Welcome to another edition of qUICKLY Explained, this time we look at GlobalNames Zone or GNZ for DNS Servers running Windows Server 2008 or R2.
In the past, a lot of companies have installed in their network a name resolution service called WINS (Windows Internet Naming Service).
WINS is an old service which relies on NetBIOS over TCP / IP (NetBT). Since the introduction of Microsoft Active Directory, the name resolution has been delegated to DNS (Domain Name Services). There was a time when WINS was preferred over DNS due to it being Dynamic in nature and DNS had to be managed statically. Ages ago, DNS was also made dynamic and hence the need to have two naming resolution mechanisms does not make sense any more. Environments that still rely on non-Windows or single-label names are unfortunately forced to using WINS. Evolution of communication protocols and depletion of IPv4 addresses required us to start looking at IPV6 protocols which expand the whole IP space to accommodate virtually any number of devices. Now if there is any need for WINS in an environment, remember that it is not compatible with IPv6 and is therefore becoming obsolete.
IPV6 is included in all flavors of Windows Server 2008 and R2. Microsoft has also introduced a new type of Zone called GlobalNames or GNZ which is checked by DNS for any query before the normal DNS Zones like _msdcs.ForestName and DomainName. This new type of Zone can be used in place of WINS to provide single-label name resolution for devices that would otherwise not register their records dynamically with the normal DNS Zones. I don't mean to imply that GNZ is an abnormal zone J. GNZ is a solution where your DNS servers are now able to provide name resolution for single-label names.
In order to use this new zone, you have to do the following two steps:
1. Create the GlobalNames Zone (either via GUI or Command line), and
2. Enable support for this Zone on the DNS Server (remember, GNZ can only be used on Windows Server 2008 or R2)
1. Create the GlobalNames Zone (using the Graphical interface):
1. Open DNS - from Adminstrative Tools.
2. In the console tree, right-click the DNS-server, and then click New Zone
3. On the New Zone Wizard starts, click Next.
4. On the Zone Type page, make sure that the Primary zone and Store the Zone in Active Directory (available only if DNS-server is a writable domain controller) are checked, and then click Next.
5. Click To all DNS-servers in this forest: <ForestName>, and then click Next.
6. Select Forward Lookup Zone, and then click Next.
7. In the Name box, enter the zone GlobalNames, and then click Next. Its one word "GlobalNames" without ""
8. Select Do not allow dynamic updates and click Next.
9. Click Finish.
Create the GlobalNames Zone (using the Command line):
Open a command prompt with elevated permissions. Click Start, point to All Programs, Accessories, then right-click Command Prompt, and then click Run as administrator. At the command prompt, type the following command and press ENTER: Dnscmd ServerName /ZoneAdd GlobalNames / DsPrimary /DP /forest
2. Enable Support for this Zone on the DNS Server:
Open the command prompt as an Administrator, and enter the following: Dnscmd ServerName /config /Enableglobalnamessupport 1
To implement the GNZ consider the below prerequisites:
To simplify administration it is recommended to integrate GNZ with Active Directory which takes care of Replication and Security of the data.
Now simply create records in GNZ
Please look at the following technet article on Deploying a GlobalNames Zone:
Download the DNS GlobalNames Zone Deployment doc with examples here:
Diagram below shows how a DNS Server responds to any single label query when GNZ is used. When a Client queries the DNS Server for a single label name, if the DNS hosts a GlobalNames zone, this zone is checked first for a match, if a record exists, this is replied back to the Client. If not, then the normal FQDN zone is checked, appending the DNS Suffix.
Your links to technet are incorrect.
thank Tony - Links updated ! much appreciated.
Enjoy reading your blogs...keep up the good work!
This is neat stuff... I wasn't aware of the GlobalNames Zone!! Thanks for sharing Qasim.
Good information, very helpful. Thanks
thank you for the content ; helpful
I have an issue when connecting between cross forest.
when i try to resolve the entry using nslookup by FQDN name for the CNAME created in GNZ in Trusted forest.
first time i get a response and next time i get the below error.
*** FQDN NAME can't find FQDN NAME: Unspecified error
after an hour again i get response only once and then the same error continuous. Where Ping is working as expected.