Active Directory DNS: You will often hear Active Directory administration say that “Active Directory lives and dies by DNS”. After the introduction of Active Directory in Windows 2000, the Domain Name System (DNS) has been Active Directory’s default name resolution method. Configuring DNS correctly is critical task for any Active Directory administrator because the health of an Active Directory environment will largely depend on how well DNS is functioning to support Windows Active Directory.
Understating Active Directory DNS
In most modern networks, TCP/IP is the primary networking protocol used to communicate between systems. All devices on an IP network use a unique number to identify themselves and their location on the network. This is called an IP address. IP addresses are four octets long and are commonly expressed in dotted-decimal notation, such as 192.168.10.1.
This four-octet UP address is an IP version 4 (IPv4) address. This refers to version 4 of IP, which is the most widely deployed version of IP at present. Windows Server 2008 and Windows Vista also natively support IPv6, which is the next generation of IP.
One way to access a resources is through its IP address. However, when a computer system identifies resources using 32-bit numbers, expecting a user to access a resource by using its IP address would be cumbestsome at best. This is where DNS comes into play. Active Directory DNS is a distributed name resolution services that provides name resolution for an Active Directory domain.
In addition to an IP address, all computers are given a DNS host name upto installation. Although the host name helps you define a device’s location or purpose, it needs to be translated into a value that computers can understand. This is why you need DNS. DNS maps a computer’s host name to its IP address. When a user or application references a computer’s host name. DNS provides the translation of the host name to an IP address, thereby allowing the traffic to be routed appropriately to the correct destination.
- Benefits of Active Directory Domain Services
- Basic Components of Active Directory Tools
- Understanding the Active Directory Schema
Integrating DNS and Active Directory
In addition to providing computer host name to IP address mappings on the network, DNS plays a much larger role in the functionality of Active Directory. Active Directory relies on DNS to provide a locator service for clients on the network. This locator service provides direction for clients that need to know which server performs what function. For example, if a user were attempting to log on to the network, the locator service would attempt to provide the client with the host name and IP address of the domain controller located in the same site as the client workstation if possible.
This locator service is necessary within Active Directory because Active Directory Domain Services is a multimaster directory service. Therefore, network services might not always be provided by the same server. Fault tolerance, load balancing, and redundancy are among the reasons for setting up every network, even a small network, with multiple server, which makes this locator service essential for clients to be able to access domain controllers and other Active Directory resources.
In many cases, organizations will rely on the built-in DNS server role within Windows Server 2008 to provide DNS name resolution for Active Directory. In some cases, though, a company may already have a third-party DNS service in place, such as the BIND DNS service offered by UNIX. When deploying Active Directory with third-party DNS, you need to ensure that the DNS server can support SRV records. SRV records are the locator records within DNS that allow clients to locate an Active Directory domain controller or global catalog. Without the ability to resolve SRV records, clients will be unable to authenticate against Active Directory.
In addition to the required support of SRV records, modern DNS implementations also have the ability to support dynamic updates permit DNS clients to automatically register and update their information in the DNS database. When a domain controller is added to the forest, for example, it’s SRV and A records can be added dynamically to the DNS database via dynamic updates to keep the DNS locator service up to date. Dynamic Active Directory DNS provides a convenient method to assist in keeping the database current. Dynamic updates are not required for Active Directory to function, but taking advantage of this feature can make it much simpler to administer.