Frequently Asked Questions About Windows 2000 DNS

Frequently Asked Questions About Windows 2000 DNS (Q291382)

The information in this article applies to:

Microsoft Windows 2000 , Advanced Server

Microsoft Windows 2000 , Server

SUMMARY

This article describes DNS functionality in Windows 2000, and provides answers to frequently asked questions about Windows 2000 DNS.

MORE INFORMATION

DNS is the backbone of Active Directory and the primary name resolution mechanism of Windows 2000. Windows 2000 domain controllers dynamically register information about themselves and about Active Directory in DNS. Other Windows 2000 domain controllers, servers, and workstations that are part of the domain query DNS to find Active Directory-related information. If DNS is not set up correctly, domain-wide issues can occur such as replication between domain controllers. You may also be unable log on to the domain or join the domain from a workstation or server.

Question : What are the common mistakes that are made when administrators set up DNS on network that contains a single Windows 2000 domain controller?

Answer : The most common mistakes are:

The domain controller is not pointing to itself for DNS resolution on all network interfaces.
The "." zone exists under forward lookup zones in DNS.
Other computers on the local area network (LAN) do not point to the Windows 2000 DNS server for DNS.

Question : Why do I have to point my domain controller to itself for DNS?

Answer : The Netlogon service on the domain controller registers a number of records in DNS that allow other domain controllers and computers to find Active Directory-related information. If the domain controller is pointing to the Internet service provider's (ISP) DNS server, Netlogon does not register the correct records for Active Directory, and errors are generated in Event Viewer. The preferred DNS setting for the domain controller should be itself; no other DNS servers should be listed.

Question : What does a domain controller register in DNS?

Answer : The Netlogon service registers all the SRV records for that domain controller. These records are displayed as the _msdcs, _sites, _tcp, and _udp folders in the forward lookup zone that matches your domain name. Other computers look for these records to find Active Directory-related information.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

Q178169 DNS Records Registered by Windows 2000 Domain Controllers

Question : Why can't I use WINS for name resolution like it is used in Microsoft Windows NT 4.0?

Answer : A Windows 2000 domain controller does not register Active Directory-related information with a WINS server; it only registers this information with a DNS server that supports dynamic updates such as a Windows 2000 DNS server. Other Windows 2000-based computers do not query WINS to find Active Directory-related information.

Question : If I remove the ISP's DNS server settings from the domain controller, how does it resolve names such as Microsoft.com on the Internet?

Answer : As long as the "." zone does not exist under forward lookup zones in DNS, the DNS service uses the root hint servers. The root hint servers are well-known servers on the Internet that help all DNS servers resolve name queries.

Question : What is the "." zone in my forward lookup zone?

Answer : This setting designates the Windows 2000 DNS server to be a root hint server and is usually deleted. If you do not delete this setting, you may not be able to perform external name resolution to the root hint severs on the Internet.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

Q229840 DNS Server's Root Hints and Forwarder Pages Are Unavailable

Question : Do I need to configure forwarders in DNS?

Answer : No. By default, Windows 2000 DNS uses the root hint servers on the Internet; however, you can configure forwarders to send DNS queries directly to your ISP's DNS server or other DNS servers. In most cases, when you configure forwarders, DNS performance and efficiency increases, but this configuration can also introduce a point of failure if the forwarding DNS server is experiencing problems. The root hint server can provide a level of redundancy in exchange for slightly increased DNS traffic on your Internet connection.

Question : Should I point the other Windows 2000-based computers on my LAN to my ISP's DNS servers?

Answer : No. If a Windows 2000-based server or workstation does not find the domain controller in DNS, you may experience issues joining the domain or logging on to the domain. A Windows 2000-based computer's preferred DNS setting should point to the Windows 2000 domain controller running DNS. If you are using DHCP, but sure to check scope option #15 for the correct DNS server settings for your LAN.

Question : Do I need to point computers that are running Windows NT 4.0 or Microsoft Windows 95, Microsoft Windows 98, or Microsoft Windows 98 Second Edition to the Windows 2000 DNS server?

Answer : Legacy operating systems continue to use NetBIOS for name resolution to find a domain controller; however it is recommended that you point all computers to the Windows 2000 DNS server for name resolution.

Question : What if my Windows 2000 DNS server is behind a proxy server or firewall?

Answer : If you are able to query the ISP's DNS servers from behind the proxy server or firewall, the Windows 2000 DNS server is able to query the root hint servers. UDP and TCP Port 53 should be open on the proxy server or firewall.

Question : What should I do if the domain controller points to itself for DNS, but the SRV records still do not appear in the zone?

Answer : Check for a disjointed namespace, then run Netdiag.exe /fix . You must install Support Tools from the Windows 2000 Server CD-ROM to run Netdiag.exe.

For additional information about checking for a disjointed namespace, click the article number below to view the article in the Microsoft Knowledge Base:

Q257623 Domain Controller's DNS Suffix Does Not Match Domain Name

Question : How do I set up DNS for other domain controllers in the domain that are running DNS?

Answer : For each additional domain controller that is running DNS, the preferred DNS setting is the parent DNS server (first domain controller in the domain), and the alternate DNS setting is the actual IP address of network interface.

Question : How do I set up DNS for a child domain?

Answer : To set up DNS for a child domain, create a delegation record on the parent DNS server for the child DNS server. Create a secondary zone on the child DNS server that transfers the parent zone from the parent DNS server. Set the child DNS server to point to itself only.

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

Q255248 How to Create a Child Domain in Active Directory and Delegate the DNS Namespace to the Child Domain

Additional Resources

For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:

Q260371 Troubleshooting Common Active Directory Issues in Windows 2000

Q241505 SRV Records Missing After Implementing Active Directory and DNS

Q247811 How Domain Controllers Are Located in Windows 2000

Q249868 Replacing Root Hints with the Cache.dns File