Introduction to the Windows 2000 Implementation of DNS

The Windows 2000 DNS server and resolver have several new features and improvements over those of Microsoft® Windows NT® version 4.0. This chapter describes the following features:

Support for Active Directory as a Locator Service for Domain Controllers

DNS is required for support of Active Directory You can also use another DNS server implementation solution to support Active Directory deployment.

Integration with Active Directory

You can integrate DNS zones into Active Directory, providing increased fault tolerance and security. Every Active Directory-integrated zone is replicated among all domain controllers within the Active Directory domain. All DNS servers running on these domain controllers can act as primary servers for the zone, accepting dynamic updates. Also, Active Directory replicates on a per-property basis, propagating only relevant changes.

Support for Dynamic Updates

The DNS service allows client computers to dynamically update their resource records in DNS. This improves DNS administration by reducing the time needed to manually manage zone records. The dynamic update feature can be used in conjunction with Dynamic Host Configuration Protocol (DHCP) to dynamically update resource records when a computer's IP address is released and renewed. Computers that run Windows 2000 can send dynamic updates.

Support for Aging and Scavenging of Records

The DNS service is capable of aging and scavenging records. When enabled, this feature can prevent stale records from remaining in DNS.

Support for Secure Dynamic Updates in Active Directory–Integrated Zones

You can configure Active Directory–integrated zones for secure dynamic update. With secure dynamic update, only authorized users can make changes to a zone or record.

Improved Ease of Administration

The DNS console offers an improved graphical user interface (GUI) for managing the DNS service. Also, Windows 2000 Server provides several new configuration wizards and other tools to help you manage and support DNS servers and clients on your network.

Administration from the Command Prompt

You can use the command-line tool Dnscmd.exe to perform most of the tasks that you can perform from the DNS console. For example, you can create, delete, and view zones and records; reset server and zone properties; and perform routine administration operations such as updating the zone, reloading the zone, refreshing the zone, writing the zone back to a file or Active Directory, pausing and resuming the zone, clearing the cache, stopping and starting the DNS service, and viewing statistics.

You can also use Dnscmd.exe to write scripts and for remote administration. For more information about Dnscmd.exe, see Windows 2000 ** Support Tools Help. For information about installing and using the Windows 2000 Support Tools and Support Tools Help, see the file Sreadme.doc in the directory \Support\Tools on the Windows 2000 operating system CD.

Enhanced Name Resolution

The Windows 2000 resolver generally tries to resolve names with DNS before trying to do so with Network Basic Input/Output System (NetBIOS). Also, it can query different servers based on the adapters to which they are assigned.

Enhanced Caching and Negative Caching

You can now view and flush the resolver cache by using the command-line tool Ipconfig, and you can flush the server cache from within the DNS console. Also, the resolver performs negative caching , which stores the information that a name or type of record does not exist. Negative caching reduces lookup time when the user queries for a name that the resolver has already determined does not exist. For more information about caching, see "Windows 2000 Resolver" later in this chapter.

Additional Client Enhancements

The cache can be preloaded with Hosts file entries. Also, the resolver server list can be dynamically reordered to prioritize responsive DNS servers.

Support for a Pure DNS Environment

If all of the computers on your network are running Windows 2000, you do not need any WINS servers. Even in a mixed environment, you do not need to configure WINS on your Windows 2000–based clients if you have configured WINS lookup. By using WINS lookup, you can direct DNS to query WINS for name resolution, so that DNS clients can look up the names and IP addresses of WINS clients.

Interoperability with Other DNS Server Implementations

Because the Windows 2000 DNS server is RFC-compliant, it interoperates with other DNS server implementations, such as BIND.

Integration with Other Network Services

The Windows 2000 DNS server is integrated with DHCP and WINS.

Incremental Zone Transfer

In addition to performing full zone transfers (sending a copy of the entire zone), the DNS server can now send and receive incremental zone transfers, in which only changes to the zone are transferred. This can reduce the amount of time and bandwidth required for zone transfers.

Support for New Resource Record Types

Windows 2000 includes support for two new record types: the SRV resource record, which is used by computers to locate domain controllers, and the ATMA resource record.