CHAPTER 10
268
Domain Name System and IPv6
FIGURE 10.4 Sample host record.
The vast majority of RRs in DNS are A records because they are used to identify the IP
addresses of most resources within a domain.
NOTE
Most resource records also contain advanced information about the record, which
includes the Time to Live (TTL) and, optionally, the record time stamp. To view or update
this information, select Advanced from the View menu of the DNS Management console.
Name Server (NS) Records
Name Server (NS) records identify which computers in a DNS database are the name
servers, essentially the DNS servers for a particular zone. Although there can be only one
SOA record for a zone, there can be multiple NS records for the zone, which indicate to
clients which machines are available to run DNS queries against for that zone.
NOTE
Name Server records, or NS records, do not actually contain the IP information of a particular resource. In fact, in most cases, only A records contain this information. NS
records and other similar records simply point to a server’s A record. For example, an
NS record will simply point to server1.companyabc.com, which will then direct the query
to the server1 A record in the companyabc.com zone.
Resource Records
269
Service (SRV) Records
Service (SRV) records are RRs that indicate which resources perform a particular service.
Domain controllers in Active Directory Domain Services are referenced by SRV records
that define specific services, such as the global catalog (GC), Lightweight Directory Access
Protocol (LDAP), and Kerberos. SRV records are a relatively new addition to DNS, and did
not exist in the original implementation of the standard. Each SRV record contains information about a particular functionality that a resource provides. For example, an LDAP
server can add an SRV record, indicating that it can handle LDAP requests for a particular
zone. SRV records can be very useful for Active Directory Domain Services because
domain controllers can advertise that they handle global catalog requests, as illustrated in
Figure 10.5.
FIGURE 10.5 Sample SRV record for an AD GC entry.
NOTE
Because SRV records are a relatively new addition to DNS, they are not supported by
Mail Exchanger (MX) Records
A Mail Exchanger (MX) record indicates which resources are available for Simple Mail
Transfer Protocol (SMTP) mail reception. MX records can be set on a domain basis so that
mail sent to a particular domain will be forwarded to the server or servers indicated by
10
several down-level DNS implementations, such as UNIX BIND 4.1.x and NT 4.0 DNS. It
is, therefore, critical that the DNS environment that is used for Windows Server 2008
R2’s Active Directory Domain Services has the capability to create SRV records. For
UNIX BIND servers, version 8.1.2 or higher is recommended.
270
CHAPTER 10
Domain Name System and IPv6
the MX record. For example, if an MX record is set for the domain companyabc.com, all
mail sent to user@companyabc.com will be automatically directed to the server indicated
by the MX record.
Pointer (PTR) Records
Reverse queries to DNS are accomplished through the use of Pointer (PTR) records. In
other words, if a user wants to look up the name of a resource that is associated with a
specific IP address, he would do a reverse lookup using that IP address. A DNS server
would reply using a PTR record that would indicate the name associated with that IP
address. PTR records are most commonly found in reverse lookup zones.
Canonical Name (CNAME) Records
A Canonical Name (CNAME) record represents a server alias, and allows any one of a
number of servers to be referred to by multiple names in DNS. The record essentially
redirects queries to the A record for that particular host. CNAME records are useful when
migrating servers and for situations in which friendly names, such as mail.companyabc.
com, are required to point to more complex server-naming conventions, such as
sfoexch01.companyabc.com.
Other DNS Record Types
Other, less common forms of records that might exist in DNS have specific purposes, and
there might be cause to create them. The following is a sample list, but is by no means
exhaustive:
 AAAA—Maps a standard IP address into a 128-bit IPv6 address. This type of record
will become more prevalent as IPv6 is adopted and is discussed later in the chapter.
 ISDN—Maps a specific DNS name to an ISDN telephone number.
 KEY—Stores a public key used for encryption for a particular domain.
 RP—Specifies the Responsible Person for a domain.
