Identifying DNS Record Requirements

Table 5.2 RR Types

Record Type Common Name Function

AAAA

Address Record Maps FQDN to 32-bit

IPv4 address

IPv6 address record Maps FQDN to 128-bit IPv6 address

RFC1035

RFC1886

Continued

Table 5.2 continued RR Types

Record Type Common Name Function

AFSDB Andrews files system

ATMA Asynchronous

Transfer Mode address

CNAME Canonical name or alias name

HINFO Host info record

ISDN ISDN info record

KEY Public key resource record

Maps a DNS domain name RFC1183

to a server subtype that is either an AFS version 3

volume or an authenticated name server using DCE or NCA

Maps a DNS domain name in the owner field to an ATM address referenced in the atm_address field.

RFC1035 RFC1700

Maps an FQDN to an ISDN RFC1183 telephone number

Contains a public key that is associated with a zone. In full DNSSEC (defined later in this chapter) implementation, resolvers, and servers use KEY resource records to authenticate SIG resource records received from signed zones. KEY resource records are signed by the parent zone, allowing a server that knows a parent zone's public key to discover and verify the child zone's key. Name servers or resolvers receiving resource records from a signed zone obtain the corresponding SIG record, then retrieve the zone's KEY record.

RFC1035

Maps a virtual domain name (alias), to a real domain name

Specifies the CPU and operating system type for the host

Mailbox name record Maps a domain mail server name to the host name of the mail server

Table 5.2 continued RR Types

Record Type Common Name Function RFC

Table 5.2 continued RR Types

Record Type Common Name Function RFC

MG

Mail group record

Maps a domain mailing group to the mailbox resource records

RFC1035

MINFO

Mailbox info record

Specifies a mailbox for the person who maintains the mailbox

RFC1035

MR

Mailbox renamed record

Maps an old mailbox name to a new mailbox name for forwarding purposes

RFC1035

MX

Mail exchange record

Provides routing info to reach a given mailbox

RFC974

NS

Name server record

Specifies that the listed name server has a zone starting with the owner name. Identify servers other than SOA servers that contain zone information files.

RFC1035

NXT

Next resource record

Indicates the nonexistence of a name in a zone by creating a chain of all of the literal owner names in that zone. It also indicates which resource record types are present for an existing name.

OPT

Option resource record

One OPT resource record can be added to the additional data section of either a DNS request or response. An OPT resource record belongs to a particular transport level message, such as UDP, and not to actual DNS data. Only one OPT resource record is allowed, but not required, per message.

PTR

Pointer resource record

Points to another DNS resource record. Used for reverse lookup to point to A records

Continued

Table 5.2 continued RR Types

Record Type Common Name

Function

RP RT SIG

TXT WKS

Responsible person info record

Provides info about the server admin

Route-through record Provides routing info for hosts lacking a direct WAN address

RFC1183

RFC1183

Signature resource record

Start of Authority resource record

Service locator record

Text record

Well known services record

X.25 info record

Encrypts an RRset to a signer's (RRset's zone owner) domain name and a validity interval

Indicates the name of origin RFC1537

for the zone and contains the name of the server that is the primary source for information about the zone.

It also indicates other basic properties of the zone. The

SOA resource record is always first in any standard zone. It indicates the DNS server that either originally created it or is now the primary server for the zone. It is also used to store other properties such as version information and timings that affect zone renewal or expiration. These properties affect how often transfers of the zone are done between servers that are authoritative for the zone.

Provides a way of locating RFC2052 multiple servers that provide similar TCP/IP services

Maps a DNS name to a string RFC1035 of descriptive text

Describes the most popular RFC1035 TCP/IP services supported by a protocol on a specific IP address

Maps a DNS address to a public RFC1183 switched data network (PSDN) address number

The official IANA (Internet Assigned Numbers Authority) list of DNS parameters can be found at www.iana.org/assignments/dns-parameters, and a really good DNS glossary can be found at www.menandmice.com/online_docs_and_faq/glossary/glossarytoc.htm.

Note_

Windows Server 2003 DNS allows you to restrict which servers and zones are allowed to register name server (NS) resource records. Using the dnscmd command-line tool, you can set your environment to allow NS resource records to be created only by specific domain controllers. You can also use the dnscmd command-line tool to specify servers that you do not want to be able to create NS resource records.

Domain Controller Service Records

In order for Active Directory to function properly, the DNS servers that host the Active Directory zones must provide support for Service Location (SRV) resource records described in RFC 2052,"A DNS RR for specifying the location of services (DNS SRV)." In the introduction to the RFC document, an SRV RR is defined as "a DNS RR that specifies the location of the server(s) for a specific protocol and domain (like a more general form of MX)." As described in Table 5.2, SRV resource records map the name of a service to the name of a server offering that service by providing a way of locating multiple servers offering similar TCP/IP services. In the context of Windows Server 2003 and Active Directory, clients and domain controllers query DNS for SRV records to determine the IP addresses of domain controllers. Although it is not a hard and fast technical requirement of Active Directory, it is highly recommended that DNS servers provide support for DNS dynamic updates described in RFC 2136, entitled "Dynamic Updates in the Domain Name System (DNS UPDATE) ."This will reduce the amount of effort required to enter individual host names for potentially every host in your network. Active Directory depends on DNS as a locator service. Therefore, in a network in which DNS is based primarily on BIND, you might want to upgrade the version of BIND to version 8.1.2 or later so that dynamic updates are supported, and enable Dynamic DNS (DDNS, discussed later in this chapter) for certain Windows-based servers, such as domain controllers.

