DNS Expertise at Your Fingertips
DNS Expert Active Directory scores big with the complex, falls short with the simple.
Microsoft systems admins have spent years avoiding anything to do with
the Domain Name System (DNS), leaving its maintenance to in-house Unix
gurus or Internet Service Providers. Well, no longer. In order to build
your Active Directory structure, you need to have a firm foundation in
DNS, as many AD problems actually originate from improperly configured
Galloping in like a white knight comes Iceland’s Men& Mice with DNS Expert
Active Directory 1.0. This simple-to-use tool analyzes your DNS implementation,
as well as related items in your AD configuration and warns you of possible
problems. You need at least a basic understanding of DNS to make use of
DNS Expert AD’s recommendations; the product isn’t intended to replace
a DNS administrator, just make that admin’s life easier.
DNS Expert AD installs easily on any Windows 2000 or XP system. You’ll
need to specify your DNS implementation type: split namespace, Internet
root or intranet root. This affects the types of tests DNS Expert AD performs,
and a poor choice could lead to incorrect results. Fortunately, you can
change this setting later, if needed.
Men&Mice wisely gave DNS Expert AD a simple interface, as Figure 1 shows.
You simply type in the domain name you wish to analyze. In addition, you
can choose to analyze child domains. Clicking the Start button gets the
analysis rolling. Minutes or seconds later (depending on the size of your
DNS implementation) the DNS Expert AD results appear. Serious problems
show up as errors, less serious items as warnings. For example, in one
of my tests, I didn’t have a second name server configured (you should
always have at least two DNS servers). DNS Expert AD properly admonished
me with a warning.
|The first step in DNS Expert Active Directory 1.0’s
simple-to-use interface: just type in the domain name and click Start.
All the other items are optional.
As you review the errors and warnings, you can get more information specific
to each item from Men&Mice’s Web site by clicking the Explain button.
Many of the articles at this site link to related Microsoft Knowledge
Base articles. DNS Expert AD can also produce reports, although these
only include the information from the software—not from Men&Mice’s Web
Unfortunately, it appears that Men&Mice left out a few basic and important
tests in DNS Expert AD. I disabled Dynamic Updates on my forward and reverse
lookup zones, then reran the tests. DNS Expert AD didn’t say anything,
yet it’s one of the most common and serious configuration mistakes made
with a DNS zone supporting AD. Nor did DNS Expert AD object after I deleted
the reverse lookup zone or gave users Full Control permission on the DNS
server; these should have generated warnings.
I can’t really recommend DNS Expert AD—yet. In its defense, it’s a version
1.0 product; I’m hoping either a patch or the next version will include
a more thorough battery of tests. In the meantime, keep your eye on this
one—it could eventually prove a winner, as well as a handy utility in
your AD toolkit.
Ronald Stewart, MCSE+I, MCT, is an IT consultant in Vancouver, Canada. He has more than 10 years of experience in IT. He’s worked with, consulted on, and taught DNS.