3. Windows Active Directory and DNS

Some Windows services, in particular Active Directory, require that the DNS servers support SRV (service) records and prefer also that dynamic updates are supported.

While the main Oxford DNS servers can in principle handle SRV records, dynamic update requests from Windows clients are best handled in a secure manner by the Microsoft DNS server software.

In view of this and other operational considerations, the decision was taken that each unit wishing to use Active Directory services operate its own local Windows DNS server. Notes and minutes relating to the relevant meetings may be found on the Active Directory pages.

3.1. Implementation

In order to integrate with the Oxford University DNS, it is required that six subdomains be delegated to each unit DNS server. These subdomains are as follows (the final two do not apply to Windows 2000-only domains):
  • _tcp.unit.ox.ac.uk
  • _udp.unit.ox.ac.uk
  • _sites.unit.ox.ac.uk
  • _msdcs.unit.ox.ac.uk
  • DomainDNSZones.unit.ox.ac.uk
  • ForestDNSZones.unit.ox.ac.uk

The delegations will be made to one or two servers within your own unit. Server delegations should be registered via the DNS web interface in the usual way.

Refer to the instructions on Installing and Configuring Windows DNS to Support Active Directory together with the Active Directory pages for further information and full details of configuring DNS to support both configurations.

3.2. Disabling dynamic DNS registration

By default PCs running Windows 2000 and above (both workstation and server products) will try to register their name and IP address in the DNS each time that they boot up. To minimise the extra load that this will cause on the Oxford DNS servers, we'd be grateful if you would turn this option off when you install Windows XP, Vista etc. Never disable this setting on domain controllers as this will also stop them registering their service records.

To disable automatic registration after Windows has been installed, open the [Network] control panel, bring up the [Properties] box for the Local Area Connection, open the [Properties] for TCP/IP, go to [Advanced/DNS] and turn off the option [Register this connection's addresses in DNS]. You can also disable registration during a custom install of XP by going into the [Properties] of TCP/IP at the appropriate point in the installation process.

Up: Contents Previous: 2. DNS technical Rules and Guidelines