When you create a zone in Windows Server 2003, several records are created automatically.
For a forward lookup zone, these records include an SOA record, an NS record, and an A record. The SOA record contains information about how resource records in the zone should be used and cached. The NS record contains the name of the authoritative name server, which is the server on which the zone was configured. The A record is the host address record for the name server.
For a reverse lookup zone, these records include an SOA record, an NS record, and a PTR record. The SOA record contains information about how resource records in the zone should be used and cached. The NS record contains the name of the authoritative name server, which is the server on which the zone was configured. The PTR record is the pointer record for the name server that allows reverse lookups on the server's IP address.
When you use Active Directory, SRV records are automatically created as well for domain controllers, global catalog servers, and PDC Emulators.
When you allow dynamic updates, A and PTR records for clients are automatically created for any computer using DHCP.
Any other records that you need must be created manually. The technique you use to create additional records depends on the type of record.
Tip
Create and change records on primary servers
When you create records or make changes to records, you should do so on a primary server. For Active Directory–integrated zones, this means any domain controller running the DNS Server service. For standard zones, this means the primary name server only. After you make changes to standard zones, right-click the server entry in the DNS console and select Update Server Data File. This increments the serial number for zones as necessary to ensure secondary name servers know changes have been made. You do not need to do this for Active Directory–integrated zones because Active Directory replicates changes automatically.
Host Address (A) records contain the name of a host and its IPv4 address. Any computer that has multiple network interfaces or IP addresses should have multiple address records. Pointer (PTR) records enable reverse lookups by creating a pointer that maps an IP address to a host name.
You do not need to create A and PTR records for hosts that use dynamic DNS. These records are created automatically. For hosts that don't use dynamic DNS, you can create a new host entry with A and PTR records by completing the following steps:
In the DNS console, expand the node for the primary name server, and then expand the related Forward Lookup Zones folder. Right-click the domain to which you want to add the records, and then choose New Host (A). This displays the dialog box shown in Figure 27-16.
Type the host name, such as corpsrv17, and then type the IP address, such as 192.168.15.22.
If a reverse lookup zone has been created for the domain and you want to create a PTR record for this host, select the Create Associated Pointer (PTR) Record option.
Note
If you are working with an Active Directory–integrated zone, you have the option of allowing any authenticated client with the designated host name to update the record. To enable this, select Allow Any Authenticated User To Update DNS Records With The Same Owner Name. This is a nonsecure dynamic update where only the client host name is checked.
Click Add Host. Repeat this process as necessary to add other hosts.
Click Done when you're finished.
If you opt not to create a PTR record when you create an A record, you can create the PTR later as necessary. In the DNS console, expand the node for the primary name server, and then expand the related Reverse Lookup Zones folder. Right-click the subnet to which you want to add the record, and then choose New Pointer (PTR). This displays the dialog box shown in Figure 27-17. Type the Host IP Number for the designated subnet, such as 206, and then type the FQDN for the host, such as corpsvr05.cpandl.com. Click OK.
Inside Out: Using round robin for load balancing
If a host name has multiple A records associated with it, the DNS Server service will use round robin for load balancing. With round robin, the DNS server cycles between the A records so that queries are routed proportionally to the various IP addresses that are configured. Here's how round robin works: Say that your organization's Web server gets a ton of hits—so much that the single Web server you've set up can't handle the load anymore.
To spread the workload, you configure three machines, one with the IP address 192.168.12.18, one with the IP address 192.168.12.19, and one with the IP address 192.168.12.20. On the DNS server, you configure a separate A record for each IP address, but use the same host name: http://www.cpandl.com. This tells the DNS server to use round robin to balance the incoming requests proportionally. As requests come in, DNS will respond in a fixed circular fashion with an IP address. For a series of requests, the first user might be directed to 192.168.12.18, the next user to 192.168.12.19, and the next user to 192.168.12.20. The next time around the order will be the same so the fourth user is directed to 192.168.12.18, the next user to 192.168.12.19, and the next user to 192.168.12.20. As you can see, with three servers, each server will get approximately one-third of the incoming requests and hopefully about one-third of the workload as well.
Round robin isn't meant to be a replacement for clustering technologies, but it is an easy and fast way to get basic load balancing. Support for round robin is enabled by default. If you have to disable round robin, type dnscmd ServerName /config /roundrobin 0. To enable round robin again later, type dnscmd ServerName /config /roundrobin 1. In both cases, ServerName is the name or IP address of the DNS server you want to configure.
Canonical Name (CNAME) records create aliases for host names. This allows a host to be referred to by multiple names in DNS. The most common use is when a host provides a common service, such as World Wide Web (WWW) or File Transfer Protocol (FTP) service, and you want it to have a friendly name rather than a complex name. For example, you might want http://www.cpandl.com to be an alias for the host dc06.cpandl.com.
To create an alias for a host name in the DNS console, expand the node for the primary name server, and then expand the related Forward Lookup Zones folder. Right-click the domain to which you want to add the records, and then choose New Alias (CNAME). This displays the dialog box shown in Figure 27-18. Type the alias for the host name, such as www, and then type the FQDN for the host, such as corpsvr17.cpandl.com. Click OK.
