DNS Server

The Domain Name System is a protocol and system used throughout the Internet. Its best-known function is mapping IP addresses to user-friendly names. A major advantage of this service is that the name of a computer can remain the same, even if the address changes. For example, suppose the FTP site provided by Microsoft had the IP address 11.101.54.134. Most people would reach this computer by specifying ftp.microsoft.com. Besides being easier to remember, the name is more reliable. The numeric address could change for any of a number of reasons, but the name can always be used.

The IP address that matches this name is found by DNS servers on the Internet, using the following procedure. When the address name is specified, it is sent to the DNS server specified in the TCP/IP configuration of the computer sending the message. This can be a server on the local area network that is running the DNS Server service, or it can be one that your Internet service provider makes available. It is generally one that is physically nearby. If that DNS server cannot resolve the address, it passes it to the DNS server it deems most likely to be able to resolve the address. If that server can resolve the address it does so; otherwise, it responds with a referral to another server more likely to have the answer. This process is repeated as needed, resolving the address from the most general to the most specific, until the correct address is returned. This address is then used for communication with the target computer for the remainder of the session. The client software for DNS (called the resolver) is built into the TCP/IP software that ships with Windows NT.

In the extreme case, the queries must work down from the servers governing the root addresses to those on the individual sub-domains. However, DNS servers keep a record of recently requested addresses that lets them start further down the chain in most instances, or even to return the specific address immediately.

The Domain Name System is a complex topic, and this document does not attempt to explain it fully. An excellent book on the subject is DNS and BIND by Paul Albitz and Cricket Liu, published by O'Reilly and Associates. This book is a great introduction to the Domain Name System. Another good source of information is Connecting to the Internet, also published by O'Reilly and Associates.

Determining Whether You Should Maintain a DNS Server

In many cases, you do not need to maintain a DNS server. If you have a small network, or a single network rather than an internetwork, you will probably find it simpler and more effective to have the DNS client software query a nearby DNS server such as the one maintained by your Internet service provider. Most providers will maintain your domain information for a fee.

You will want to provide your own DNS server if you have your own domain on the Internet or if you want to access DNS from your LAN, rather than going through your Internet provider.

If you do maintain a DNS server, you will probably want to assign the task to at least two computers: a primary and a secondary name server. Data should be replicated from the primary name server to the secondary name server. This lets the Internet-wide DNS locate computers on your network even if one of the name servers is down. How often you schedule replication will depend on how often names change in your domain. Replicate often enough that changes are known to both servers. Excessive replication can tie up your network and servers unnecessarily.

Preparing and Installing the DNS Server Service

To use the DNS Server service, you must first create (or modify) the configuration files used by the service. Then install the service as you would any other service, through Services in Control Panel.

Configuration

You must have a set of configuration files in place for the DNS service to start. These files are:

• A file named BOOT in the %systemroot%\system32\drivers\etc directory.
• Database files specified by the BOOT file.

You can use files from a UNIX BIND installation at your site, or you can use the included files, which contain comments to help explain their format. The included files are:

• BOOT
• CACHE
• ARPA-127.REV
• ARPA-257.REV
• PLACE.DOM

These files are used as follows:

BOOT

This file controls the startup behavior of the DNS server. The syntax of Windows NT DNS boot files is mostly compatible with that of BIND boot files. (Some out-of-date commands are not supported.) Commands must begin at the beginning of a line. No spaces can precede commands. Recognized commands and their syntax are as follows:

directory pathname

Causes the server to read database files from the directory given by pathname instead of from the %systemroot%\system32\drivers\etc directory. This should be the first command in the file.

cache filename

Specifies a file used to help the DNS service contact name servers for the root domain. This command and the file it refers to must be present. A cache file suitable for use on the Internet is provided. To get an up-to-date root name server cache file, connect via anonymous FTP to ftp.rs.internic.net and download the file /domain/named.root.

primary domain filename

Specifies a domain for which this name server is authoritative and a database file which contains the name information for that domain.

secondary domain hostlist [filename]

Specifies a domain for which this name server is authoritative, and a list of host's IP addresses from which to attempt downloading the zone information, rather than reading it from a file. The optional filename instructs the DNS service to maintain a backup copy of the downloaded information, in the specified file.

CACHE

This file contains host information that is needed to achieve usable DNS connectivity. For users on the Internet, the provided file generally should suffice. However, if there is a firewall (hardware or software that inhibits Internet traffic in one or both directions) between you and the Internet, you might be unable to reach Internet name servers. In this case, contact your Internet provider for a valid CACHE file.

