Millions of people use DNS in Windows NT every day, although most of them do not know it. Anyone who types an address such as http://www.winntmag.com is using DNS to connect to a Web site. You need to know something about DNS if you want to connect your network to the outside world or prepare for conversion to Windows 2000 (Win2K).
Last month, I showed you how you can use WINS within your network to convert computer names to IP addresses. DNS performs a similar function outside your network, although in some cases it performs this function internally as well (e.g., in networks that include UNIX systems).
What Is DNS?
DNS is part of the TCP/IP family of protocols and utilities. Microsoft and other companies offer different versions of DNS that run on various OSs (most commonly the various versions of UNIX). The domain part of DNS refers to Internet domains, not the NT domain model.
The Internet is divided into domains, each of which serves a different group of users. These domains include .com, .edu, .gov, and .mil. A top-level Internet server, called a root name server (a name that makes sense if you think of the Internet as an inverted tree structure), manages each of these domains.
The Internet domain naming system queries these top-level Internet servers first, then works down the server tree. When you type an address, your local DNS server checks its database and cache for the requested data. If the local server does not have the IP address, it passes the request to the root name server. The root name server then passes the address of the appropriate name server to your DNS server. Your DNS server queries the name server for the server address at the next level down, and the process continues in this manner.
For example, if you want to connect to http://www.winntmag.com, your DNS server asks the .com domain server for the address of the winntmag name server in the .com domain. The local DNS server then uses the address it receives to ask the winntmag.com server for the address of the Web site host.
The preceding description applies to a sequential (or iterative) query, which DNS conducts server-to-server. DNS also conducts a recursive query, in which the domain name server passes its reply directly back to the original client.
To make both of these query processes more efficient, the DNS server caches the answers at each point in the search. After connecting to http://www.winntmag.com, if you want to connect to another .com server, your DNS server already has the address of the .com domain server. If you want to connect to another computer in the winntmag.com domain, your DNS server has cached the address of the winntmag.com name server and will not need to ask for it again.
WINS or DNS?
As I explained last month, both WINS and DNS provide name resolution, which is the process of converting a computer name to an address. WINS converts internal NetBIOS names to IP addresses, and DNS converts Internet-style names to IP addresses. If your network comprises just your company and is entirely Microsoft-based (i.e., NetBIOS-based), you do not need DNS; WINS will provide everything you need for name resolution. However, if you connect to the Internet, you will have to consider what type of connectivity you need to implement. If your users will be accessing external servers on the Internet, you need not provide them with anything more than a way to find an address on the Internet. If instead you will be providing resources that users outside of your network will connect to, you have to configure your servers (i.e., all machines that have resources to share) as hosts in your DNS database.
Even if you have decided that you do not need DNS right now, you will want to learn a little bit about it. In Win2K, WINS will merge with DNS to provide some much-needed automation for DNS configuration, which now is a manual process. DNS will then be part of Active Directory (AD), and will be the required name resolution protocol.
As with WINS and DHCP, DNS must run on an NT Server system. Install all three services from the Service tab in the Network applet in Control Panel. You must install them on a computer with a fixed IP address. After you have installed the software for DNS and rebooted your system, you will find that the installation adds DNS Manager to the Administrative Tools program group.
To use DNS, all the client needs to know is how to contact a DNS server. All you have to do is configure the client to obtain an address from a DHCP server. Of course, you must configure the DHCP server with the DNS server's IP address (as Screen 1 shows) for this process to work properly. For an explanation of how to configure this and other DHCP options, see Getting Started: "Configuring DHCP," April 1999.
If the client you are configuring is a DHCP client, that is all the information you need to supply. If you are using manual IP address assignments, go to the Network applet in Control Panel and select the Protocols tab. Select TCP/IP, and click Properties to bring up the TCP/IP Properties dialog box. Select the DNS tab to configure the DNS Server address manually, as Screen 2 shows.
Dial-up connections to an ISP are a little different. Although your ISP will supply you with an IP address, you must still sometimes configure your dial-up connection with the IP address of the ISP's DNS server or servers. You might have found that occasionally you cannot connect to anything on the Internet because the ISP's servers are down or the higher-level name servers are overloaded or down.
If the client you are configuring will make resources available to external users, you must also add the domain name in the dialog box that Screen 2 shows. Note that this entry is an Internet domain name, not an NT domain name. Usually, you can leave this box empty. When you are finished configuring TCP/IP, reboot your computer.
