Home > Articles > Microsoft > MCSE

This chapter is from the book

Installing DNS

DNS can be installed in several ways. It can be added during the installation of Windows Server 2003, after installation using the Configure Your Server Wizard, or through the Add or Remove Program applet in the Control Panel. DNS can also be installed when promoting a server to a domain controller using the DCPROMO command.

The only real requirement for installing DNS is Windows Server 2003. It cannot be installed on a computer running Windows XP. Also, if you are using Dynamic Host Configuration Protocol (DHCP) on the network to assign IP addresses, it's generally a good idea to configure the DNS server with a static IP address that is outside the range of addresses included in the DHCP scope.

To install the DNS Server service using the Add or Remove Program applet within the Control Panel, perform the following steps:

  1. Click Start, point to Control Panel, and click Add or Remove Programs.
  2. Click Add/Remove Windows Components.
  3. Highlight Networking Services from the Components list and click the Details button.
  4. From the list of components, select Domain Name System (DNS). Click OK and then click Next.
  5. After the necessary files are copied, click Finish.
  6. Close the Add or Remove Programs applet.

Configuring DNS Server Options

When DNS is installed, the DNS management console is added to the Administrative Tools menu. From the management console, you can manage all aspects of a DNS server, from configuring zones to performing management tasks.

A number of options can be configured for a DNS server. By right-clicking the DNS server within the management console and selecting the Properties option, the properties window for the server is displayed (see Figure 3.3).

03fig03.jpg

Figure 3.3 After installing the DNS service, you can configure DNS server options through the server's Properties dialog box

The available tabs from the DNS server Properties sheet and their uses are summarized as follows:

  • Interfaces— Using this tab, you can configure the interfaces on which the DNS server will listen for DNS queries.
  • Forwarders— From this tab, you can configure where a DNS server can forward DNS queries that it cannot resolve.
  • Advanced— This tab allows you to configure advanced options, determine the method of name checking, determine the location from which zone data is loaded, and enable automatic scavenging of stale records.
  • Root Hints— This tab enables you to configure root name servers that the DNS server can use and refer to when resolving queries.
  • Debug Logging— From this property tab, you can enable debugging. When this option is enabled, packets sent and received by the DNS server are recorded in a log file. You can also configure the type of information to record in the file.
  • Event Logging— The Event Logging tab enables you to configure the type of events that should be written to the DNS event log. You can log errors, warnings, and all events. You can also turn off logging by selecting No Events.
  • Monitoring— The Monitoring tab can be used to test and verify the configuration by manually sending queries against the server. You can perform a simple query that uses the DNS client on the local server to query the DNS service to return the best possible answer. You can also perform a recursive query in which the local DNS server can query other DNS servers to resolve the query.
  • Security— This tab enables you to assign permissions to users and groups for the DNS server.

Advanced DNS Server Options

There are several options that can be configured using the Advanced tab of the DNS server's properties window. Generally, the default settings should be acceptable and require no modifications. The advanced settings that can be configured are summarized in the following list:

  • Disable Recursion— This determines whether the DNS server uses recursion. If recursion is disabled, the DNS server will always use referrals, regardless of the type of request from clients.
  • BIND Secondaries— This determines whether fast transfers are used when transferring zone data to a BIND server. Versions of BIND earlier than 4.9.4 do not support fast zone transfers.
  • Fail on Load if Bad Zone Data— This option determines whether the DNS server continues to load a zone if the zone data is determined to have errors. By default, the DNS server will continue to load the zone.
  • Enable Round Robin— This option determines whether the DNS server will rotate and reorder a list of resource records when multiple resource records exist for a query answer.
  • Enable Netmask Ordering— This determines whether the DNS server reorders host (A) records within the same resource record set in response to a query based on the IP address of the source query.
  • Secure Cache Against Pollution— This determines whether the DNS server attempts to clean up responses to avoid cache pollution. This option is enabled by default.

Configuring DNS Zone Options

After you have installed the DNS Server service, your next step is to create and configure zones (unless the DNS server is not authoritative for any zones).

A zone is basically an administrative entity. A zone is nothing more than a portion of the DNS database that is administered as a single unit. A zone can contain a single domain or span multiple domains. The DNS server that is authoritative for a zone is ultimately responsible for resolving any requests for that particular zone. The zone file maintains all the configuration information for the zone and contains the resource records for the domains in the zone.

Each new zone consists of a forward lookup zone and an optional reverse lookup zone. A forward lookup zone maps hostnames to IP addresses. When a client needs the IP address for a hostname, the information is retrieved from the forward lookup zone. A reverse lookup zone does the opposite. It allows for reverse queries, or mapping of an IP address back to a hostname. Reverse queries are often used when troubleshooting with the NSLookup command.

Zone Types

Windows Server 2003 supports four types of zones:

  • Standard primary zone— This type of zone maintains the master writable copy of the zone in a text file. An update to the zone must be performed from the primary zone.
  • Standard secondary zone— This zone type stores a copy of an existing zone in a read-only text file. To create a secondary zone, the primary zone must already exist, and you must specify a master name server. This is the server from which the zone information is copied.
  • Active Directory–integrated zone— This zone type stores zone information within Active Directory. This enables you to take advantage of additional features, such as secure dynamic updates and replication. Active Directory–integrated zones can be configured on Windows Server 2003 domain controllers running DNS. Each domain controller maintains a writable copy of the zone information, which is stored in the Active Directory database.
  • Stub zone— This type of zone is new in Windows Server 2003. A stub zone maintains only a list of authoritative name servers for a particular zone. The purpose of a stub zone is to ensure that DNS servers hosting a parent zone are aware of authoritative DNS servers for its child zones. One of the advantages of stub zones is that they create a dynamic relationship between the parent and child. Compared to delegation, which points to a single IP address, stub zones allow much more flexibility for the administrator because changes in the child zone are automatically reflected in the stub without making changes to the configuration.

