Active Directory Domain Name System

Imagine that you have to send an e-mail or use a printer on your network. Would you rather have a recipient e-mail address such as 192.168.12.210 and select a printer named 172.24.115.235 or have easy to remember names for e-mail address and printer? Who relieves us from the onerous task of remembering these IP addresses? It is the Domain Name System (DNS). DNS is a name resolution system which helps a client resolve the host’s name to its IP address in a network.

Active Directory and DNS

Active Directory (AD) depends on DNS for name resolution and locating resources on a network. DNS has a database that maintains resource records, which helps identify various servers, domains, and services on the network. Some of the common types of DNS resource records are:

Record Type
Format Purpose
A

abc.com. IN A 172.9.54.11

Maps a host name to an IPv4 address

CNAME

cba.com. IN CNAME abc.com.

Makes one domain an alias of another domain

PTR

11.54.9.172.in-addr.arpa. IN PTR abc.com.

Maps an IPv4 address to a  host name

MX

*.ab.bc.com. 14400 IN MX 0 ms1.ab.bc.com.

Identifies the mail server for a particular domain

SRV

_http._tcp.abc.com. IN SRV 0 5 80 ws1.abc.com.

Maps a service to a particular server

A domain controller (DC) registers an AD DNS entry at boot time with an A record. The DC also registers AD DNS Service (SRV) records which help in mapping services like Kerberos, LDAP, etc., to itself. When a client computer joins a network, it locates the DC by querying the DNS for the service name. DNS retrieves the SRV record from its database and provides the DC’s host name to the client. The client further queries the DNS using this host name to obtain the DC’s IP address. Thus, without the DNS, a client wouldn’t be able to authenticate into AD or find various services.

Active Directory DNS zones

The DNS has a distributed database i.e., the information about all the domains, subdomains, and host mappings are not stored on just one DNS server but distributed across many servers. The management of the DNS database is made easy by dividing the DNS name space into multiple zones and assigning the responsibility of a zone to a particular server. An AD DNS zone is a collection of hierarchial domain names with the root domain delegated to one or more name servers. A zone contains all the information about a domain except for the parts of the domain delegated to other name servers. The zone files begin with a AD DNS SOA or Start of Authority resource record that indicates  the primary name server for the zone.
Imagine a company, ABC, that has a name space abc.com delegated to the name server ns1.abc.com. All the domains under abc.com  viz., sales, HR, finance, and admin can be placed in one zone. However, let us now imagine that the company’s HR, finance, and admin domains are administered in India and the sales domain is administered in the USA. In order to simplify the management of the DNS database, the  HR, finance, admin, and abc domains can be placed in zone 1 and the responsibility can be given to ind.abc.com name server while the sales subdomain can be placed in a separate zone (zone 2 as shown in the figure below) and its responsibility can be delegated to us.sales.abc.com name server.

Active Directory Domain Name System

Active Directory DNS delegation

The names within a zone can be delegated to another zone maintained by a different server. Thus the responsibility of a subdomain can be passed on to a different name server which will handle requests for the resource records through a process called AD  DNS delegation. Delegation can be brought in to effect with the help of NS and A resource records as shown below:

sales.abc.com                   IN                         NS             ns1.sales.abc.com
ns1.sales.abc.com             IN                          A              192.168.14.9
DNS plays a very important role in the smooth functioning of a network. In the event of DNS failure, it would be difficult to find the IP address of a host, and thereby difficult to access any service. DNS acts as a bidirectional translator between IP addresses and host names, thus making our network communications easy.

Comments

comments

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Tags: