Skip to main content

Windows Server 2008 - DNS enhancement nuggets 

Posted By:  David Tesar 
Publish Date: 3/6/2008


There are a number of enhancements to DNS in Windows Server 2008. There are already some lengthy articles on the features, so in this post I hope to give a quick “why you care” on each of the features and some nuggets of wisdom / insight. Here we go…

DNS on Server Core: I see this as a very useful scenario for most people who use DNS in conjunction with RODC in branch offices using the new primary read-only zone. You get all of the server core benefits such as improvements in performance, less patching, security, etc, and it can have all of the same core functionality as a regular DNS server. The easiest way to manage is remotely using the DNS MMC.

Background Zone Loading: Companies who have a large number of records in AD-integrated zones might have to wait 1+ hours to have DNS respond to queries after restarting. Now, DNS spawns off multiple threads to be able to respond to client queries right away. If the record in the zone hasn’t been loaded into memory yet and it is still in the process of loading the entire zone, it will query the node in AD, cache it in the zone, and return a response to the client.

IPv6 Support: Microsoft supports IPv6 in Server 2003, but it was a bit of a management pain and there were some other limitations. See Joseph Landies Cable guy article for the management/integration improvements made in WS08. Also, some other improvements:
· DNS servers can now send recursive queries to IPv6-only servers
· The server forwarder list can contain both IPv4 and IPv6 addresses
· DHCP clients can also register IPv6 addresses in addition to (or instead of) IPv4 addresses.
· DNS servers now support the domain namespace for reverse mapping.

Make sure your critical apps are cool with receiving a response for an IPv4 address and an IPv6 address. I haven’t personally seen any app problems, but nonetheless, worth mentioning.

Primary read-only zone: This new zone type is also referred to as a “branch office zone” which is available on RODCs running DNS. The zone will make a read-only copy of all of the AD-integrated zones locally from a full DC. The easiest way to think about it is as a read-only secondary zone, but better due to the benefits of AD-integration (i.e. security, management, and you can easily replicate multiple zones).

Global Names Zone: This allows you to resolve single-label names in DNS as an aid to get rid of WINS. If you still need computer browsing, you have apps hard-coded to only use NetBIOS name resolution, or have really old clients & NT4 – sorry, you probably still need WINS. However, if you just need the single-label name support for things like custom-named internal websites or servers throughout your entire environment – this is the solution. There are quite a few things to consider with this, so I recommend reading the whitepaper listed below. A couple quick key limitations are a) this functionality only works with WS08 DNS servers and b) it also doesn’t support dynamic updates.

DNS Client changes: For Vista clients or WS08 servers, the DNS client has a few good changes:
· Periodic check to make sure the client is authenticating with a local DC (configurable via group policy). Previously, a client would only fail back to the closer DC when forced.
· Locate the nearest domain controller using the defined Active Directory sitelink costs instead of searching randomly.  This is disabled by default, but good to enable when you have clients across slow site-links.
· Use link-local multicast name resolution (LLMNR), also known as multicast DNS or mDNS, to resolve names on a local network segment when a DNS server is not available.

Get Started
Windows Server 2008 & Domain Name Service: What's New (WS08 Blog by Kurt Roggen)
The Cable Guy DNS Enhancements in Windows Server 2008 (by Joseph Davies)
What's New in DNS in Windows Server 2008 (very short blurb on TechNet)
DNS Server GlobalNames Zone Deployment Whitepaper