Microsoft DNS
Encyclopedia
Microsoft DNS is the name given to the implementation of domain name system
services provided in Microsoft Windows
operating system
s.
, and thus its derivatives Windows 2000
, Windows XP
, and Windows Server 2003
, comprises two clients and a server. Every Microsoft Windows machine has a DNS lookup client, to perform ordinary DNS lookups. Some machines have a Dynamic DNS
client, to perform Dynamic DNS Update transactions, registering the machines' names and IP address
es. Some machines run a DNS server, to publish DNS data, to service DNS lookup requests from DNS lookup clients, and to service DNS update requests from DNS update clients.
The server software is only supplied with the server versions of Windows.
. They call library functions in the DLL, which in turn handle all communications with DNS servers (over UDP
or TCP
) and return the final results of the lookup back to the applications.
Microsoft's DNS client also has optional support for local caching, in the form of a DNS Client service (also known as DNSCACHE). Before they attempt to directly communicate with DNS servers, the library routines first attempt to make a local IPC
connection to the DNS Client service on the machine. If there is one, and if such a connection can be made, they hand the actual work of dealing with the lookup over to the DNS Client service. The DNS Client service itself communicates with DNS servers, and cache
s the results that it receives.
Microsoft's DNS client is capable of talking to multiple DNS servers. The exact algorithm varies according to the version, and service pack
level, of the operating system; but in general all communication is with a preferred DNS server until it fails to answer, whereupon communication switches to one of several alternative DNS servers.
have a generalized name resolver layer. The resolver can be controlled to use a hosts file or Network Information Service
(NIS), by configuring the Name Service Switch
.
update requests to DNS servers.
Workstations running Windows attempt to register their names and their IP address
es with DNS servers, so that other machines may locate them by name. Prior to Windows Vista (and Windows Server 2008) this registration is performed by the DHCP Client service. It is thus necessary to run the DHCP Client service on pre-Vista machines, even if DHCP
isn't being used to configure the machine in order to dynamically register a machine's name and address for DNS lookup. The DHCP Client service registers name and address data whenever they are changed (either manually by an administrator or automatically by the granting or revocation of a DHCP lease). In Windows Vista (and Windows Server 2008) Microsoft moved the registration functionallity from the DHCP Client service to the DNS Client service.
Servers running Microsoft Windows also attempt to register other information, in addition to their names and IP addresses, such as the locations of the LDAP
and Kerberos services that they provide.
update, zone transfer
, and DNS notification. DNS notification implements a push mechanism for notifying a select set of secondary servers for a zone
when it is updated.
Microsoft's "DNS Server" service was first introduced in Windows NT 3.51 as an add-on with Microsoft's collection of BackOffice
services (at the time was marked to be used for testing purposes only). Its code is a fork of ISC's BIND
, version 4.3, and remains largely compatible with it including the format of all master files.
As of 2004, it was the fourth most popular DNS server (counting BIND
version 9 separately from versions 8 and 4) for the publication of DNS data.
Like various other DNS servers, Microsoft's DNS server supports different database back ends. Microsoft's DNS server supports two such back ends. DNS data can be stored either in master files (also known as zone file
s) or in the Active Directory
database itself. In the latter case, since Active Directory (rather than the DNS server) handles the actual replication of the database across multiple machines, the database can be modified on any server ("multiple-master replication"), and the addition or removal of a zone
will be immediately propagated to all other DNS servers within the appropriate Active Directory "replication scope". (Contrast this with BIND
, where when such changes are made, the list of zones, in the /etc/named.conf file, has to be explicitly updated on each individual server.)
Microsoft's DNS server can be administered using either a graphical user interface
, the "DNS Management Console", or a command line interface, the dnscmd utility.
and Microsoft Windows 2000 Service Pack 3
, the most common problem encountered with Microsoft's DNS server was cache pollution
. Although Microsoft's DNS Server had a mechanism for properly dealing with cache pollution, the mechanism was turned off by default.
A longstanding well-known issue is incompatibility with BIND configuration files, in particular, the lack of support for DNS wildcards
. This can be partially attributed to the fact that Microsoft's DNS server is based on BIND 4.3, before BIND added the support for DNS wildcards. Loose Wildcarding can be enabled. To create a wildcard character record, the Dnscmd command-line tool can be used. Also the support of IPv6
is implemented using a different technique from that of BIND 9, further driving even more incompatibilities between the two products.
