Skip to main content

Introduction to Windows DNS – The Importance of DNS for Active Directory Services

windows-2012-dns-active-directory-importance-1The Domain Name System (DNS) is perhaps one of the most important services for Active Directory. DNS provides name resolution services for Active Directory, resolving hostnames, URLs and Fully Qualified Domain Names (FQDN) into IP addresses. The DNS Service uses UDP port 53 and in some cases TCP port 53 - when UDP DNS requests fail consistently. (Double-Check for Windows)

In-Depth information and analysis of the DNS protocol structure can be found at our DNS Protocol Analysis article.

FREE Hyper-V & VMware Backup: Easy to use - Powerful features - Just works, no hassle: It's FREE for Firewall.cx readers! Download Now!

How DNS Resolution Works

When installed on a Windows Server, DNS uses a database stored in Active Directory or in a file and contains lists of domain names and corresponding IP addresses. When a client requests a website by typing a domain (URL) inside the web browser, the very first thing the browser does is to resolve the domain to an IP address.

To resolve the IP address the browser checks into various places. At first, it checks the local cache of the computer, if there is no entry for the domain in question, it then checks the local hosts file (C:\windows\system32\drivers\etc\hosts), and if no record is found their either, it finally queries the DNS server.

The DNS server returns the IP address to the client and the browser forms the http request which is sent to the destination web server.

The above series of events describes a typical http request to a site on the Internet. The same series of events are usually followed when requesting access to resources within the local network and Active Directory, with the only difference that the local DNS server is aware of all internal hosts and domains.

A DNS Server can be configured in any server running Windows Server 2012 operating system. The DNS server can be Active Directory integrated or not. A few important tasks a DNS server in Windows Server 2012 is used for are:

  • Resolve host names to their corresponding IP address (DNS)
  • Resolve IP address to their corresponding host name (Reverse DNS)
  • Locate Global Catalog Servers and Domain Controllers
  • Locate Mail Servers

DNS Zones & Records

A DNS Server contains Forward Lookup Zone and Reverse Lookup Zone. Each zone contains different types of resource records. A Forward Lookup Zone maps host name to an IP address while Reverse Lookup Zone maps the IP address of the host name. The DNS Zone is stored in a file or in the Active Directory database. Only one copy of zone is writable and others are read-only if the zone is stored in Active Directory database. Resource records specify the type of resource.

Resource records in Forward Lookup Zone include:

Resource Type

Record

Host Name

A

Mail Exchange

MX

Service

SRV

Start of Authority

SOA

Alias

CNAME

 Name Server

 NS

Table 1. Resource Record Types

Similarly, resource records in Reverse Lookup Zone include:

Resource Type

Record

Pointer

PTR

Start of Authority

SOA

Name Server

NS

Table 2. Reverse Lookup Zone Resource Record Types

FREE Hyper-V & VMware Backup: Easy to use - Powerful features - Just works, no hassle: It's FREE for Firewall.cx readers! Download Now!

Types Of DNS Zone

There are four DNS zone types:

Primary Zones: This is a Master DNS Server for a zone and stores the master copy of zone data in AD DS or in a local file. This zone is the primary source for information about this zone.

Secondary Zones: This is a Secondary DNS Server for a zone and stores read-only copy of zone data in a local file. Secondary Zones cannot be stored in AD DS. The server that hosts Secondary Zones, retrieves DNS information from another DNS server where the original zone is hosted and must have network access to the remote DNS server.

Stub Zones: A Stub Zone contains only those resource records that are required to identify the authoritative DNS servers of that zone. A Stub Zone contains only SOA, NS and A type resource records which are required to identify the authoritative name server.

Active Directory-Integrated Zones: An Active Directory-Integrated Zone stores zone data in Active Directory. The DNS server can use Active Directory replication model to replicate DNS changes between Domain Controllers. This allows for multiple writable Domain Controllers in the network. Similarly, secure dynamic updates are also supported, which means that computers that have joined to the domain can have their own DNS records in the DNS server.

This article provided information about DNS services and a brief description of the DNS resolution process. We also explained the importance of DNS Services in Active Directory and saw which are the four different type of DNS Zones. Next article will show how to install the DNS Server role in Windows Server 2012.

Your IP address:

13.58.187.240

All-in-one protection for Microsoft 365

All-in-one protection for Microsoft 365

Test Your Cyber Skills and Win!!

Cybersecurity Awareness month - Test your cyber skills and win!

FREE Hyper-V & VMware Backup

FREE Hyper-V & VMware Backup

Wi-Fi Key Generator

Generate/Crack any
WEP, WPA, WPA2 Key!

Network and Server Monitoring

Network and Server Monitoring

Follow Firewall.cx

Cisco Password Crack

Decrypt Cisco Type-7 Passwords on the fly!

Decrypt Now!

Bandwidth Monitor

Zoho Netflow Analyzer Free Download

Free PatchManager

Free PatchManager

EventLog Analyzer

ManageEngine Eventlog Analyzer

Security Podcast

Hornet-Security-The-Swarm-Podcast

Firewall Analyzer

zoho firewall analyzer