Skip navigation
Menu
Compute Engines

How can I delegate authority for a DNS zone under Windows NT 4.0?

A. Windows 2000 and later DNS interfaces have a simple New Delegation option. However, in some situations you might want to delegate zones under NT 4.0 DNS. For example, I recently had a client running a Windows Server 2003 environment, whose principal DNS server was running on NT 4.0, and we needed to use one of the server's zones for Active Directory (AD). However, because of the company's particular business and technology situation, we couldn't migrate the zone to Windows 2003 yet, which meant that the required service record (SRV RR) and desirable DDNS functionality wouldn't be available. The resolution was to leave the zone under NT 4.0 but delegate the subzones that AD uses to Windows 2003 DNS servers.

Although you can use the NT 4.0 Service Manager application to perform the delegation, it's easier to simply edit the DNS zone file. To do so, perform these steps:

  1. Stop the DNS service on the NT 4.0 server by entering the command 
    net stop dns
  2. Locate and open in Notepad the zone file for the DNS domain for which you want to delegate a subzone. For example, if my zone is migrate.test, I would open the file migrate.test.dns, which by default is in the C:\winnt\system32\dns folder.
  3. Scroll to the bottom of the file and add a host record for the server to which you're delegating part of the namespace. For example, my Windows 2003 DNS server is vpcdc01, so I add the line vpcdc01 A 192.168.2.100
  4. Next you need to add the delegation entries, which essentially are just nameserver records for each subzone, as this example shows: 
    ; Delegate the _msdcs, _sites, _tcp, _udp, DomainDnsZones and ForestDnsZones
; to the Windows 2003 server. 

_msdcs                NS      vpcdc01.migrate.test.
_sites                NS      vpcdc01.migrate.test.
_tcp                  NS      vpcdc01.migrate.test.
_udp                  NS      vpcdc01.migrate.test.
DomainDnsZones        NS      vpcdc01.migrate.test.
ForestDnsZones        NS      vpcdc01.migrate.test.
    Note that you need to include a trailing period (.) after the full DNS name of the server that you're delegating subzones to. You also need to leave a blank line at the end of the file. In the previous example, replace the name of the destination server for the zone and the zones you want to delegate, according to your requirements.
  5. Save the updated DNS zone file.
  6. Start DNS by typing 
    net start dns
The delegation will now be visible in the NT 4.0 Domain Name Service Manager application, as the figure shows. Clients that use the NT 4.0 server can now resolve the service records required for AD to function. After the zone delegation, you can run the Nslookup command to see how the service records are resolved, as the following example shows. 
nslookup
Default Server: nt4mas01.migrate.test
Address: 192.168.2.1

> set q=srv
> _ldap._tcp.gc._msdcs.migrate.test
Server: nt4mas01.migrate.test
Address: 192.168.2.1

Output

Non-authoritative answer:
_ldap._tcp.gc._msdcs.migrate.test SRV service location:
priority = 0
weight = 100
port = 3268
svr hostname = vpcdc01.migrate.test
vpcdc01.migrate.test internet address = 192.168.2.100 >

Note that the answer is a nonauthoritative answer because it receives the answer from the delegated DNS server.

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023