Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
DNS servers running Windows Server 2003 are compliant with most of the Request for Comments (RFC) specifications used to define the DNS protocol. This provides clear benefits for operating DNS servers in mixed or heterogeneous environments. For more information about RFCs, see DNS RFCs.
The primary benefits for interoperability in these environments include:
Full interoperability with other DNS server implementations that implement RFC-compliant behavior for DNS name service.
Use of Windows DNS servers to provide DNS service on the Internet.
For interoperability testing, the Windows Server 2003 DNS development team has tested Windows Server 2003 DNS Server and Client services with the following versions of the Berkeley Internet Name Domain (BIND) DNS server implementation:
Interoperability and configuration issues related to using Windows Server 2003 DNS with other various environments, or when using DNS servers on the Internet, are covered in the following sections.
DNS considerations for Active Directory
DNS is required for network resources to locate Active Directory domain controllers. You can elect to set up the DNS Server service as part of the installation of Active Directory using the Active Directory Installation Wizard. When you install Active Directory on a server, the server is promoted to the role of a domain controller.
When you install Active Directory on a server, the Active Directory Installation Wizard provides the option to automatically install the DNS Server service and add new zones locally. When you select the option to install and configure a DNS server using the Active Directory Installation Wizard, zones are created based on the DNS name you have specified in the wizard.
A simple method of redundancy and fault tolerance planning is to have a DNS server running on each domain controller. For each subnet, have two domain controllers running the DNS Server service and hosting Active Directory-integrated zones.
Zone transfer with BIND and other DNS server implementations
When transferring a zone between two Windows DNS servers, the DNS Server services can utilize a fast transfer method that uses compression. This method includes multiple resource records (RRs) in each message sent to complete the transfer of the zone between servers.
By default, DNS servers running Windows Server 2003 are configured to transfer a zone using the slower uncompressed transfer format. This enables successful zone transfers to be made with DNS servers that do not support the faster transfer method, such as BIND servers prior to version 4.9.4.
If you clear the Bind Secondaries check box in advanced server properties, fast transfers are enabled. For more information, see Enable or disable fast transfer format during zone transfers.
Supporting Active Directory with other DNS server implementations
In many large organizations, DNS is already implemented using other solutions, such as UNIX DNS servers that run legacy versions of BIND software. In some cases, these DNS servers are not equipped to support the DNS requirements for deploying Active Directory. This issue can be addressed in one of two ways:
Upgrade any BIND DNS servers to version 8.1.2 or later of the BIND software to meet the DNS requirements for Active Directory support.
Use the DNS Server service provided with Windows Server 2003 family, migrating, if possible, any of your current DNS zones to DNS servers running Windows Server 2003.
Although the DNS Server service is recommended to support Active Directory, you can use other DNS server implementations for this purpose. These other implementations should, however, support the following standard specifications:
The service location (SRV) resource record, as described in the Internet draft, "A DNS RR for specifying the location of services (DNS SRV)."
Dynamic updates in DNS, as described in RFC 2136.
Support for dynamic updates is recommended but not essential. Support for the SRV resource record is mandatory because it is required to provide basic DNS support to Active Directory. For example, a DNS server that does not support dynamic updates, like that provided with Windows NT Server 4.0 (updated to Service Pack 4 or later) supports the DNS requirements of Active Directory because SRV resource record support was added with Service Pack 4.
Additional manual administration of SRV resource records is needed for DNS configuration support of Active Directory to function properly on a DNS server that does not support dynamic updates. For more information, see Managing resource records.
Interoperating Windows DNS servers with other DNS server implementations
If you decide to use the Windows DNS Server service and manage it with a split DNS configuration in which:
Existing DNS servers for root zones are not to be upgraded or migrated to other DNS solutions.
Windows Server 2003 DNS is to be deployed and is to provide management of any DNS domain names required to register, update, and support for use with Active Directory.
You can modify your DNS namespace design plans in either of the following ways:
Create a single new subdomain in your current DNS domain namespace to root your first Active Directory domain.
For example, if your organization has registered and is using a second-level domain name, such as microsoft.com, you can create a single subdomain such as example.microsoft.com and use this domain to root the DNS domain namespace used by Active Directory. The DNS Server service is automatically configured to support Active Directory when you install the first domain controller.
