Domain Name System (DNS) configuration involves the following configuration tasks for TCP/IP properties on each computer:
- Set a DNS computer or host name for each
computer. For example, in the fully qualified domain name (FQDN)
wkstn1.widgets.tailspintoys.com., the DNS computer name is the
left-most label wkstn1.
- Set a primary DNS suffix for each computer,
which is placed after the computer or host name to form the FQDN.
Using the previous example, the primary DNS suffix is
- Set a list of DNS servers for clients to use
when resolving DNS names, such as a preferred DNS server, and any
alternate DNS servers to use if the preferred server is not
- Set the DNS suffix search list or search
method to be used by a client when it performs DNS query searches
for short, unqualified domain names.
These tasks are discussed in more detail in each of the following sections.
Setting computer names
When you set computer names for DNS, it is useful to think of the name as the left-most portion of an FQDN. For example, in wkstn1.widgets.tailspintoys.com., wkstn1 is the computer name.
You can configure all Windows DNS clients with a computer name based on any of the standard supported characters that are defined in Request for Comments (RFC) 1123, "Requirements for Internet Hosts — Application and Support." These characters include the following:
- Uppercase letters, A through Z
- Lowercase letters, a through z
- Numbers, 0 through 9
- Hyphens (-)
If you are supporting both NetBIOS and DNS namespaces on your network, you can use a different computer name within each namespace. It is recommended that wherever possible, however, you try to use computer names that are 15 characters or less and that you follow these RFC 1123 naming requirements.
By default, the left-most label in the FQDN for clients equals the NetBIOS computer name, unless this label is 16 or more characters, which is the maximum for NetBIOS names. When the computer name exceeds the maximum length for NetBIOS, the NetBIOS computer name is truncated based on the full label that is specified.
Before you configure computers with varying DNS and NetBIOS names, consider the following implications and their related issues for your deployment:
- If Windows Internet Name Service (WINS)
lookup is enabled for zones that are hosted by your DNS servers,
use the same name for both NetBIOS and DNS computer naming.
Otherwise, the results of clients attempting to query and resolve
the names of these computers will be inconsistent.
If you have an investment in using NetBIOS names to support legacy Microsoft networking technology, we recommend that you revise NetBIOS computer names that are used on your network to prepare for migration to a standard, DNS-only environment. This prepares your network well for long-term growth and interoperability with future naming requirements. For example, if you use the same computer name for both NetBIOS and DNS resolution, consider converting any special characters such as the underscore (_) in your current NetBIOS names that do not comply with DNS naming standards. While these characters are permitted in NetBIOS names, they are more often incompatible with traditional DNS host naming requirements and most existing DNS resolver client software.
- Although the use of the underscore (_)
in DNS host names or in host (A) resource records has been
traditionally prohibited by DNS standards, the use of underscores
in service-related names—such as the names that are used for
service locator (SRV) resource records—has been proposed to avoid
naming collisions in the Internet DNS namespace.
- In addition to DNS standard naming
conventions, Windows Server 2008 DNS supports the use of
extended ASCII and Unicode characters. However, because most
resolver software written for other platforms (such as UNIX) is
based on the Internet DNS standards, this enhanced character
support can be used only in private networks with computers running
Windows 2000, Windows Server 2003, or Windows
Server 2008 DNS.
- The initial setup of DNS and TCP/IP displays
a warning to suggest a standard DNS name if a nonstandard DNS name
- By default, computers and servers use DNS to
resolve any name that is greater than 15 characters in length. If
the name is less than or equal to 15 characters, both NetBIOS and
DNS name resolution can be attempted and used to resolve the
Setting domain names
The domain name is used with the client computer name to form the FQDN, also known as the full computer name. In general, the DNS domain name is the remainder of the FQDN that is not used as the unique host name for the computer.
For example, the DNS domain name for a client computer can be the following: If the FQDN, or full computer name, is wkstn1.widgets.tailspintoys.com, the domain name is the widgets.tailspintoys.com portion of this name.
DNS domain names have two variations—a DNS name and a NetBIOS name. The full computer name (a fully qualified DNS name) is used during querying and location of named resources on your network. For earlier version clients, the NetBIOS name is used to locate various types of NetBIOS services that are shared on your network.
