FREE Delivery in the UK.
Only 1 left in stock (more on the way).
Dispatched from and sold by Amazon. Gift-wrap available.
DNS on Windows Server 200... has been added to your Basket
+ £2.80 UK delivery
Used: Very Good | Details
Condition: Used: Very Good
Comment: Expedited shipping available on this book. The book has been read, but is in excellent condition. Pages are intact and not marred by notes or highlighting. The spine remains undamaged.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

DNS on Windows Server 2003 Paperback – 27 Dec 2003

5.0 out of 5 stars 1 customer review

See all formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
£21.53 £0.79
Note: This item is eligible for click and collect. Details
Pick up your parcel at a time and place that suits you.
  • Choose from over 13,000 locations across the UK
  • Prime members get unlimited deliveries at no additional cost
How to order to an Amazon Pickup Location?
  1. Find your preferred location and add it to your address book
  2. Dispatch to this address when you check out
Learn more
£35.50 FREE Delivery in the UK. Only 1 left in stock (more on the way). Dispatched from and sold by Amazon. Gift-wrap available.
click to open popover

Special Offers and Product Promotions

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone

To get the free app, enter your mobile phone number.

Product details

  • Paperback: 418 pages
  • Publisher: O'Reilly Media; 3 edition (27 Dec. 2003)
  • Language: English
  • ISBN-10: 0596005628
  • ISBN-13: 978-0596005627
  • Product Dimensions: 17.8 x 2.7 x 23.3 cm
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: 1,014,731 in Books (See Top 100 in Books)
  • See Complete Table of Contents

Product Description

About the Author

Cricket Liu matriculated at the University of California's Berkeley campus, that great bastion of free speech, unencumbered Unix, and cheap pizza. He joined Hewlett-Packard after graduation and worked for HP for nine years. Cricket began managing the zone after the Loma Prieta earthquake forcibly transferred the zone's management from HP Labs to HP's Corporate Offices (by cracking a sprinkler main and flooding Labs' computer room). Cricket was for over three years, and then joined HP's Professional Services Organization to cofound HP's Internet Consulting Program. Cricket left HP in 1997 to form Acme Byte & Wire, a DNS consulting and training company, with his friend (and now co-author) Matt Larson. Network Solutions acquired Acme in June 2000, and later the same day merged with VeriSign. Cricket worked for a year as Director of DNS Product Management for VeriSign Global Registry Services. Cricket joined Men & Mice, an Icelandic company specializing in DNS software and services, in September, 2001. He is currently their Vice President, Research & Development. Cricket, his wife, Paige, and their son, Walt, live in Colorado with two Siberian Huskies, Annie and Dakota. On warm weekend afternoons, you'll probably find them on the flying trapeze or wakeboarding behind Betty Blue.

Matt Larson started Acme Byte & Wire, a company specializing in DNS consulting and training, with Cricket Liu in January 1997. Previously, he worked for Hewlett-Packard, first as Cricket's successor as hostmaster, then as a consultant in HP's Professional Services Organization. Matt graduated from Northwestern University in 1992 with two degrees: a bachelor of arts in computer science and a bachelor of music in church music/organ performance. He lives in Bethesda, Maryland, with his wife, Sonja Kahler, and their two pugs. In his spare time he enjoys playing the 10-rank pipe organ in his house and flying light airplanes. Cricket worked for five and a half years at Hewlett-Packard's Corporate Network Services, where he ran, one of the largest corporate domains in the world, and helped design the HP Internet's security architecture. Cricket left HP in 1997 to start his own company, Acme Byte & Wire, with his friend and co-author Matt Larson. Network Solutions acquired Acme Byte & Wire in June of 2000, and then subsequently, Network Solutions merged with VeriSign. Cricket became Director of DNS Product Management of the merged company, helping determine which new DNS-related products VeriSign would offer.

Robbie Allen is a Senior Systems Architect in the Advanced Services Technology Group at Cisco Systems. He was instrumental in the deployment and automation of Active Directory, DNS, and DHCP at Cisco. Robbie enjoys working on the Unix and Windows platforms, especially when Perl is installed. He is a firm believer that all system administrators should be proficient in at least one scripting language and most of his writings preach the benefits of automation. Robbie has a web site at

Excerpt. © Reprinted by permission. All rights reserved.

