Setting Up DNS for Active Directory

  • Article

Basic Concepts of DNS and Active Directory
Active Directory is the Windows 2000 directory service. A directory service consists of the following components:

  • An information repository used to store information about objects

  • The services that make that information available to users and applications


Like DNS, Active Directory is a distributed database that can be partitioned and replicated. Active Directory domains are identified with DNS names. Active Directory uses DNS as its location service , enabling computers to find the location of domain controllers. To find a domain controller in a particular domain, a client queries DNS for SRV and address (A) resource records that provide the names and IP addresses of the Lightweight Directory Access Protocol (LDAP) servers for the domain. LDAP is the protocol used to query and update Active Directory, and all domain controllers run an LDAP server. For more information about A and SRV resource records, see "Introduction to DNS" in this book. For more information about the domain locator service, see "Active Directory Logical Structure" in the Microsoft ® Windows ®  2000 Server Resource Kit Distributed Systems Guide .
For information about how to set up DNS to support Active Directory, see "Setting Up DNS for Active Directory" later in this chapter.
You cannot install Active Directory without having DNS on your network, because Active Directory uses DNS as its location service. However, you can install DNS separately, without Active Directory. If you install DNS on a domain controller, you can also choose whether or not to use Active Directory to provide storage and replication for DNS. Using Active Directory for storage and replication provides the following benefits:

  • Increased fault tolerance

  • Security

  • Easier management

  • More efficient replication of large zones

For DNS to function as a location service for Active Directory, you must have a DNS server to host the locator records (A, SRV, and CNAME). For more information about the locator, see "Active Directory Logical Structure" in the Microsoft ® Windows ®  2000 Server Resource Kit Distributed Systems Guide .

You can configure your Windows 2000 DNS server automatically by using the Active Directory Installation wizard, which is a wizard provided in Windows 2000 that installs and configures Active Directory. The Active Directory Installation wizard can perform all the installation and configuration necessary for DNS, and the Netlogon service adds the necessary locator records. For more information about the Active Directory Installation wizard, see "Using the Active Directory Installation Wizard" later in this chapter.

Unless you are using a DNS server other than Windows 2000 or you want to perform special configuration, you do not need to manually configure DNS to support Active Directory. However, if you want to set up a configuration other than the default configuration that the Active Directory Installation wizard sets up, you can manually configure DNS. In Windows 2000, you can configure DNS by using the DNS console. For information about the DNS console and when you might want or need to use it, see "Using the Configure DNS Server Wizard" later in this chapter.

If you are using a third-party DNS server, you must also perform manual configuration. For information about issues related to configuring DNS when you are using a third-party DNS server, see "Configuring Non-Windows 2000 DNS Servers to Support Active Directory" later in this chapter.