DNS records in Active Directory

In this blog we will talk about DNS records in Active Directory. We will discuss how DNS (Domain Name System) works, we will talk about types of DNS records, how to create DNS records in Active Directory and how to do DNS records lookup.

Watch video

Watch this video on our YouTube channel to learn DNS records in Active Directory and other concepts of DNS (Domain Name System).

What is Domain Name System

If we go by definition, Domain Name System or DNS provides Computer name to IP address mapping name resolution services to the users and computers.

When an Active Directory operation is performed, for example Authentication, Updating or searching a resource, computers use DNS to locate Active Directory Domain Controllers. Even Domain Controllers use DNS to locate other domain controllers within your domain.

DNS (Domain Name System) is a server role that you can install by using Server Manager or using Windows PowerShell commands. If you are installing a new Active Directory forest, DNS is automatically installed in the first domain controller of the forest.

How Domain Name System (DNS) works

Now let’s consider few examples and let’s understand the working of Domain Name System (DNS) in detail.

This image has an empty alt attribute; its file name is how-domain-name-system-works-1024x437.png
  1. When a user logs in from the client machine, the request is sent to the primary DNS server. This request is a service location request. Client asks the DNS server, do you know where I can find the domain controller. In this request, client specifically looks for Kerberos service. Kerberos is an authentication protocol for active directory.
  2. DNS server has Service Location Record or SRV record for all the domain controllers within that domain. DNS finds that record and sends it back to the client. Now client knows the IP address of the domain controller. So client will forward the authentication request directly to the Domain Controller and the authentication process begins.
  3. If this request fails, user will not be able to login. Even you will not be able to join a machine with the domain if DNS server is not available. If you want to find a service within the active directory domain, DNS server should be reachable.
  4. DNS resolution process involves converting a hostname to an IP address. If a user on client machine tries to access a website, for example wwww.google.com. First, Computer will check its local cache. If this client has connected to www.google.com before, then this local cache will contain name to IP resolution address.
  5. If this address doesn’t exit in local cache, the client will check the local host file. This host file exists on every machine and it can be accessed from C:/Windows/System32/Drivers/etc/hosts. The host file is a static version of DNS. When DNS was not introduced, administrators used to add static entries within host file. But this is not feasible to add static entries in host file when you have thousands of machines in your organization. So the host file has name to IP address typed in that file. If the entry is not in local cache and host file, client will not be able to resolve this name. Then client will do a recursive query to local DNS Server. Recursive query means, the client will ask DNS server to resolve the name on its behalf, by any means necessary. Even if you have to contact other DNS servers to resolve this name, please do. I just need to resolve this name. This is recursive query.
  6. DNS server will first identify that the name client is trying to access, is a local name or its a remote name. If client is trying to access a file server or a local application, in that case DNS server will already have records for these names. But if client is trying to access a remote application or an external website, DNS server will not have the records for that application.
  7. Then DNS server will check its own local cache. If this DNS server had resolved this name before, it will have an entry for that request saved within the cache. Let’s say earlier a different user tried to access google.com website. So this DNS server will have that record saved in its cache. So in that case, DNS will send the resolution back to the client. If DNS server does not has anything in its cache for this request, then DNS server will send Iterative query to the Root NameServer of the internet. Iterative query is a type of DNS query in which a name server contacts a second name server to perform a Name-to-IP lookup.
  8. Root Server holds all the domain suffixes. For example, .com .in .org. or .net. Root server doesn’t hold the domain names. So it will redirect DNS server to Top Level Domain server that holds all the domain names. Then DNS server will query the Top Level Domain Server. Top Level Domain Server will have A record for the domain and it will have the IP address of the domain that DNS server is looking for.
  9. Then response will be sent to the DNS server with the IP address of the website. Local DNS will save this record in its local cache for future reference, and will send this response to the client with the IP address of the website that user is trying to access.

DNS records lookup

Let’s ping www.google.com. Open command prompt and type ping www.google.com

ping google

Now a name resolution process will be performed on www.google.com. Before we access this website, this website name has to be resolved to an IP address. In the above image you can see this website name is resolved to an IP address. So that means this resolution process is passed and we can access www.google.com website.

This computer will temporarily store this record in local cache. To see local DN cache on a machine, run ipconfig/displaydns in command prompt.

DNS local cache

In above image we can see local cache records of this machine. We can see the Record Name is www.google.com, and this has A record that is pointing to 142.250.128.99 IP address.

Types of DNS records

A record: A record is used to map a fully qualified domain name (FQDN) of a server to an IPv4 address.

a record

As you can see in the above image, my domain name is office365concepts.com. I have created an A record with name mail and this is pointed to an IPv4 address. So this means, this A record is created for mail.office365concepts.com, and this is pointed to the IP address of the server that is hosting mail.office365concepts.com.

AAAA record: QUAD A record (AAAA) is similar to A record but is used to point FQDN of a server to IPV6 address.

CNAME record: CNAME record or canonical name record is used to specify when a domain is an alias of another domain or if you have subdomains. CNAME record never points to an IP address.

cname record

In the above image you can see I have 1 domain office365concepts.com and I have 2 subdomains site1.office365concepts.com and site2.office365concepts.com. So i am using CNAME record to add and point both subdomains to office365concepts.com domain. In office 365 CNAME record is used for Autodiscover service and in on-premise as well you use CNAME record for Autodiscover service.

TXT record: TXT record is used to prove ownership of a domain. We use TXT record for SPF and DMARC as well.

NS record: NS record or Name Server record indicates which DNS server is authoritative to a domain. In other words, it tells the internet where to go and find the domain’s IP address.

name server dns record

Name Server record also tells that which domain provider is hosting the DNS records for a domain.

MX record: MX record is used to indicate that which email server is responsible to accept the emails from the external world. We can add multiple MX records with a preference value. The lower the value highest will be the priority.

mx record

In this example, we have created 2 MX records and we are pointing both records to the same server’s IP address that is responsible to receive external emails. If a server has lower preference, then sender’s email server will send that email to this server. If both records have the same value, then sender server will pick a random server and route the email to any one of these 2 servers.

SRV record: SRV record (Service record) is used to identify the computers or the servers that host specific services.

SRV record

Conclusion

In this blog you learnt what is Domain Name System, how DNS resolution works, and what are the different types of DNS records.

Found this article helpful? You may also like Install Active Directory on Windows Server 2019 and promote to Domain Controller. Don’t forget to follow us and share this article.

We welcome you to browse our other articles:
Google Workspace to Microsoft 365 Migration
Microsoft 365 Tenant to Tenant Migration. A Comprehensive Guide to Mailbox Migration.
Sophos Central Email Security integration with Exchange Online – Step by step guide.
Demystifying Autodiscover. A Deep Dive into Autodiscover.
Troubleshooting Inbound connector in Exchange Online
Troubleshooting Exchange Online Mail Flow: A Comprehensive Guide
Exchange Online Protection (EOP) interview questions and answers
Demystifying the High Risk Delivery Pool (HRDP) in Exchange Online
Exploring the Power of Public Folders in Exchange Online, Office 365 and Microsoft 365
50+ Exchange Online Mail Flow Interview questions and answers
What is Exchange Online
What is DMARC record
What is DKIM (DomainKeys Identified Mail) and how does it work
What is MX record (Mail Exchange)
Set up SPF record for Office 365 domains
How does SPF work (Sender Policy Framework)

Happy Learning!!