In
the DNS hierarchy, objects are identified through the use of resource
records (RRs). These records are used for basic lookups of users and
resources within the specified domain and are unique for the domain in
which they are located. Because DNS is not a flat
namespace, however, multiple identical RRs can exist at different
levels in a DNS hierarchy. The distributed nature of the DNS hierarchy
allows such levels.
Several key resource
records exist in most DNS implementations, especially in those
associated with Windows Server 2008 R2 Active Directory Domain Services.
A general familiarity with these specific types of RRs is required to
gain a better understanding of DNS.
Start of Authority (SOA) Records
The Start of Authority (SOA)
record in a DNS database indicates which server is authoritative for
that particular zone. The server referenced by the SOA records is
subsequently the server that is assumed to be the authoritative source
of information about a particular zone and is in charge of processing
zone updates. The SOA record contains information such as the Time to
Live (TTL) interval, the contact person responsible for DNS, and other
critical information, as illustrated in Figure 1.
An SOA record is
automatically created when DNS is installed for Active Directory Domain
Services in Windows Server 2008 R2 and is populated with the default
TTL, primary server, and other pertinent information for the zone. After
installation, however, these values can be modified to fit the specific
needs of an organization.
Host (A) Records
The most common type of RR in
DNS is the host record, also known as an A record. This type of RR
simply contains the name of the host and its corresponding IP address,
as illustrated in Figure 2.
The
vast majority of RRs in DNS are A records because they are used to
identify the IP addresses of most resources within a domain.
Note
Most resource records also
contain advanced information about the record, which includes the Time
to Live (TTL) and, optionally, the record time stamp. To view or update
this information, select Advanced from the View menu of the DNS
Management console.
Name Server (NS) Records
Name Server (NS)
records identify which computers in a DNS database are the name servers,
essentially the DNS servers for a particular zone. Although there can
be only one SOA record for a zone, there can be multiple NS records for
the zone, which indicate to clients which machines are available to run
DNS queries against for that zone.
Note
Name Server records, or NS
records, do not actually contain the IP information of a particular
resource. In fact, in most cases, only A records contain this
information. NS records and other similar records simply point to a
server’s A record. For example, an NS record will simply point to server1.companyabc.com, which will then direct the query to the server1 A record in the companyabc.com zone.
Service (SRV) Records
Service
(SRV) records are RRs that indicate which resources perform a
particular service. Domain controllers in Active Directory Domain
Services are referenced by SRV records that define specific services,
such as the global catalog (GC), Lightweight Directory Access Protocol
(LDAP), and Kerberos. SRV records are a relatively new addition to DNS,
and did not exist in the original implementation of the standard. Each
SRV record contains information about a particular functionality that a
resource provides. For example, an LDAP server can add an SRV record,
indicating that it can handle LDAP requests for a particular zone. SRV
records can be very useful for Active Directory Domain Services because
domain controllers can advertise that they handle global catalog
requests, as illustrated in Figure 3.
Note
Because SRV records are a
relatively new addition to DNS, they are not supported by several
down-level DNS implementations, such as UNIX BIND 4.1.x and NT 4.0 DNS.
It is, therefore, critical that the DNS environment that is used for
Windows Server 2008 R2’s Active Directory Domain Services has the
capability to create SRV records. For UNIX BIND servers, version 8.1.2
or higher is recommended.
Mail Exchanger (MX) Records
A Mail Exchanger (MX)
record indicates which resources are available for Simple Mail Transfer
Protocol (SMTP) mail reception. MX records can be set on a domain basis
so that mail sent to a particular domain will be forwarded to the server
or servers indicated by the MX record. For example, if an MX record is set for the domain companyabc.com, all mail sent to user@companyabc.com will be automatically directed to the server indicated by the MX record.
Pointer (PTR) Records
Reverse queries to DNS are
accomplished through the use of Pointer (PTR) records. In other words,
if a user wants to look up the name of a resource that is associated
with a specific IP address, he would do a reverse lookup using that IP
address. A DNS server would reply using a PTR record that would indicate
the name associated with that IP address. PTR records are most commonly
found in reverse lookup zones.
Canonical Name (CNAME) Records
A Canonical Name (CNAME)
record represents a server alias, and allows any one of a number of
servers to be referred to by multiple names in DNS. The record
essentially redirects queries to the A record for that particular host.
CNAME records are useful when migrating servers and for situations in
which friendly names, such as mail.companyabc.com, are required to point to more complex server-naming conventions, such as sfoexch01.companyabc.com.
Other DNS Record Types
Other, less common forms of
records that might exist in DNS have specific purposes, and there might
be cause to create them. The following is a sample list, but is by no
means exhaustive:
AAAA—
Maps a standard IP address into a 128-bit IPv6 address.
ISDN— Maps a specific DNS name to an ISDN telephone number.
KEY— Stores a public key used for encryption for a particular domain.
RP— Specifies the Responsible Person for a domain.
WKS— Designates a particular Well-Known Service.
MB— Indicates which host contains a specific mailbox.