Stub Zones Versus Conditional Forwarding

A stub zone is an actual zone that would exist on the DNS server that contains just the SOA record for the zone it refers to and the DNS server's records and glue records (host A records). The stub zone replicates from the master DNS server in the zone it refers to and will keep current with DNS servers for that zone/domain. It is more work to set up than conditional forwarding and requires permission from the administrator of the other domain because it does zone transfers with it. However, it is more reliable in keeping current with the DNS servers in the zone.

Stub zones provide a way for DNS servers hosting a parent zone to maintain a current list of the authoritative DNS servers for the child zones. As authoritative DNS servers are added and removed, the list is automatically updated.

Conditional forwarding, on the other hand, is used to control where a DNS server forwards queries for a specific domain. A DNS server on one network can be configured to forward queries to a DNS server on another network without having to query DNS servers on the Internet.

Creating Zones

After the DNS service is installed, you can manage it using the DNS management console. From this management console, you can begin configuring a DNS server by creating zones. To create a new zone, follow these steps:

  1. Click Start, point to Administrative Tools, and click DNS. This opens the DNS management console.
  2. Right-click the DNS server and click New Zone. The New Zone Wizard opens. Click Next.
  3. Select the type of zone you want to create: primary zone, secondary zone, or stub zone. You also have the option of storing the zone within Active Directory, if it is available. (The option to store information within Active Directory is available only if Active Directory is installed on the local machine.) Click Next.
  4. Select the type of zone you want to create: a forward lookup zone or a reverse lookup zone. Click Next.
  5. If you select a forward lookup zone, the Zone Name page appears. Type the name for the zone, such as bayside.net. Click Next.
  6. If you selected to create a reverse lookup zone, type the network ID (see Figure 3.4). This is used to create the in-addra.arpa domain, with subdomains named using the network ID of the IP address. DNS uses the reverse lookup zone for performing address-to-name translations. For example, a network ID of 192.168.1 would be translated into 1.168.192.in-addra.arpa. Click Next.
    03fig04.jpg

    Figure 3.4 If you are creating a reverse lookup zone, you must supply the network ID

  7. In the Zone File screen, select whether to create a new zone file or to use an existing one (see Figure 3.5). This option appears when creating a forward or reverse lookup zone. Click Next.
    03fig05.jpg

    Figure 3.5 You must provide a filename for the zone file or select an existing file

  8. Specify how the DNS zone will receive updates from DNS client computers. Three options are available, as shown in Figure 3.6. If the zone is Active Directory–integrated, you can allow secure updates only. You can allow both nonsecure and secure updates, or you can turn off dynamic updates so that the resource records must be manually updated. Dynamic updates are covered in more detail later in the chapter in the section "Dynamic Updates."
    03fig06.jpg

    Figure 3.6 You must configure how the DNS zone will receive dynamic updates

  9. Click Finish.

Creating Resource Records

After a zone has been created, it can be populated with resource records. Remember, if your clients are all running Windows Server 2003, Windows XP, or Windows 2000 and the zone is configured for dynamic updates, the clients can add and update their own resource records. You can also manually add resource records to a zone file through the DNS management console. A number of resource records can be created. To view all the resource records supported by Windows Server 2003 DNS, right-click a zone and select Other New Records (see Figure 3.7).

03fig07.jpg

Figure 3.7 The next step in zone creation is populating the zone with DNS resource records

The following list summarizes some of the more common resource records you might encounter:

  • Host Address (A) record— Maps a DNS name to an IP address. An A record represents a specific device on the network.
  • Start of Authority (SOA) record— Identifies the primary DNS server for the zone. This is the first resource record in a zone file.
  • Mail Exchanger (MX) record— Routes messages to a specified mail exchanger for a specified DNS domain name.
  • Pointer (PTR) record— Points to a location in the DNS namespace. PTR records map an IP address to a DNS name and are commonly used for reverse lookups.
  • Alias (CNAME) record— Specifies another DNS domain name for a name that is already referenced in another resource record.
  • Service Locator (SRV) record— Used to identify network services offered by hosts, the port used by the service, and the protocol. SRV records are used to locate domain controllers in an Active Directory domain.

As already mentioned, resource records can be created using the DNS management console. To create a new host record, simply right-click the zone in which you want to create the record and select the New Host (A) option. In the New Host dialog box, type the name and IP address for the host. To automatically create a pointer record, select the Create Associated Pointer (PTR) Record check box (see Figure 3.8).

03fig08.jpg

Figure 3.8 You can add a new host record via the DNS management console

To create additional resource records, simply select the type of record you want to create and fill in the required information.

Configuring DNS Simple Forwarding

As you learned earlier in the chapter, a DNS server can be configured to send all queries that it cannot resolve locally to a forwarder. To configure DNS forwarders, follow these steps:

  1. Within the DNS management console, right-click the DNS server and click Properties.
  2. From the Properties window for the DNS server, click the Forwarders tab.
  3. Under DNS Name, select a domain name. To add a new domain name, click the Add button.
  4. Under the Selected Domain's Forwarder IP Address list, type the IP address of the forwarder and click Add.

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020