Saturday, October 11, 2008

WINDOWS 2008 DNS improvements

Active directory integrated DNS is not required for AD to run properly ????, in fact I have heard people claming, UNIX based DNS works faster and better for the active directory. AS we all know if DNS is not working regardless it is integrated AD or UNIX the life will be very difficult for ADDS and Exchange admins, and the fact it you cannot run a network unless and unless you have DNS in place. Over years working with AD and DNS, I found AD integrated DNS is to way to go and never had any type of problems as long as it is set and maintained correctly.

Every version of windows comes out, I look for GUI or command line improvements on the DNS console and unfortunately I am not yet so successful to find what I was expecting, in term of the DNS GUI and its functionality.

Critics, Why is it not easy to add CNAME record, why we have to dig down and down on the little window which is not expendable and very much inconvenient to work with. Doing a search in the DNS console is not efficient in my opinion and why it was not made with MMC 3.0? as some other futures looks incredibly useful? Anyway I guess we just need to wait and hope to see we get better and smart GUI and command line to work with.

Let's take a look at some of the functionality in DNS and some of the new futures.

Background zone loading

The DNS data is retrieved from the directory service and this might have caused delay in especially large environments. So the result is the client is waiting DNS service is unable to use it while waiting DNS to come up.

Windows Server 2008 now loads zone data from AD DS in the background, when it restarts so that it can respond to requests for data from other zones

The DNS server can use background zone loading to begin responding to queries almost immediately when it restarts, instead of waiting until its zones are fully loaded

The zone data is stored in AD DS rather than in a file: AD DS can be accessed asynchronously and immediately when a query is received, while file-based zone data can be accessed only through a sequential read of the file

  • Enumerates all zones to be loaded.
  • Loads root hints from files or AD DS storage.
  • Loads all file-backed zones, that is, zones that are stored in files rather than in AD DS.
  • Begins responding to queries and remote procedure calls (RPCs).
  • Spawns one or more threads to load the zones that are stored in AD DS


DNS client computers can use link-local multicast name resolution (LLMNR), also known as multicast DNS or mDNS, to resolve names on a local network segment when a DNS server is not available. For example, if a router fails, cutting a subnet off from all DNS servers on the network, clients on the subnet that supports LLMNR can continue to resolve names on a peer-to-peer basis until the network connection is restored.

The DC Locator component of a client computer running Windows Vista or Windows Server 2008 periodically searches for a domain controller in the domain to which it belongs. This functionality helps avoid performance problems that might occur when a client locates its domain controller during a period of network failure, thereby associating the client with a distant domain controller located on a slow link. Previously, this association continued until the client was forced to seek a new domain controller, for example, when the client computer was disconnected from the network for a long period of time. By periodically renewing its association with a domain controller, a client can now reduce the probability that it will be associated with an inappropriate domain controller.

A client computer running Windows Vista or Windows Server 2008 can be configured (programmatically, with a registry setting, or by Group Policy) to locate the nearest domain controller instead of searching randomly. This functionality can improve network performance in networks containing domains that exist across slow links. However, because locating the nearest domain controller can itself have a negative impact on network performance, this functionality is not enabled by default.

Read more

--Oz Ozugurlu

MVP (Exchange) MCITP (EMA),

MCITP (SA) MCSE 2003, M+, S+,

MCDST, Security+, Project +, Server +


No comments: