Wednesday, 30 December 2009

Getting IP Right in Windows: 1. Understand DNS

Networking in Windows is deceptively easy. The level of development Microsoft has achieved to make it so is quite considerable, and I contrast it here with the amount of tweaking required to get Unix services off the ground.

That said, a well-implemented IP structure is the cornerstone of any enterprise (or even serious home) office deployment. I’ve composed a series of five articles on topics you should be really getting right! There are certainly more, but these stick out in my mind.

1. Understand DNS

IP addressing is a computer task, in that is involves computations of 32- or 128-bit integers. It’s only for our clumsy brains that dotted-decimal notation was devised (and no amount of fudging improves IPv6 legibility), and hostnames are even simpler since they gives us names to work with, easier on the grey matter.

DNS is the magic that transforms the two, and it is involved in almost every conversation and transaction on the LAN, and certainly on the Internet, perhaps not continually, but certainly at the start of a digital dialogue.

Get to know the DNS namespaces:

  • Domains; In the first IP networks, the hosts of the entire fledgling ‘Net were stored in one grand file, which simply couldn’t scale to today’s Internet, so they’re broken down to domains, with distributed control and querying. These are the most jealously guarded servers on the Internet, as compromise causes outages and have serious security implications
  • Hostnames; Every box has one, and it helps to have a standard to make things easy to locate and avoid conflicts. Understand how they relate to the domain space – a common practice to differentiate the interfaces on a system is to register different address suffixes on the hostname depending on the function (e.g.,, so it’s useful to know how they relate to each other

DNS consists of various record types, depending on the kind of information you’re looking for:

  • A/AAAA; The simplest type of record, it maps a textual hostname to an IP address (IPv4 for A, IPv6 for AAAA). This is just the hostname portion, and is only useful in the context of a domain (see my later post on the evils of NetBIOS)
  • CNAME; This is an alias, useful for making an abstract name like www out of webserver1 for instance, and when multiple entries are used together, send users asking for www to one of webserver1, webserver2 and webserver3 without having to let your users know the difference.
  • PTR; This make backwards resolutions from IP addresses to names, and is useful for debugging or checking the identity of incoming connections
  • MX; Mail eXchanger records tell the world how to get mail to your domain, with rules on precedence and load-balancing
  • SRV; The newest in the family, and more and more widely used. A critical record for operation of your Active Directory domains and services, this record helps clients and servers figure out where they are on the network (sites), where the nearest service provider is (e.g. local domain controller) and even where to go if the local service is unavailable (e.g. lowest cost neighbouring AD site)

By getting into the habit of using Fully Qualified Domain Names (FQDNs) for your network activities, you’ll avoid common pitfalls such as failing (or mismatched) requests for a service in another domain, connecting to the wrong interface, or even just helping you map out the network in your head.

Wherever possible (and this doesn’t work everywhere I’d hope), use the User Principal Name (UPN) for your Active Directory logins and when asked for credentials instead of the old NT style, e.g.

Liam.Dennehy@leptech.lan – good!
LEPTECHDOM1\Liam – legacy, outdated. Not good!

All of this helps you put the resources in your Windows network in their correct place, avoids confusion and generally makes your life a bit easier in the long-run.

Next: 2. Subnets and Private IP Space

No comments:

Post a Comment