December 2011 Entries
Domain Naming Service

Consider this article on DNS a prequel to the upcoming ADDS series. After all, any active directory implementation requires DNS integration.

So what is DNS?

DNS is a highly reliable, hierarchal, distributed and scalable database used for name resolution and service location. So basically it translates friendly names ( in to IP addresses ( allowing clients to connect to resources in the infrastructure without memorising pesky IP numbers.

History of DNS

When the DoD initially started up the “internet” in its early days host files, which were replicated between the hosts, were used for name resolution. As the number of hosts started the grow the traffic generated by these replications was growing exponentially, not to mention the size of the host file!

In 1984 the domain name system got introduced to the infrastructure. This system allowed for host names to reside on a database that could be distributed amongst multiple servers, decreasing loads on single servers and allowing administration on a per-partition basis. Theoretically the size of a dns database is unlimited and performance does not degrade by adding more & more servers.

Hierarchical DNS

The system is set up as a hierarchical system where a fully qualified domain name (FQDN) is separated by dots (.) and the highest hierarchy is at the end of the FQDN. So for the hierarchy would look as following:

1· COM

a. Contoso

             I. Hosting

How is DNS structured?

As discussed before DNS is a hierarchical system. More so, each zone in the hierarchy has a number of “default” kinds of “resource records”:


Time to live


Data it contains

Start of Authority

60 minutes by default


Owner name

Primary dns name

Refresh/retry interval

Expire time

Minimum TTL


Same as Zone


Host DNS name

IP address

Name server

Same as Zone


Owner name

Name server DNS

Mail Exchange

Same as Zone


Owner name

Mail Exchange DNS name



Same as zone


Owner name

Host DNS name

Replication and zone types

To allow for a distributed system to be accurate and fast for every local user of that system replication is needed as well as the ability to have different replication types. In a DNS server we have the following different zones:

· Primary

· Secondary

· Stub

A primary zone is the zone to which all updates for the records which belong to that zone are made.
A secondary zone is a read only copy of a primary zone. A stub zone is a read only copy of a primary which only contains the name server records of that primary zone.


Time To Live

The TTL value is, quite literally, the time a records lives in a resolver. This entry makes sure the DNS server does not keep information for so long it becomes outdated. This also means that when a change is made to a record it might take up to the maximum amount of time specified in the TTL before that information is “up to date” with every other DNS server.

Care has to be taken as a TTL value which is too high will cause cached entries to become outdated, but a TTL which is too low will increase network traffic and server utilization.


Recursion is, by default, enabled on the DNS Server service. Simply put, recursion is the action of a DNS server sending other DNS servers a query on behalf of the client, until an authoritative answer has been received. That answer will then be forwarded to the requesting client.

If recursion is disabled no forwarders can be set for the DNS and lookups will only be performed internally.

Round Robin

As a method to manage server congestion by disturbing connection loads across multiple servers containing identical content round robin is slightly outdated but still widely used. In this setup multiple A records are created for the same host name, but with different IPs. When queried the DNS server will give out the information on the first record, on the next query the second and so on until the end of the list is reached at which time DNS will loop back to the first record.

Root hints

Root hints allow servers to lookup information for zones they are not authoritative for to learn and discover these zones. Best practice is to disable root hints all together if your DNS servers are on a private network.


A forwarder is a domain name system server on a network used to forward DNS queries for external DNS names to DNS servers outside of that network. Forwarders can also be used to forward queries to specific DNS servers for specific domain names (conditional forwarders).

Ports used by DNS

Traffic type

Source port

Destination port

Queries from local DNS

Any port above 1023


Responses to local DNS


Any port above 1023

Queries from remote DNS

Any port above 1023


Responses to remote DNS


Any port above 1023


All traffic is initially sent over UDP but the message sender can choose to reissue the DNS request through TCP if the query is too long.



Used to view the properties of DNS servers, zones and resource records as well as having the capability to be used to modify all aspects of the DNS server service. Scriptable.


This tool can be used to help diagnose common DNS name resolution issues. Targetting it for specific DNS record sets and ensuring that they are consistent across multiple DNS servers is possible.


This is the default DNS console.


A tool which can capture and log data about the packets on a network .


Used to query DNS servers and to obtain detailed responses.


A network connectivity tester enabling you to isolate networking and connectivity problems by performing a series of tests to determine the state of your network client,

Active directory integration


Active directory integration for DNS gives us a distinct set of benefits, namely the following:

· Replication is performed by Active directory removing the need for a separate replication topology.

· Active directory offers a “per-property” replication.

· Replication is secure when integrated in to Active Directory.

· Active directory eliminates the primary DNS server as a single point of failure. AD replication is multi master and updates can be made to any domain controller which will then propagate the change to other domain controllers.

Active directory integration also stores its information in the application directory partition where each directory-integrated zone is stored under its own dnsZone container object.


Active directory is highly dependent on DNS as a domain controller location mechanism and uses domain naming conventions in the architecture of active directory domains. (aka DNS breaks = AD breaks).


Domain controller locator: This record enables clients to locate domain controllers.
AD domain names in DNS: Separate name space for AD domains in DNS
AD DNS Objects: When stored in AD each DNS zone becomes a class (dnsZone) and receives unique attributes.

Add Comment Filed Under [ Platforms ]
Exchange 2010 multi tenancy

And here is the new and improved multi tenancy guide for Exchange 2010 SP2! Remember that this is no longer using the /hosted switch but your environment will still be supported until the next Exchange version comes along.

Add Comment Filed Under [ Exchange ]
KB2644137: Windows Network Load Balancing does not work in an Exchange Server cluster

MS knowledge base article which is of interest:

Consider the following scenario:

  • You have multiple servers that are running Microsoft Exchange Server.
  • The servers that are running Exchange Server are hosted in a VMware ESX environment.
  • The servers that are running Exchange Server are part of a Windows Network Load Balancing cluster.
  • Windows Network Load Balancing is configured to run in unicast mode.
In this scenario, Windows Network Load Balancing may not work correctly. For example, network traffic is routed to one node in the cluster. Technorati Tags: ,,,,,,,,,,,,,,,
Exchange 2010 SP2!

Has been released! Get your copy right here! And make sure to get it while it is hot Winking smile!
There has been some long awaited (at least by me Angry smile) features included in it and you can read more on that here. And don’t forget this service pack makes changes to the hosted environment supportability! We’ll have to wait a bit longer before we get more details on that but stay tuned!

Technorati Tags: ,
Add Comment Filed Under [ Exchange ]
Email going the way of the Dodo?
Note that this is a “rant” about the following post: 
BOMBSHELL: Huge Company Bans Internal Email, Switches Totally
To Facebook-Type-Stuff And Instant Messaging

At the end of November ABC posted an article stating Thierry Breton, CEO of Atos (formerly known as Atos Origin), wants to move to a “Zero-mail” policy for it’s internal communications. Mr Breton is not the first one to come up with this plan but his claim that he has not sent an email in the last three years seems somewhat far fetched… Now not to call him a liar I’ll go from the assumption that his secretary has been sending those emails (Don’t we love the send-on-behalf function?).

Truth of the matter is that he does have, remarkably enough, a point. Most emails being sent are spam and even more are pointless. But to remove email all together from the picture is a bridge too far and I believe that Mr Breton is well aware of that.  Whilst what he declared will not be a hoax but more a way of actually putting his company in the picture. (results have been a bit negative for Atos: source).

Now to come to Thierry’s point is that we will be seeing a paradigm shift in the following years, but let’s face that this shift has already been coming for a while and that the IT industry as a while changes every couple of years. As a platform for knowledge sharing and fast communications email is insufficient. But this is known by all Techies (yeah I capitalised Techies!) and, dare I say, the general public.

Instant communications have been used in companies for years, the application only varied. I have, personally, chatted with colleagues through ICQ, MSN, Skype, Office Communicator and Lync. The chances that other people have used AOL, Yahoo or google chat are substantial. The only thing we could complain about is that the integration with other platforms was quite poor.

Looking at it from a Microsoft perspective we have now have integration between Sharepoint, Lync and Exchange. Integration that allows us to implement a better platform for sharing knowledge, fast communication with our colleagues and sending messages that are important. Let’s face it, official communication with our clients will not go through a chat window. Not for a while at least…

So to address the title of this post: No, I do not believe email is going the way of the Dodo. I do believe that companies will be rethinking, or at least should rethink, their communication policies for both internal and external traffic. The article that inspired this “rant” jumps to conclusions and totally misses the point of what is going on.

Add Comment Filed Under [ General ]