Mail Exchanger (MX) records designate a mail exchange server for the domain, which allows mail to be delivered to the correct mail servers in the domain. For example, if an MX record is set for the domain cpandl.com, all mail sent to Username@cpandl.com will be directed to the server specified in the MX record.
You can create an MX record by completing the following steps:
In the DNS console, expand the node for the primary name server, and then expand the related Forward Lookup Zones folder. Right-click the domain to which you want to add the records, and then choose New Mail Exchanger (MX). This displays the dialog box shown in Figure 27-19.
Consider leaving the Host Or Child Domain box blank. A blank entry specifies the mail exchanger name is the same as the parent domain name, which is typically what is desired.
Type the FQDN of the mail exchanger in the Fully Qualified Domain Name (FQDN) Of Mail Server box, such as exchange.cpandl.com. This is the name used to route mail for delivery.
Specify the priority of the mail server relative to other mail servers in the domain. The mail server with the lowest priority is the mail server that is tried first when mail must be routed to a mail server in the domain.
Click OK.
Name Server (NS) records provide a list of authoritative servers for a domain, which allows DNS lookups within various zones. Each primary and secondary name server in a domain should be declared through this record. These records are created automatically when Active Directory–integrated zones are used. For standard zones, you can create an NS record by doing the following:
In the DNS console, expand the node for the primary name server, and then expand the related Forward Lookup Zones or Reverse Lookup Zones folder as appropriate.
Right-click the domain of the subnet for which you want to create name servers, and then select Properties. In the Properties dialog box select the Name Servers tab, as shown in Figure 27-20.
The Name Servers list shows the DNS servers currently configured to be authoritative for the zone and includes DNS servers that host secondary zones. If a name server isn't listed and you want to add it, click Add. This displays the New Resource Record dialog box.
In the Server Fully Qualified Domain Name (FQDN) field, type the fully qualified host name of a secondary server for the domain, and click Resolve. If the IP address of the name server is filled in for you, click Add, and then add other IP addresses for this name server as necessary.
Click OK to close the New Resource Record dialog box. Repeat this process to specify other name servers for the domain.
Start Of Authority (SOA) records indicate the authoritative name server for a particular zone. The authoritative server is the best source of DNS information for a zone. Because each zone must have an SOA record, the record is created automatically when you add a zone. The SOA record also contains information about how resource records in the zone should be used and cached. This includes refresh, retry, and expiration intervals as well as the maximum time that a record is considered valid.
To view the SOA record for a zone in the DNS console, expand the node for the primary name server, and then expand the related Forward Lookup Zones or Reverse Lookup Zones folder as appropriate. Right-click the domain or subnet whose SOA record you want to view, and then select Properties. In the Properties dialog box select the Start Of Authority (SOA) tab, as shown in Figure 27-21.
The key field here is the Serial Number field. When you make changes manually to records in standard zones, you must update the serial number in the related zone or zones to show that changes have been made. Rather than updating the serial number manually for each individual zone, you can have the DNS server do this automatically for all zones as applicable. In the DNS console, right-click the server entry, and then choose Update Server Data File. As discussed previously, you do not need to do this with Active Directory–integrated zones as changes are replicated automatically.
Service Location (SRV) records make it possible to find a server providing a specific service. Active Directory uses SRV records to locate domain controllers, global catalog servers, LDAP servers, and Kerberos servers. SRV records are created automatically. For example, Active Directory creates an SRV record when you promote a domain controller. LDAP servers can add an SRV to indicate they are available to handle LDAP requests in a particular zone.
In the forest root zone, SOA, NS, CNAME, and SRV records are created. The SOA record contains information about the forest root zone. The NS records indicate the primary DNS servers for the forest root zone. The CNAME records are used to designate aliases that allow Active Directory to use the globally unique identifier (GUID) of a domain to find the forest root name servers for that domain. The SRV records used to locate Active Directory resources are organized by function as follows:
DC Contains SRV records for domain controllers. These records are organized according to the Active Directory site in which domain controllers are located.
Domains Contains SRV records for domain controllers by domain. Folders for each domain in the forest are organized by the domain's GUID.
GC Contains SRV records for global catalog servers in the forest. These records are primarily organized according to the Active Directory site in which domain controllers are located.
PDC Contains SRV records for PDC Emulators in the forest.
In the forward lookup zone for a domain, you'll find similar SRV records used to locate Active Directory resources. These records are organized by the following criteria:
Active Directory site
The Internet protocol used by the resource; either TCP or UDP
Zone, either DomainDnsZones or ForestDnsZones
As Figure 27-22 shows, each record entry identifies a server that provides a particular service according to the following:
Domain The DNS domain in which the record is stored.
Service The service being made available. LDAP is for directory services on a domain controller. Kerberos indicates a Kerberos server that enables Kerberos authentication. GC indicates a global catalog server. KPasswd indicates Kerberos password service.
Protocol The protocol the service uses, either TCP or User Datagram Protocol (UDP).
Priority The priority or level of preference given to the server providing the service. The highest priority is 0. If multiple servers have the same priority, clients can use the weight to load balance between available servers.
Weight The relative weight given to the server for load balancing when multiple servers have the same priority level.
Port Number The TCP/IP port used by the server to provide the service.
Host Offering This Service The FQDN of the host providing the service.
