Developer

Setting up DNS in Windows NT 4.0

Richard Charrington gives a detailed explanation of how to use DNS with Windows NT 4.0 in this Daily Drill Down.


With all the talk this year about Windows 2000, it could be easy to overlook Windows NT 4.0. That is, if you weren’t dealing with it on a daily basis. Windows NT 4.0 is going to be around for a long time. And it’s still perfectly good for many network services.

One of the most common network services you provide nowadays is DNS. Windows NT 4.0 can function very nicely as your DNS server. In this Daily Drill Down, I’ll take a look at how DNS works with Windows NT 4.0.

DNS details
Microsoft DNS Server for Windows NT Server version 4.0 is an RFC-compliant DNS name server based on a client/server architecture. Because Microsoft DNS Server is an RFC-compliant name server, it can be used with other DNS name servers, such as UNIX-based DNS name servers, as either a primary or secondary name server.

A computer configured with Microsoft DNS Server can manage one or more zones and zone databases. You also can create up to a maximum of 15 virtual DNS servers on a multihomed computer configured with Microsoft DNS Server. The Microsoft DNS Server support for zones and virtual DNS servers enables you to configure your computers in the fashion that best supports your business and networking requirements.

DNS name server zone files contain name-to-IP address mappings and other identifying information (such as a host alias name) in data records referred to as resource records. These resource records must be created for any computer in a zone that has a static IP address and that is a resource for users on the Internet.

Resources that are frequently used by remote users on the Internet are manually assigned static IP addresses. However, the interoperability of Microsoft DNS Server and Microsoft WINS servers enables you to dynamically create IP addresses for your intranet computers by using Microsoft DNS, Microsoft WINS, and DHCP servers.

DNS Manager
To help you create and edit resource records and perform other DNS server management tasks, Microsoft provides DNS Manager. DNS Manager is automatically installed when you install Microsoft DNS Server. DNS Manager eliminates the need to manually edit text files and enables you to create a full range of DNS resource records.

When you install Microsoft DNS Server on a computer running Windows NT Server 4.0, the Setup program automatically adds DNS Manager to Administrative Tools on the Program menu. You use DNS Manager to administer local and remote Microsoft DNS Servers and to create the resource records that provide name resolution information and support connectivity for remote users on the Internet and TCP/IP intranets.

To start DNS Manager, select Programs from the Start menu. Next, select Administrative Tools and click DNS Manager. When you do, you’ll see the screen shown in Figure A.

Figure A
You administer DNS on Windows NT 4 using DNS Manager.


Some of the most useful tasks that can be performed using DNS Manager are:
  • Adding DNS servers for local server, remote server, and virtual server management.
  • Configuring server properties.
  • Configuring primary and secondary zones.
  • Configuring transfer of data between primary and secondary zones. Such transfer of data is referred to as a zone transfer.
  • Adding A (address) records with host-name-to-IP-address mappings for computers in the zone that are assigned static IP addresses. (For more information on different resource record types, see the list of DNS resource record types, later in this Daily Drill Down.)
  • Adding PTR (pointer) records with IP-address-to-hostname mappings. (Each PTR record must have a corresponding A record and vice versa.)
  • Adding CNAME (alias), MX (mail exchange), and other resource records as needed.
  • Monitoring usage of DNS servers by using DNS Manager statistics.
  • Editing and maintaining zone configurations and resource records as needed.
You cannot administer or create resource records on non-Microsoft DNS Servers by using DNS Manager. To administer such records, use a text editor or the tool provided by the non-Microsoft DNS server.
With DNS Manager, you can add or change Microsoft DNS Servers and the zones managed by those servers. It’s important to note that when creating the primary and secondary servers required for Internet connectivity, you must first define and configure a server by using DNS Manager. You then define one or more zones managed by that server.

The generally used reference to primary and secondary DNS servers is actually misleading when applied to the actual configuration and operation of DNS name servers. Because each DNS server manages its portion of the domain name space using the administrative grouping of a zone, data on the server is stored in zone files.