In 2004, a common problem involved the feature of the Windows Server 2003
version of Microsoft's DNS server to use EDNS0
, which a large number of firewalls could not cope with.
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
services provided in Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s.
Overview
The Domain Name System support in Microsoft Windows NTWindows NT
Windows NT is a family of operating systems produced by Microsoft, the first version of which was released in July 1993. It was a powerful high-level-language-based, processor-independent, multiprocessing, multiuser operating system with features comparable to Unix. It was intended to complement...
, and thus its derivatives Windows 2000
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
, Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...
, and Windows Server 2003
Windows Server 2003
Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...
, comprises two clients and a server. Every Microsoft Windows machine has a DNS lookup client, to perform ordinary DNS lookups. Some machines have a Dynamic DNS
Dynamic DNS
Dynamic DNS or DDNS is a term used for the updating in real time of Internet Domain Name System name servers to keep up to date the active DNS configuration of their configured hostnames, addresses and other information....
client, to perform Dynamic DNS Update transactions, registering the machines' names and IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
es. Some machines run a DNS server, to publish DNS data, to service DNS lookup requests from DNS lookup clients, and to service DNS update requests from DNS update clients.
The server software is only supplied with the server versions of Windows.
DNS lookup client
Applications perform DNS lookups with the aid of a DLLDynamic-link library
Dynamic-link library , or DLL, is Microsoft's implementation of the shared library concept in the Microsoft Windows and OS/2 operating systems...
. They call library functions in the DLL, which in turn handle all communications with DNS servers (over UDP
User Datagram Protocol
The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...
or TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
) and return the final results of the lookup back to the applications.
Microsoft's DNS client also has optional support for local caching, in the form of a DNS Client service (also known as DNSCACHE). Before they attempt to directly communicate with DNS servers, the library routines first attempt to make a local IPC
Inter-process communication
In computing, Inter-process communication is a set of methods for the exchange of data among multiple threads in one or more processes. Processes may be running on one or more computers connected by a network. IPC methods are divided into methods for message passing, synchronization, shared...
connection to the DNS Client service on the machine. If there is one, and if such a connection can be made, they hand the actual work of dealing with the lookup over to the DNS Client service. The DNS Client service itself communicates with DNS servers, and cache
Cache
In computer engineering, a cache is a component that transparently stores data so that future requests for that data can be served faster. The data that is stored within a cache might be values that have been computed earlier or duplicates of original values that are stored elsewhere...
s the results that it receives.
Microsoft's DNS client is capable of talking to multiple DNS servers. The exact algorithm varies according to the version, and service pack
Service pack
A service pack is a collection of updates, fixes or enhancements to a software program delivered in the form of a single installable package. Many companies, such as Microsoft or Autodesk, typically release a service pack when the number of individual patches to a given program reaches a certain ...
level, of the operating system; but in general all communication is with a preferred DNS server until it fails to answer, whereupon communication switches to one of several alternative DNS servers.
The effects of running the DNS Client service
There are several minor differences in system behavior depending on whether the DNS Client service is started:- Parsing of the "hosts" file: The lookup functions read only the hosts fileHosts fileThe hosts file is a computer file used in an operating system to map hostnames to IP addresses. The hosts file is a plain-text file and is conventionally named hosts.-Purpose:...
if they cannot off-load their task onto the DNS Client service and have to fall back to communicating with DNS servers themselves. In turn, the DNS Client service reads the "hosts" file once, at startup, and only re-reads it if it notices that the last modification timestamp of the file has changed since it last read it. Thus:- With the DNS Client service running: The "hosts" file is read and parsed only a few times, once at service startup, and thereafter whenever the DNS Client service notices that it has been modified.
- Without the DNS Client service running: The "hosts" file is read and parsed repeatedly, by each individual application program as it makes a DNS lookup.
- The effect of multiple answers in the "hosts" file: The DNS Client service does not use the "hosts" file directly when performing lookups. Instead, it (initially) populates its cache from it, and then performs lookups using the data in its cache. When the lookup functions fall back to doing the work themselves, however, they scan the "hosts" file directly and sequentially, stopping when the first answer is found. Thus:
- With the DNS Client service running: If the "hosts" file contains multiple lines denoting multiple answers for a given lookup, all of the answers in the cache will be returned.
