and humans conceptualize in drastically different ways. In terms of
understanding locations, humans are much better at grasping the concept
of names rather than numbers. For example, most people think of cities
by their names, not by their ZIP codes. Computers, however, work in
binary, and subsequently prefer to work with numbers. For example,
computers at the post office translate the city and address names into
specific ZIP codes for that region, helping each letter reach its
Name resolution for
computer systems works in a similar way. A user-friendly name is
translated into a computer-identifiable number. TCP/IP uses a number
scheme that uniquely identifies each computer interface on a network by a
series of numbers, such as 10.1.2.145, known as an IP address. Because
most humans are not interested in memorizing several of these types of
numbers, they must be easily resolvable into user-friendly names such as
DNS, in its simplest form,
provides for name resolution in a distributed fashion, with each server
or set of servers controlling a specified zone and with entries for
each resource called resource records (RRs) that indicate the location
of a particular object.
A good analogy for DNS can be
found in telephone books. Each city or metropolitan area (namespace)
publishes a separate phone book (zone) that contains many listings
(resource records) that map people’s names to their phone numbers (IP
addresses). This simple example illustrates the basic principle behind
DNS. When you understand these basics, further drilling down into the
specifics, especially with regard to Windows Server 2008 R2’s DNS, is
Detailing the History of DNS
The Internet, as originally
implemented, utilized a simple text file called a HOSTS file that
contained a simple list of all servers on the Internet and their
corresponding IP addresses. This file was copied manually from the
master server to multiple secondary HOSTS servers. As more and more
servers were added to the Internet, however, updating this file became
unmanageable, and a new system became necessary.
In 1983, in direct response to
this problem, the RFCs for the DNS were drawn up, and this form of name
resolution was implemented on a large scale across the Internet. Instead
of a small number of static HOSTS files, DNS servers formed a
hierarchical method of name resolution, in which servers resolved only a
certain segment of hosts on the Internet and delegated requests that it
did not manage. This allowed the number of records held in DNS to scale
enormously, without a subsequently large performance decrease.
Microsoft developed its own
implementation of DNS in Windows NT 4.0, which was based on the RFC
standards on which DNS was founded. With the introduction of Windows
2000, Microsoft adopted DNS as the principle name-resolution strategy
products. Older, legacy name-resolution systems such as Windows
Internet Naming Service (WINS) are slowly being phased out. Since that
time, the DNS implementation used by Microsoft has evolved to include a
number of key benefits that distinguish it from standard DNS
implementations—for example, UNIX BIND. To understand these
improvements, however, you first need a basic understanding of DNS
Establishing a Framework for DNS
DNS structure is closely tied
to the structure of the Internet and often is confused with the Internet
itself. The structure of DNS is highly useful, and the fact that it has
thrived for so long is a tribute to its functionality. A closer
examination of what constitutes DNS and how it is logically structured
is important in understanding the bigger picture of how DNS fits into
Windows Server 2008 R2.
Explaining the DNS Hierarchy
DNS uses a hierarchical
approach to name resolution in which resolution is passed up and down a
hierarchy of domain names until a particular computer is located. Each
level of the hierarchy is divided by dots (.), which symbolize the
division. A fully qualified domain name (FQDN), such as server1.sales.companyabc.com, uniquely identifies a resource’s space in the DNS hierarchy. Figure 10.1 shows how the fictional CompanyABC fits into the DNS hierarchy.
Figure 1. DNS hierarchy.
The top of the hierarchy
is known as the root, and is represented by a single . (dot). Moving
down the DNS hierarchy, the next layer in the model is made up of
top-level domain (TLD) names, which are .com, .net, .gov, .fr,
and similar domain namespaces that loosely define the particular
category that a domain namespace fits into. The Internet Assigned
Numbers Authority (IANA) oversees the global root zone management and
management of the TLDs. The IANA is operated by the Internet Corporation
for Assigned Names and Numbers (ICANN). The official list of all
generic TLDs maintained by IANA is given in Table 1.
Table 1. List of Generic Top-Level Domain Names
|.aero||Air Travel Industry|
|.jobs||Companies (Job Postings)|
|.travel||Travel and Tourism Industry|
For example, educational institutions are commonly given .edu extensions, and commercial businesses are given .com extensions. These extensions form the first set of branches to the DNS tree. The .biz, .com, .info, .name, .net, and .org are all open TLDs, meaning any individual or entity can register the domains. Other TLDs have restrictions based on the intended use.
In addition to the generic
TLDs, the IANA maintains country-code TLDs. These country codes are the
two-letter codes specified in International Organization for
Standardization (ISO) 3166 standard. For example, .co is maintained for Colombia and .fr
is maintained for France. Interestingly, all the country-code TLDs
listed in ISO 3166 are maintained, but some are unused, such as the
Saint Martin (.mf). There are also a handful of exceptions, such as the listing for United Kingdom, which is listed in the ISO 3166 standard as .gb, but .uk is used instead.
The second level in the DNS hierarchy commonly contains the business name of an organization, such as companyabc in Figure 10.1.
This level is normally the first area in the DNS hierarchy where an
organization has control over the records within the domain and where it
can be authoritative.
Subdomains can easily be, and
often are, created in the DNS hierarchy for various reasons. For
example, sales.microsoft.com is a potential domain that could exist as a
sublevel of the microsoft.com domain. The DNS hierarchy works in this
way, with multiple levels possible.
Outlining the DNS Namespace
The bounded area that is defined by the DNS name is known as the DNS namespace. Microsoft.com is a namespace, as is marketing.companyabc.com.
Namespaces can be either public or private. Public namespaces are
published on the Internet and are defined by a set of standards. All the
.com, .net, .org,
and similar namespaces are external, or public. An internal namespace
is not published to the Internet, but is also not restricted by
extension name. In other words, an internal, unpublished namespace can
occupy any conceivable namespace, such as dnsname.local or companyabc.internal.
Internal namespaces are most often used with Active Directory because
they give increased security to a namespace. Because such namespaces are
not published, they cannot be directly accessed from the Internet.