Chapter 8 - Integrating with Active Directory

"The face is what one goes by, generally," Alice
remarked in a thoughtful tone.

With the release of Windows 2000, Microsoft replaced the Windows NT Security Account Manager (SAM) with Active Directory (AD), which serves as the repository for information about users, groups, computers, and other network resources. In contrast to the SAM, Active Directory is built on several well-known standards including the Lightweight Directory Access Protocol (LDAP) for accessing and manipulating data, Kerberos for authentication, and—you guessed it—DNS for name resolution.

In fact, using DNS for name resolution is one of the major improvements of Active Directory over Windows NT, which relied on the Windows Internet Naming Service (WINS). Microsoft made the decision to develop WINS in the early days of Windows NT because, at the time, DNS did not support dynamic update capability, which Microsoft needed for its clients. As a result, many companies had to implement both services: DNS for standard Internet-based name resolution and WINS for the Windows NT environment. This often pitted the NT administrators against the DNS administrators because of the need to maintain two separate namespaces. Over time, dynamic update support was added to DNS, and WINS failed to garner industry support—in no small part because it was a proprietary Microsoft offering.

Even with the opportunity to get rid of WINS, migrating to Active Directory hasn’t always resulted in a harmonious union between AD and DNS administrators. While Windows NT had virtually no DNS requirement, Active Directory is at the opposite extreme. It is completely dependent on DNS. If DNS becomes unavailable, clients may fail to authenticate or log in to Active Directory, and domain controllers will not be able to replicate changes throughout the forest. This highly visible dependency on DNS requires that the AD and DNS administrators work closely together (assuming they are in separate groups) and agree on implementation details, which can sometimes be a challenge. It is not uncommon for DNS administrators to be reluctant to delegate part of the namespace for Active Directory, and AD administrators are oftenhesitant to entrust a critical component to another group and forgo the advantages of AD-integrated DNS.

This chapter explores many of the key DNS-related issues you need to be aware of when implementing and supporting Active Directory. We cover how Active Directory uses DNS for service advertisement and domain controller location; and, conversely, how Active Directory can be used to enhance DNS by providing robust replication and security for zone data. We do not—in fact, cannot in a single chapter— cover the numerous other Active Directory components. For more information on designing, implementing, and automating Active Directory, see Active Directory, Second Edition (O’Reilly) by our own Robbie Allen. For examples on how to perform common Active Directory administrative tasks, see Active Directory Cookbook (O’Reilly), also by Robbie.

Active Directory Domains
One of the first issues you have to consider when implementing an Active Directory infrastructure is how many domains you need and what to name them. Active Directory domain names are DNS domain names, but—and this is important—not every DNS domain name is an Active Directory domain name.* So while an organization’s Active Directory namespace resembles its DNS namespace, the two don’t have to be identical.

The number of domains you create in your forest is largely dependent on your administrative and replication requirements. A domain is mastered by one or more domain controllers, which are servers that have writeable copies of the data (about users, groups, computers, etc.) contained in the domain. Unfortunately, Active Directory is not like DNS, where a single name server can be authoritative for multiple zones. A domain controller can be authoritative only for a single Active Directory domain. To create a new Active Directory domain, you have to install a new domain controller—your existing domain controllers cannot be used. However, Active Directory uses a multimaster replication system, unlike DNS, and consequently any domain controller can process updates and replicate the changes to the other domain controllers in the domain.

* And every square is a rectangle, but not all rectangles are squares. All registered mail is certified, but not all certified mail is registered. You get the idea.

Domains, Domain Trees, and Forests
Domain trees and forests are two important Active Directory concepts. A domain tree is simply a collection of one or more domains that share a common namespace. The and domains would be considered part of the domain tree; however, the domain, if created after, would be in a separate domain tree called If the domain you create does not contain the full name of the parent domain or forest root domain, it is considered part of a separate domain tree.

A forest is a collection of one or more domain trees. The domains in the domain tree and the domain tree could be part of the same forest. A domain tree is based on a common namespace, but a forest is not.

A forest is named after the first domain created in the forest. If was the first domain we created, the forest is automatically named We can then create additional domains for and all belonging to the forest. Another option is to create the domain in its own forest, which has certain implications for user access.

