Active Directory Logical Structure

Previous Topic Next Topic

DNS Name Servers and Zones

DNS is a distributed database. DNS employs a client/server mechanism wherein the server portion, the name server, maintains the database, responds to queries, and processes updates. Windows 2000 DNS server can be installed on any computer that is running Windows 2000 Server or Windows 2000 Advanced Server. When installed on a domain controller, the DNS server is optimized for use with Active Directory. DNS clients, called "resolvers," are built-in components of modern TCP/IP protocol implementations and, therefore, are readily available to communicate with DNS servers.

DNS servers store the DNS database in zones. A zone is a contiguous partition of the DNS namespace that contains the resource records for the DNS domains that belong to the zone. When you configure DNS, you determine what these partitions are. Because Active Directory domain names have a 1:1 correspondence with DNS domains, it follows that DNS zones can include data about the computers in one or more Active Directory domains — that is, zones and domains do not have to have a 1:1 correspondence. One zone can encompass more than one domain. A DNS namespace contains domains, subdomains, and computers, which are also called "nodes."

DNS zones store records that represent computers, which also have objects in Active Directory. Figure 1.4 shows the relationship between the Active Directory object for a computer and the DNS node and host resource record for this same computer. The computer object and the host record are stored in different namespaces, but they represent the same physical computer.

Figure 1.4    The Client1.reskit.com Computer Object in Active Directory and Its Host Record in DNS
Enlarge figure

Figure 1.4 The Client1.reskit.com Computer Object in Active Directory and Its Host Record in DNS

Zone data identifies each host by DNS name and IP address; the data identifies computers specifically as domain controllers by linking the service they run (LDAP) to a computer name and IP address. Zone files also contain site information that makes it possible to locate domain controllers in the same site as the client and to locate domain controllers that have specific roles in the domain, such as a Global Catalog server or a Kerberos v5 server. Zone data can be stored in text files or in Active Directory. When zone data is stored in Active Directory, you configure the zone as an Active Directory–integrated zone.


note-icon

Note

It is not necessary to use Windows 2000 DNS as your DNS server in order to use Active Directory. However, the DNS server that you use must support service resource records (SRV records) in accordance with the Internet Engineering Task Force Internet Draft, "A DNS RR for Specifying the Location of Services (DNS SRV)," which updates RFC 2052. To perform automatic zone updates, the DNS server also should support the dynamic update protocol that is described in RFC 2136. For more information about IETF Internet Drafts, see the Internet Engineering Task Force (IETF) link on the Web Resources page at http://windows.microsoft.com/windows2000/reskit/webresources. Follow the links to Internet Drafts.

For more information about DNS, DNS zones, DNS resolvers, and DNS name servers, see "Introduction to DNS" in the TCP/IP Core Networking Guide. For more information about deciding which DNS server to use, see "Designing the Active Directory Structure" in the Deployment Planning Guide. For more information about Active Directory–integrated zones, see "Introduction to DNS" and "Windows 2000 DNS" in the TCP/IP Core Networking Guide. For more information about DNS service resource records, see "Name Resolution in Active Directory" in this book.

© 1985-2000 Microsoft Corporation. All rights reserved.