Overview
Introduction to the Role of DNS in Active Directory
Domain Name System (DNS) plays a crucial role in the functioning of Active Directory (AD).
It is essential for Active Directory to function properly because AD relies heavily on DNS for
name resolution and the location of services like Domain Controllers. DNS enables the mapping of
domain names to IP addresses, which is a fundamental
requirement for the various operations in Active Directory, including user authentication and resource access.
Name Resolution
DNS translates computer names to IP addresses
Computers use DNS to locate each other on the network
Naming Convention for Windows Server Domains
Windows Server uses DNS naming standards for domain names
DNS domains and Active Directory domains share a common hierarchical naming structure
Locating the Physical Components of Active Directory
DNS identifies domain controllers by the services they provide
Computers use DNS to locate domain controllers and global catalog servers
DNS and Active Directory
DNS and Active Directory Namespaces
DNS Host Names and Windows Server Computer Names
DNS Name Resolution in Active Directory
SRV (Service) Resource Records
SRV Record Format
| Field |
Description |
| Service | Specifies the name for the service
|
| Protocol | Indicates the transport protocol type
|
| Name | Specifies the domain name referenced by the resource record
|
| Ttl | Specifies the standard DNS resource record Time to Live value
|
| Class | Specifies the standard DNS resource record class value
|
| Priority | Specifies the priority of the host
|
| Weight | Specifies the load balancing mechanism
|
| Port | Shows the port of the service on this host
|
| Target | Specifies the FQDN for the host supporting the service
|
_ldap._tcp.contoso.msft 600 IN SRV 0 100 389 london.contoso.msft.
SRV Records Registered by Domain Controllers
| SRV Record
|
Lookup Criteria
|
| ldap._tcp.DnsDomainName.
| Allows a computer to find an LDAP server in the domain
|
| _ldap._tcp.SiteName._sites.dc.
_msdcs.DnsDomainName.
| Allows a computer to find a domain controller in the same site
|
| _gc._tcp.DnsForestName.
| Allows a computer to find a global catalog server
|
| _gc._tcp.SiteName._sites.
DnsForestName.
| Allows a computer to find a global catalog server in the same site
|
| _kerberos._tcp.
DnsDomainName.
| Allows a computer to locate a KDC server in the domain
|
| _kerberos._tcp.SiteName.
_sites.DnsDomainName.
| Allows a computer to locate a KDC server in the same site
|
Domain Controllers Running Windows Register Additional SRV Records in the _msdcs Subdomain in the Format of:
_Service._Protocol.DcType._msdcs.DnsDomainName
How Computers Use DNS to Locate Domain Controllers
Active Directory Integrated Zones
Store Primary Zones in Active Directory
Replicate DNS Zone Information During Active Directory Replication
Provide Additional Benefits:
Eliminates a primary DNS server as a single point of failure
Enables secure dynamic updates
Performs standard zone transfers to other DNS servers
Installing and Configuring DNS to Support Active Directory
DNS Requirements for Active Directory
Group Policy Refreshes on Client Computers Every 90 y 5 Minutes
Support for SRV records (mandatory)
Support for the dynamic update protocol (recommended)
Support for incremental zone transfers (recommended)
Installing and Configuring DNS
Assign a Static IP Address
Configure the DNS Primary Suffix
Install the DNS Server Service
Create a Forward Lookup Zone
Create a Reverse Lookup Zone (optional)
Installing DNS During the Active Directory Installation
The Active Directory Installation Wizard Prompts You to Install and Configure a Local DNS Server if It Does Not Find an Existing DNS Infrastructure
To Implement DNS, the Active Directory Wizard:
Installs the DNS Server Service
Creates a Forward Lookup Zone
Configures the Zone As Active Directory Integrated
Enables Secure Dynamic Updates for the Zone
Create a Reverse Lookup Zone (optional)
Best Practices
Use Standard DNS Guidelines When Implementing DNS
Use at Least Two DNS Servers to Host Each Zone
Implement Active Directory Integrated Zones
Configure Client Computers to Use DNS Servers Located Nearby