What mechanism does Windows use to register its address in DNS?

In this Microsoft white paper IPv6 for the Windows Administrator: How Name Resolution Works in a Dual IPv4/IPv6 Scenario it's shown that Windows will attempt to register it's addresses with a DNS server.

How does that work "on the wire"? Is this a Microsoft-specific API call that only works between a Windows client and a Windows DNS server?

Or is this using a standard DNS query message such that registration can be made to work with other DNS servers, eg dnsmasq?

I'm particularly interested in how this works with IPv6.

(I'm guessing that this won't work with dnsmasq since from what I understand it only hands out DNS address info for addresses that it's allocated from dhcp or that have been statically assigned).

Edit:

I've found this similar question on ServerFault: How Active Directory Dynamic DNS updates works behind the scenes? but that doesn't really give any specifics, although it implies that it's a Microsoft-specific mechanism between Windows and a Microsoft DNS server.

David

Posted 2018-09-13T09:16:12.397

Reputation: 528

Answers

Windows uses DNS "UPDATE" operations, specified in RFC 2136. If the computer is an Active Directory member, it will authenticate the updates using GSS-TSIG (specified in RFC 3645 and MS-GSSA). Updates sent by standalone systems are unauthenticated.

Although at least the latter protocol was invented by Microsoft, they are both open and compatible with ISC BIND and other software – you can update a Windows DNS server with BIND's nsupdate, and vice versa.

The mechanism is not affected by dual-stack hosts as the client explicitly specifies what addresses (records) it wants added, both IPv4 and IPv6; there is no guessing on the server's part. This also means that hosts behind a NAT will send updates containing their internal IPv4 addresses (which is a good thing in this context – corporate LAN DNS would be useless otherwise).

(Also note that the protocol does not require the computer to directly use an AD domain controller as its DNS server. Instead, clients will send updates specifically to the server mentioned in the domain's SOA record, in the 'mname' field.)

While Microsoft DNS Server indeed has its own specific MSRPC-based API, workstations do not use it for automatic registration. It is only for administration tools, such as the dnsmgmt.msc console or samba-tool dns. A compatible server implementation exists in Samba 4, when acting as an AD domain controller.

Older NT4 (pre-AD) and Win9x series didn't rely on DNS as much – instead, NT4 domains had Microsoft's semi-proprietary WINS as a central name lookup mechanism (based on NetBIOS workgroup name service, but central as opposed to broadcast). WINS included an update operation as part of the base protocol, and had no authentication.

To see what happens on the wire, use Wireshark.

user1686

Posted 2018-09-13T09:16:12.397

Reputation: 283 655

As usual, minutes after I post a question I hit on the right combination of Google search terms to find the actual answer...

This document is for Windows Server 2008, but I assume is stil relevant Windows Server - Allow Dynamic Updates :-

Domain Name System (DNS) client computers can use dynamic update to register and dynamically update their resource records with a DNS server whenever changes occur.

...

Dynamic update is an RFC-compliant extension to the DNS standard. The DNS update process is defined in RFC 2136, "Dynamic Updates in the Domain Name System (DNS UPDATES)."

Where the RFC describes a specific DNS message packet that is used for this purpose.

David

Posted 2018-09-13T09:16:12.397

Reputation: 528