Understanding the concept
The
Domain Name System (DNS) is a hierarchical distributed naming system for
computers, services, or any resource connected to the Internet or a private
network. It associates various information with domain names assigned to each
of the participating entities. Most prominently, it translates easily memorized
domain names to the numerical IP addresses needed for the purpose of locating
computer services and devices worldwide. The Domain Name System is an essential
component of the functionality of the Internet. For example, When considering
an internet zone Google maintains various DNS servers around the world that
manage the google.com, google.co.uk, and other domains. Your ISP also maintains
DNS servers as part of your Internet connection setup. DNS networking is based
on the client / server architecture and when you consider your Web browser it
functions as a DNS client (also called DNS resolver) and issues requests to
your Internet provider's DNS servers when navigating between Web sites.
When a
DNS server receives a request not in its database (such as a geographically far
away or rarely visited Web site), it temporarily transforms from a server to a
DNS client. The server automatically passes that request to another DNS server
or up to the next higher level in the DNS hierarchy as needed. Eventually the
request arrives at a server that has the matching name and IP address in its
database (all the way to the root level if necessary), and the response flows
back through the chain of DNS servers to your client.
Configuring DNS in your network
You can
do it either in a domain or a workgroup. If your server is a domain controller
probably during the installation of Active directory you may installed those
service. For example at the below step you might be specified to install DNS
service.
1. Else you
can install the service from server manager. Open the 'Server
manager'
from 'Administrative Tools'->Roles->Add role
2. Click 'Next' on welcome window and you
will see the server role 'DNS server' is listed there(In my
network it is already installed and hence the status is grayed out).
3. If it is not installed put the tick mark against 'DNS server' and click 'Next'->'Next' on introduction windows as well->Select 'Install'. Once it is completed successfully follow the below steps to configure DNS in your network.
4. From 'Start'->'Administrative tools'->'DNS'.
When configuring DNS you must be familiarize with the zone concepts. There are three zone in DNS and that are
a) Forward lookup zone
b) Reverse lookup zone
c) Conditional forwards
In simple words we can define it as 'Forward lookup' converts an Internet name to an IP address. 'Reverse lookup' converts the IP address to the Internet name(host name in a LAN). Generally these conversions are called as 'IP address lookup'. 'Conditional forwarders' are nothing but as the name implies it will forward the request of a user specified categories to another DNS server/s. For example if a request comes ending with the name 'serverlabs.com' we can redirect all those request to second server. It can be used as a load balancing of your DNS server. More details of the same can be fetched from the below link:
By default when you install the DNS server with Active directory we will be having forward lookup zones configured automatically and it is enough to have this if your network is small.
5. From the DNS console select your server name and right click on it. This will list out the options for you to configure and select 'Configure a DNS Server'. Else Actions->New zone.
6. Click 'Next' on welcome window and now
you need to specify the configuration that we need to make now.
a. Create a
forward lookup zone
b. Create
forward and revers lookup zone
c. Configure
root hints only.
As the first two options are most familiar I am not describing it
once again. Where as when you consider 'Configure
root hints only' in simple word this will help you to redirect your
first DNS requests to a server which can globally resolve these requests. Such
as you can specify one of the root hint server as Google.com's IP which can
resolve most of the internet requests. By default it will have a list of 13
global DNS in your server(You can see this by selecting the 'Properties' of your DNS server->Select 'Root hints'). If you remove those entries it is
must that you should have at least
a forwarders configured it resolve the names. When you do not have
any forwarders configured your DNS server it uses 'root hints' to resolve the name. Hence
this is highly essential and this option
will be enabled by default and you can add root hint servers if it requires.
7. Since we are looking to configure forward lookup zone
please select the second option '
Create forward and
revers lookup zone' and click 'Next'. This will allow you to configure forward
and backward lookup zone in a single shot :)
8.Since we need to configure forward look as well I have
selected 'Yes, create a forward lookup zone now(recommended)' and click
'Next'.
9. Now you need to specify the 'Zone' type. There are three types that we have like primary
zone, secondary zone and stub zone you have the descriptions also. Here my
records are going to save on same server and hence I am selecting 'Primry zone' and click 'Next'.
10. Specify the zone name that you would like to have and
click 'Next'.
11. If you have a zone file that is copied from another
server you can simply allow this to have the information about the
zone(make sure that you have copied that file to '%SystemRoot%\system32\dns') else you can create a new one. Since I don't have
this I need to create this, Click 'Next'.
12. Next you need to specify the 'Dynamic update' settings of your zone.
The automatic update of DNS records in the DNS database is
technically known as ‘Dynamic Updates’.
- 'Allow only secure dynamic updates'- This will allow you to configure only when the zone is created during the active directory installation. Any changes in the clients will be automatically changed on the DNS database as well.
- 'Allow both secure and non-secure dynamic updates'- Configuring this option will leave your network less secure because updates will be accepted from unknown clients.
- 'Do not allow dynamic updates'- This will disable the dynamic updates in your network. Once you configure this you need to manually make changes of clients.
Dynamic update settings can be changes after the
configuration. Select the Zone->'Properties'->Under
'General' change the 'Dynamic updates' as required.
Since this is not my Active directory integrated zone this option will be grayed out and I cannot
opt this. Hence I am selecting the second option to continue with. If you need
to make it to active directory integrated zone, on step 9 you need to 'tick' the check box 'Store the zone in active directory' and continue installation(I
have configured the Revers lookup zone as Active directory integrated).
13. From the next window onwards we will start with the
configuration of Reverse lookup zone. Click 'Next'.
14. Here I am going to specify the same configurations as
followed for Forward lookup zone. Hence the above descriptions will be
enough for you to configure reverse lookup zone as well.
15. Now you need to specify how you want the DNS data
replication through the network.
Since I need the data replication for all domain controllers
in my network I am selecting the second option and click 'Next'.
16. Select the IP protocol version that you want to create,
either IPV4 or IPV6.
17. Now specify the network ID of your network and click 'Next'.
18. Specify the 'Dynamic update' settings
as you require. The description given under forward lookup zone may help you
to decide this.
19. If you need to configure the forwarders you can specify that as well(Details of 'conditional forwarders' are specified above). Since I don’t want to configure
forwarders I am not doing it.
20. Click on 'Next' and it
will give you the below windows and click on 'Finish'.
21. Now you can see the DNS
zones created in your DNS console.
No comments:
Post a Comment