Dns AD

From AUwiki
Jump to: navigation, search

DNS and Active Directory

It's not black magic, but likely a dark art

The Domain Name System (DNS) is pretty much as old as the Internet itself and it's purpose was quite simple in concept - translated ip addresses, which can be hard to remember, into names that are easier. In it's simplest form the naming structure can be hostname.domainname, e.g. mycomputer.mydomain and that is a perfectly acceptable scheme on a Local Area Network. It is often common to mimic the Internet naming scheme though, so you might have something like bigPC.jollygreen.corp - again that's good for LANs and private WANs. On the Internet you have to adhere to some rules - the simplest form allowed is domain.top level domain (TLD). The TLDs are .com, .org, .net etc. There is actually one last domain, called the root domain and it is often just implied, it is just a period '.'

With domain names they start off more specific and become less specific from left to right:

e.g. COMPUTER --> NETWORK --> TLD : www.parallel42.ca

www - the web server
parallel42 - the domain, containing perhaps 20 unique hosts
ca - the TLD containing all the hosts using the .ca domain
. - the implied root domain encompassing the entire Internet

The DNS is a service or daemon that runs on a server, the application responsible could be BIND, djbdns, or Microsoft own DNS implementation. They all function in a similar manner receiving queries and either answering them directly (which means the server is authoritative for that domain, or has a cached response from a previous query) - or it forwards the query to another DNS server that may know the answer. The query is basically - "hey, I need to talk to the host known as www.yahoo.com, what is the address?" The answer is "hey dummy, it's 123.123.123.123, like I told you yesterday!" At which point your PC can then send it's IP packets to the yahoo web server - could be a ping, could be http, whatever - it now knows where to go. If it makes you feel any better, DNS servers have been telling computers where to go for years.

DNS servers hold what are often called "zones" - databases of ip to hostname translations; there are forward zones and reverse zones. A forward zone holds various records to translating names:

A records are direct name to ip address pairings

www --> 123.123.123.123

CNAMES are often called Aliases, they point to other A records

ftp --> www.yahoo.com. <-- note the trailing dot, important for DNS servers

MX are for defining mail servers responsible for the domain

MX --> mail.yahoo.com

That's the basics, although DNS can and does hold a number of other record types.

A reverse zone holds PTR records and their format is odd to the uninitiated and beyond the scope of this article. The important thing is that they let you find the hostname for a particular IP address.

The Importance of DNS

What is so critical about all this? Well, many things rely on DNS these days to function properly, mail servers, antivirus software, TCP/IP networking and especially Active Directory. Active Directory uses DNS to store information that is critical to AD proper functioning. As such, DNS issues are often accompanied by Active Directory issues in Microsoft environments.

Tools

dcdiag is a useful troubleshooting util

dcpromo is the command line util for promoting and demoting Domain Controllers