- Without the DNS Client service running: If the "hosts" file contains multiple lines denoting multiple answers for a given lookup, only the first answer found will be returned.
- Fallback from preferred to alternative DNS servers: The fallback from the preferred DNS server to the alternative DNS servers is done by whatever entity, the DNS Client service or the library functions themselves, is actually performing the communication with them. Thus:
- With the DNS Client service running: Fallback to the alternative DNS servers happens globally. If the preferred DNS server fails to answer, all subsequent communication is with the alternative DNS servers.
- Without the DNS Client service running: Any fallback to the alternative DNS servers happen locally, within each individual process that is making DNS queries. Different processes may be in different states, some talking to the preferred DNS server and some talking to alternative DNS servers.
Differences from other systems
Linux distributions and various versions of UnixUnix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
have a generalized name resolver layer. The resolver can be controlled to use a hosts file or Network Information Service
Network Information Service
The Network Information Service, or NIS is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network...
(NIS), by configuring the Name Service Switch
Name Service Switch
The Name Service Switch is a facility in Unix-like operating systems that provides a variety of sources for common configuration databases and name resolution mechanisms...
.
Dynamic DNS Update client
Whilst DNS lookups read DNS data, DNS updates write them. Both workstations and servers running Windows attempt to send Dynamic DNSDynamic DNS
Dynamic DNS or DDNS is a term used for the updating in real time of Internet Domain Name System name servers to keep up to date the active DNS configuration of their configured hostnames, addresses and other information....
update requests to DNS servers.
Workstations running Windows attempt to register their names and their IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
es with DNS servers, so that other machines may locate them by name. Prior to Windows Vista (and Windows Server 2008) this registration is performed by the DHCP Client service. It is thus necessary to run the DHCP Client service on pre-Vista machines, even if DHCP
Dynamic Host Configuration Protocol
The Dynamic Host Configuration Protocol is a network configuration protocol for hosts on Internet Protocol networks. Computers that are connected to IP networks must be configured before they can communicate with other hosts. The most essential information needed is an IP address, and a default...
isn't being used to configure the machine in order to dynamically register a machine's name and address for DNS lookup. The DHCP Client service registers name and address data whenever they are changed (either manually by an administrator or automatically by the granting or revocation of a DHCP lease). In Windows Vista (and Windows Server 2008) Microsoft moved the registration functionallity from the DHCP Client service to the DNS Client service.
Servers running Microsoft Windows also attempt to register other information, in addition to their names and IP addresses, such as the locations of the LDAP
Lightweight Directory Access Protocol
The Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network...
and Kerberos services that they provide.
DNS server
Microsoft Windows server operating systems can run the DNS Server service. This is a monolithic DNS server that provides many types of DNS service, including caching, Dynamic DNSDynamic DNS
Dynamic DNS or DDNS is a term used for the updating in real time of Internet Domain Name System name servers to keep up to date the active DNS configuration of their configured hostnames, addresses and other information....
update, zone transfer
DNS zone transfer
DNS zone transfer, also sometimes known by its opcode mnemonic AXFR, is a type of DNS transaction. It is one of the many mechanisms available for administrators to employ for replicating the databases containing the DNS data across a set of DNS servers. Zone transfer comes in two flavors, full ...
, and DNS notification. DNS notification implements a push mechanism for notifying a select set of secondary servers for a zone
DNS zone
A DNS zone is a portion of the global Domain Name System namespace for which administrative responsibility has been delegated.-Definition:...
when it is updated.
Microsoft's "DNS Server" service was first introduced in Windows NT 3.51 as an add-on with Microsoft's collection of BackOffice
Microsoft BackOffice Server
Microsoft BackOffice Server was a computer software package featuring Windows NT Server and other Microsoft server products that ran on NT server. It was marketed during the 1990s and early 2000s for use in branch operations and for small businesses to run their back office operations.The small...
services (at the time was marked to be used for testing purposes only). Its code is a fork of ISC's BIND
BIND
BIND , or named , is the most widely used DNS software on the Internet.On Unix-like operating systems it is the de facto standard.Originally written by four graduate students at the Computer Systems Research Group at the University of California, Berkeley , the name originates as an acronym from...
