McAfee Secure

Planning Windows Server 2008 and Windows Server 2008 R2 DNS

Exam: Microsoft 70-646 - Windows Server 2008, Server Administrator

DNS can be sued for resolving IP host names to IP addresses. It can also be used for resolving IP addresses to the host names in reverse loopup DNS zones. Resolution of names is important for IPv4 as they are not easy to remember and normally host names or fully qualified domain names (FQDNs) are used. If IPv4 addresses are not easy to remember, IPv6 addresses are impossible to remember making name resolution all the more important. The article discusses enhancements to DNS that are introduced in Windows Server 2008 and Windows Server 2008 R2 and DNS dealing with IPv6 addresses.

Features that are introduced by Windows Server 2003 DNS have been retained in Windows Server 2008 and Windows Server 2008 R2 DNS Server. Dynamic configuration and incremental zone transfer are included in them and several new enhancements have been introduced. AD DS supports Windows Server 2008 and Windows Server 2008 R2 DNS in a Windows-based network. If AD Ds role is installed on a server or the dcpromo command is carried out, and a DNS server that meets AD DS requirements is not locatable, a DNS server can be installed and configured.

A partition is a data container in AD DS that holds the data for the purpose of replication. DNS zone data can be stored in the domain or the application directory partition of AD DS. The partition that can store the zone can also be specified. The domain controllers to which the zone's data is replicated is determined by the choice. DNS replication is undertaken in all domain controllers that are specified in the replication scope of DNS application directory partition.

It is recommended by Microsoft to use Windows Server 2008 DNS Server Service even though other DNS server can support AD DS deployment. Partitions make sure that only updates to DNS zones are replicated to other DNS servers.

Configuring Windows Server 2008 and Windows Server 2008 R2 DNS

Close integration between Windows services inclusive of AD DS, DHCPv6, DHCP and WINS guarantees that minimal or no manual configuration is required by Windows Server 2008 DNS. Registration of host names, IPv4 addresses and IPv6 addresses is done dynamically in the case of computers running the DNS

The DNS server and the DNS client Services can be configured for performing secure dynamic updates ensuring that only authenticated users that have rights have access to records on the DNS server.

Using Stub Zone

The resource records that are necessary for identifying authoritative DNS servers for that zone. Stub zones ensure that determination of child zones is done by the DNS servers that are hosting the parent zones. This helps in maintaining DNS name resolution efficiently. Stub zones can be used when the name servers in the target zones are in transition. Stub zones are used for holding records for DNS servers that are in delegated zones.

DNS Forwarding

Forwarders are DNS servers to which requests are forwarded by other DNS servers. In case an entry for a DNS server is not there in the database it can be replaced with an address that is more likely to have information to the client. A query can also be sent to the DNS server. The process takes place repeatedly till the client IP address is received or it is established that the query cannot be resolved.

Conditional forwarders are used by Windows 2008 DNS Server. These help in extending the standard forwarder configuration. A DNS server that sends DNS queries as per the DNS domain name are conditional forwarders.

Zone Replication

Windows Server 2008 and Windows Server 2008 R2 DNS zones are replicated between DNS servers for failover and to improve DNS name resolution efficiency. Implementation of zone replication and synchronization is done by zone transfers. In case a new DNS server is added to the network and it is configured as a secondary DNS server for an existing zone, a complete zone transfer is performed for obtaining a read only copy of the resource records for the zone.

Replication of changes to the authoritative zone is done to the secondary zone. Incremental zone replication was introduced by Windows Server 2003. It replicates the changes to the authoritative zone alone. The functionality is supported by Windows Server 2008 and Windows Server 2008 R2. Before Windows Server 2003, for replicating any changes in the authoritative DNS zone to the secondary DNS server. Incremental transfer allows a secondary server to pull those zone changes that are required for synchronizing the copy of the zone with the source zone. The copy can be a primary or a secondary copy of the zone.

DNS Records

A network professional is expected to be familiar with standard DNS record types like IPv4 host (A), SOA, PTR, CNAME, NS, MX, SRV etc. Other record DNS types like Andrew File System Database (AFSDB) and Asynchronous Transfer Mode (ATM) addresses may also be used.

Administering DNS

A DNS Manager MMC snap-in GUI can be used for managing and configuring the DNS Server service. Configuration Wizards are also provided for performing tasks related to common server administration.

Command line tools that assist and support DNS servers are available on Windows Server 2008 and Windows Server 2008 R2. The various tools and their functions are given in the table below:

Command Tool Function
dnscmd Allows configuration and administration of both IPv4 and IPv6 records. It can be used for creating reverse lookup zones.
ipconfig For viewing interface adapter configurations
ipconfig /release and ipconfig /release6 For releasing IPv4 and IPv6 configurations
ipconfig /renew and ipconfig /renew6 For renewing configurations