Configuring and Administering DNS

Microsoft borrows a page from the Unix playbook

MICROSOFT has borrowed yet another page from the Unix playbook:Domain Name System (DNS) is now a part of the Windows NT game plan. DNS firstshowed up under the NT 3.51 Resource Kit and emerged as part of NT 4.0. Once youunderstand what DNS does, how to configure it, and how to install it, DNS canhelp you locate remote computers by name.

Resolving Addresses with DNS
When you use FTP, email, or even a Web browser to connect to a remotecomputer, your computer needs to resolve user-friendly names such as mailaddresses ([email protected], [email protected]) and host addresses(ftp.microsoft.com, www.whitehouse.gov) into the cryptic IP address(204.241.137.2) of the destination computer so that your computer can sendpackets over the network. DNS is a way to resolve addresses on a TCP/IP network.

Before DNS, to point your Web browser to a universal resource locator (URL)such as http://www.microsoft.com, you had to know that www.microsoft.com wasrunning on a computer with IP address 207.68.137.35 and type that address intothe URL field. Similarly, to send mail to [email protected], you had to tellyour mail client that the computer with IP address 204.241.136.3 handledSpyros's mail. The alternative to memorizing these various addresses was to havea table on your computer that mapped the URL or mail address to an IP address.If your desktop was a Unix system, this local table was the file /etc/hosts or/etc/resolv.conf; if your desktop was an NT or Windows 95 system, the file wassystem32driversetchosts.

The problem with a local table was that you had to get a copy of a hostsfile with every IP address of any remote host you might need to contact. Thisapproach made finding computers on the Internet almost impossible--you had todistribute huge files daily to every desktop in your network to access theoutside world. Imagine getting, in advance, the IP address of every computerthat handled mail for every recipient your users might want to send email tonext week!

With DNS, you simply point your desktop to one computer (local or on theInternet), the Domain Name Server. It contains the addresses for some computersand knows who to ask for any other addresses. You no longer need to distributehosts files to the desktop--you update only the Domain Name Server with thenames of the computers in your network. In the past, setting up a Domain NameServer was possible only on a Unix platform (though your desktops could be NT-or Windows-based). With the NT 3.51 Resource Kit and NT 4.0, you can set up aDomain Name Server on NT.

DNS Components
The major components of DNS are the Domain Name Space and Resource Records(RRs), Domain Name Servers, and Domain Name Resolvers (DNRs). The Domain NameSpace is a tree-structured name space with the domain names and associated data.For example, the domain ftp.paradigms.com is a node in the paradigms.com domain,which is a node in the com domain. Data associated with ftp.paradigms.comincludes its IP address. When you use DNS to find a host address, you arequerying the Domain Name Space to extract information. RRs let you maintain theoverall DNS configuration information on a record-by-record basis.

A Domain Name Server is a computer that provides information about a subsetof the Domain Name Space, such as the paradigms.com domain. The two types ofDomain Name Servers are primary and secondary. A primary server storesconfiguration files with information about the subset of the name space forwhich the server is authoritative. A secondary server doesn't ownconfiguration files, but loads data from the primary server in a process calleda zone transfer. These Domain Name Servers provide performance andavailability benefits because you can split the workload between servers, and ifone goes down, the other can take over.

One Domain Name Server points to others with information about othersubsets of the Domain Name Space. When you query a Domain Name Server, itreturns information if it is an authoritative server for that domain. If theserver doesn't have the information, it refers you to a higher level server,which can refer you to another server, until it locates the one with therequested information. In this way, no one server needs to know about all thehosts you might need to contact.

A DNR is a program that extracts information from Domain Name Servers soyou can use host addresses instead of IP addresses in clients such as a Webbrowser or an FTP client, or with utilities such as ping, traceroute, or finger.The DNR is typically built into the TCP/IP implementation on the desktop, andneeds to know only the Domain Name Server's IP address.

For example, after you configure TCP/IP on NT Server, you can enter the IPaddress of up to three Domain Name Servers. Select the Network applet in theControl Panel, highlight TCP/IP, and click Configure to open the TCP/IPConfiguration dialog you see in Screen 1. The IP information will appear in thisscreen. Click on the DNS command box to open the DNS Configuration dialog yousee in Screen 2. The DNS Search Order box lists up to three Domain Name Servers.Based on the entries shown in Screen 2, if you run a Web browser on the currentsystem and enter http://www.paradigms.com, the system will query the DNS at204.241.138.10 for the IP address of the www.paradigms.com. If the DNS respondswith an IP address, the browser looks to that host; if the DNS at 204.241.138.10is down, the current system will query the DNS at 38.8.32.2.

You can apply to InterNIC, the organization that manages US Internetdomains, for valid IP addresses for your network and to register a domain name.Point your Web browser to http://ds1.internic.net/ds/dspg01.html, InterNIC'sDirectory and Database Services page.