, version 4.3, and remains largely compatible with it including the format of all master files.
As of 2004, it was the fourth most popular DNS server (counting BIND
BIND
BIND , or named , is the most widely used DNS software on the Internet.On Unix-like operating systems it is the de facto standard.Originally written by four graduate students at the Computer Systems Research Group at the University of California, Berkeley , the name originates as an acronym from...
version 9 separately from versions 8 and 4) for the publication of DNS data.
Like various other DNS servers, Microsoft's DNS server supports different database back ends. Microsoft's DNS server supports two such back ends. DNS data can be stored either in master files (also known as zone file
Zone file
A Domain Name System zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS. The zone file contains mappings between domain names and IP addresses and other resources, organized in the form of text...
s) or in the Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
database itself. In the latter case, since Active Directory (rather than the DNS server) handles the actual replication of the database across multiple machines, the database can be modified on any server ("multiple-master replication"), and the addition or removal of a zone
DNS zone
A DNS zone is a portion of the global Domain Name System namespace for which administrative responsibility has been delegated.-Definition:...
will be immediately propagated to all other DNS servers within the appropriate Active Directory "replication scope". (Contrast this with BIND
BIND
BIND , or named , is the most widely used DNS software on the Internet.On Unix-like operating systems it is the de facto standard.Originally written by four graduate students at the Computer Systems Research Group at the University of California, Berkeley , the name originates as an acronym from...
, where when such changes are made, the list of zones, in the /etc/named.conf file, has to be explicitly updated on each individual server.)
Microsoft's DNS server can be administered using either a graphical user interface
Graphical user interface
In computing, a graphical user interface is a type of user interface that allows users to interact with electronic devices with images rather than text commands. GUIs can be used in computers, hand-held devices such as MP3 players, portable media players or gaming devices, household appliances and...
, the "DNS Management Console", or a command line interface, the dnscmd utility.
Common issues
Prior to Windows Server 2003Windows Server 2003
Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...
and Microsoft Windows 2000 Service Pack 3
Windows 2000
Windows 2000 is a line of operating systems produced by Microsoft for use on personal computers, business desktops, laptops, and servers. Windows 2000 was released to manufacturing on 15 December 1999 and launched to retail on 17 February 2000. It is the successor to Windows NT 4.0, and is the...
, the most common problem encountered with Microsoft's DNS server was cache pollution
DNS cache poisoning
DNS cache poisoning is a security or data integrity compromise in the Domain Name System . The compromise occurs when data is introduced into a DNS name server's cache database that did not originate from authoritative DNS sources. It may be a deliberate attempt of a maliciously crafted attack on a...
. Although Microsoft's DNS Server had a mechanism for properly dealing with cache pollution, the mechanism was turned off by default.
A longstanding well-known issue is incompatibility with BIND configuration files, in particular, the lack of support for DNS wildcards
Wildcard DNS record
A wildcard DNS record is a record in a DNS zone that will match requests for non-existent domain names. A wildcard DNS record is specified by using a "*" as the leftmost label of a domain name, e.g. *.example.com. The exact rules for when a wild card will match are specified in RFC 1034, but the...
. This can be partially attributed to the fact that Microsoft's DNS server is based on BIND 4.3, before BIND added the support for DNS wildcards. Loose Wildcarding can be enabled. To create a wildcard character record, the Dnscmd command-line tool can be used. Also the support of IPv6
IPv6
Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
is implemented using a different technique from that of BIND 9, further driving even more incompatibilities between the two products.
In 2004, a common problem involved the feature of the Windows Server 2003
Windows Server 2003
Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...
version of Microsoft's DNS server to use EDNS0
EDNS
Extension mechanisms for DNS is a specification for expanding the size of several parameters of the Domain Name System protocol which had size restrictions that the Internet engineering community deemed too limited for increasing functionality of the protocol...
, which a large number of firewalls could not cope with.
External links
- Microsoft Domain Name System (DNS) — the problems with EDNS0 and firewalls, and how to fix them
- Domain Name System Client Behavior in Windows Vista
- What's new in DNS in Windows Server 2008
- What's new in DNS in Windows Server 2008 R2