Adding, Changing, and Deleting Resource Records

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

After you create a zone, additional resource records must be added to it. The most common resource records include the following:

• Host address (A). Maps a Domain Name System (DNS) domain name to an Internet Protocol (IP) address that is used by a computer.

• Alias canonical (CNAME). Maps an alias DNS domain name to another primary name or canonical name.

• Mail Exchanger (MX). Maps a DNS domain name to the name of a computer that exchanges or forwards mail.

• Pointer (PTR). Maps a reverse DNS domain name based on the IP address of a computer that points to the forward DNS domain name of that computer.

• Service (SRV). Maps a DNS domain name to a specified list of DNS host computers that offer a specific type of service, such as Active Directory domain controllers.

• Other resource records, as needed.

Host A Resource Records

Host A resource records are used in a zone to associate DNS domain names of computers (or "hosts") to their IP addresses. These resource records can be added to a zone in several ways:

• You can create an A resource record for a static TCP/IP client computer manually by using the DNS snap-in.

• Windows clients and servers use the DHCP Client service to dynamically register and update their own A resource records in DNS when an IP configuration change occurs.

• Dynamic Host Configuration Protocol (DHCP)–enabled client computers running earlier versions of Microsoft operating systems can have their A resource records registered and updated by proxy if they obtain their IP lease from a qualified DHCP server. (Only the Windows 2000 and Windows Server 2003 DHCP Server service currently supports this feature.)

The host A resource record is not required for all computers, but it is required by computers that share resources on a network. Any computer that shares resources and needs to be identified by its DNS domain name must use A resource records to provide DNS name resolution to the IP address for the computer.

Most A resource records that are required in a zone can include other workstations or servers that share resources, other DNS servers, mail servers, and Web servers. These resource records make up the majority of resource records in a zone database.

Alias CNAME Resource Records

Alias CNAME resource records are also sometimes called canonical name resource records. With these records, you can use more than one name to point to a single host, making it easy to do such things as host both a File Transfer Protocol (FTP) server and a Web server on the same computer. For example, the well-known server names (ftp, www) are registered by using CNAME resource records that map to the DNS host name — for example, server1 — for the server computer that hosts these services.

CNAME resource records are recommended for use in the following scenarios:

• When a host that is specified in an A resource record in the same zone needs to be renamed

• When a generic name for a well-known server, such as www, must resolve to a group of individual computers (each with individual A resource records) that provide the same service, for example, a group of redundant Web servers

When you rename a computer with an existing A resource record in the zone, you can use a CNAME resource record temporarily to allow a grace period for users and programs to switch from specifying the old computer name to using the new one. To do this, you need the following:

• For the new DNS domain name of the computer, a new A resource record is added to the zone.

• For the old DNS domain name, a CNAME resource record is added that points to the new A resource record.

• The original A resource record for the old DNS domain name (and its associated PTR resource record, if applicable) is removed from the zone.

When you use a CNAME resource record for aliasing or renaming a computer, set a temporary limit on how long the record is used in the zone before it is removed from DNS. If you forget to delete the CNAME resource record and later its associated A resource record is deleted, the CNAME resource record can waste server resources by trying to resolve queries for a name that is no longer used on the network.

The most common or popular use of a CNAME resource record is to provide a permanent, DNS-aliased domain name for generic name resolution of a service-based name, such as www.sales.wingtiptoys.com, to more than one computer or one IP address that is used in a Web server. For example, the following shows the basic syntax of how a CNAME resource record is used:

alias_nameIN CNAMEprimary_canonical_name

In this example, a computer named host-a.sales.wingtiptoys.com must function as both a Web server named www.sales.wingtiptoys.com. and an FTP server named ftp.sales.wingtiptoys.com. To achieve the intended use for naming this computer, you can add and use the following CNAME entries in the sales.wingtiptoys.com zone:

host-a    IN  A      10.0.0.20
ftp       IN  CNAME  host-a
www       IN  CNAME  host-a

If you later decide to move the FTP server to another computer, separate from the Web server on host-a, simply change the CNAME resource record in the zone for ftp.sales.wingtiptoys.com and add an additional A resource record to the zone for the new computer hosting the FTP server.

Based on the earlier example, if the new computer is named hostb.sales.wingtiptoys.com, the new and revised A and CNAME resource records are as follows:

host-a    IN  A      10.0.0.20
host-b    IN  A      10.0.0.21
ftp       IN  CNAME  host-b
www       IN  CNAME  host-a

MX Resource Records

The MX resource record is used by e-mail applications to locate a mail server based on a DNS domain name that is used in the destination address for the e-mail recipient of a message. For example, a DNS query for the name sales.wingtiptoys.com can be used to find an MX resource record, which enables an e-mail application to forward or exchange mail to a user with the e-mail address user@wingtiptoys.com.

