Configuring DNS client settings
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Configuring DNS client settings
DNS configuration involves the following tasks when configuring TCP/IP properties for each computer:
Setting a DNS computer or host name for each computer. For example, in the fully qualified domain name (FQDN) wkstn1.example.microsoft.com., the DNS computer name is the leftmost label wkstn1.
Setting a primary DNS suffix for the computer, which is placed after the computer or host name to form the FQDN. Using the previous example, the primary DNS suffix would be example.microsoft.com.
Setting a list of DNS servers for clients to use when resolving DNS names, such as a preferred DNS server, and any alternate DNS servers to use if the preferred server is not available.
Setting the DNS suffix search list or search method to be used by the client when it performs DNS query searches for short, unqualified domain names.
These tasks are discussed in more detail in each of the following sections.
Setting computer names
When setting computer names for DNS, it is useful to think of the name as the leftmost portion of a fully qualified domain name (FQDN). For example, in wkstn1.example.microsoft.com., wkstn1 is the computer name.
You can configure all Windows DNS clients with a computer name based on any of the standard supported characters defined in Request for Comments (RFC) 1123, "Requirements for Internet Hosts -- Application and Support." These characters include the use of:
Uppercase letters, A through Z
Lowercase letters, a through z
Numbers, 0 through 9
Hyphens (-)
If you are supporting both NetBIOS and DNS namespaces on your network, you can use a different computer name within each namespace. It is recommended that wherever possible, however, you try to use computer names that are 15 characters or less and that you follow the RFC 1123 naming requirements outlined above.
By default, the leftmost label in the FQDN for clients equals the NetBIOS computer name, unless this label is 16 or more characters, which is the maximum for NetBIOS names. When the computer name exceeds the maximum length for NetBIOS, the NetBIOS computer name is truncated based on the full label that is specified.
Before configuring computers with varying DNS and NetBIOS names, consider the following implications and their related issues for your deployment:
- If WINS lookup is enabled for zones hosted by your DNS servers, you need to use the same name for both NetBIOS and DNS computer naming. Otherwise, the results of clients attempting to query and resolve the names of these computers will be inconsistent.
If you have an investment in using NetBIOS names to support legacy Microsoft networking technology, it is recommended that you revise NetBIOS computer names used on your network to prepare for migration to a standard DNS-only environment. This prepares your network well for long-term growth and interoperability with future naming requirements. For example, if you use the same computer name for both NetBIOS and DNS resolution, consider converting any special characters such as the underscore (_) in your current NetBIOS names that do not comply with DNS naming standards. While these characters are permitted in NetBIOS names, they are more often incompatible with traditional DNS host naming requirements and most existing DNS resolver client software.
Notes
Although the use of the underscore (_) in DNS host names or in host (A) resource records has been traditionally prohibited by DNS standards, the use of underscores in service-related names--such as those used for service locator (SRV) resource records--has been proposed to avoid naming collisions in the Internet DNS namespace. For more information, see DNS RFCs.
In addition to DNS standard naming conventions, Windows Server 2003 DNS supports the use of extended ASCII and Unicode characters. However, since most resolver software written for other platforms (such as UNIX) is based on the Internet DNS standards, this enhanced character support can be used only in private networks with computers running Windows 2000 or Windows Server 2003 DNS.
The initial setup of DNS and TCP/IP displays a warning to suggest a standard DNS name if a nonstandard DNS name is entered.
By default, computers and servers use DNS to resolve any name that is greater than 15 characters in length. If the name is less than or equal to 15 characters, then both NetBIOS and DNS name resolution can be attempted and used to resolve the name.
Setting domain names
The domain name is used with the client computer name to form the fully qualified domain name (FQDN), known also as the full computer name. In general, the DNS domain name is the remainder of the FQDN that is not used as the unique host name for the computer.
For example, the DNS domain name used for a client computer could be the following: If the FQDN, or Full computer name, is wkstn1.example.microsoft.com, the domain name is the example.microsoft.com portion of this name.
DNS domain names have two variations--a DNS name and a NetBIOS name. The full computer name (a fully qualified DNS name) is used during querying and location of named resources on your network. For earlier version clients, the NetBIOS name is used to locate various types of NetBIOS services that are shared on your network.
An example that shows the need for both NetBIOS and DNS names is the Net Logon service. In Windows Server 2003 DNS, the Net Logon service on a domain controller registers its service (SRV) resource records on a DNS server. For Windows NT Server 4.0 and earlier versions, domain controllers register a DomainName entry in WINS to perform the same registration and to advertise their availability for providing authentication service to the network.
When a client computer is started on the network, it uses the DNS resolver to query a DNS server for SRV records for its configured domain name. This query is used to locate domain controllers and provide logon authentication for accessing network resources. A client or a domain controller on the network optionally uses the NetBIOS resolver service to query WINS servers, attempting to locate DomainName [1C] entries to complete the logon process.
