Windows Server Troubleshooting - DNS

Click here to start saving with ING DIRECT!

Home | Up | Methodology | Architecture | Tools | Memory | Processor | Registry | File System | Network | Contents

Get the Book

Major Topics
Methodology
Architecture
Tools
Memory
Processor
Registry
File System
Network
Active Directory
Contents
Other Topics
Logon
FSMO
NTDSUtil
RepAdmin
Garbage Collection
RootDSE
Distinguished Name
Sites
DNS
Replication
REPLMON
Restore the AD
Log Files
Global Catalog
More Detail

eXpert Genealogy

Memory from Crucial.com


©2003-2006 Team Approach Limited
All rights reserved


DNS is normally used to provide a lookup table between domain names such as www.teamapproach.ca and the corresponding IP address.
The Active Directory requires TCP/IP and DNS. DNS names are used to identify servers and AD domains. Although DNS supports the use of the same server name in two different domains, the Active Directory requires unique names. For example, although server1.domain1.com and server1.domain2.com is perfectly acceptable with DNS it is not allowed with the Active Directory. Traditionally, Microsoft used globally unique NetBIOS computer names. To maintain compatibility, globally unique names are still required.

RFC Feature
2052 SRV Service records
2136 Dynamic updates
2181 Underscore characters

The Active Directory goes beyond using DNS for its normal address lookup capabilities. The Active Directory uses advanced DNS features which are supported in the Windows DNS server. If a Unix DNS server is used, BIND 8.1.2 or greater is required. The table to the right, shows the required advanced features together with the RFC number for the Internet standard Request For Comments document.

The SRV service records allows the Active Directory to use DNS to find servers that provide the following services.

  • ldap - Lightweight Directory Access Protocol services (Domain Controller)
  • gc - Global Catalog
  • kerberos - KDC Kerberos Key Distribution Center (Domain Controller)
  • kpasswd - Kerberos password change

The DNS tables identify these servers based on

  • Protocol - TCP or UDP - and
  • Location - Domain Controller, domain, site, or for the entire enterprise

The Active Directory automatically registers services in a special domain named, _msdcs. For example, for the Active Directory to locate a LDAP service provider using TCP in the London site on a DC for the teamapproach.ca domain, it would use the following DSN service name;
    _ldap._tcp.london._sites.dc._msdcs.teamapproach.ca

Resource Record Types

The following table summarizes the different types of DNS records.

 Type Contents Use
A Host Address Used to hold a specific host's IP address.
CNAME Canonical Name (alias) Used to make an alias name for a host.
MX Mail Exchanger Provides message routing to a mail server, plus backup server(s) in case the target server isn't active.
NS Name Server Provides a list of authoritative servers for a domain or indicates authoritative DNS servers for any delegated sub-domains.
PTR Pointer Used for reverse lookup—resolving an IP address into a domain name using the IN-ADDR.ARPA domain.
SOA Start of Authority Used to determine the DNS server that's the primary server for a DNS zone and to store other zone property information.
SRV Service Locator Provides the ability to find the server providing a specific service. Active Directory uses SRV records to locate domain controllers, global catalog servers, and Lightweight Directory Access Protocol (LDAP) servers.

NSLOOKUP

From the command line, NSLOOKUP is used to test and query DNS. In interactive mode, available commands are listed by entering the ? character. Individual records can be listed directly from the command line as in the following example.

C:\>nslookup win2003.newdomain.com
Server: localhost
Address: 127.0.0.1

Name: win2003.newdomain.com
Address: 209.47.184.39

Keyboard Exercise

From the command line, try NSLOOKUP. If configured, it will identify your default DNS server. Type the HELP command to determine which commands are available within NSLOOKUP. When you are finished, use the EXIT command to terminate NSLOOKUP.