Planning To create authoritative sources for your domain, you can deploy your own DNS servers, using Windows Server 2003 or another operating system, or you can pay to use your ISP's DNS servers.
Once you purchase the rights to a second-level domain, you can create as many hosts as you want in that domain, simply by creating new resource records on the authoritative servers. You can also create as many additional domain levels as you want. For example, you can create the subdomains sales.adatum.com and marketing.adatum.com, and then populate each of these subdomains with hosts. The only limitations to the subdomains and hosts you can create in your second-level domain are that each domain name can be no more than 63 characters long, and that the total FQDN (including the trailing period) can be no more than 255 characters long. For the convenience of users and administrators, most domain names do not even approach these limitations.
If you plan to give network users client access to the Internet, they must have direct access to one or more DNS servers. You can run your own DNS servers on your network for this purpose, or you can use your ISP's DNS servers. You do not need to register a domain name. The clients' DNS servers can be caching-only servers, meaning that they exist only to process name resolution requests sent by clients, and they can be located on your private network, with unregistered IP addresses.
If you plan to host an Internet domain, you must register a second-level domain name and give the IP addresses of your DNS servers to your domain registrar. These servers must have registered IP addresses and must be available on the Internet at all times. The servers do not have to be on your network, and do not have to be in the domain you have registered. You can use your ISP's DNS servers for this purpose (for a fee), but be aware that you will occasionally have to change the server configuration, to create or modify the resource records stored there. If you maintain your own DNS servers, you can manage the resource records yourself and retain full control over their security. If your ISP hosts your domain, you might have to have them make the changes, and they might charge you an additional fee for each modification.
If you plan on hosting Internet servers on your network, you must have access to a registered domain on the Internet, with authoritative DNS servers on which you can create resource records that assign host names to your servers. You can either register your own domain (in which case you must meet the requirements described in the previous paragraph, "Hosting an Internet Domain"), or you can use your ISP's DNS servers, in which case they must create the necessary resource records for you.
If you plan to run Active Directory on your network, you must have at least one DNS server on the network that supports the Service Location (SRV) resource record, such as the DNS Server service in Windows Server 2003. Computers on the network running Windows 2000 and later versions use DNS to locate Active Directory domain controllers. To support Active Directory clients, the DNS server does not have to have a registered IP address or an Internet domain name.
In many cases, a network requires some or all of these DNS functions, and you must decide which ones you want to implement yourself and which you want to delegate to your ISP. It is possible to use a single DNS server to host both Internet and Active Directory domains, as well as to provide name resolution services for clients. However, when planning a DNS name resolution strategy for a medium or large network, you should run at least two DNS servers, to provide fault tolerance.
Important If you plan to use your ISP's DNS servers for any functions other than client name resolution, be sure that the DNS server implementation they are using is compatible with the Windows Server 2003 DNS servers you are using, and that they are able to provide the services you need.
You might also want to consider splitting up these functions by using several DNS servers. For example, you can use your ISP's DNS servers for client name resolution, even if you are running your own DNS servers for other purposes. The main advantage of using your ISP's servers is to conserve your network's Internet bandwidth. Remember that the Internet name resolution requests that DNS servers receive from client resolvers are recursive queries, giving the first server responsibility for sending iterative queries to other DNS servers on the Internet to resolve the name. When the DNS server receiving the recursive queries is on your private network, all the iterative queries the server generates and their responses go through your Internet access router, using your bandwidth (see Figure 4-4). If your clients use a DNS server on your ISP's network (which is nearly always a free service), only one query and one response go through your router. The ISP's DNS servers generate all the iterative queries, and these queries travel directly to the Internet.
Figure 4-4 Using the ISP's DNS server saves Internet bandwidth
Figure 4-4 Using the ISP's DNS server saves Internet bandwidth
If computers on your network are running versions of Microsoft Windows earlier than Windows 2000, they are using NetBIOS names and must have a means of resolving those names into IP addresses. When Microsoft originally incorporated networking capabilities into the Windows operating systems, it relied on NetBIOS names to identify computers and on the NetBEUI protocol for communications. NetBEUI uses these names exclusively; the protocol has no other addressing system. Later, Microsoft adopted TCP/IP as its default protocols, but continued to use NetBIOS to provide friendly names for computers until the release of Active Directory with Windows 2000.
The NetBIOS namespace is flat, not hierarchical like the DNS namespace. Each computer and other entity has a single NetBIOS name up to 16 characters long, which must be unique on the network. In the Windows operating system, the sixteenth character is reserved for a code that identifies the type of resource represented by the name; therefore, the NetBIOS names you assign to computers running Windows operating systems can be no longer than 15 characters. The non-hierarchical nature of the NetBIOS namespace means that it is not as scaleable as DNS, and indeed it need not be, because NetBIOS is intended for private networks only, not for huge networks like the Internet.
NetBIOS Name Resolution Mechanisms
Windows has several name resolution mechanisms for NetBIOS names, which are as follows:
■ WINS WINS is a NetBIOS name server included with all current server versions of the Windows operating system, WINS registers the names and IP addresses of Windows NetBIOS computers as they start up and compiles its own name resolution database. Every computer running a Windows operating system includes a WINS client that an administrator must configure with the IP address of at least one WINS server on the network. Before the computer running the Windows operating system can communicate with another NetBIOS computer on the network, it sends a message called a NAME QUERY REQUEST as a unicast to its WINS server. The message contains the NetBIOS name of the other computer, and the WINS server responds with the IP address associated with the name. WINS servers are able to provide NetBIOS name resolution services for an entire enterprise network running Windows operating systems.
