DNS Server Overview
Applies To: Windows Server 2008, Windows Server 2008 R2
By using the Domain Name System (DNS) server role, you can provide a primary name resolution process for users on your network. The name resolution process enables users to locate computers on the network by querying for a user-friendly computer name instead of an IP address. A computer running the DNS server role can host the records of a distributed DNS database and use the records to resolve DNS name queries that are sent by DNS client computers. These queries can include requests such as the names of Web sites or computers in your network or on the Internet.
You can also integrate the DNS server role with Active Directory Domain Services (AD DS) to store and replicate DNS zones. This makes multimaster replication possible, along with more secure transmission of DNS data. In turn, AD DS requires DNS so that clients can locate domain controllers.
In the following sections, learn more about the DNS server role, the required and optional features in the DNS server role, and hardware and software for running it. In addition, learn how to open the administrative tool for the DNS server role and how to find more information about it.
What is the DNS server role?
DNS is a system for naming computers and network services that organizes them into a hierarchy of domains. DNS naming is used on TCP/IP networks, such as the Internet, to locate computers and services with user-friendly names. When a user enters the DNS name of a computer in an application, DNS clients and servers work together to look up the name and provide other information that is associated with the computer, such as its IP address or services that it provides for the network. This process is called name resolution.
The DNS server role makes it possible for a server running Windows Server® 2008 to act as a name resolution server for a TCP/IP network. The network can contain computers running Windows as well as computers running other operating systems. The DNS service in Windows Server 2008 is tightly integrated with Dynamic Host Configuration Protocol (DHCP) so that Windows-based DHCP clients and Windows-based DHCP servers automatically register host names and IP addresses on the DNS server for the appropriate domain.
Typically, Windows Server 2008 DNS is integrated with AD DS. In this environment, DNS namespaces mirror the Active Directory forests and domains for an organization. Network hosts and services are configured with DNS names so that they can be located in the network, and they are also configured with DNS servers that resolve the names of Active Directory domain controllers.
Windows Server 2008 DNS is also often deployed as a non–AD DS, or "standard," DNS solution. For example, it can be deployed for the purposes of hosting the Internet presence of an organization.
The Windows Server 2008 DNS Server service supports and complies with standards that are specified in the set of DNS Requests for Comments (RFCs). Therefore, it is fully compatible with any other RFC-compliant DNS server. A DNS client resolver is included as a service in all client and server versions of the Windows operating system.
New features in the DNS server role
The central feature of the DNS server role is the DNS Server service. This service provides a DNS server that is fully compliant with industry standards, and it supports all standards-compliant DNS clients. You can administer a Windows Server 2008 DNS server by using a Microsoft Management Console (MMC) snap-in as well as a number of command-line tools.
Windows Server 2008 supports the new features in the following table.
DNAME resource record support
The DNAME resource record provides nonterminal domain name redirection. That is, unlike the CNAME record, which creates an alias for a single node only, a single DNAME resource record causes the renaming of a root and all descendents in a domain namespace subtree. This makes it possible for organizations to rename a portion of their domain namespace—for example, to merge two namespaces as a result of a business acquisition.
Support for IPv6 addresses
Internet Protocol version 6 (IPv6) specifies addresses that are 128 bits in length, compared to IP version 4 (IPv4) addresses, which are 32 bits long. This greater length allows for a much greater number of globally unique addresses, which are required to accommodate the explosive growth of the Internet around the world. IPv6 also provides for better routing and network autoconfiguration. The DNS server in Windows Server 2008 now supports IPv6 addresses as fully as it supports IPv4 addresses.
Read-only domain controller support
Windows Server 2008 introduces a new type of domain controller, the read-only domain controller (RODC). An RODC provides, in effect, a shadow copy of a domain controller. You can install it in locations where physical security cannot be guaranteed, such as branch offices.
To support RODCs, the DNS server in Windows Server 2008 supports a new type of zone, the primary read-only zone (also sometimes referred to as a branch office zone). The primary read-only zone is created automatically when a computer running the DNS server role is promoted to be an RODC. The zone contains a read-only copy of the DNS data that is stored in the read-only AD DS database on the RODC.
The writeable version of the data is stored on a centrally located domain controller, such as a hub site domain controller. The DNS zone data on the RODC is updated when the DNS data is replicated from the centrally located domain controllers to the RODC according to the configured replication schedule.
The administrator of the RODC can view the contents of the read-only primary zone, but only a domain administrator with permissions on the centrally located domain controller can change the zone data.
Single-label name resolution
The DNS Server service now supports a special zone called the GlobalNames zone to hold single-label host names. This zone can be replicated across an entire forest, so that single-label host names (for example, webserver1) can be resolved throughout the forest without the use of the Windows Internet Naming System (WINS) protocol. Although the GlobalNames zone is not intended to provide peer-to-peer single-label name resolution, you can use it to simplify the location of servers and intranet Web sites, for example.
Hardware and software considerations
Use performance counters, testing in the lab, data from existing hardware in a production environment, and pilot roll-outs to determine the hardware capacity that is necessary for your server.
|A limited set of server roles is available for the Server Core installation option of Windows Server 2008 and for Windows Server 2008 for Itanium-Based Systems.|
Typical DNS server hardware recommendations include the following:
Single-processor computers with 400-megahertz (MHz) Pentium II CPUs
512 megabytes (MB) of RAM for each processor
At least 4 gigabytes (GB) of available hard disk space
A network adapter
Using faster CPUs, more RAM, and larger hard drives improve the scalability and performance of your DNS servers. DNS servers use approximately 100 bytes of RAM for each resource record. Using this figure, which you can obtain by looking at each zone in the DNS snap-in, you can calculate how much memory you need.
For information about the system requirements for Windows Server® 2008 R2, see http://go.microsoft.com/fwlink/?LinkID=140279.
Installing a DNS server
After you finish installing the operating system, a list of initial configuration tasks appears. To install a DNS server, in the list of tasks, click Add roles, and then click DNS server.
Managing a DNS server
You can manage server roles with MMC snap-ins. Use the DNS snap-in to manage a DNS server. To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
For more information
To learn more about the DNS server role, you can view the Help on your server. To view the Help, open the DNS snap-in as described in the previous section, and then press F1.