- Introduction to NetBIOS Name Resolution
- Introduction to WINS
- Managing and Monitoring WINS
- Configuring WINS Clients
- DNS Concepts
- Implementing Windows 2003 DNS Server Roles
- Installing DNS
- Managing DNS
- Monitoring DNS
- Troubleshooting DNS
- Exam Prep Questions
- Answers to Exam Prep Questions
- Need to Know More?
DNS can be installed in several ways. It can be added during the installation of Windows Server 2003, after installation using the Configure Your Server Wizard, or through the Add or Remove Program applet in the Control Panel. DNS can also be installed when promoting a server to a domain controller using the DCPROMO command.
The only real requirement for installing DNS is Windows Server 2003. It cannot be installed on a computer running Windows XP. Also, if you are using Dynamic Host Configuration Protocol (DHCP) on the network to assign IP addresses, it's generally a good idea to configure the DNS server with a static IP address that is outside the range of addresses included in the DHCP scope.
To install the DNS Server service using the Add or Remove Program applet within the Control Panel, perform the following steps:
- Click Start, point to Control Panel, and click Add or Remove Programs.
- Click Add/Remove Windows Components.
- Highlight Networking Services from the Components list and click the Details button.
- From the list of components, select Domain Name System (DNS). Click OK and then click Next.
- After the necessary files are copied, click Finish.
- Close the Add or Remove Programs applet.
Configuring DNS Server Options
When DNS is installed, the DNS management console is added to the Administrative Tools menu. From the management console, you can manage all aspects of a DNS server, from configuring zones to performing management tasks.
A number of options can be configured for a DNS server. By right-clicking the DNS server within the management console and selecting the Properties option, the properties window for the server is displayed (see Figure 3.3).
Figure 3.3 After installing the DNS service, you can configure DNS server options through the server's Properties dialog box
The available tabs from the DNS server Properties sheet and their uses are summarized as follows:
- Interfaces— Using this tab, you can configure the interfaces on which the DNS server will listen for DNS queries.
- Forwarders— From this tab, you can configure where a DNS server can forward DNS queries that it cannot resolve.
- Advanced— This tab allows you to configure advanced options, determine the method of name checking, determine the location from which zone data is loaded, and enable automatic scavenging of stale records.
- Root Hints— This tab enables you to configure root name servers that the DNS server can use and refer to when resolving queries.
- Debug Logging— From this property tab, you can enable debugging. When this option is enabled, packets sent and received by the DNS server are recorded in a log file. You can also configure the type of information to record in the file.
- Event Logging— The Event Logging tab enables you to configure the type of events that should be written to the DNS event log. You can log errors, warnings, and all events. You can also turn off logging by selecting No Events.
- Monitoring— The Monitoring tab can be used to test and verify the configuration by manually sending queries against the server. You can perform a simple query that uses the DNS client on the local server to query the DNS service to return the best possible answer. You can also perform a recursive query in which the local DNS server can query other DNS servers to resolve the query.
- Security— This tab enables you to assign permissions to users and groups for the DNS server.
Advanced DNS Server Options
There are several options that can be configured using the Advanced tab of the DNS server's properties window. Generally, the default settings should be acceptable and require no modifications. The advanced settings that can be configured are summarized in the following list:
- Disable Recursion— This determines whether the DNS server uses recursion. If recursion is disabled, the DNS server will always use referrals, regardless of the type of request from clients.
- BIND Secondaries— This determines whether fast transfers are used when transferring zone data to a BIND server. Versions of BIND earlier than 4.9.4 do not support fast zone transfers.
- Fail on Load if Bad Zone Data— This option determines whether the DNS server continues to load a zone if the zone data is determined to have errors. By default, the DNS server will continue to load the zone.
- Enable Round Robin— This option determines whether the DNS server will rotate and reorder a list of resource records when multiple resource records exist for a query answer.
- Enable Netmask Ordering— This determines whether the DNS server reorders host (A) records within the same resource record set in response to a query based on the IP address of the source query.
