A key new feature of Windows 2000 is the significant role that DNS plays in an Active Directory (AD) network. Before you can install AD, you must either have a DNS infrastructure in place or develop a plan to install one with AD. In fact, one of the earliest decisions you must make when planning a migration to Win2K is your AD domain name, which will also be the DNS domain name. Because DNS plays a much smaller role in Windows NT 4.0, understanding DNS and its role in Win2K is a challenge that many IT professionals share. This week, I examine three important roles that DNS plays on an AD network.
First, DNS provides the naming convention that Win2K AD domains use. For example, if the name of your NT 4.0 domain is WIDGETSCORP, you might rename the domain as widgetscorp.com when you migrate to Win2K. In that case, the root domain of your AD forest and your DNS domain name will both be widgetscorp.com—but don't make the mistake of thinking that your AD domain and your DNS domain are the same entity. The AD domain is a directory—a database—on Win2K servers that you've configured as domain controllers. This directory contains objects that represent the components (e.g., users, computers, shares, printers) of your network. The DNS domain is hosted by DNS servers, which are not necessarily domain controllers and might not even run a Microsoft OS. These DNS servers contain a database, called a zone file, which consists of resource records that provide mappings between host names and IP addresses. For example, a zone file might contain an entry telling us that we can contact the machine fileserver1 using the IP address 192.168.1.1.
The second role that DNS plays in an AD domain is name resolution. When a computer on a Win2K network wants to contact another machine, it sends a DNS query to a DNS server to find out the other machine's IP address. In NT 4.0, a WINS server provided this functionality, which is why many NT 4.0 support professionals might not fully understand DNS.
In its third role, DNS helps the system locate specific AD components. For example, to log on to the network, you need to locate a domain controller; to search AD for a shared printer, you need to locate a Global Catalog Server. To respond to these types of queries, the DNS server uses a special resource record, called a service (SRV) record. SRV records are registered by the Netlogon service on a domain controller when it starts up. I'll discuss SRV records in greater detail in a future column.
The integration of AD with DNS provides scalability, interoperability, and other benefits, such as the incorporation of AD site information into the DNS zone file to allow location of services on the local subnet. For more information about DNS, search the Windows 2000 Magazine Network and check out the Windows 2000 DNS White Paper at the Microsoft Web site.