■ Broadcast transmissions When an administrator does not configure a computer running a Windows operating system to use WINS for NetBIOS name resolution, the system attempts to resolve names by broadcasting a NAME QUERY REQUEST message. The computer that possesses the name in the message is responsible for replying to the sender with its IP address. The broadcast transmission method is less efficient than WINS, both because broadcasts generate more network traffic than unicasts and because broadcast transmissions are limited to the local network.
■ Lmhosts This text file contains a lookup table that is much like the Hosts file originally used by TCP/IP systems. Lmhosts name resolution is extremely fast, because no network communication is required, but administrators must update
Off the Record These earlier Windows operating systems are capable of interacting with computers running Windows 2000 and later versions because the computers maintain an equivalent that is compatible with NetBIOS for every Active Directory name.
the file manually, making the method subject to the same administrative drawbacks as the Hosts file. Computers running Windows operating systems that rely on broadcast name resolution typically use Lmhosts as a backup method for resolving the names of computers that are not on the local network.
■ NetBIOS name cache No matter what other NetBIOS name resolutions they use, all computers running Windows operating systems also maintain a cache of recently resolved names and their IP addresses. When a computer needs to resolve a NetBIOS name, it always checks the cache first. This enables the computer to avoid repeatedly resolving the same names.
Windows uses these name resolution mechanisms in combination, depending on the configuration of the computer. When you configure a computer to use WINS, it resolves NetBIOS names by first checking the NetBIOS name cache, then sending messages to its WINS server. If the WINS server fails to resolve a name or is unavailable, the computer reverts to broadcast name resolution, and then to Lmhosts. Computers not configured to use WINS generate broadcast transmissions after checking the cache then revert to Lmhosts if broadcast transmissions fail to resolve the name.
If your network has computers running Windows operating systems that use NetBIOS on multiple local area networks (LANs), running WINS servers is all but essential. Otherwise, your network would be burdened with the additional traffic generated by broadcast name resolution, and you would have to create and update an Lmhosts file for every computer that has to resolve NetBIOS names on other LANs. If all your NetBIOS computers are in the same broadcast domain on a single local area network (LAN), you can do without WINS, because the broadcast transmission method is automatic and requires no administration. However, if you have a large number of NetBIOS computers, you might want to use WINS anyway, to save network bandwidth.
Deploying a single WINS server is simply a matter of installing the WINS service on a computer running Windows Server 2003 and then configuring the NetBIOS computers with the WINS server's IP address. If your Active Directory systems have to access the NetBIOS computers, you should configure their WINS clients as well. Microsoft recommends that you install at least two WINS servers on your network to provide fault tolerance. You can configure WINS servers to replicate their databases with each other, so that each one has a complete list of all the NetBIOS computers on the network.
Using Local Host Name Resolution
Although network administrators rarely use Hosts and Lmhosts files as primary name resolution methods, these files are useful as fallback mechanisms. If you have computers performing critical functions that would be interrupted by the failure of a name resolution mechanism, you can create a Hosts or Lmhosts file on these computers. The file would contain the names and IP addresses of systems that must be resolvable for the critical functions to proceed.
Practice: Specifying Name Resolution Requirements
For each of the DNS server functions listed below (numbered 1 through 4), specify whether you must have:
a. A DNS server with a registered IP address b. A registered domain name c. A DNS server with a connection to the Internet d. Administrative access to the DNS server
1. Internet domain hosting
2. Internet client name resolution
3. Web server hosting
4. Active Directory domain hosting
The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the "Questions and Answers" section at the end of this chapter.
1. What is the technical term for a DNS client implementation?
Off the Record Although WINS is generally not a major administrative burden, you might want to consider eliminating NetBIOS and NetBT traffic from your enterprise completely by upgrading all your downlevel computers to Windows 2000 or higher.
2. In what domain would you find the PTR resource record for a computer with the IP address 10.11.86.4?
a. 10.11.86.4.in-addr.arpa b. in-addr.arpa.188.8.131.52
c. 184.108.40.206.in-addr.arpa d. in-addr.arpa.10.11.86.4
3. What is the maximum length of a single DNS domain name?
a. 255 characters b. 15 characters c. 16 characters d. 63 characters
4. Which of the following statements are true about the broadcast transmission method of NetBIOS name resolution? (Choose all correct answers.)
a. The broadcast method generates more network traffic than the WINS method.
b. Broadcasts can only resolve the names of computers on local networks.
c. To use the broadcast method, a computer must have an Lmhosts file.
d. The broadcast method is faster than WINS.
■ Name resolution is the process of converting the friendly names you assign to computers into the IP addresses that TCP/IP systems need to communicate. The two types of names that Windows computers might have to resolve are DNS names and NetBIOS names.
■ DNS is a hierarchical, distributed database of names and IP addresses that is stored on servers all over the Internet. A DNS name consists of a single host name plus a domain name that consists of two or more words, separated by periods.
■ Individual users and organizations can lease second-level domain names, giving them the right to create any number of hosts and additional domain levels.
■ Depending on the functions required by your network, a DNS server might require a registered IP address, a registered domain name, an Internet connection, or an Internet connection in combination with a registered IP address or registered domain name.
■ Microsoft Windows versions prior to Windows 2000 use NetBIOS names to identify network computers. Windows supports a number of NetBIOS name resolution mechanisms, including WINS.
Was this article helpful?