 WKS—Designates a particular Well-Known Service.
 MB—Indicates which host contains a specific mailbox.
Understanding DNS Zones
A zone in DNS is a portion of a DNS namespace that is controlled by a particular DNS
server or group of servers. The zone is the primary delegation mechanism in DNS and is
used to establish boundaries over which a particular server can resolve requests. Any server
that hosts a particular zone is said to be authoritative for that zone, with the exception of
stub zones, which are defined later in the chapter in the “Stub Zones” section. Figure 10.6
illustrates how different portions of the DNS namespace can be divided into zones, each
of which can be hosted on a DNS server or group of servers.
Understanding DNS Zones
271
.com
ZONE
companyabc.com
companyxyz.com
europe.companyabc.com
asia.companyabc.com
ZONE
east.asia.companyabc.com
sales.europe.companyabc.com
west.asia.companyabc.com
FIGURE 10.6 DNS zones.
It is important to understand that any section or subsection of DNS can exist within a
single zone. For example, an organization might decide to place an entire namespace of a
domain, subdomains, and subsubdomains into a single zone. Or specific sections of that
namespace can be divided up into separate zones. In fact, the entire Internet namespace
can be envisioned as a single namespace with . as the root, which is divided into a multitude of different zones.
NOTE
A server that is installed with DNS but does not have any zones configured is known
Forward Lookup Zones
A forward lookup zone is created to, as the name suggests, forward lookups to the DNS
database. In other words, this type of zone resolves names to IP addresses and resource
information. For example, if a user wants to reach dc1.companyabc.com and queries for its
IP address through a forward lookup zone, DNS returns 172.16.1.11, the IP address for
that resource.
10
as a caching-only server. Establishing a caching-only server can be useful in some
branch office situations because it can help to alleviate large amounts of client query
traffic across the network and eliminate the need to replicate entire DNS zones to
remote locations.
CHAPTER 10
272
Domain Name System and IPv6
NOTE
There is nothing to stop the assignment of multiple RRs to a single resource. In fact,
this practice is common and useful in many situations. It might be practical to have a
server respond to more than one name in specific circumstances. This type of functionality is normally accomplished through the creation of CNAME records, which create
aliases for a particular resource.
Reverse Lookup Zones
A reverse lookup zone performs the exact opposite operation as a forward lookup zone. IP
addresses are matched up with a common name in a reverse lookup zone. This is similar
to knowing a phone number but not knowing the name associated with it. Reverse lookup
zones are usually manually created and do not always exist in every implementation.
Creating a new zone using the Configure a DNS Server Wizard, as in the example earlier in
this chapter, can automatically create a reverse lookup zone. Reverse lookup zones are
primarily populated with PTR records, which serve to point the reverse lookup query to
the appropriate name.
Primary Zones
In traditional (non–Active Directory–integrated) DNS, a single server serves as the master
DNS server for a zone, and all changes made to that particular zone are done on that
particular server. A single DNS server can host multiple zones, and can be primary for one
and secondary for another. If a zone is primary, however, all requested changes for that
particular zone must be performed on the server that holds the master copy of the zone.
Secondary Zones
A secondary zone is established to provide redundancy and load balancing for the primary
zone. Each copy of the DNS database is read-only, however, because all record keeping is
done on the primary zone copy. A single DNS server can contain several zones that are
primary and several that are secondary. The zone creation process is similar to the one
outlined in the preceding section on primary zones, but with the difference being that the
zone is transferred from an existing primary server.
Stub Zones
The concept of stub zones is unique to Microsoft DNS. A stub zone is essentially a zone
that contains no information about the members in a domain but simply serves to
forward queries to a list of designated name servers for different domains. A stub zone
subsequently contains only NS, SOA, and glue records. Glue records are essentially A
records that work in conjunction with a particular NS record to resolve the IP address of a
particular name server. A server that hosts a stub zone for a namespace is not authoritative
for that zone.