Your DNS domain names should follow the same standards and recommended practices that apply to DNS computer naming described in the previous section. In general, acceptable naming conventions for domain names include the use of letters A through Z, numerals 0 through 9, and the hyphen (-). The use of the period (.) in a domain name is always used to separate the discrete parts of a domain name, commonly known as labels. Each label corresponds to an additional level defined in the DNS namespace tree.
For most computers, the primary DNS suffix configured for the computer can be the same as its Active Directory domain name, although the two values can also be different.
Important
By default, the primary DNS suffix portion of a computer's FQDN must be the same as the name of the Active Directory domain where the computer is located. To allow different primary DNS suffixes, a domain administrator may create a restricted list of allowed suffixes by creating the msDS-AllowedDNSSuffixes attribute in the domain object container. This attribute is created and managed by the domain administrator using Active Directory Service Interfaces or the Lightweight Directory Access Protocol (LDAP).
For more information, see Programming interfaces and Directory access protocol.
Configuring a DNS servers list
For DNS clients to operate effectively, a prioritized list of DNS name servers must be configured for each computer to use when processing queries and resolving DNS names. In most cases, the client computer contacts and uses its preferred DNS server, which is the first DNS server on its locally configured list. Listed alternate DNS servers are contacted and used when the preferred server is not available. For this reason, it is important that the preferred DNS server be appropriate for continuous client use under normal conditions.
Notes
For computers running Windows XP, the DNS server list is used by clients only to resolve DNS names. When clients send dynamic updates, such as when they change their DNS domain name or a configured IP address, they might contact these servers or other DNS servers as needed to update their DNS resource records. For more information, see Dynamic update.
By default, the DNS client on Windows XP does not attempt dynamic update over a Remote Access Service (RAS) or virtual private network connection. To modify this configuration, you can modify the advanced TCP/IP settings of the particular network connection or modify the registry. For more information, see Configure TCP/IP to use DNS and Microsoft Windows Resource Kits Web site.
By default, the DNS client does not attempt dynamic update of top-level domain (TLD) zones. Any zone named with a single-label name is considered a TLD zone, for example, com, edu, blank, my-company. To configure the DNS client to allow the dynamic update of TLD zones, you can use the Update Top Level Domain Zones policy setting or modify the registry.
When DNS clients are configured dynamically using a DHCP server, it is possible to have a larger list of provided DNS servers. To provide an IP address list of DNS servers to your DHCP clients, enable option code 6 on the configured options types provided by your DHCP server. For Windows Server 2003 DHCP servers, you can configure a list of up to 25 DNS servers for each client with this option.
To effectively share the load when multiple DNS servers are provided in a DHCP options-specified list, you can configure a separate DHCP scope that rotates the listed order of DNS and WINS servers provided to clients. For more information, see Configuring scopes.
Configuring a DNS suffix search list
For DNS clients, you can configure a DNS domain suffix search list that extends or revises their DNS search capabilities. By adding additional suffixes to the list, you can search for short, unqualified computer names in more than one specified DNS domain. Then, if a DNS query fails, the DNS Client service can use this list to append other name suffix endings to your original name and repeat DNS queries to the DNS server for these alternate FQDNs.
For computers and servers, the following default DNS search behavior is predetermined and used when completing and resolving short, unqualified names.
When the suffix search list is empty or unspecified, the primary DNS suffix of the computer is appended to short unqualified names, and a DNS query is used to resolve the resultant FQDN. If this query fails, the computer can try additional queries for alternate FQDNs by appending any connection-specific DNS suffix configured for network connections.
If no connection-specific suffixes are configured or queries for these resultant connection-specific FQDNs fail, then the client can then begin to retry queries based on systematic reduction of the primary suffix (also known as devolution).
For example, if the primary suffix were "example.microsoft.com", the devolution process would be able to retry queries for the short name by searching for it in the "microsoft.com" and "com" domains.
When the suffix search list is not empty and has at least one DNS suffix specified, attempts to qualify and resolve short DNS names is limited to searching only those FQDNs made possible by the specified suffix list. If queries for all FQDNs formed as a result of appending and trying each suffix in the list are not resolved, the query process fails, producing a "name not found" result.
Notes
If the domain suffix list is used, clients continue to send additional alternate queries based on different DNS domain names when a query is not answered or resolved. Once a name is resolved using an entry in the suffix list, unused list entries are not tried. For this reason, it is most efficient to order the list with the most used domain suffixes first.
Domain name suffix searches are used only when a DNS name entry is not fully qualified. To fully qualify a DNS name, a trailing period (.) is entered at the end of the name.