As I have already mentioned here in my earlier post http://www.virmansec.com/blogs/skhairuddin/archive/2010/07/26/what-are-single-label-domain-names-or-sld.aspx that Windows Server 2003-based domain members,
Windows XP-based domain members, and Windows 2000-based domain members do not
perform dynamic updates to single-label DNS zones.
Then How do Enable them for Dynamic Updates ?? For Windows 2003 Server please follow the instructions given below.
Normal
0
false
false
false
MicrosoftInternetExplorer4
- Click Start,
click Run, type regedit, and then click OK.
- Locate and then click the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
- In the details pane, locate the AllowSingleLabelDnsDomain entry. If the AllowSingleLabelDnsDomain
entry does not exist, follow these steps:
a.
On
the Edit menu, point
to New, and then
click DWORD Value.
b.
Type
AllowSingleLabelDnsDomain as the entry name, and
then press ENTER.
- Double-click the AllowSingleLabelDnsDomain
entry.
- In the Value data
box, type 1, and then click OK.
- Exit Registry Editor.
Normal
0
false
false
false
MicrosoftInternetExplorer4
Windows XP and 2000 Clients.
Use Group Policy to enable the Update Top Level Domain
Zones policy and the Location of the DCs hosting a domain with single
label DNS name policy as specified in the following table under the folder
location on the root domain container in Users and Computers, or on all
organizational units (OUs) that host computer accounts for member computers,
and for domain controllers in the domain.
|
Policy
|
Folder location
|
|
Update Top Level Domain Zones
|
Computer Configuration\Administrative
Templates\Network\DNS Client
|
|
Location of the DCs hosting a domain with single label
DNS name
|
Computer Configuration\Administrative Templates\System\Net
Logon\DC Locator DNS Records
|
Note These policies are supported only on Windows
Server 2003-based computers and on Windows XP-based computers.
To enable these policies, follow these steps on the root domain container:
- Click Start,
click Run, type gpedit.msc,
and then click OK.
- Under Local
Computer Policy, expand Computer Configuration.
- Expand Administrative
Templates.
- Enable the Update Top
Level Domain Zones policy. To do this, follow these steps:
a.
Expand Network.
b.
Click DNS Client.
c.
In the details pane, double-click Update
Top Level Domain Zones.
d.
Click Enabled.
e.
Click Apply, and then
click OK.
- Enable the Location of
the DCs hosting a domain with single label DNS name policy. To do
this, follow these steps:
.
Expand System.
a.
Expand Net Logon.
b.
Click
DC
Locator DNS Records.
c.
In the details pane, double-click Location
of the DCs hosting a domain with single label DNS name.
d.
Click Enabled.
e.
Click Apply, and then
click OK.
- Exit Group Policy.
I have seen lot of folks on the technet forums asking about Single Label Domains and I thought it would be a nice idea to take some time and write about it.
What are single label domains ??
DNS names that do not contains suffix such as .org, .net, .com etc are considered as Single Label DNS names, for an example lets say that I have an Active Directory Domain with a name VIRMANSEC with out .com then its considered as Single Label Domain.
Microsoft does not recommend to use domains that have single-label DNS names. If you do create single-label DNS names, you may have the following issues.
- Some server-based applications are incompatible with single-label domain names like
- Microsoft Exchange 2000 Server
- Microsoft Exchange Server 2007
- Microsoft Internet Security and Acceleration (ISA) Server 2004
- Microsoft Live Communications Server 2005
- Microsoft Operations Manager 2005
- Microsoft SharePoint Portal Server 2003
- Microsoft Systems Management Server (SMS) 2003
- Microsoft Office Communications Server 2007
- Client computers and domain controllers that are joined to single-label domains require additional configuration to dynamically register DNS records in single-label DNS zones.
- Client computers and domain controllers may require additional configuration to resolve DNS queries in single-label DNS zones
- Transitioning from a single-label DNS domain name to a fully qualified DNS name is non-trivial and consists of two options either perform a migration using ADMT tool or Rename the Domain using Domain rename tool.
I hope by reading the above content you have gathered a good understanding about single labeled domains.
Home