An example of a component that has a need for both NetBIOS and DNS names is the Net Logon service. In Windows Server 2008 DNS, the Net Logon service on a domain controller registers its service locator (SRV) resource records on a DNS server. For Windows NT Server 4.0 and earlier versions, domain controllers register a DomainName entry in WINS to perform the same registration and to advertise their availability for providing authentication service to the network.
When a client computer is started on the network, it uses the DNS resolver to query a DNS server for service locator (SRV) resource records for its configured domain name. This query is used to locate domain controllers and provide logon authentication for accessing network resources. A client or a domain controller on the network can also use the NetBIOS resolver service to query WINS servers, attempting to locate DomainName [1C] entries to complete the logon process.
Your DNS domain names should follow the same standards and recommended practices that apply to DNS computer naming described in the previous section. In general, acceptable naming conventions for domain names include the use of letters A through Z, numerals 0 through 9, and the hyphen (-). A period (.) in a domain name is always used to separate the discrete parts of a domain name, which are commonly known as labels. Each label corresponds to an additional level that is defined in the DNS namespace tree.
For most computers, the primary DNS suffix that is configured for the computer can be the same as its Active Directory Domain Services (AD DS) domain name, although the two values can also be different.
By default, the primary DNS suffix portion of a computer's FQDN must be the same as the name of the AD DS domain where the computer is located. To allow different primary DNS suffixes, a domain administrator may create a restricted list of allowed suffixes by creating the msDS-AllowedDNSSuffixes attribute in the domain object container. A domain administrator creates and manages this attribute using Active Directory Service Interfaces (ADSI) or the Lightweight Directory Access Protocol (LDAP).
Configuring a DNS servers list
For DNS clients to operate effectively, a prioritized list of DNS name servers must be configured for each computer to use when it processes queries and resolves DNS names. In most cases, the client computer contacts and uses its preferred DNS server, which is the first DNS server on its locally configured list. Listed alternate DNS servers are contacted and used when the preferred server is not available. For this reason, it is important that the preferred DNS server be appropriate for continuous client use under normal conditions.
- For computers running Microsoft
Windows XP or Windows Vista®, the DNS server list is used
by clients only to resolve DNS names. When clients send dynamic
updates, for example, when they change their DNS domain name or a
configured IP address, they might contact these servers or other
DNS servers as needed to update their DNS resource records. For
more information, see Understanding Dynamic
- By default, the DNS client on Windows XP
or Windows Vista does not attempt dynamic update over a Remote
Access Service (RAS) or virtual private network (VPN) connection.
To modify this configuration, you can modify the advanced TCP/IP
settings of the particular network connection or you can modify the
registry. For more information, see Windows Server 2003
Resource Kit Registry Reference (http://go.microsoft.com/fwlink/?LinkId=428).
- By default, the DNS client does not attempt
dynamic update of top-level domain (TLD) zones. Any zone that is
named with a single-label name is considered to be a TLD zone, for
example, com, edu, blank, my-company. To configure the DNS client
to allow the dynamic update of TLD zones, you can use the Update
Top Level Domain Zones policy setting or you can modify the
- When DNS clients are configured dynamically
using a Dynamic Host Configuration Protocol (DHCP) server, it is
possible to have a larger list of provided DNS servers. To provide
an IP address list of DNS servers to your DHCP clients, enable
option code 6 on the configured options types that is provided by
your DHCP server. For Windows Server 2003 and Windows
Server 2008 DHCP servers, you can configure a list of up to 25
DNS servers for each client with this option.
- To effectively share the load when multiple
DNS servers are provided in a DHCP options-specified list, you can
configure a separate DHCP scope that rotates the listed order of
DNS and WINS servers that is provided to clients.
Configuring a DNS suffix search list
For DNS clients, you can configure a DNS domain suffix search list that extends or revises their DNS search capabilities. By adding additional suffixes to the list, you can search for short, unqualified computer names in more than one specified DNS domain. Then, if a DNS query fails, the DNS Client service can use this list to append other name suffix endings to your original name and repeat DNS queries to the DNS server for these alternate FQDNs.
For computers and servers, the following default DNS search behavior is predetermined and used when completing and resolving short, unqualified names.
When the suffix search list is empty or unspecified, the primary DNS suffix of the computer is appended to short unqualified names, and a DNS query is used to resolve the resultant FQDN. If this query fails, the computer can try additional queries for alternate FQDNs by appending any connection-specific DNS suffix that is configured for network connections.
If no connection-specific suffixes are configured or queries for these resultant connection-specific FQDNs fail, the client can then begin to retry queries based on systematic reduction of the primary suffix (also known as devolution).
For example, if the primary suffix is "widgets.tailspintoys.com", the devolution process is able to retry queries for the short name by searching for it in the "microsoft.com" and "com" domains.
When the suffix search list is not empty and has at least one DNS suffix specified, attempts to qualify and resolve short DNS names are limited to searching only those FQDNs that are made possible by the specified suffix list. If queries for all FQDNs that are formed as a result of appending and trying each suffix in the list are not resolved, the query process fails, which produces a "Name not found" result.
- If the domain suffix list is used, clients
continue to send additional alternate queries based on different
DNS domain names when a query is not answered or resolved. When a
name is resolved using an entry in the suffix list, unused list
entries are not tried. For this reason, it is most efficient to
order the list with the most-used domain suffixes first.
- Domain name suffix searches are used only
when a DNS name entry is not fully qualified. To fully qualify a
DNS name, enter a trailing period (.) at the end of the name.
- Windows Server 2008 supports a specially
named zone, called GlobalNames, to provide resolution of a limited
set of globally unique, single-label names in an enterprise
network. You can use this zone when network requirements make it
impractical to use a suffix search list for this purpose. For more
information, see Deploying a GlobalNames
Configuring multiple names
Computers running Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008 are given DNS names by default. Each computer can have its DNS names configured using one of two possible methods:
- A primary DNS domain name, which applies as
the default fully qualified DNS name for the computer and all of
its configured network connections
- A connection-specific DNS domain name, which
can be configured as an alternate DNS domain name that applies only
for a single network adapter that is installed and configured on
Although most computers do not need to support or use more than one name in DNS, support for configuring multiple, connection-specific DNS names is sometimes useful. For example, by using multiple names, a user can specify which network connection to use when connecting to a multihomed computer.
Example: using connection-specific names
As shown in the following illustration, a multihomed server computer named host-a can be named according to both its primary and connection-specific DNS domain names.
In this example, the server computer host-a attaches to two separate subnets—Subnet 1 and Subnet 2—which are also linked at redundant points using two routers for additional paths between each subnet. Given this configuration, host-a provides access as follows through its separately named local area network (LAN) connections:
- The name host-a.public.example.microsoft.com
provides access using LAN connection 1 over Subnet 1, a
lower-speed (10 megabit) Ethernet LAN, for normal access to
users who have typical file and print service needs.
- The name host-a.backup.example.microsoft.com"
provides access using LAN connection 2 over Subnet 2, a
higher-speed (100 megabit) Ethernet LAN, for reserved access
by server applications and administrators who have special needs,
such as troubleshooting server networking problems, performing
network-based backup, or replicating zone data between servers.
In addition to the connection-specific DNS names, the computer can also be accessible using either of the two LAN connections by specifying its primary DNS domain name, "host-a.example.microsoft.com".
When it is configured as shown, a computer can register resource records in DNS according to its three distinct names and sets of IP addresses, as shown in the following table.
|DNS name||IP addresses||Description|
The primary DNS name for computer. The computer registers host (A) and pointer (PTR) resource records for all configured IP addresses under this name in the widgets.tailspintoys.com zone.
The connection-specific DNS name for LAN connection 1, which registers host (A) and pointer (PTR) resource records for IP address 10.1.1.11 in the public.widgets.tailspintoys.com zone.
The connection-specific DNS name for LAN connection 2, which registers host (A) and pointer (PTR) resource records for IP address 10.2.2.22 in the backup.widgets.tailspintoys.com zone.
- DNS names can be set using remote
administration and other remote configuration services, such as
DHCP. For a DNS server running Windows Server 2008, the
primary DNS domain name can be set using either remote
administration or the unattended setup option.
- For connection-specific naming, you can use
TCP/IP configuration methods. You can manually configure the DNS
domain name for each connection that appears in the Network
Connections folder, or you can use a DHCP option type (option
- For more information about DHCP options, see
"DHCP Options" in the Networking Collection (http://go.microsoft.com/fwlink/?LinkId=4639).