Providing Single-Label DNS Name Resolution
Applies To: Windows Server 2008
While Domain Name System (DNS) is the predominant name-resolution technology in TCP/IP networks, Windows Internet Name Service (WINS) is deployed in many networks as an alternative name-resolution protocol. WINS is an older service that uses NetBIOS over TCP/IP (NetBT). WINS and NetBT do not support IP version 6 (IPv6) protocols. Therefore, they will become less useful as enterprises move to IPv6-only networks. WINS continues to be deployed most commonly to provide resolution of single-label host names throughout the enterprise network.
Even without WINS name resolution, a DNS client can resolve a single-label name by successively querying a DNS server by appending the single-label name with a domain-name suffix from a preconfigured search list. The DNS client continues to query the DNS server with a different name that is derived from the list until the name resolves successfully. While this is suitable for smaller networks, for an enterprise with many domains, managing a suffix search list for all clients can be cumbersome. Also, client query performance is lowered when the client queries for a single-label name with a long list of domains. Finally, relying on the suffix search list does not guarantee that single-label names are global and unique across all the domains in the search list.
If you are retiring WINS or are planning on deploying only IPv6 in your environment, all name resolution will depend on DNS. Even after you no longer deploy WINS, your network may continue to require the static, global records with single-label names that WINS currently provides. These single-label names typically are assigned to important, well-known, and widely used servers for the enterprise. These servers are assigned static IP addresses, and they are managed by information technology (IT) administrators.
To help organizations migrate to DNS for all name resolution, the DNS Server role in Windows Server 2008 supports a special GlobalNames Zone (GNZ) feature. The GNZ feature is designed to enable DNS resolution of these single-label, static, global names. You can deploy a GNZ in a single forest or across multiple forests.
GNZ is intended to aid the retirement of WINS. It is not a replacement for WINS. GNZ is not intended to support the single-label name resolution of records that are registered dynamically and therefore not managed by IT administrators. GNZ does make it possible for you to provide single-label name resolution of a fixed set of host computers whose names are guaranteed to be both global and unique.
When a DNS server running on Windows Server 2008 receives a query for a single-label host name, it attempts to resolve the name by first checking for the name in the GNZ. If it is not able to resolve the name by using the GNZ, , it then looks in local zone resource records. Only if the GNZ and local query fails does the DNS server fail over the query to WINS, if the zone is configured to use WINS lookup. On the other hand, when a DNS server running on Windows Server 2008 receives a dynamic update request for a new host, it first checks for the name in GNZ and, if it finds the host name there, it refuses the update request to ensure that the names in the GNZ remain unique throughout the forest or forests where the GNZ is deployed.
The GNZ is not a new type of zone, but it is distinguished by its reserved name. The name “GlobalNames” indicates to the DNS Server service running on Windows Server 2008 that the zone is to be used for single-name resolution. Because it is not a different zone type, it is created and managed much the same as any forward lookup zone, except that normally the only resource records that it contains are the usual start of authority (SOA) and name server (NS) resource records, plus an alias (CNAME) resource record for each single-label name to be resolved by the zone. Also, the GNZ should not be configured to allow dynamic updates to prevent host (A or AAAA) records from being inadvertently registered in the zone.
GNZ functionality requires that all authoritative DNS servers must run Windows Server 2008. It is not necessary that all domain controllers run Windows Server 2008; only the domain controllers that are authoritative DNS servers must run Windows Server 2008.
This section includes the following tasks for providing single-label DNS name resolution: