Condividi tramite

qUICKLY Explained: GlobalNames Zone

  • Articolo

Welcome to another edition of qUICKLY Explained, this time we look at GlobalNames Zone or GNZ for DNS Servers running Windows Server 2008 or R2.

In the past, a lot of companies have installed in their network a name resolution service called WINS (Windows Internet Naming Service).

WINS is an old service which relies on NetBIOS over TCP / IP (NetBT). Since the introduction of Microsoft Active Directory, the name resolution has been delegated to DNS (Domain Name Services). There was a time when WINS was preferred over DNS due to it being Dynamic in nature and DNS had to be managed statically. Ages ago, DNS was also made dynamic and hence the need to have two naming resolution mechanisms does not make sense any more. Environments that still rely on non-Windows or single-label names are unfortunately forced to using WINS. Evolution of communication protocols and depletion of IPv4 addresses required us to start looking at IPV6 protocols which expand the whole IP space to accommodate virtually any number of devices. Now if there is any need for WINS in an environment, remember that it is not compatible with IPv6 and is therefore becoming obsolete.

IPV6 is included in all flavors of Windows Server 2008 and R2. Microsoft has also introduced a new type of Zone called GlobalNames or GNZ which is checked by DNS for any query before the normal DNS Zones like _msdcs.ForestName and DomainName. This new type of Zone can be used in place of WINS to provide single-label name resolution for devices that would otherwise not register their records dynamically with the normal DNS Zones. I don't mean to imply that GNZ is an abnormal zone J. GNZ is a solution where your DNS servers are now able to provide name resolution for single-label names.

 In order to use this new zone, you have to do the following two steps:

1.    Create the GlobalNames Zone (either via GUI or Command line), and

2.    Enable support for this Zone on the DNS Server (remember, GNZ can only be used on Windows Server 2008 or R2)

 

1. Create the GlobalNames Zone (using the Graphical interface):

1. Open DNS - from Adminstrative Tools.

2. In the console tree, right-click the DNS-server, and then click New Zone

3. On the New Zone Wizard starts, click Next.

4. On the Zone Type page, make sure that the Primary zone and Store the Zone in Active Directory (available only if DNS-server is a writable domain controller) are checked, and then click Next.

5. Click To all DNS-servers in this forest: <ForestName>, and then click Next.

6. Select Forward Lookup Zone, and then click Next.

7. In the Name box, enter the zone GlobalNames, and then click Next. Its one word "GlobalNames" without ""

8. Select Do not allow dynamic updates and click Next.

9. Click Finish.

Create the GlobalNames Zone (using the Command line):

Open a command prompt with elevated permissions. Click Start, point to All Programs, Accessories, then right-click Command Prompt, and then click Run as administrator. At the command prompt, type the following command and press ENTER:
Dnscmd ServerName /ZoneAdd GlobalNames / DsPrimary /DP /forest

 

2. Enable Support for this Zone on the DNS Server:

Open the command prompt as an Administrator, and enter the following: 
Dnscmd ServerName /config /Enableglobalnamessupport 1 

To implement the GNZ consider the below prerequisites:

  • All authoritative DNS servers must be running Windows Server 2008. It is not necessary that all domain controllers are Windows Server 2008, except for those that are authoritative DNS for the domain.
  • The domain must not be an area formerly called GlobalNames
  • For the proper functioning of the GNZ, each DNS server should contain a complete and authoritative copy of the zone.

To simplify administration it is recommended to integrate GNZ with Active Directory which takes care of Replication and Security of the data.

Now simply create records in GNZ

  • Right click on GNZ from the context menu and select New Alias (CNAME)
  • Create a new alias using the name and the DNS record source
  • Test the system to verify proper operation.

Please look at the following technet article on Deploying a GlobalNames Zone:

https://technet.microsoft.com/en-us/library/cc731744.aspx

Download the DNS GlobalNames Zone Deployment doc with examples here:

https://download.microsoft.com/download/e/2/0/e2090852-3b7f-40a3-9883-07a427af1560/DNS-GlobalNames-Zone-Deployment.doc

Diagram below shows how a DNS Server responds to any single label query when GNZ is used. When a Client queries the DNS Server for a single label name, if the DNS hosts a GlobalNames zone, this zone is checked first for a match, if a record exists, this is replied back to the Client. If not, then the normal FQDN zone is checked, appending the DNS Suffix.

Comments

  • Anonymous
    January 01, 2003
    thank Tony - Links updated ! much appreciated.

  • Anonymous
    January 01, 2003
    EXcellent!

  • Anonymous
    January 01, 2003
    Good information, very helpful. Thanks

  • Anonymous
    January 11, 2011
    Your links to technet are incorrect.

  • Anonymous
    March 05, 2011
    Enjoy reading your blogs...keep up the good work!

  • Anonymous
    May 09, 2011
    This is neat stuff... I wasn't aware of the GlobalNames Zone!! Thanks for sharing Qasim.

  • Anonymous
    August 24, 2015
    thank you for the content ; helpful

  • Anonymous
    September 29, 2015
    Hi,

    I have an issue when connecting between cross forest.

    when i try to resolve the entry using nslookup by FQDN name for the CNAME created in GNZ in Trusted forest.

    first time i get a response and next time i get the below error.

    Non-authoritative answer:
    *** FQDN NAME can't find FQDN NAME: Unspecified error

    after an hour again i get response only once and then the same error continuous. Where Ping is working as expected.

    Thanks
    Saravanan

  • Anonymous
    January 25, 2016
    The comment has been removed