Customer Reviews

5.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See the customer review
Share your thoughts with other customers

Top Customer Reviews

Format: Paperback Verified Purchase
This book is very good and provides many examples of how to deply DNS.
Comment 2 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Helpful Customer Reviews on (beta) 4.4 out of 5 stars 13 reviews
20 of 23 people found the following review helpful
5.0 out of 5 stars Excellent book! 20 May 2004
By A Customer - Published on
Format: Paperback
This book is well-written and very easy to read. It covers all the basics of DNS and the specifics around Windows Server 2003 DNS. The AD chapter is a gem!
I have to disagree with reviewer "Santhosh Sivarajan". Just as with the base OS, there weren't huge differences with DNS between 2000 and 2003, but I think this book did a good job in covering the differences. All the major enhancements including conditional forwarding and stub zones were covered in detail. Also, contrary to what Santhosh said, application partitions are covered in depth in the AD chapter.
In short, if you are running Windows Server 2003 DNS, you won't go wrong with this book.
12 of 14 people found the following review helpful
5.0 out of 5 stars Good text on DNS for Win2k3! Much of the same (good stuff) 28 Oct. 2004
By Cisco Kid Redux - Published on
Format: Paperback
As in-depth as you will get on DNS for Windows 2003. A recent reviewer stated that it's much of the same. Well, much of it really is; and if you''ve been working with DNS for as long as many of us, nothing about its operations should be new to you. The most significant "tweaks" in DNS in the past few years have been done by Microsoft, to support their AD/200x line - those features are detailed quite specifically in this book (it's what this is all about anyway). And with AD continually evolving, chapters such as Managing DNS Programmatically (with WMI completely in mind) should be of utmost importance for the practicing MS administrator (that is, if you've really read the book!)
8 of 9 people found the following review helpful
5.0 out of 5 stars The Microsoft DNS Authority 19 May 2006
By Stacy - Published on
Format: Paperback
Simply put, this is the most thorough and complete text on DNS for the Windows Active Directory (Windows 2000 Server and Windows Server 2003) platform; period.

In addition, it covers the basis and "the guts" behind DNS in general irrespective of operating system but of course focuses and drills deep into the application of DNS in the Windows AD NOS. For you UNIX fiends out there, go with its sister book "DNS and BIND" written by the same team.

You can be an absolute novice on DNS or a seasoned systems engineer/administrator and this book will be equally enthralling.

Whether this is your first book on DNS or not, it definitely will be the last one you need to least until Windows "Longhorn" Server debues in 2007-2008.

And despite one mistaken reviewer's comment: THERE IS FULL COVERAGE of Active Directory Integrated DNS Domain and Forest Zone Application Partitions.

Just buy it,and you will never bat an eye at tackling any DNS issue ever again.
4.0 out of 5 stars A good preemptive strike book 28 Dec. 2005
By Yoshiro Aoki - Published on
Format: Paperback
This is the kind of book to read before things go boom, and you end up trying to decode DNS under, shall we say, less than optimal conditions:)

The book doesn't assume much, only that you have some idea about Server 2003 (really, just 2000...they introduce the new features of 2003 in a seamless way that blends the evolving technology together in a way that makes sense).

We all know that DNS and AD are extremely critical pieces of the Windows 2000+ infrastructure, so it's a good idea to know a little bit more about it than the average Corvus albicollis.

Fortunately, this book develops the DNS story in a readable way, with logical organization & topic introduction. There is also quite a bit of hands-on, in the way of configuration and troubleshooting. It makes for a decent lab manual, if you happen to have a domain tree and a couple of DNS servers handy to play with.

4 stars
5.0 out of 5 stars Cricket is the DNS MAN! 14 Jan. 2011
By Amazon Customer - Published on
Format: Paperback
This book is fantastic as are most of the works that Cricket Liu is involved with writing. He is a rare breed in this field in that he can simultaneously be on the cutting edge of the industry and also communicate complex ideas to us mere mortals. I strongly recommend this book to both novices and veteran system engineers/administrators. I've been lucky enough to see the author live twice as he tours the country in his role as VP of Architecture for Infoblox. He is excellent at speaking as well as writing and I recommend you check out his lecturing style as you'll see it is as easy to follow as the concepts he presents in this book. (There are many videos available at [...] on a variety of topics.) I know other authors were involved in the writing of this book and they are great too but I think Cricket is The MAN when it come to all things DNS!
Were these reviews helpful? Let us know