As the naming service for the Internet, DNS is a crucial infrastructure in all enterprises, large and small. DNS has been around for more than 15 years and was first defined as part of Internet Engineering Task Force (IETF) Request for Comments (RFC) 1034 and RFC 1035 and later updated in RFC 2181. Microsoft finally moved from its proprietary WINS to DNS with the introduction of Active Directory (AD).
AD uses DNS as part of the service locator process. When a Windows-based client attempts to contact a domain controller (DC), Global Catalog (GC) server, or Kerberos Key Distribution Center (KDC), AD queries DNS in the background to find the most optimal server to use. If you understand how entries, or Resource Records (RRs), are structured in DNS and the basics of how to use the Perl Net::DNS modules, you can write scripts and applications to perform functions such as finding all the DCs in a site or domain, finding all the GC servers in a forest, and updating DNS when you bring new servers online.
RRs
RRs are DNS entries that correspond to a type of name lookup. The many different RR types correspond to various types of DNS lookups (go to http://www.microsoft.com/windows2000/en/server/help/sag_dns_add_rr-reference.htm for a list and descriptions of Windows 2000supported RR types). AD uses four record types most frequently: Host address (A), Pointer (PTR), Canonical name (CNAME), and Service locator (SRV).
You're probably most familiar with the A record, which maps a DNS domain name to an IP address. You use this record to perform a forward lookup—a DNS lookup of a name to find its IP address. Figure 1, page 2, shows an Nslookup command that performs an A record lookup on the server named dc1.xyz.com.
PTR records map an IP address to a name, which is known as a reverse lookup. You use the PTR record when you attempt to find the name for a particular IP address, as the example in Figure 2, page 2, shows.
CNAME records map an alias or alternative name for a server to its real name. The ability to use an alias often comes in handy, especially on Web servers. For example, if you want clients to go to intranet.xyz.com to access an internal Web site, but the Web server name is web1.xyz.com, a CNAME record of intranet.xyz.com that points to web1.xyz.com will do the trick. Figure 3, page 2, shows an Nslookup command that queries a CNAME record and returns the server name.
SRV records locate servers that provide a particular service for a client. As I described earlier, AD uses these records in its service locator process. Figure 4, page 2, shows how to query for SRV records. In this example, I query for SRV records matching _ldap._tcp.dc._msdcs.xyz.com to locate the DCs in the xyz.com domain.
Notice that SRV records provide additional information, including priority, weight, and port. Typically, all DCs' SRV records have a priority of 0 and a weight of 100, so that information isn't of use. The port number is the port associated with the service that the host provides. In Figure 4, the DC SRV record returns the Lightweight Directory Access Protocol (LDAP) port—port 389. GC SRV records return port 3268, and Kerberos SRV records return port 88.
Querying DNS with Net::DNS
Because DNS is ubiquitous and vital, especially to AD, you can benefit from understanding how to programmatically query it. Perl gives you a couple of different options. You can use the Perl built-in functions gethostbyname() and gethostbyaddr() to resolve names to IP addresses and vice versa. You can't use them to query SRV records and perform dynamic updates. They also don't provide as much control over the DNS query process as the Perl Net::DNS modules do.
The Net::DNS set of modules provides a flexible, object-oriented (OO) interface for querying and updating all types of DNS records. To obtain the latest release of Net::DNS, go to http://www.net-dns.org or http://
search.cpan.org/dist/Net-DNS. As I write this article, the latest version available from the Net::DNS and CPAN Web sites is 0.28. I recommend that you use this version or a later one because some older versions don't support the Windows platform very well.
One big benefit of Perl and Net::DNS is that they're cross-platform, which means that you can use them to write scripts on a variety of platforms to query and update DNS. Using Net::DNS to query DNS is straightforward. Listing 1 shows a sample script that queries for the _ldap._tcp.dc._msdcs.DomainName SRV record. As I described previously, each DC in the DomainName domain has the _ldap._tcp.dc._msdcs.Domain
Name SRV record. Using Net::DNS to find the hosts with this SRV record is a simple way to obtain a list of all of a domain's DCs.
The first step in using Net::DNS is to create a new instance of the Net::DNS::Resolver object, as the line at callout A in Listing 1 shows. You can then invoke the nameservers() method, as the line at callout B shows, if you want to point your query or update at a specific name server. If you don't use the nameservers() method, the script uses the name servers configured on the local host, either statically or through DHCP. If you use a version of Net::DNS earlier than 0.20, you must use nameservers().
At callout C, the search() method queries for a specific RR. The first parameter is the name to search for. The second parameter is optional and is the RR type to search for. If you don't specify a second parameter, the query will match against any RR type.