Microsoft DNS
Previous Topic  Top  next topic

Microsoft's DNS server software is included with the server versions of Windows NT4, 2000, and 2003.
For more information on this product see http://www.microsoft.com.

Windows 2000 and 2003 Server:

Microsoft DNS on Windows 2000 and 2003 Server supports dynamic updates using standard dynamic DNS updates, GSS-TSIG Kerberos authenticated DNS updates (See RFC3645), and via WMI.

IMPORTANT: We do NOT recommend using standard dynamic DNS updates, as there are no options to limit access to this in Microsoft DNS (which is probably why Microsoft refers to this as "non-secure dynamic updates").

GSS-TSIG Kerberos authenticated DNS updates (what Microsoft refers to as "secure dynamic updates") is a Microsoft extension to the TSIG signed dynamic DNS update method.
This update method is not supported by Simple Failover (WMI offers the same functionality).

WMI (Windows Management Instrumentation) is the recommended method of updating Microsoft DNS servers:

When using this update method, you must specify a user ID and password recognized by the DNS server in the DNS Server Properties dialog.
If the DNS zone that you want Simple Failover to update is "Active Directory integrated", then this user ID must belong to the "dnsadmin" group in Active Directory.

The Allow dynamic updates setting the zone properties dialog in Microsoft DNS does not affect updates via WMI. You can set this to no / none.

Note: Updates can only be performed on "Standard Primary" and "Active Directory Integrated" DNS zones - not on secondary zones.
To ensure that DNS can always be updated (with any one of the DNS servers unavailable), you must configure the zone as "Standard Primary" or as "Active Directory Integrated" on all DNS servers.
IMPORTANT: This also means that unless you are using an "Active Directory Integrated" zone, you will have to keep the DNS servers synchronized manually by always making all zone / record updates on both servers.

Note: Please note that the TCP/IP ports used by WMI (NetBios) are almost always blocked on Internet firewalls. So Simple Failover may have to be located on the same LAN as the DNS server, or have access to it via a VPN connection or similar.

See the Update DNS via WMI section for details on how WMI updates are performed.

Specifics for Windows 2000 Server:

To update via WMI, you must first install the DNS WMI Provider on the Windows 2000 Server.
You can download dnsprov.zip from our web-site at http://www.simplefailover.com/outbox/dnsprov.zip.
This file includes a "readme.txt" file with instructions for installing the provider.
You can also search for dnsprov.zip at http://www.microsoft.com.

If you are running Simple Failover on a Windows 95, 98, or NT4 computer, you will need to install WMI on this computer (later Windows versions have this pre-installed).
You can download the WMI installer wmicore.exe from our web-site at http://www.simplefailover.com/outbox/wmicore.exe.
Or search for wmicore.exe at http://www.microsoft.com.

Specifics for Windows 2003 Server:

Windows 2003 Server comes with the DNS WMI Provider pre-installed.

Simple Failover must be running on a computer with Windows ME, 2000 (SP3 or later), XP, 2003, or later. WMI on earlier Windows versions cannot communicate with Windows 2003 Server.

Notice: You do not need to install anything additional on the server or on the computer running Simple Failover for this to work.

Windows NT4 Server:

Microsoft's DNS server on Windows NT4 Server does not support any type of dynamic DNS updates.
However, it should be possible to programmatically update DNS records by first using the NT4 resource kit dnscmd.exe utility to delete the zone, then re-write the zone file to disk, and finally use dnscmd.exe to re-add the zone.
This version of Simple Failover does not have any direct support for updating like this, but it can be done via scripting.