How can I delegate authority for a DNS zone under Windows NT 4.0?
July 10, 2005
A. Windows 2000 and later DNS interfaces have a simple New Delegation option. However, in some situations you might want to delegate zones under NT 4.0 DNS. For example, I recently had a client running a Windows Server 2003 environment, whose principal DNS server was running on NT 4.0, and we needed to use one of the server's zones for Active Directory (AD). However, because of the company's particular business and technology situation, we couldn't migrate the zone to Windows 2003 yet, which meant that the required service record (SRV RR) and desirable DDNS functionality wouldn't be available. The resolution was to leave the zone under NT 4.0 but delegate the subzones that AD uses to Windows 2003 DNS servers.
Although you can use the NT 4.0 Service Manager application to perform the delegation, it's easier to simply edit the DNS zone file. To do so, perform these steps:
Stop the DNS service on the NT 4.0 server by entering the command
net stop dns
Locate and open in Notepad the zone file for the DNS domain for which you want to delegate a subzone. For example, if my zone is migrate.test, I would open the file migrate.test.dns, which by default is in the C:winntsystem32dns folder.
Scroll to the bottom of the file and add a host record for the server to which you're delegating part of the namespace. For example, my Windows 2003 DNS server is vpcdc01, so I add the linevpcdc01 A 192.168.2.100
Next you need to add the delegation entries, which essentially are just nameserver records for each subzone, as this example shows:
; Delegate the _msdcs, _sites, _tcp, _udp, DomainDnsZones and ForestDnsZones; to the Windows 2003 server. _msdcs NS vpcdc01.migrate.test._sites NS vpcdc01.migrate.test._tcp NS vpcdc01.migrate.test._udp NS vpcdc01.migrate.test.DomainDnsZones NS vpcdc01.migrate.test.ForestDnsZones NS vpcdc01.migrate.test.
Note that you need to include a trailing period (.) after the full DNS name of the server that you're delegating subzones to. You also need to leave a blank line at the end of the file. In the previous example, replace the name of the destination server for the zone and the zones you want to delegate, according to your requirements.
Save the updated DNS zone file.
Start DNS by typing
net start dns
The delegation will now be visible in the NT 4.0 Domain Name Service Manager application, as the figure shows. Clients that use the NT 4.0 server can now resolve the service records required for AD to function. After the zone delegation, you can run the Nslookup command to see how the service records are resolved, as the following example shows.
nslookupDefault Server: nt4mas01.migrate.testAddress: 192.168.2.1> set q=srv> _ldap._tcp.gc._msdcs.migrate.testServer: nt4mas01.migrate.testAddress: 192.168.2.1
Output
Non-authoritative answer:
_ldap._tcp.gc._msdcs.migrate.test SRV service location:
priority = 0
weight = 100
port = 3268
svr hostname = vpcdc01.migrate.test
vpcdc01.migrate.test internet address = 192.168.2.100>
Note that the answer is a nonauthoritative answer because it receives the answer from the delegated DNS server.
About the Author
You May Also Like