The MX resource record shows the DNS domain name for the computer or computers that process e-mail for a domain. If multiple MX resource records exist, the DNS Client service attempts to contact e-mail servers in the order of preference from lowest value (highest priority) to highest value (lowest priority). The following shows the basic syntax for use of an MX resource record:

mail_domain_nameIN MXpreference mailserver_host

By using the MX resource records shown below in the sales.wingtiptoys.com zone, e-mail that is addressed to user@sales.wingtiptoys.com is delivered to user@mailserver0.sales.wingtiptoys.com first, if possible. If this server is unavailable, the resolver client can then use user@mailserver1.sales.wingtiptoys.com instead.

@         IN  MX   1    mailserver0
@         IN  MX   2    mailserver1

Note that the use of the "at" symbol (@) in the records indicates that the mailer DNS domain name is the same as the name of origin (sales.wingtiptoys.com) for the zone.

PTR Resource Records

PTR resource records are used to support the reverse lookup process, based on zones that are created and rooted in the in-addr.arpa domain. These records are used to locate a computer by its IP address and to resolve this information to the DNS domain name for that computer.

PTR resource records can be added to a zone in several ways:

• You can create a PTR resource record for a static TCP/IP client computer manually by using DNS, either as a separate procedure or as part of the procedure for creating an A resource record.

• Computers use the DHCP Client service to dynamically register and update their PTR resource record in DNS when an IP configuration change occurs.

• All other DHCP-enabled client computers can have their PTR resource records registered and updated by the DHCP server if they obtain their IP lease from a qualified server. The Windows 2000 and Windows Server 2003 DHCP Server service provides this capability.

The PTR resource record is used only in reverse lookup zones to support reverse lookup.

SRV Resource Records

To locate Active Directory domain controllers, SRV resource records are required. Typically, you can avoid manual administration of the SRV resource record when you install Active Directory.

By default, the Active Directory Installation Wizard attempts to locate a DNS server based on the list of preferred or alternate DNS servers, which are configured in any of its TCP/IP client properties, for any of its active network connections. If a DNS server that can accept dynamic update of the SRV resource record (and other resource records that are related to registering Active Directory as a service in DNS) is contacted, the configuration process is complete.

If, during the installation, a DNS server that can accept updates for the DNS domain name that is used to name your Active Directory domain is not found, the wizard can install a DNS server locally and automatically configure it with a zone to support the Active Directory domain.

For example, if the Active Directory domain that you choose for your first domain in the forest is sales.wingtiptoys.com, a zone that is rooted at the DNS domain name of sales.wingtiptoys.com is added and configured to use with the DNS server that is running on the new domain controller.

Whether or not you install the DNS Server service locally, a file (Netlogon.dns) is written and created during the Active Directory installation process that contains the SRV resource records and other resource records that are necessary to support the use of Active Directory. This file is created in the systemroot\System32\Config folder.

If you are using a DNS server that fits one of the following scenarios, use the records in Netlogon.dns to manually configure the primary zone on that server to support Active Directory:

1. The computer that operates your DNS server is running on another platform, such as UNIX, and it cannot accept or recognize dynamic updates.

2. A DNS server at this computer that does not use the DNS Server service that is provided with Windows Server 2003 is authoritative for the primary zone that corresponds to the DNS domain name for your Active Directory domain.

3. The DNS server supports the SRV resource record, as defined in the Internet draft "A DNS RR specifying the location of services (DNS SRV)," but the DNS server does not support dynamic updates.

   For example, the DNS Server service that is provided with Windows NT Server 4.0, when it is updated to Service Pack 4 or later, fits this description.

In the future, the SRV resource record might also be used to register and look up other well-known TCP/IP services on your network if applications implement and support DNS name queries that specify this record type.

Other Resource Records

Other additional resource records are supported by Windows Server 2003 DNS, and they are used less frequently in most zones. You can add these additional types of resource records as needed by using the DNS snap-in.

Task requirements

To begin this task, perform the following requirements:

• Install Dnscmd.

To complete this task, perform one of the following procedures:

• Add an A resource record to a zone

• Add an MX resource record to a zone

• Add a CNAME resource record to a zone

• Add a PTR resource record to a reverse zone

• Add a resource record to a DNS zone

• Add a domain to a zone

• Modify an existing resource record

• Delete a resource record

• View unsupported resource records