Typically, however, you contract with an Internet Service Provider (ISP) toregister your domain, get an IP address for your network, and establish aphysical connection to the Internet. You then connect to the ISP through adial-up Point-to-Point Protocol (PPP) connection or leased line. Invariably, theISP runs DNS, which probably will be the Domain Name Server responsible for yourdomain's data. For reasons of control or cost, you can run your own DNS. If so,you can use native services on NT Server. You need at least two Domain NameServers: If one goes down, users can still look up the names of servers on yournetwork.

Configuring DNS
When DNS starts, it reads a local boot configuration database. Under Unix,it's usually a file named /etc/named.boot; under NT Server 3.51, it'ssystem32driversetcboot; and under NT Server 4.0, it's the filesystem32dnsboot or a Registry entry (you can start DNS from a file or fromthe Registry as you'll see in part 2 of this series). This database points DNSto the configuration files (domain files, reverse lookup files, and a cachefile) on the primary Domain Name Server, both for the database's Domain NameSpace and for hosts in other domains. Let's focus on the boot file and theconfiguration files it points to.

The Boot File
DNS reads the boot file or Registry entry to locate the database files. Fourmain types of records are in the boot file. The syntax for these files is

directory

cache

primary

secondary

In NT Server 3.51, the directory entry specifies the pathname for thedirectory where DNS stores the DNS database files. Leave this entry commentedout so you get the default directory (system32driversetc). In NT Server 4.0,you must put the files in the directory system32dns.

Listing 1 shows an example boot file. The cache entry shows that entriesfor domains above the current one are in a file called cache. The primaryentries in Listing 1 show that the configuration records for the paradigms.comdomain are in the file paradigms.dom, for the patmos.com domain in the filepatmos.dom, etc. Finally, the secondary entry in Listing 1 shows that thisDomain Name Server functions as a secondary server for the aegean.com domain andthat the primary server for this domain is on the host at 204.241.138.5.

You can set up a computer (loki.paradigms.com) as the primary(authoritative) Domain Name Server for the domain paradigms.com and anothercomputer (surtur.paradigms.com) as a secondary Domain Name Server. Lokimaintains the paradigms.dom file with the IP addresses of the hosts in thedomain. When DNS on loki starts, loki can respond to requests from any DNR.Surtur maintains a boot file that identifies surtur as loki's secondary server;surtur doesn't maintain any configuration files for paradigms.com. If the bootfile on loki is the same as in Listing 1, the boot file on surtur is

cache

secondaryparadigms.com

cache 204.241.136.2paradigms.dom

When DNS starts on surtur, it queries 204.241.136.2 (loki) for informationon the paradigms.com domain, copies the configuration file paradigms.dom, andcan respond to DNR queries for that domain. In NT 4.0, the zone transfer beginswhen DNS starts and completes after the files are copied. If you look at theSystem Log in the Event Viewer on \surtur, you see a message with Source=DNSand EventID=701 showing the zone transfer: Zone paradigms.com in sync withversion 995071201 at DNS server at 204.241.136.2.

This message tells you that the configuration files on the primary DomainName Server are synchronized with the read-only copy at the secondary server,and no zone transfer was necessary. DNS compares a manually entered versionnumber in the configuration files to determine whether both server files areidentical. In addition, the zone transfer repeats according to the timingparameters you enter in the configuration files. If the configuration files onthe primary server change, the message on the secondary server will read Newversion 995071202 of zone paradigms.com found at DNS server at 204.241.136.2.Zone transfer is in progress.

This message means DNS at the secondary server found a difference betweenthe version number of the configuration file at the primary server (\loki) andits local version number, and requested the updated file. A correspondingmessage in the Event Viewer on the primary server (\loki) will read DNSServer transfer of zone paradigms.com to DNS Server at 204.241.136.3successfully completed.

This message shows that the DNS on the primary Domain Name Server sent theconfiguration files to the secondary server (\surtur) and placed an updatedversion of the configuration files in the system32dns directory. When the bootfile loads, it points to three types of configuration files: domain files,reverse lookup files, and the cache file.

Domain Files
The domain files contain RRs--RFC 1034 defines these records. The main RRtypes are Statement of Authority (SOA), which identifies the authorityfor this domain data; Name Server (NS), which lists a name server forthis domain; Address (A), which provides name-to-address mapping; CNAME,which allows canonical names (aliases); and Mail Exchanger (MX), whichidentifies the mail exchanger.

The SOA record identifies the server with authority to define the hosts inits Domain Name Space. Listing 2 shows a sample SOA record. The SOA record isusually at the beginning of the domain file--in this case, paradigms.dom.Listing 2 shows that the server loki.paradigms.com is authoritative forthat domain and mail administrator is spyros. You also see various defaultparameters for the operation of the DNS (e.g., a version number of1996031201--the number that tells the zone transfer process whether the file onthe primary is more recent than the file on the secondary--and a refresh time of10800 seconds--the time after which the Domain Name Servers perform a zonetransfer regardless of whether the domain files changed). If a DNR queries theISP's DNS for the authoritative server for paradigms.com, the answer will beloki.

