Domain Name Service (DNS) is the naming scheme used on the Internet. Windows 2000 abandons the NetBIOS naming scheme used in previous versions of Windows, replacing it with the standard DNS system. You’re probably already familiar with the DNS dotted name format. An example would be www.oreilly.com.
The top-level domain in this address is “com,” meaning it is a commercial enterprise. Top-level domain names like com, gov, edu, and org are shared by many domains. The second-level domain is the unique descriptive name, “oreilly.” The final part of this fully qualified domain name (FQDN) is the hostname, “www.”
The FQDN can also accommodate extra names if a subdomain is involved. If there were a computer named “elephant” in the animals subdomain of the oreilly.com root domain, the FQDN of the elephant computer would be elephant.animals.oreilly.com.
The naming scheme for DNS is called a namespace. There are two types of DNS namespaces, contiguous and disjointed. All the names in a contiguous namespace share the same name for at least one level of the FQDN. An example of a contiguous namespace is an Active Directory tree and its subdomains. The oreilly.com tree has subdomains of linux.oreilly.com and windows.oreilly.com.
Domains in a disjointed namespace, such as an Active Directory forest, are part of the same network, but have different domain names. A theoretical example would be the Ford Motor Company forest. Both Jaguar and Volvo are distinct parts of the Ford Motor Company. Computers in various locations of the forest may have totally different names.
Within the disjointed namespace, there could some be contiguous namespaces for local dealerships, like dallas.ford.com and austin.ford.com. There could also be disjointed namespaces like sales.jaguar.com, service.volvo.com, and www.ford.com. All of these computers are still part of the same forest and can have two-way transitive trust relationships, but because at least some part of the namespace is disjointed, the forest itself is a disjointed namespace.
A computer that stores the database of domain names and their Internet Protocol (IP) addresses is called a name server . Active Directory requires at least one name server, but having multiple name servers will improve both reliability and speed of finding resources on the network.
Another way of improving your DNS system is to divide your namespace into zones . Each zone, or subdivision, would have its own name server. This can help distribute administrative tasks among locations in the Active Directory forest.
A DNS namespace can be divided into zones for more efficient management. There are a couple of simple rules that govern how a namespace can be divided into zones:
A zone can only include a contiguous portion of the namespace, such as oreilly.com and windows.oreilly.com.
A zone is tied to a specific root domain, such as oreilly.com or a subdomain, such as linux.oreilly.com.
A namespace like oreilly.com cannot be divided up into one zone for the root domain (oreilly.com) and another for all the subdomains (linux.oreilly.com, windows.oreilly.com, and so on). The problem would be that the linux and windows subdomains taken by themselves aren’t a contiguous namespace. They’re only contiguous when included with their oreilly.com root domain.
Every name server covers at least one zone, called its primary zone . In addition to the primary zone, if multiple name servers are used, a name server can contain a backup copy of other name servers’ primary zones. This redundancy helps make DNS a very reliable naming system.
When one name server automatically queries another for a copy of its primary zone, the first name server sends a copy of the zone database file in a process called a zone transfer. By strategically placing name servers on different subnets, you can reduce lookup traffic on the network. The zone transfers cause traffic, so be sure to configure the zone transfers between areas of the network that will often share resources. Otherwise, you’ll be generating needless traffic between the subnets.
Windows 2000 DNS servers can automatically synchronize zone information using a process called Dynamic Domain Name Service (DDNS). Whenever an IP address or hostname changes, the DDNS service makes sure that the zone database is updated.
The zone database is stored on at least one computer called the primary name server . To improve speed and reliability, you can host copies on the zone database on multiple backup name servers . Data within the zone file is updated automatically with DDNS. The primary name server can distribute updates out to the backup name servers in a process called a zone transfer. When a computer is first configured as a backup name server, the entire zone database must be copied using a full zone transfer. Subsequently, as changes are made to the zone database, only the changed data needs to be replicated. Partial replication of the changes to a zone database file is called an incremental zone transfer .
If the DNS zone file is stored in the Active Directory and all the name servers are also configured as part of the Active Directory, data transfer will be automatically handled by AD. If not, you can manually configure the name servers to replicate the zone file on a push basis using a process called DNS notification .
The DNS zone file maintains a serial number to keep track of which version of the database is current. Whenever there is a change to the zone database, the serial number is also modified, triggering the notification and subsequent replication of the zone file by the backup name servers.
You can monitor DNS activity in a couple of different ways. You can keep an event log for DNS and view the results in the Event Viewer or set up more stringent debugging options. Troubleshooting DNS is covered in greater detail in Section 13.9.1 at the end of this chapter.