When data is transferred between primary and secondary servers, it is the zone files that are transferred. Microsoft DNS Server is designed to incorporate this operational characteristic by assigning the primary or secondary characteristic to the zone file. In other words, the designation of primary or secondary data source is configured on a zone-by-zone basis and not a server-by-server basis. You configure zone properties to create the primary or secondary data files.

Adding and configuring a DNS server
The following procedures provide an example of how to add a Microsoft DNS Server and primary and secondary zones. This example assumes that the server managing the primary zone is configured on the local computer and that the server managing the secondary zone is located on a remote computer in the same network that is configured with Microsoft DNS Server. In addition to illustrating zone concepts, this example illustrates that you can manage multiple computers configured with Microsoft DNS Server from one central computer configured with Microsoft DNS Server.

To add the Microsoft DNS Server that will manage the primary zone, double-click the Server List icon in DNS Manager. Select New Server from the DNS menu. In the Add DNS Server dialog box, enter either the DNS server hostname or the IP address. Click OK to finish. DNS Manager automatically creates the new server icon in the left pane of the DNS Manager window.
Before creating a zone, make sure you have correctly configured TCP/IP Properties by entering the correct hostname and domain name for the local computer on the DNS page in the Microsoft TCP/IP Properties dialog box. To reach this dialog box, click the Start button, point to Settings, and click Control Panel. Double-click the Network icon, click the Protocols tab, click TCP/IP Protocol in the Network Protocols list, and then click Properties.
To configure your server’s properties, right-click the server icon, and click Properties. Next, click the Interfaces tab. Type an IP address, and click Add. Repeat until all IP addresses configured on the server are entered. You can enter a maximum of 15 IP addresses, even if the computer is a multihomed computer configured to support more than 15 IP addresses.

If you’re using a DNS forwarder to control access to the Internet, click the Forwarders tab, and enter the IP address of the Microsoft DNS Server that is designated as the forwarder. Click OK to finish.
If you do not specify IP addresses on the Interfaces tab and the computer is a multihomed computer configured with more than 15 IP addresses, you might encounter Event 410 or 520 errors. These errors occur in part because if no IP addresses are specified, by default Microsoft DNS Manager attempts to monitor all IP addresses configured on the server computer.
To add a server icon on the local computer that represents a remote computer configured with Microsoft DNS Server, double-click the Server List icon in DNS Manager. Click New Server, and in the Add DNS Server dialog box enter either the DNS server hostname for the remote computer or its IP address. Click OK. DNS Manager automatically adds a new server icon that represents the remote server in the left pane of the DNS Manager window.

Creating zones
Before creating a zone, make sure you have correctly configured TCP/IP Properties by entering the correct hostname and domain name for the local computer on the DNS page in the Microsoft TCP/IP Properties dialog box. To reach this dialog box, click the Start button, point to Settings, and click Control Panel. Double-click the Network icon, click the Protocols tab, click TCP/IP Protocol in the Network Protocols list, and then click Properties.

To add a primary zone, right-click the local server icon, and click New Zone to start the zone wizard. Click Primary, and then click Next. The zone wizard prompts you for additional information and then automatically creates the zone and zone file and adds SOA, NS, and A data records to the zone file (see below for record type descriptions).

To create a reverse-lookup zone, use this same procedure and use a zone name that complies with the reverse-lookup name format (nnn.nnn.nnn.in-addr.arpa). For example, the reverse-lookup zone to contain PTR records for IP addresses 172.16.16.1 through 172.16.224.254 would be named .16.172.in-addr.arpa.

Whenever possible, create a reverse-lookup zone for each zone before adding A records for computers contained in that zone so that you can use the automatic Create PTR Record option in the Add Host dialog box.

Creating a secondary zone is similar to creating a primary zone. To add a secondary zone, right-click the remote server icon, and click New Zone to start the zone wizard. Click Secondary, and enter the requested information. The zone wizard prompts you for additional information and then automatically creates the zone and zone file and adds the SOA, NS, and server A records to the zone file.

After you’ve successfully added a zone, you can perform additional configuration by changing the zone properties as described in the following list:
  • Change the zone from primary to secondary, or vice versa, by using the General tab.
  • Modify the default server time-to-live (TTL) values by using the SOA Record tab.
  • Modify the refresh and zone transfer rates by using the SOA Record tab.
  • Configure the primary zone server to automatically notify the secondary zone server when changes are made to the primary zone files by using the Notify tab.
  • Configure the zone server to use WINS for hostname resolution by using the WINS Lookup tab. On a reverse-lookup zone, this tab is labeled WINS Reverse Lookup.

