Windows DNS

Overview of Windows DNS on Campus

Windows presents a challenge for the existing DNS infrastructure on many campuses including UCI. However, OIT feels it has developed a solution that provides all departments and their Windows domains dynamic DNS support.

Currently, all hosts on campus --servers and clients-- have an "A"(forward) and "PTR"(reverse) records registered with DNS. This will not change. While Windows DNS does provide clients the ability to update their hostnames and reverse records on the fly (as does BIND), this is not needed to run a Windows domain, and will not take away any features of active directory.

The only real need for dynamic DNS on campus comes from the SRV records that Windows domain controllers need to register in order for their domain (and forest) and active-directory to function properly. OIT is now providing a new service to respond to this issue. We have a DNS server running BIND that allows for dynamic updates from registered domain controllers across campus. By using delegation of zones, the existing campus name servers, ns1.service.uci.edu and ns2.service.uci.edu, give authority over special underscore ( _ ) Windows subdomains to this dynamic DNS server. Any DNS lookup for a Windows service on campus will first query one of the main campus nameservers. This query will then be forwarded to the dDNS server to be resolved.

WinDNS Registration and Management

You can signup, delete or edit your domain controllers for this service by using the WinDNS registration tool.

Questions?

If you have any questions, please see the FAQ below or mail oit@uci.edu with specific questions.

WinDNS FAQ

What is the Windows DNS registration for?

This tool registers your Windows domain and domain controllers for dynamic SRV record updates.

Why do Windows domains need dynamic DNS?

Windows now uses DNS instead of WINS to locate resources inside of a domain. Domain controllers update the appropriate DNS server automatically to make resources available to users. Without these updates and records, your users will not be able to login or contact domain controllers.

What records are updated in WinDNS?

Various records are updated in 6 sub-zones of your domain. These are:

  • tcp.domain.uci.edu
  • udp.domain.uci.edu
  • sites.domain.uci.edu
  • msdcs.domain.uci.edu
  • DomainDnsZones.domain.uci.edu
  • ForestDnsZones.domain.uci.eduA typical record looks like:
    _kerberos           SRV    0 100 88 dc1.domain.uci.edu.

After registering, how long does it take before my controllers can make dynamic updates?

Your controllers can make dynamic updates the day after our postmaster verifies your new domain. This usually means the next business day. If you change an existing domain, those changes will always be put in effect at midnight and do not need verification.

What nameservers do my controllers need to use?

You can continue to use ns1 (128.200.1.201) and ns2 (128.200.192.202) as your name servers.

Can our workstations use dDNS to update their host names?

No, in fact on a workstation, you should NOT have the box “Register this connections IP addresses in DNS” checked. This just puts extra load on our DNS servers because we have to reject these updates.

Why are my records not being updated?

Make sure on all your domain controllers you have the box “Register this connection’s IP addresses in DNS” checked.

My event log is filling up with DNS registration errors. How do I fix this?

Windows will try to register not only the SRV resource records, but its host and domain “A” records as well, and we do not allow this. If you do not like those error messages, you can add this registry key to tell your controllers to stop registering “A” records.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters – Add a DWORD value there called RegisterDnsARecords and set it to 0.

*NOTE* Do not do this on a root domain controller. Your global catalogs will no longer work. Just ignore the event log messages.

What is a root domain?

Typically, the first domain you start in a forest. All other domains have a transitive trust running through this domain. This domain also typically houses the Global Catalog.

Who do I contact for support or to report a problem with registration of WinDNS?

Please email oit@uci.edu.