CertiGuide to A+ (A+ 4 Real)  9  Chapter 14: Networks       9  What is a Network?            9  Protocol Standards

Classless Inter-Domain Routing (CIDR) 1 2 Windows Internet Naming Service (WINS)

Zones of Authority

If you consider how many millions of domains there are on the Internet, it is impossible for a DNS server to hold information on every single domain. It would be far too slow to search a database that large. To overcome this, DNS servers are split into "Zones of Authority", or "ZOA". This means that for each domain, a certain set of DNS servers are the only ones absolutely authorized to reply to a lookup request. When you query a DNS server that is the ZOA for the domain you are looking up, the response you receive is an "authoritative response". This means that without a doubt, the answer you get from that DNS server is the correct answer. However, what if the server you are querying is not authoritative? After all, you are using your ISP’s DNS server for resolution, but it is not authoritative for Microsoft.com.

The answer is quite simple in principle. Every DNS server holds a set of records that tell it where to go for each "TLD", or "Top Level Domain". These are the ".uk", ".com", ".org", “.net” domains, along with many others. Now imagine a hierarchy, with the servers that are authoritative for the TLD's at the top. Beneath this TLD, you have sub-domains, which in turn can contain their own sub-domains. Let us see it with "32bits.co.uk":

• TLD: .uk
  • Child Domain 1: .co.uk
    • Child Domain 2: 32bits.co.uk

Now, because every DNS server holds the TLD records and parent domains hold their child domain's records, regardless of where you are on the Internet and what DNS servers you use, the above process is followed. Your DNS server looks up the TLD for .uk, and sends a request. The .uk TLD then forwards the request to the server authoritative for .co.uk, which in turn holds the record for 32bits.co.uk. It then checks the record, sees the IP address associated with it and returns the request to the originator.

There can be a slight variation on this - a "non-authoritative response". This is when one of the other DNS servers is able to answer the request without having to wait for it to go all the way to the final ZOA. Because following the tree all the way to the final ZOA can be quite slow, a large amount of public DNS servers on the Internet are “caching only” servers. These servers are not authoritative for any domain, they simply exist to cache name resolution queries to provide faster responses.

Windows provides a handy function for reducing your typing when working with FQDN’s. By configuring “DNS suffixes”, you can tell Windows the DNS domains in which you commonly access resources. For example, if you were to add “.co.uk” to your machine’s DNS suffix list, to access senserltd.co.uk (the FQDN) you could simply type the hostname “senserltd”. Windows will automatically append each of the DNS suffixes in turn until it finds one that resolves. It is generally only a good idea to do this when using a DNS server on your local network – performing multiple DNS lookups for every single hostname can severely impact performance.

DNS suffixes are configured by clicking the “Advanced” button in the TCP/IP Properties dialog (Figure above), and navigating to the DNS tab.

Name resolution is one of the biggest differences between Windows NT and Windows 2000. Whilst Windows 2000 relies heavily on DNS for name resolution, Windows NT and its predecessors use a technology called WINS. Although Microsoft is phasing out WINS (and in Windows Server 2003 it is almost non-existent), CompTIA still list it as an objective.

Classless Inter-Domain Routing (CIDR) 1 2 Windows Internet Naming Service (WINS)