The only difference in the Zone Properties dialog box for a reverse-lookup zone is the text on the WINS Lookup tab, as illustrated in Figure B.

Figure B
The Zone Properties dialog box adds a WINS lookup tab for reverse-lookup zones.


After you create a zone, you can add A, PTR, and other resource records for computers logically contained within the zone. To display a menu of actions that you can perform on the zone, point to the zone folder and right-click.

The two menu commands you can use to add information about the computers in the zone are New Host and New Record. You must use the New Host command, as shown in Figure C, to add A and PTR records for the zone computers that have statically assigned IP addresses. The A resource record provides the name-to-IP-address mapping used in name resolution. The PTR resource record contains the reverse lookup (IP-address-to-name) mapping that some programs require.

Figure C
You can use the New Host command to add A and PTR records for the zone.


The New Record command is used to add other types of DNS resource records such as CNAME (alias), MX (mail exchange) or ISDN. Figure D illustrates the New Resource Record dialog box.

Figure D
You can use the New Record command to add resource records for the zone.


What kind of DNS records can I create?
It’s possible to create many different kinds of resource records under NT’s DNS server. These are the types of resource records you can create and edit by using DNS Manager:
  • A—An address record that maps a hostname to an IP address in a DNS zone. Its counterpart, the PTR resource record, is used to map an IP address to a hostname in a DNS reverse lookup zone (those in the in-addr.arpa. DNS domain). It’s important that you add an A record for every computer in the zone that has a static IP address, including the local DNS name server and any computer running Internet Information Server.
  • AFSDB—An address record that gives the location of either an Andrew File System (AFS) cell database server or a Distributed Computing Environment (DCE) cell’s authenticated name server. The AFS system uses DNS to map a DNS domain name to the name of an AFS cell database server. The Open Software Foundation’s DCE Naming service uses DNS for a similar function.
  • CNAME—A canonical name resource record, which creates an alias for the specified hostname (that is, a name synonymous with the hostname). You can use CNAME records to hide the implementation details of your network from the clients that connect to it. For example, in the Terra Flora case study used in the Windows NT Server Resource Kit, ftp.terraflora.com is an alias (that is, a CNAME) for the real name of the computer that runs the Terra Flora FTP server. A CNAME or alias also allows the FTP server to be moved easily to a different computer if necessary. If such a move is required, only the CNAME record need change, not the actual computer name.
  • HINFO—The host information resource record, which identifies a host's hardware type and operating system. The CPU type and operating system identifiers used in an HINFO record should come from the list of computer and system names in RFC 1700.
  • ISDN—The Integrated Services Digital Network (ISDN) resource record, a variation of the A resource record. Rather than mapping a hostname to an IP address, the ISDN record maps the hostname to an ISDN address. An ISDN address is a phone number that consists of a country code, an area code, a local phone number, and optionally a subaddress. Use the ISDN resource record in conjunction with the RT resource record, described below.
  • MB—The mailbox resource record. This record, which is experimental, specifies a DNS host with the specified mailbox. Other related experimental records are the MG resource record, the MR resource record, and the MINFO resource record, all described below.
  • MG—The mail group resource record. This record, which is experimental, specifies a mailbox that is a member of the mail group (that is, mailing list) specified by the DNS domain name. Other related experimental records are the MB resource record, the MR resource record, and the MINFO resource record.
  • MINFO—The mailbox information resource record. This record, which is experimental, specifies the mailbox that is responsible for a specified mailing list or mailbox. Other related experimental records are the MB resource record, the MG resource record, and the MR resource record.
  • MR—The mailbox rename resource record. This record, which is experimental, specifies a mailbox that is the proper rename of the other specified mailbox. Other related experimental records are the MB resource record, the MG resource record, and the MINFO resource record.
  • MX—The mail exchange resource record, which specifies a mail exchange server for a DNS domain name. A mail exchange server is a host that will either process or forward mail for the named DNS domain. Processing mail means either delivering it to the addressee or passing it to a different type of mail transport. Forwarding mail means sending it to its final destination server, sending it by using Simple Message Transfer Protocol (SMTP) to another mail exchange server closer to its final destination or queuing it for a specified amount of time.
  • NS—The name server resource record, which identifies the DNS server or servers for the DNS domain. NS resource records appear in all DNS zones and reverse zones (those in the in-addr.arpa DNS domain).
  • PTR—The pointer resource record, which maps an IP address to a hostname in a DNS reverse zone (those in the in-addr.arpa DNS domain). Its counterpart, the A (address) resource record, is used to map a hostname to an IP address in a DNS zone.
  • RP—The responsible person resource record, which indicates who is responsible for the specified DNS domain or host. You can specify multiple RP records for a given DNS domain or host. The record has two parts: an e-mail address in the same DNS format as the one in the SOA resource record and a DNS domain name that points to additional information about the contact.
  • RT—The route through resource record, which specifies an intermediate host that routes packets to a destination host. The RT record is used in conjunction with the ISDN and X.25 resource records. It is syntactically and semantically similar to the MX record type and is used in much the same way.
  • SOA—The start of authority resource record, which indicates that this DNS server is the authoritative source of information for the data within this DNS domain. The SOA resource record is the first record in each of the DNS database files. It is created automatically by DNS Manager when you create a new DNS zone.
  • TXT—The text resource record, which associates general textual information with an item in the DNS database. A typical use is for identifying a host’s location (for example, “Location: Building 26S, Room 2499”). The text string must be less than 256 characters, but you can associate multiple TXT resource records with one item.
  • WINS—A record that contains the IP address of the WINS server configured on this DNS server for WINS name resolution. A WINS record is automatically created by configuring a zone property for WINS lookup. In other words, it is not created by using the Add Record command in DNS Manager.
  • WINS_R—A record that instructs Microsoft DNS Server to use a NetBIOS node adapter status (nbtstat) command to resolve a DNS client reverse-lookup query. The reverse-lookup query requests the name of a computer identified only by an IP address. A WINS_R record is automatically created by configuring a zone property for WINS reverse lookup. In other words, it is not created by using the Add Record command in DNS Manager.
  • WKS—The well-known service resource record, which describes the services provided by a particular protocol for a particular interface. The protocol is usually TCP or User Datagram Protocol (UDP) but can be any of the entries listed in the Protocols file (Systemroot\System32\Drivers\... \Protocol on the drive where your Windows NT Server system files reside). The services described are the services listed below port number 256 in the Services file (\Systemroot\System32\Drivers\...\Services).
  • X.25—A variation of the A resource record. Rather than mapping a hostname to an IP address, the X.25 resource record maps the name to an X.121 address. X.121 is the International Organization for Standardization (ISO) standard that specifies the format of addresses used in X.25 networks. The X.25 resource record is designed for use in conjunction with the RT resource record.

Resource records on Internet DNS servers
DNS name servers on the Internet commonly use all of the resource records listed above except for the WINS and WINS_R resource records. These records are specifically implemented for interoperability between Microsoft DNS Servers and Microsoft WINS Servers.

Because these records are unique to Microsoft DNS Servers, when transferring primary zone files to a secondary zone, you should not copy these records to a DNS name server running non-Microsoft DNS server software.

If you’re using WINS lookup or WINS reverse lookup with a non-Microsoft DNS server, use the following procedure to prevent copying WINS or WINS_R records to a non-Microsoft DNS server. Start DNS Manager, right-click the folder for the appropriate zone, and select Properties. Next, click the WINS Lookup or WINS Reverse Lookup tab. Finally, select the Settings Only Affect Local Server check box and click OK.
To allow remote Internet users to access information on a computer configured with Internet Information Server (IIS), you must use a static IP address for that computer.
After you install and configure Internet Information server, A and PTR records must be added to the DNS primary zone in which your IIS computer is located. If Microsoft DNS Server manages this primary zone, you can use the New Host option to add the A and PTR resource records. For information about adding A and PTR records, see DNS Manager Help or the Windows NT Server Networking Guide.