Configuring the DNS Server
Do not take configuring a DNS server lightly. This complex process requires extensive manual configuration and has no automation to help you along. Here are a few of the essentials to get you started.
First, start DNS Manager from the Administrative Tools folder. When you start DNS Manager for the first time, you will see only one entry, the Server List, with nothing in the list. Right-click the Server List, then select New Server. Type the name or IP address of your DNS server in the box. Use the IP address, rather than the server name, if you are administering the DNS server from another computer. DNS will add the server to the list. Below the server listing, you will see an entry for the DNS cache. Double-click the cache icon, then expand the entries below it, as Screen 3 shows.
Next, you must add a zone. DNS divides your domain into zones, each of which must have one primary zone server. This primary zone server is the DNS database. Each zone might also have a number of secondary zone servers that individually cache a copy of the database and collectively handle client requests. This splitting of the domain into zones, each of which one or more servers handles, reduces the workload on the DNS server and permits faster response to user requests. The secondary servers provide redundancy and load balancing.
Before you create the zone for your domain, you will want to consider creating some reverse lookup zones. These zones convert IP addresses to names. If you create these zones first, they provide you with a very helpful feature: As you add records to the domain zone that connect domain name entries to IP addresses, the reverse lookup zones make the return connection automatically. This process shows you the name associated with each IP address.
To create reverse lookup zones, right-click the DNS server icon, then select New Zone. When the zone wizard opens, select Primary. In the dialog box that opens, enter the name of the zone. You must use the reverse lookup convention, which requires only the first three parts of the TCP/IP address. For a network such as 192.168.1.0, use 1.168.192.in-addr.arpa for the zone name (in-addr.arpa is a special zone in the DNS structure used for inverse address lookups with the address resolution protocol). Press Tab to generate a filename for this zone, and accept the default name. Click Next, then Finish to complete the process, as Screen 4, page 186, shows.
Now you are ready to add the primary zone. Again, select the New Zone option, click the Primary key, then click Next. Enter a zone name, and press Tab to generate the file. Click Finish to complete the zone generation.
Screen 5, page 186, shows that DNS automatically adds two records to the database—the Start of Authority (SOA) record and the Name Server (NS) record. The SOA record specifies which computer is the authoritative server for your domain. In case of conflicting information, DNS will use this server's data. An NS record for each NS in the zone must exist.
Adding Host Addresses
You must add records for each host computer that the DNS server will access. Right-click the zone, and choose the New Host option. Enter the host name and IP address to create an Address (A) record. Check the Pointer (PTR) record check box to enable reverse-lookup entry generation, then click Add Host. You can also add an alias by right-clicking the zone, selecting New Resource Record, and adding a Canonical Name (CNAME) record. Screen 6 shows the result. You can add other resource records, but their description goes beyond the scope of this article.
WINS and DNS
If you use DHCP to assign IP addresses, you might have a problem if the IP addresses change. The DNS database must be configured manually, so you will have a difficult time keeping it current. Fortunately, an easy solution exists.
When you use DHCP, you often install WINS, too. At the last level in a name search, when DNS usually connects a host name to an IP address, DNS simply turns the question over to WINS. Because WINS is dynamic and computers register themselves with the WINS database, WINS has the new IP address and returns it to DNS. Then, DNS reflects this IP address as the result of the DNS name resolution query. Thus, WINS eliminates much of the work involved in updating a DNS server. Consequently, WINS will become part of the dynamic DNS in Win2K.
To configure DNS to use WINS, right-click the zone name, select Properties, and select the WINS Lookup tab in the dialog box. Check the Use WINS Resolution check box, and enter the IP address of the WINS server. You need to enter the IP address even if the same server is supporting DHCP, WINS, and DNS. Now DNS will work with WINS as the last layer in the name search.
I hope that what you have read here will inspire you to read further about the subject of DNS. Good topics for further reading include secondary zones, zone transfers, and caching. For a definitive book about DNS, see Paul Albitz, Cricket Liu, and Mike Loukides, DNS and BIND, Third Edition (O'Reilly & Associates, 1998). For other useful references, see Paul Albitz, Matt Larson, and Cricket Liu, DNS on Windows NT (O'Reilly & Associates, 1998); Drew Heywood, Networking with Microsoft TCP/IP, Second Edition (New Riders, 1997); and Mark Minasi and Todd Lammle, Mastering TCP/IP for NT Server (Sybex, 1997). Also, see "Related Articles in Windows NT Magazine," page 184.