or global catalog, within DNS. Being able to resolve SRV records makes it possible for the clients to authenticate against Active Directory.

In addition to the required support of SRV records, modern DNS implementations also have the ability to support dynamic updates. Dynamic updates permit DNS clients to automatically register and update their information in the DNS database. When a domain controller is added to the forest, for example, its SRV and A records can be added dynamically to the DNS database via dynamic updates to keep the DNS locator service up to date. Dynamic DNS provides a convenient method to assist in keeping the database current. Dynamic updates are not required for Active Directory to function, but taking advantage of this feature can make it much simpler to administer.