The NS record identifies servers running DNS in a domain. For two serversin the paradigms.com domain, the NS record entries might be

paradigms.com.IN NS

surtur.paradigms.com.

paradigms.com.IN NS

loki.paradigms.com.

This entry tells a DNR that surtur and loki run DNS for paradigms.com. TheDNR doesn't care that loki is authoritative, and nothing in the NS recordidentifies which is the primary or secondary server. To find out, query the SOArecord.

Address (A) records and CNAME records provide name-to-address mappings so aDNR can find systems by name. The name-to-address mappings for the paradigms.comdomain might be

loki.paradigms.com.IN A

204.241.136.2

surtur.paradigms.com.IN A

204.241.136.3

athena.paradigms.com.IN A

204.241.136.6

ftp.paradigms.comIN CNAME

surtur.paradigms.com.

www.paradigms.comIN CNAME

surtur.paradigms.com.

The IN specifies the class record and stands for internet. The A specifiesthe host's IP address. After you define a host, you can specify aliases (CNAMErecords) for it: ftp.paradigms.com and www.paridigms.com are aliases forsutur.paradigms.com. If you point your Web browser to http://www.paradigms.com,DNS will connect you to surtur.paradigms.com at 204.241.136.3. If your ISP'sDomain Name Server doesn't contain the records for paradigms.com, it will referyou to another server until it finds the right one. Then DNS goes to that serverto resolve the names. Using these records, a server answers queries about hosts.

DNS uses MX records to resolve queries about individual mail recipients.For example, the MX record for the paradigms.com domain might be

paradigms.com.IN MX

10 athena.paradigms.com.

paradigms.com.IN MX

20 mx.smtp.psi.net.

The MX record points to the host running the domain's Simple Mail TransferProtocol (SMTP) mail service. In the example, the mailer sends mail for users atparadigms.com to the primary mail server, athena.paradigms.com. If the mailercan't find a working SMTP host on athena, it accesses a secondary mail server,mx.smtp.psi.net. If you add other mail servers, the mailer accesses them indescending order according to the number after the MX label. In the example,athena is the Exchange Server, and the PSI entry is an SMTP host on our ISP thatcan accept mail if athena goes down.

Reverse Lookup Files
Whereas domain files let a DNR use a host address to find a host, someprograms require the reverse--resolving IP addresses into host addresses. Youneed one reverse lookup file for each network you administer. Reverse lookupfiles refer to domains by reversing the IP address octets; the filenames areusually similar. The example boot file had entries for the domain paradigms.com,with hosts in the class C subnet 204.241.136.0. In addition, the boot file has

primary136.241.204.in-addr.arpa

arpa-204a.rev

This entry shows that the RRs for the domain 136.241.204.in-addr.arpa arein the arpa-204a.rev configuration file:

2IN PTR loki.paradigms.com

3IN PTR surtur.paradigms.com

4IN PTR homer.paradigms.com

5IN PTR zeus.paradigms.com

6IN PTR athena.paradigms.com

To read this file, append the domain name to the octet in the first column.The first line specifies that the IP address 204.241.136.2 refers to the hostloki.paradigms.com. This information is the reverse of the configuration fileparadigms.dom, which states that loki.paradigms.com is at 204.241.136.2. Thearpa files give you address-to-name mappings, whereas the regular domain filesgive you name-to-address mappings. tracert to find a hostname queries the reverse arpa tables; ping to testconnectivity queries the regular configuration files. The sample files that comewith NT include one reverse arpa file.

Cache File
The cache file resolves names outside the authoritative domain of thecurrent DNS. If a DNR queries your DNS and the name is not in your server'szone, DNS refers the query to any server higher in the hierarchy cache file. TheNT sample file is usually sufficient for setting up DNS. Listing 3 shows entriesin the sample file. The cache file includes both name-to-address andaddress-to-name mappings for the root servers. The file also contains the Timeto Live (TTL) for this entry. The value of 99999999 indicates a very long time.

Installation
Installing DNS is simple. If you use the NT 3.51 Resource Kit, runinstall.bat, which copies the DNS executable to system32 and configures theDomain Name Server Registry entries. For NT 4.0, install DNS as a networkprotocol. Then edit the configuration files. After you configure the files,start the DNS service from the Control Panel Services applet or by typing NETSTART DNS. Configure each desktop to use the DNS when you set the TCP/IPprotocol properties through the Network applet in the Control Panel. Use ping,tracert, and nslookup to test the DNS, and make sure you can do name-to-addressand address-to-name resolution for hosts inside and outside your zone.

DNS, Part 2
Next month, I'll explain how DNS and Windows Internet Name Service (WINS)work together and the DNS GUI administration tool. This tool eliminates the needfor a text editor to edit the DNS database files.

[Editor's Note: This article is part 1 of a two-part series. Part 1explains the basic DNS components and settings. Part 2 looks at the relationshipbetween DNS and WINS and how to configure and administer DNS with the GUI tool.]