Product Reviews

DNS Expertise at Your Fingertips

DNS Expert Active Directory scores big with the complex, falls short with the simple.

Microsoft systems admins have spent years avoiding anything to do with the Domain Name System (DNS), leaving its maintenance to in-house Unix gurus or Internet Service Providers. Well, no longer. In order to build your Active Directory structure, you need to have a firm foundation in DNS, as many AD problems actually originate from improperly configured DNS servers.

Galloping in like a white knight comes Iceland’s Men& Mice with DNS Expert Active Directory 1.0. This simple-to-use tool analyzes your DNS implementation, as well as related items in your AD configuration and warns you of possible problems. You need at least a basic understanding of DNS to make use of DNS Expert AD’s recommendations; the product isn’t intended to replace a DNS administrator, just make that admin’s life easier.

DNS Expert AD installs easily on any Windows 2000 or XP system. You’ll need to specify your DNS implementation type: split namespace, Internet root or intranet root. This affects the types of tests DNS Expert AD performs, and a poor choice could lead to incorrect results. Fortunately, you can change this setting later, if needed.

Men&Mice wisely gave DNS Expert AD a simple interface, as Figure 1 shows. You simply type in the domain name you wish to analyze. In addition, you can choose to analyze child domains. Clicking the Start button gets the analysis rolling. Minutes or seconds later (depending on the size of your DNS implementation) the DNS Expert AD results appear. Serious problems show up as errors, less serious items as warnings. For example, in one of my tests, I didn’t have a second name server configured (you should always have at least two DNS servers). DNS Expert AD properly admonished me with a warning.

Men&Mice DNS Expert AD 1.0
The first step in DNS Expert Active Directory 1.0’s simple-to-use interface: just type in the domain name and click Start. All the other items are optional.

As you review the errors and warnings, you can get more information specific to each item from Men&Mice’s Web site by clicking the Explain button. Many of the articles at this site link to related Microsoft Knowledge Base articles. DNS Expert AD can also produce reports, although these only include the information from the software—not from Men&Mice’s Web site.

Unfortunately, it appears that Men&Mice left out a few basic and important tests in DNS Expert AD. I disabled Dynamic Updates on my forward and reverse lookup zones, then reran the tests. DNS Expert AD didn’t say anything, yet it’s one of the most common and serious configuration mistakes made with a DNS zone supporting AD. Nor did DNS Expert AD object after I deleted the reverse lookup zone or gave users Full Control permission on the DNS server; these should have generated warnings.

I can’t really recommend DNS Expert AD—yet. In its defense, it’s a version 1.0 product; I’m hoping either a patch or the next version will include a more thorough battery of tests. In the meantime, keep your eye on this one—it could eventually prove a winner, as well as a handy utility in your AD toolkit.

About the Author

Ronald Stewart, MCSE+I, MCT, is an IT consultant in Vancouver, Canada. He has more than 10 years of experience in IT. He’s worked with, consulted on, and taught DNS.


comments powered by Disqus

Subscribe on YouTube