Friday, 21 March 2014

How to install and configure DNS server in windows server 2008

Understanding the concept

The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates easily memorized domain names to the numerical IP addresses needed for the purpose of locating computer services and devices worldwide. The Domain Name System is an essential component of the functionality of the Internet. For example, When considering an internet zone Google maintains various DNS servers around the world that manage the,, and other domains. Your ISP also maintains DNS servers as part of your Internet connection setup. DNS networking is based on the client / server architecture and when you consider your Web browser it functions as a DNS client (also called DNS resolver) and issues requests to your Internet provider's DNS servers when navigating between Web sites.
When a DNS server receives a request not in its database (such as a geographically far away or rarely visited Web site), it temporarily transforms from a server to a DNS client. The server automatically passes that request to another DNS server or up to the next higher level in the DNS hierarchy as needed. Eventually the request arrives at a server that has the matching name and IP address in its database (all the way to the root level if necessary), and the response flows back through the chain of DNS servers to your client.

Configuring DNS in your network

You can do it either in a domain or a workgroup. If your server is a domain controller probably during the installation of Active directory you may installed those service. For example at the below step you might be specified to install DNS service.

1. Else you can install the service from server manager. Open the 'Server manager' from 'Administrative Tools'->Roles->Add role
2. Click 'Next' on welcome window and you will see the server role 'DNS server' is listed there(In my network it is already installed and hence the status is grayed out).

3. If it is not installed put the tick mark against 'DNS server' and click 'Next'->'Next' on introduction windows as well->Select 'Install'. Once it is completed successfully follow the below steps to configure DNS in your network.

4. From 'Start'->'Administrative tools'->'DNS'.
   When configuring DNS you must be familiarize with the zone concepts. There are three zone in DNS and that are 
   a) Forward lookup zone
   b) Reverse lookup zone
   c) Conditional forwards
In simple words we can define it as 'Forward lookup' converts an Internet name to an IP address. 'Reverse lookup' converts the IP address to the Internet name(host name in a LAN). Generally these conversions are called as 'IP address lookup'. 'Conditional forwarders' are nothing but as the name implies it will forward the request of a user specified categories to another DNS server/s. For example if a request comes ending with the name '' we can redirect all those request to second server. It can be used as a load balancing of your DNS server. More details of the same can be fetched from the below link:
   By default when you install the DNS server with Active directory we will be having forward lookup zones configured automatically and it is enough to have this if your network is small. 

5. From the DNS console select your server name and right click on it. This will list out the options for you to configure and select 'Configure a DNS Server'. Else Actions->New zone.

6. Click 'Next' on welcome window and now you need to specify the configuration that we need to make now.
 a. Create a forward lookup zone
 b. Create forward and revers lookup zone
 c. Configure root hints only.

As the first two options are most familiar I am not describing it once again. Where as when you consider 'Configure root hints only' in simple word this will help you to redirect your first DNS requests to a server which can globally resolve these requests. Such as you can specify one of the root hint server as's IP which can resolve most of the internet requests. By default it will have a list of 13 global DNS in your server(You can see this by selecting the 'Properties' of your DNS server->Select 'Root hints'). If you remove those entries it is must that you should have at least
a forwarders configured it resolve the names. When you do not have any forwarders configured your DNS server it uses 'root hints' to resolve the name. Hence this is highly essential and this option will be enabled by default and you can add root hint servers if it requires.

7. Since we are looking to configure forward lookup zone please select the second option '
 Create forward and revers lookup zone' and click 'Next'. This will allow you to configure forward and backward lookup zone in a single shot :)

8.Since we need to configure forward look as well I have selected 'Yes, create a forward lookup zone now(recommended)' and click 'Next'.

9. Now you need to specify the 'Zone' type. There are three types that we have like primary zone, secondary zone and stub zone you have the descriptions also. Here my records are going to save on same server and hence I am selecting 'Primry zone' and click 'Next'.

10. Specify the zone name that you would like to have and click 'Next'.

11. If you have a zone file that is copied from another server you can simply allow this to have the information             about the zone(make sure that you have copied that file to '%SystemRoot%\system32\dns') else you can create a new one. Since I don't have this I need to create this, Click 'Next'. 

12. Next you need to specify the 'Dynamic update' settings of your zone.

The automatic update of DNS records in the DNS database is technically known as ‘Dynamic Updates’.

  1. 'Allow only secure dynamic updates'- This will allow you to configure only when the zone is created during the active directory  installation. Any changes in the clients will be automatically changed on the DNS database as well.
  1. 'Allow both secure and non-secure dynamic updates'- Configuring this option will leave your network   less secure because updates will be accepted from unknown clients.
  1. 'Do not allow dynamic updates'- This will disable the dynamic updates in your network. Once you configure this you need to manually make changes of clients.
Dynamic update settings can be changes after the configuration. Select the Zone->'Properties'->Under 'General' change the 'Dynamic updates' as required.

Since this is not my Active directory integrated zone  this option will be grayed out and I cannot opt this. Hence I am selecting the second option to continue with. If you need to make it to active directory integrated zone, on step 9 you need to 'tick' the check box 'Store the zone in active directory' and continue installation(I have configured the Revers lookup zone as Active directory integrated).

13. From the next window onwards we will start with the configuration of Reverse lookup zone. Click 'Next'.

14. Here I am going to specify the same configurations as followed for Forward lookup zone. Hence the above descriptions will be enough for you to configure reverse lookup zone as well.

15. Now you need to specify how you want the DNS data replication through the network.
                    Since I need the data replication for all domain controllers in my network I am selecting the second                       option and click 'Next'.

16. Select the IP protocol version that you want to create, either IPV4 or IPV6.

17. Now specify the network ID of your network and click 'Next'.

   18. Specify the 'Dynamic update' settings as you require. The description given under forward lookup zone may help you to decide this.

19. If you need to configure the forwarders you can specify that as well(Details of 'conditional forwarders' are specified above). Since I don’t want to configure forwarders I am not doing it.

20. Click on 'Next' and it will give you the below windows and click on 'Finish'.

21. Now you can see the DNS  zones created in your DNS console.

No comments:

Post a Comment