DNS is normally used to provide a lookup table between domain names such as
www.teamapproach.ca and the
corresponding IP address. The Active
Directory requires TCP/IP and DNS. DNS names are used to identify servers and AD
domains. Although DNS supports the use of the same server name in two different
domains, the Active Directory requires unique names. For example, although
server1.domain1.com and server1.domain2.com is perfectly acceptable with DNS it
is not allowed with the Active Directory. Traditionally, Microsoft used globally
unique NetBIOS computer names. To maintain compatibility, globally unique names
are still required.
The Active Directory goes beyond using DNS for
its normal address lookup capabilities. The Active Directory uses advanced DNS
features which are supported in the Windows DNS server. If a Unix DNS server is
used, BIND 8.1.2 or greater is required. The table to the right, shows the required
advanced features together with the RFC number for the Internet standard Request
For Comments document.
The SRV service records allows the Active
Directory to use DNS to find servers that provide the following services.
- ldap - Lightweight Directory Access Protocol
services (Domain Controller)
- gc - Global Catalog
- kerberos - KDC Kerberos Key Distribution
Center (Domain Controller)
- kpasswd - Kerberos password change
The DNS tables identify these servers based on
- Protocol - TCP or UDP - and
- Location - Domain Controller, domain, site,
or for the entire enterprise
The Active Directory automatically registers
services in a special domain named, _msdcs. For example, for the Active
Directory to locate a LDAP service provider using TCP in the London site on a DC
for the teamapproach.ca domain, it would use the following DSN service name;
Resource Record Types
The following table summarizes the different
types of DNS records.
Used to hold a specific
host's IP address.
Canonical Name (alias)
Used to make an alias name
for a host.
Provides message routing to
a mail server, plus backup server(s) in case the target server isn't active.
Provides a list of
authoritative servers for a domain or indicates authoritative DNS servers
for any delegated sub-domains.
Used for reverse
lookup—resolving an IP address into a domain name using the IN-ADDR.ARPA
Start of Authority
Used to determine the DNS
server that's the primary server for a DNS zone and to store other zone
Provides the ability to find
the server providing a specific service. Active Directory uses SRV records
to locate domain controllers, global catalog servers, and Lightweight
Directory Access Protocol (LDAP) servers.
From the command line, NSLOOKUP is used to test
and query DNS. In interactive mode, available commands are listed by entering
the ? character. Individual records can be listed directly from the command line
as in the following example.
From the command line, try NSLOOKUP. If
configured, it will identify your default DNS server. Type the HELP command to
determine which commands are available within NSLOOKUP. When you are finished,
use the EXIT command to terminate NSLOOKUP.