Understanding DNS in Windows NT 4.0

July 11, 2000
TechRepublic Staff

Takeaway:
Have you ever wished you had a better understanding of DNS? Check out this TechRepublic overview of DNS and how it's used in Windows NT 4.0.

DNS is a core component of any existing Windows NT system. With the advent of Windows 2000, DNS will become even more crucial as it inherits the job of handling all name resolutions. Every company should ensure that it has a solid DNS structure.
DNS stands for domain name system. Its purpose is to resolve Internet host and domain names to IP addresses. Thanks to DNS, machines can be addressed using friendly names, such as www.techrepublic.com, rather than the machine’s TCP/IP address.
DNS and NetBIOS names
DNS can’t replace a WINS server for NetBIOS names resolution within the Windows NT 4.0 networking system. NetBIOS names, which are used for Microsoft networking, must be resolved to TCP/IP addresses. Doing so requires either a WINS server or an LMHOSTS file. DNS, by contract, resolves host names. For example, if you try to map a network drive to the Windows NT server named \\E275000N0, you’re mapping to the NetBIOS name. However, if you try to get a to a Web server on e275000n0.acme.computers.com, you’re using that machine’s host name.

Many utilities don’t understand NetBIOS names and instead require that you use host names. This includes Web browsers, FTP clients, telnet, and so on. Therefore, you will likely require a DNS server even if your company maintains a pure Windows NT environment. Table A shows a number of functions and the name-resolution scheme each requires. Remember, functions that use NetBIOS names use the WINS server, while functions that host names use the DNS server. Certain functions, such as Exchange, use both. If DNS is unavailable, the Exchange client will try the NetBIOS name.

Table A

Function	Type of name resolution required
Map network drive	NetBIOS
Connect to network printer	NetBIOS
Browse the network	NetBIOS
Connect to the Web server	Host name
FTP	Host name
Telnet	Host name
Connect to UNIX machine	Host name
Connect to mainframe using TCP/IP	Host name
Connect to Exchange server	Host name first, then NetBIOS

Appropriate name resolution schemes

Windows 2000 and the Active Directory use a new version of the DNS server called DDNS, or Dynamic DNS, to provide all name resolutions. With the advent of the Active Directory, NetBIOS names, and thus WINS servers, will no longer be needed. The DNS server will handle name resolution for all functions, including mapping drives and sharing printers. Because of the new dependence on DNS, your company should ensure it has a good DNS infrastructure in place today.

Host names and domain names
The DNS name of a machine or network consists of two parts: the host name and the domain name. A domain may consist of sub-domains that allow DNS system administration to be distributed among several groups. For example, in the name e27500n0.acme.computers.com, e27500n0 is the host name, while acme.computers.com is the domain name. However, acme.computers.com is a sub-domain of computers.com.

DNS names are subject to more restrictions than NetBIOS names, so it’s crucial when naming a server or workstation to use only NetBIOS names that are also valid DNS host names. The following are the only valid characters for a machine host or domain name:

Lowercase letters a-z
Uppercase letters A-Z
Western Arabic numerals 0-9
The dash (-) character

Zones of authority
The zone of authority is one of the more difficult concepts to explain in DNS. When a domain is first created on a DNS server, that domain is designated as the root domain. Because the domain is the root domain, it is also the zone of authority of the new domain and all sub-domains of the new domain. The DNS server where the domain is created contains the zone file, which contains all domain name space information for the root domain and all sub-domains of the root domain.

A single DNS server can contain more than one root domain, so it will also contain more than one zone of authority. For instance, computers.com is created as a domain on the DNS server acmens1. The zone of authority of computers.com is the root domain computers.com. All domain name space information for the domain computers.com is in the zone file called computers.com.dns on the DNS server acmens1. If acme is created as a sub-domain of computers.com, the sub-domain domain name would be acme.computers.com, but the zone of authority would be computers.com and the zone file would be computers.com.dns on the DNS server acmens1. On DNS acmens1, the administrator can create a new domain, rockets.com, which would be the root domain and zone authority and contain the zone file rockets.com.dns for the rockets.com domain.

Name server types
Like a WINS server, a DNS server can exist in a primary or secondary role. However, you should be aware of some important differences. With DNS server, a primary name server controls a specific zone, such as the zone for acme.computers.com. This DNS server operates as the ultimate authority for resolving host names within the sub-domain acme.computers.com. If an administrator wants to make any changes to the zone, such as changing host addressing or adding names to and deleting them from the database, he or she must do so at this primary DNS server.

A secondary name server exists simply for disaster recovery and possibly for load balancing. The secondary DNS server doesn’t have authority over the zone, so it can’t make changes in zone information. It receives all the information it needs for DNS resolution from the primary DNS server. This “zone transfer” copies zone information, such as host names, DNS records, and so forth, from the primary to the secondary DNS server. Once the secondary DNS server receives all the pertinent records, it can assist with name resolutions to the clients on the network. Because of the importance of the zone transfer to the secondary DNS server, you must ensure that the primary DNS server with authority for the zone is available when you set up the secondary server.

Reverse resolution
In some instances, the TCP/IP address is known but the host name is not. Certain security schemes and firewalls use this type of resolution for security. This, of course, is the opposite of the situation DNS was created to handle.

DNS contains a special domain called in-addr.arpa. This domain allows for reverse name resolution within each DNS zone. Because of the way host names and TCP/IP addresses are organized, configuring the in-addr.arpa domain involves a unique process. IP addresses get more specific from left to right, while domain name get less specific from left to right. So, to create a record in the in-addr.arpa domain, you must reverse the order of the octets in the TCP/IP address.

Obviously, this process is unwieldy and error-prone. However, the Microsoft DNS server that comes with NT 4.0 takes care of the in-addr.arpa domain automatically. As long as you configure the domain before you add DNS records, the Microsoft DNS server will automatically create entries in the in-addr.arpa domain for each new record added to the server.

WINS and DNS interoperability
The Microsoft Windows NT 4.0 DNS server component can interact with WINS, providing hostname-to-IP address name resolution for non-NetBIOS network clients. Note that the use of extended characters or separator characters, such as an underscore, is discouraged for Windows NT 4.0 DNS because of NetBIOS name incompatibilities. The underscore character is converted to a dash in DNS host names.
If you'd like to share your opinion, please post a comment below orsend the editor an e-mail.