f Lesson 5: Domain Name System DNS is a distributed database used in TCP/IP networks to translate computer names (host names) to IP addresses. This lesson introduces you to DNS and name resolution. It also discusses the skills necessary and provides information to install and configure the DNS service. Introduction to DNS DNS is most commonly associated with the Internet. However, private networks use DNS extensively to resolve computer host names and to locate computers within their local networks and the Internet. DNS name resolution is different than the name resolution provided by WINS. WINS resolves NetBIOS names to IP addresses, while DNS resolves IP host names to IP addresses. IP host names resolved using DNS or other means, provide the following benefits: • IP host names are user-friendly, which means they are easier to remember than IP addresses. • IP host names remain more constant than IP addresses. An IP address for a server can change, but the server name remains the same. • IP host names allow users to connect to local servers by using the same naming convention as the Internet. Domain Namespace Domain namespace is the naming scheme that provides the hierarchical structure for the DNS database. Each node represents a partition of the DNS database. These nodes are referred to as domains. The DNS database is indexed by name; therefore, each domain must have a name. As you add domains to the hierarchy, the name of the parent domain is appended to its child domain (called a subdomain). Consequently, a domain's name identifies its position in the hierarchy. For example, in Figure 9.10 the domain name sales.microsoft.com identifies the sales domain as a subdomain of the microsoft domain and microsoft as a subdomain of the com domain. Figure 9.10 Hierarchical structure of a domain namespace As Figure 9.10 illustrates, the hierarchical structure of the domain namespace consists of a root domain, top-level domains, second-level domains, and host names. Root Domain The root domain is at the top of the hierarchy and is represented as a period (.). The Internet root domain is managed by several organizations, including Network Solutions, Inc. Top-Level Domains Top-level domains are two-character or three-character name codes. Top-level domains are categorized by organization type or geographic location. Thefollowing table provides some examples of top-level domain names. Top-level domain Description gov Government organizations com Commercial organizations edu Educational institutions org Noncommercial organizations au Country code of Australia Top-level domains can contain second-level domains and host names. Second-Level Domains Organizations such as Network Solutions, Inc. assign and register second-level domains to individuals and organizations for the Internet. A second-level domain can contain both hosts and subdomains. For example, microsoft.com can contain computers such as ftp.microsoft.com and subdomains such as dev.microsoft.com. The subdomain dev.microsoft.com can contain hosts such as printerserver1.dev.microsoft.com. Host Names Host names refer to specific computers on the Internet or a private network. For example, in Figure 9.10, Computer1 is a host name. A host name is the leftmost portion of a fully qualified domain name (FQDN), which describes the exact position of a host within the domain hierarchy. In Figure 9.10, Computer1.sales.microsoft.com. (including the end period, which represents the root domain) is an FQDN. DNS uses a host's FQDN to resolve a name to an IP address. Domain Naming Guidelines When you create a domain namespace, consider the following domain guidelines and standard naming conventions: • Limit the number of domain levels. Typically, DNS host entries should be three or four levels down the DNS hierarchy and no more than five levels down the hierarchy. As the number of levels increases, so do the administrative tasks. • Use unique names. Each subdomain must have a unique name within its parent domain to ensure that the name is unique throughout the DNS namespace. • Use simple names. Simple and precise domain names are easier for users to remember and enable users to search intuitively and locate Web sites or other computers on the Internet or an intranet. • Avoid lengthy domain names. Domain names can be up to 63 characters, including the periods. The total length of an FQDN cannot exceed 255 characters. Case-sensitive naming is not supported. • Use standard DNS characters and Unicode characters: o Windows 2000 supports the following standard DNS characters: A through Z, a through z, 0 through 9, and the hyphen (-), as defined in RFC 1035. o The DNS Service also supports the Unicode character set. The Unicode character set, which includes additional characters not found in the American Standard Code for Information Exchange (ASCII) character set, is required for languages such as French, German, and Spanish. Zones A zone represents a discrete portion of the domain namespace. Zones provide a way to partition the domain namespace into manageable sections. Multiple zones in a domain namespace are used to distribute administrative tasks to different groups. For example, Figure 9.11 depicts the microsoft.com domain namespace divided into two zones. The two zones allow one administrator to manage the microsoft and sales domains and another administrator to manage the development domain. Figure 9.11 Domain namespace divided into zones A zone must encompass a contiguous domain namespace. For example, as Figure 9.11 shows, you can create a zone for sales.microsoft.com and the parent domain microsoft.com because these zones are contiguous. However, you cannot create a zone that consists of only the sales.microsoft.com domain and the development.microsoft.com domain because these two domains are not contiguous. The name-to-IP-address mappings for a zone are stored in the zone database file. Each zone is anchored to a specific domain, referred to as the zone's root domain. The zone database file does not necessarily contain information for all subdomains of the zone's root domain, only those subdomains within the zone. In Figure 9.11, the root domain for Zone1 is microsoft, and its zone file contains the name-to-IP-address mappings for the microsoft and sales domains. The root domain for Zone2 is development, and its zone file contains the name-to-IP-address mappings for the development domain only. The zone file for Zone1 does not contain the name-to-IP address mappings for the development domain, although development is a subdomain of the microsoft domain. Name Servers A DNS name server stores the zone database file. Name servers can store data for one zone or multiple zones. A name server is said to have authority for the domain namespace that the zone encompasses. There must be at least one name server for a zone. However, a zone can have multiple name servers associated with it. One of these servers contains the master zone database file, which is also referred to as the primary zone database file, for that zone. Changes to a zone, such as adding domains or hosts, are performed on the server that contains the primary zone database file. Any other name servers associated with the zone act as a backup to the name server containing the primary zone database file. These name servers contain a secondary zone database file. Multiple name servers provide several advantages: • Performing zone transfers The additional name servers obtain a copy of the zone database file from the name server that contains the primary database zone file. This is called a zone transfer. These name servers periodically query the name server containing the primary zone database file for updated zone data. • Providing redundancy If the name server containing the primary zone database file fails, the additional name servers can provide service. • Improving access speed for remote locations If a number of clients are in remote locations, use additional name servers to reduce query traffic across slow WAN links. • Reducing loads The additional name servers reduce the load on the name server containing the primary zone database file. Windows 2000 also supports directory- integrated zone storage by using the Active Directory database. Zones stored this way are located in the Active Directory tree under the domain object container. Each directory-integrated zone is stored in a DNS zone container object identified by the name you choose for the zone when you create it. . f Lesson 5: Domain Name System DNS is a distributed database used in TCP/IP networks to translate computer names (host names) to IP addresses. This lesson introduces you to DNS and name resolution unique names. Each subdomain must have a unique name within its parent domain to ensure that the name is unique throughout the DNS namespace. • Use simple names. Simple and precise domain names. to as domains. The DNS database is indexed by name; therefore, each domain must have a name. As you add domains to the hierarchy, the name of the parent domain is appended to its child domain