Before you have created a zone for the new subdomain at a computer running the DNS Server service, you can delegate these subdomains away at the primary zone for your second-level domain, such as "microsoft.com." In some cases, you might only need to notify another DNS or UNIX system administrator in your organization to make the delegation for you. For more information, see Delegating zones.
Create multiple subdomains based on your DNS second-level domain to support registration of Active Directory in DNS.
For example, if your organization has a registered second-level DNS domain name already in use (such as microsoft.com), you can create additional subdomains that are delegated to Windows DNS servers and used only for registering DNS names related to Active Directory.
This method is more complex to implement, but enables less change to your currently deployed DNS infrastructure that is not Windows-based. With this namespace design, you create only those additional subdomains and appropriate zones needed to support your Active Directory deployment. For example, in this configuration, the domain name microsoft.com is both the root DNS and the root Active Directory domain name for your organization.
For this configuration, you first need to create zones for the following subdomains using the DNS Microsoft Management Console (MMC) console on a DNS server running Windows Server 2003:
Before these zones are created, you can delegate these subdomains away at the primary zone for your parent or second-level domain name or notify another DNS administrator who manages these zones for your organization to do so. For more information, see Delegating zones.
Using DNS on the Internet
To establish a presence on the Internet, an individual or business must first apply for and register a second-level domain name with an authorized DNS domain name registration authority. Your Internet service provider (ISP) can often perform this function and obtain a name on your behalf, usually for an additional fee.
To register your domain name, there are several required tasks, including:
Selecting and researching a second-level domain name that is not currently registered or in use.
This can easily be done if you have Internet access by using a WHOIS query engine provided at the Web site for your applicable Internet DNS domain name registrar. Be prepared to select an alternate name if your WHOIS query indicates that your preferred selection is already registered and in use.
Registering and obtaining at least one IP address valid for use on the Internet.
This address is needed for the DNS server on the Internet that you want to establish as the host for the primary copy of the zone based on your second-level domain name. In many cases, if you are using an ISP to register a domain name on your behalf, they can specify the IP addresses for one or two of their servers as primary and secondary for the Internet.
As part of the registration process, an applicant must provide at least two currently active DNS servers that are used on the Internet as the primary and secondary servers designated for the new domain. This requirement is necessary to ensure proper Internet root server configuration and referral for others that query for your registered DNS domain name on the Internet.
After one IP address has been obtained, you can sometimes arrange (or your ISP can do so on your behalf) to use another company or ISP's DNS server as a secondary server for the zone. If you still need to obtain an IP address directly for use in the United States, a valid IP address can be obtained through the American Registry for Internet Numbers (ARIN). In other countries or regions, you might contact your local Internet service or telephony provider to find out how to register and acquire an IP address if one is needed.
Complete the registration application form and submit it with your registration fee to the appropriate Internet DNS domain name registration authority. Registrations are typically in force for a finite period of time and must be periodically renewed.
For more information about selecting and registering your Internet DNS name, see the VeriSign Global Registry Services Web site.
Interoperability planning: Configuring related services
Windows Server 2003 DNS provides several interoperability options with other TCP/IP services. The following options can be used to reduce the amount of time you need to spend administering your DNS infrastructure:
WINS forward and reverse lookups.
The DNS Server service provides for the use of WINS lookup. This feature enables configured DNS zones to refer queries not answered from current zone information to a WINS server for further resolution. With this added search of the WINS namespace, both DNS and WINS are used to complete a full search of registered names for a matched response.
WINS lookup is supported for both forward and reverse lookup zones and can be enabled on a per-zone basis or configured for selected zones. This feature should also be configured to prevent replication or zone transfer of WINS resource records to servers with other DNS implementations that do not recognize the WINS resource records.
Dynamic integration with DHCP servers.
For Windows Server 2003 DNS, the DHCP service provides default support to register and update information for legacy DHCP clients in DNS zones. Legacy clients typically include other Microsoft TCP/IP client computers that were released prior to Windows 2000. The Windows Server 2003 DNS-DHCP integration enables a DHCP client that is unable to dynamically update DNS resource records directly to have this information updated in DNS forward and reverse lookup zones by the DHCP server.
Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.
Dynamic integration with the DHCP service is only available on DNS servers running Windows 2000 and Windows Server 2003. DNS-DHCP integration is not supported by DHCP servers running under Windows NT Server 4.0 and earlier.
By default, a zone hosted on a DNS server running Windows Server 2003 will only allow a zone transfer to authoritative DNS servers listed in the name server (NS) resource records for the zone.