ARPA-127.REV

A database file for the 127.in-addr.arpa. domain. This domain is used for reverse-lookups of IP numbers in the 127 network, such as localhost. This file should be usable as provided.

ARPA-257.REV

A fictitious database file for reverse lookups in the fictitious 257 network. This file must be edited and renamed before use on a production DNS server.

PLACE.DOM

A fictitious database file for looking up host names in the PLACE.DOM domain. This file must be edited and renamed before use on a production DNS server. The corresponding entry in the BOOT file must also be changed.

To use these files, you must change the database information to match your company's information. Note that information in ARPA-257.REV and PLACE.DOM is fictitious.

Setting up WINS Name Resolution

The Windows NT DNS Server service can use the WINS service to resolve the names of computers running Windows or Windows NT. For example, you might want to use a UNIX computer to connect to a computer that has a WINS name and a changing IP address (for example, an address acquired through the DHCP service). In this case, configure the UNIX computer's resolver to use the Windows NT computer running the DNS service, and make sure that the computer running the DNS service has a properly configured WINS Server service. Then, decide which domain the WINS names will belong in. For example, you might decide that the domain nt.place.dom is the name space in which all WINS computers will be named. You would then expect queries for testcomputer.nt.place.dom to be handled via WINS lookup, looking for the TestComputer computer.

Note Windows NT servers that run DNS and also provide WINS lookup must not be configured to use DNS for Windows name resolution. This setting is reached by choosing Network from the Control Panel, and going to the advanced configuration settings for the TCP/IP protocol. The checkbox "Use DNS for Windows Name Resolution" should be cleared.

To provide WINS names through the DNS service

1. Open the PLACE.DOM file with any text editor.
2. Find or create the "Start of Authority" (SOA) record for the domain in which you want to use WINS names.

The SOA record points to the computer that is the best source of information on computer names in the domain. The record can span more than one line if enclosed in parenthesis so that the program reads it as a single line.

3. Create a new line under this line, consisting of the string $WINS.

Note that this must be on a line by itself and start in column 1.

4. Save the file.

For an example, see the PLACE.DOM file.

Note Do not put the $WINS line in reverse-lookup (IN-ADDR.ARPA.) domains.

Installing the Domain Name Server Service

Before beginning to install the Domain Name Server service, be sure to read all the directions carefully.

To install the Domain Name Server Service

1. Install the TCP/IP protocol software on your computer if you have not done so already.
2. Run the INSTALL batch file from the directory that contains the DNS service files.

This batch file will complete the following tasks:

• Copy the DNS Server service executable file to your system directory.
• Configure the registry entries that control the DNS Server service.
• Edit the files as described under "Configuration" earlier in this chapter, and make sure that the boot file and the database files are in the proper directories.
• Open the Control Panel, and choose Services.
• From the Services dialog, select DNS.
• Choose Startup.
• Choose Automatic Startup
• Choose OK.

Registering with the Parent Domain

Once you have your DNS server or servers configured and installed, you need to register with the DNS server that is above you in the hierarchical naming structure of DNS. The parent system needs the name and addresses of your name servers, and will probably want other information such as the date that the domain will be available and the names and addresses of contact people.

If you are registering with a parent below the second level, check with the administrator of that system to find out what information you need to supply and how to submit it.

Operating the DNS Service

Once the DNS service is installed, there is very little work involved in maintaining it. As with all services, you will want to use Performance Monitor and the Event Log to make sure that everything is going well and that the computer resources available to the service are sufficient.

When you add addresses (for a computer or for a new sub-domain) to the Internet domain you are administering, you need to consider a few issues. The first consideration is the name you choose for the new address, which should be easy to remember, hard to misspell, and indicative of what the address represents.

Also, you will need to enter the new address in the reverse mapping file (which generally has a file type of .REV).

The remaining consideration is the "time to live" (TTL) value. When any DNS server receives an address, it retains the address for possible re-use, until the TTL for that address has expired. After that it must go to the next higher level of DNS server that it knows of, to get the address again. The TTL for each address is assigned by the administrator for that address. If your network is growing rapidly, you'll want to assign small TTLs so that information in the DNS system remains current. If your network is relatively stable, assign a larger TTL to reduce traffic and improve performance for those seeking addresses on your network.

The default TTL for your DNS server is specified in the SOA record in the BOOT file. If you want to specify a different TTL for a specific address, specify it in the record in the database file. The TTL appears before the word "in" toward the beginning of the line. This is the same convention as is used in BIND.

See the readme that accompanies the DNS Server files in this resource kit for troubleshooting suggestions.