The Windows Server 2003 DNS service provides support for both SRV records and dynamic updates. If Windows NT 4.0 (pre-Service Pack 4) or versions of BIND prior to 8.1.2 are being used, you should verify that they support the SRV RR at a minimum; BIND 4.9.7 supports the SRV RR, but not Dynamic Update. A DNS server that supports SRV records but not dynamic update must be manually updated with the contents of the Netlogon.dns file created by the Active Directory Installation wizard during the promotion of a Windows Server 2003 to a domain controller.

If you enable dynamic update on the relevant DNS zones in Windows Server 2003, the following entries will be created automatically:

■ _ldap._tcp.<DNSDomainName> Enables a client to locate a domain controller in the domain named by <DNSDomainName>. A client searching for a domain controller in the domain nru.corp would query the DNS server for _ldap._tcp.nru.corp.

■ _ldap._tcp.<SiteName>._sites.<DNSDomainName> Enables a client to find a domain controller in the domain and site specified (such as _ldap._tcp.lab._sites.nru.corp for a domain controller in the Lab site of nru.corp).

■ _ldap._tcp.pdc._msdcs.<DNSDomainName> Enables a client to find the PDC Emulator flexible single master operations (FSMO) role holder of a mixed-or native-mode domain. Only the PDC of the domain registers this record.

■ _ldap._tcp.gc._msdcs.<DNSForestName> Found in the zone associated with the root domain of the forest, this enables a client to find a Global Catalog (GC) server. Only domain controllers serving as GC servers for the forest will register this name. If a server ceases to be a GC server, the server will deregister the record.

■ _ldap._tcp. ._sites.gc._msdcs.<DNSForestName> Enables a client to find a GC server in the specified site (such as _ldap._tcp.lab._sites.gc._msdcs.nru.corp).

■ _ldap._tcp.<DomainGuid>.domains._msdcs.<DNSForestName> Enables a client to find a domain controller in a domain based on the domain controller's globally unique ID (GUID). A GUID is a 128-bit (8 byte) number that is generated automatically for the purpose of referencing Active Directory objects. This mechanism and these records are used by domain controllers to locate other domain controllers when they need to replicate, for example.

■ <DNSDomainName> Enables a client to find a domain controller via a normal Host (A) record.

Host and Alias Records

This may sound like a gross oversimplification, but host and alias records are used to record the host names and hosts' aliased names. This is really the heart and soul of DNS. There are three essential (and most commonly used) resource records for identifying hosts on a DNS-supported network: Start of Authority (SOA), Address (A and AAAA), and Canonical Name (CNAME), which is also known as an Alias record.

SOA resource records identify the name of the root of the zone and contain the name of the server that is the primary source for information about the zone. They also provide other basic information about the zone, such as such as version information, zone renewal or expiration time thresholds, and information on how zone transfers will transpire between other primary DNS servers that are the SOA for other zones. Because it indicates the DNS server that either originally created it or is now the primary server for the zone, the SOA resource record is always first in any standard zone. In an Active Directory-integrated zone, the domain controller used to view the SOA record is always listed as the SOA.

A (Address) resource records are used for setting the primary name for hosts, and each maps a DNS domain host name to an Internet Protocol (IP) version 4 32-bit address.The

AAAA resource record performs the same function, except that it is used exclusively for mapping a DNS domain host name to an IPv6 host address. Address (A) resource records will constitute the vast majority of records in the DNS database because every TCP/IP host that needs to be identified by name will need one. The can be entered in the database manually, or automatically through Dynamic Update, if that feature is enabled.

CNAME (Canonical Name) records are used for creating aliases for hosts. According to Microsoft and RFC 1035, this resource record type "maps an aliased or alternate DNS domain name in the owner field to a canonical or primary DNS domain name specified in the canonical_name field."The canonical or primary DNS domain name used in the data is required and must resolve to a valid DNS domain name (A RR) in the DNS namespace. A common example would be when the host that is acting as the primary mail server for the company (such as exch2000.tor.nru.corp) would be given an alias of 'mail' in the root of nru.corp and CNAME record in the database for mail.nru.corp.Therefore, a query for record 'mail.nru.corp' would return 'exch2000.tor.nru.corp' and this would then in turn, be resolved to an IP address.

Pointer Records

Strictly speaking, pointer (PTR) resource records are used to allow special names to point to some other location in a domain as specified in the targeted_domain_name field. In Windows Server 2003 DNS this record type is used primarily for reverse lookups. By definition, a PTR record provides information that points to another DNS domain name location, even corresponding hosts, which must have a valid address resource record, in a forward lookup zone. Simply put, PTR records translate IP addresses to DNS host names.

+1 0

Post a comment