Analysis of the relationship between DNS and Active Directory under Windows2000

Windows2000 as a brand new operating system, its biggest feature is the introduction of Active Directory, and the Active Directory is one of the biggest feature of the DNS and Active Directory tightly together. So how do they work together and what do they do? This often becomes a puzzle for beginners. In this paper, we will make a brief discussion on the relationship between the two, hoping to help you.

A The difference between the two

The combination of DNS and Active Directory is the most important feature of the WINDOWS2000 Server Edition. The DNS domain and the Active Directory domain use the same domain name for different namespaces. Because two namespaces use the same domain structure, they are easy to confuse. Therefore, it is important to understand the differences between them. They store different data, so they manage different objects. DNS stores its zone and resource records, and the Active Directory stores the objects in the domain and domain.

For DNS, domain names are based on the hierarchical naming structure of DNS, which is an inverted tree structure: a root domain in which the following domains are both parent and child domains. Computers in each DNS domain can be identified by a fully qualified domain name (FQDN). For example, the full domain name of a computer named zzz in Domain enet.com.cn is zzz.bjpeu.edu.cn.

Each Windows2000 domain that is connected to the Internet has a DNS name, and computers in each Windows2000 domain also have a DNS name. Therefore, both the domain and the computer represent the Active Directory object and the domain node.

However, DNS and active directories use different databases to resolve names:

· DNS is a name resolution service: DNS is a DNS server that accepts requests to query the DNS database to resolve domains or computers to IP addresses. DNS clients send DNS names to query the DNS servers they set up, and the DNS server either accepts the request or resolves the name through the local DNS database, or queries the DNS databases on the Internet. DNS does not require active catalogs to work.

• The Active Directory is a directory service: The Active Directory uses the domain controller to accept requests to query the Active Directory database to resolve domain object names to object records. The Active Directory user sends the request to the Active Directory server through the LDAP protocol (a protocol to enter the directory service), in order to locate the Active Directory database, it needs the help of DNS, that is, the Active Directory uses DNS as the location service to resolve the Active Directory server to the IP address. Active Directory to play a role, inseparable from DNS.

DNS can be independent of the Active Directory, but the Active Directory must have the help of DNS to work. For the Active Directory to work correctly, the DNS server must support Service locator (SRV) resource records, which map the service name to the server name that provides the service. Active Directory clients and domain controllers use SRV resource records to determine the IP address of a domain controller.

In addition to requiring WIN2000 network DNS servers to support SRV resource records, Microsoft also recommends that DNS servers provide a dynamic upgrade of DNS. DNS dynamic upgrade defines a protocol that automatically upgrades a DNS server within a certain value, and without this protocol, administrators have to manually configure new records generated by domain controllers. The new Win2000 DNS service supports both SRV resource records and dynamic upgrades. If you choose another Win2000 based DNS server, you must verify that it supports SRV resource records. For a legitimate DNS server that supports SRV resource records but does not support dynamic upgrades, you must manually upgrade its resource records when you upgrade the Win2000 server to a domain controller. These can be done with the Netlogon.dns file, which is created by the Active Directory Intelligent Installation Wizard and exists in the folder%SystemRoot%\System32\Config.

Two The combination of the two methods

Since DNS and active directories are so different, how are they combined? In general, they are combined in the following ways:

• The Active Directory domain and the DNS domain use the same hierarchy: Although the functions and purposes are different, an organization's DNS namespace and Active Directory space have the same structure.

· DNS zones can be stored in the Active Directory: If you use the WIN2000 DNS service, the primary domain can be stored in the Active Directory to provide replication services for other Active Directory domain controllers and provide enhanced security for the DNS service.

• Active Directory clients use DNS to locate domain controllers: For a specific domain, in order to locate a domain controller, the Active Directory client requests a resource record from the DNS server to which they are configured.

When a company uses the WIN2000 Server Edition as their network operating system, the Active Directory is considered to be the Win2000 domain of one or more hierarchies under the registered legal DNS name root domain.

According to DNS naming conventions, each part of a DNS name separated by a period (.) represents a node of the DNS tree hierarchy and represents a potential Active Directory domain for the Win2000 domain tree hierarchy. The root node of DNS is represented by a blank (""), the root node of the Active Directory namespace does not have a parent domain, which provides an LDAP entry point for the Active Directory.