The A and PTR resource records contain the name-to-IP-address mappings and IP-address-to-name mappings that allow users on the Internet to connect to a remote computer. However, additional types of resource records can be used to help balance the load of traffic on a computer configured with IIS or to mask the actual configuration of your Internet Information Server.

Canonical names
The hostname portion of a URL may actually be an alias, also referred to as a canonical name. In the address http://www.microsoft.com, www is an alias commonly used for World Wide Web servers, microsoft is the domain name, and .com indicates the commercial branch of the DNS hierarchy of names for the Internet.

The CNAME resource record is used to establish an alias name in DNS server zone files. CNAMEs are frequently used in conjunction with Web, FTP, and Gopher servers and when a hostname is changed. Figure E illustrates the New Resource Record dialog box used to create CNAME records.

Figure E
You can create CNAME records here.


As you can see, an alias of www is being associated with a hostname. The use of CNAME records is accepted on the Internet for generalized names for servers such as www to indicate a Web server. However, other uses of the CNAME records can create problems for DNS name resolution throughout the Internet. RFC 1912, which describes common errors in the creation of DNS resource records, states, “Don’t use CNAMEs in combination with RRs (that is, resource records) which point to other names like MX, CNAME, PTR and NS.”

Using DNS to distribute traffic
Microsoft DNS Server supports a process referred to as round-robin, which balances the number of clients connecting to Internet sites supported by multiple servers. Round-robin is specified by RFC 1794. To make use of round-robin, you use an alias such as the generalized server name www.

To understand how round-robin works, consider the following example. Suppose a user types the URL http:\\www.microsoft.com into an Internet browser. Doing so causes a name resolution query for www.microsoft.com to be sent to a DNS name server. The DNS name server returns a list of name-to-IP-address mappings for each CNAME resource record that maps a hostname to the alias www.microsoft.com.

The next time the DNS server receives a name resolution query for www.microsoft.com, the order of the list of CNAME records is changed in a round-robin fashion. The address mapping that was first in the previous list is moved to the end. Because the process on the client computer generally uses the first name-to-IP-address mapping in the list, the client connects to a server different from the server connected to on the previous request. In this manner, client connections to the Internet site are distributed among the supporting servers.

To enable round-robin when you use multiple servers to support a Web, FTP, or Gopher site, create CNAME records for each server as described in the preceding section, “Canonical names.”

Virtual servers
You can configure a single computer running under Windows NT Server and IIS with multiple IP addresses and FQDNs so that it appears to remote users that there are additional servers, referred to as virtual servers. This feature makes it possible to service Web requests for two or more domain names (for example, company1.com and company2.com) by using a single computer configured with IIS. For example, an ISP can use this feature to service multiple companies by using a single computer running Windows NT Server and IIS. However, virtual servers require a special resource record treatment.

First, configure your virtual Internet Information Servers as described in the online Windows NT Server Microsoft Internet Information Server Installation and Administration Guide. After you have done so, use DNS Manager to add new primary and secondary zones for the domain represented by the virtual server.

These primary and secondary zones must be configured on the DNS name servers identified in the InterNIC domain registration. After you’ve created the zones, map the IP address of the virtual server to the virtual domain name by using DNS Manager to add a new host A record. Add a second new host A record that maps the virtual server IP address to the hostname of the computer on which the virtual server exists. Finally, if you want to use alias names, add new CNAME records that map aliases (such as WWW and FTP) to the hostname (that is, the name of the computer on which the virtual server exists) and the virtual domain name.

Conclusion
In spite of the recent attention given to Windows 2000, Windows NT 4.0 will remain a fixture for a long time because it’s still perfectly good for many network services. In this Daily Drill Down, I’ve shown you how DNS works with Windows NT 4.0.

Richard Charrington’s computer career began when he started working with PCs—back when they were known as microcomputers. Starting as a programmer, he worked his way up to the lofty heights of a Windows NT Systems Administrator, and he has done just about everything in between. Richard has been working with Windows since before it had a proper GUI and with Windows NT since it was LANManager. Now a contractor, he has slipped into script writing for Windows NT and has built some very useful auto-admin utilities.

The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

Editor's Picks

Free Newsletters, In your Inbox