- Secure Cache Against Pollution— This determines whether the DNS server attempts to clean up responses to avoid cache pollution. This option is enabled by default.
Configuring DNS Zone Options
After you have installed the DNS Server service, your next step is to create and configure zones (unless the DNS server is not authoritative for any zones).
A zone is basically an administrative entity. A zone is nothing more than a portion of the DNS database that is administered as a single unit. A zone can contain a single domain or span multiple domains. The DNS server that is authoritative for a zone is ultimately responsible for resolving any requests for that particular zone. The zone file maintains all the configuration information for the zone and contains the resource records for the domains in the zone.
Each new zone consists of a forward lookup zone and an optional reverse lookup zone. A forward lookup zone maps hostnames to IP addresses. When a client needs the IP address for a hostname, the information is retrieved from the forward lookup zone. A reverse lookup zone does the opposite. It allows for reverse queries, or mapping of an IP address back to a hostname. Reverse queries are often used when troubleshooting with the NSLookup command.
Windows Server 2003 supports four types of zones:
- Standard primary zone— This type of zone maintains the master writable copy of the zone in a text file. An update to the zone must be performed from the primary zone.
- Standard secondary zone— This zone type stores a copy of an existing zone in a read-only text file. To create a secondary zone, the primary zone must already exist, and you must specify a master name server. This is the server from which the zone information is copied.
- Active Directory–integrated zone— This zone type stores zone information within Active Directory. This enables you to take advantage of additional features, such as secure dynamic updates and replication. Active Directory–integrated zones can be configured on Windows Server 2003 domain controllers running DNS. Each domain controller maintains a writable copy of the zone information, which is stored in the Active Directory database.
- Stub zone— This type of zone is new in Windows Server 2003. A stub zone maintains only a list of authoritative name servers for a particular zone. The purpose of a stub zone is to ensure that DNS servers hosting a parent zone are aware of authoritative DNS servers for its child zones. One of the advantages of stub zones is that they create a dynamic relationship between the parent and child. Compared to delegation, which points to a single IP address, stub zones allow much more flexibility for the administrator because changes in the child zone are automatically reflected in the stub without making changes to the configuration.
Stub Zones Versus Conditional Forwarding
A stub zone is an actual zone that would exist on the DNS server that contains just the SOA record for the zone it refers to and the DNS server's records and glue records (host A records). The stub zone replicates from the master DNS server in the zone it refers to and will keep current with DNS servers for that zone/domain. It is more work to set up than conditional forwarding and requires permission from the administrator of the other domain because it does zone transfers with it. However, it is more reliable in keeping current with the DNS servers in the zone.
Stub zones provide a way for DNS servers hosting a parent zone to maintain a current list of the authoritative DNS servers for the child zones. As authoritative DNS servers are added and removed, the list is automatically updated.
Conditional forwarding, on the other hand, is used to control where a DNS server forwards queries for a specific domain. A DNS server on one network can be configured to forward queries to a DNS server on another network without having to query DNS servers on the Internet.
After the DNS service is installed, you can manage it using the DNS management console. From this management console, you can begin configuring a DNS server by creating zones. To create a new zone, follow these steps:
- Click Start, point to Administrative Tools, and click DNS. This opens the DNS management console.
- Right-click the DNS server and click New Zone. The New Zone Wizard opens. Click Next.
- Select the type of zone you want to create: primary zone, secondary zone, or stub zone. You also have the option of storing the zone within Active Directory, if it is available. (The option to store information within Active Directory is available only if Active Directory is installed on the local machine.) Click Next.
- Select the type of zone you want to create: a forward lookup zone or a reverse lookup zone. Click Next.
- If you select a forward lookup zone, the Zone Name page appears. Type the name for the zone, such as bayside.net. Click Next.
- If you selected to create a reverse lookup zone, type the network ID (see Figure 3.4). This is used to create the in-addra.arpa domain, with subdomains named using the network ID of the IP address. DNS uses the reverse lookup zone for performing address-to-name translations. For example, a network ID of 192.168.1 would be translated into 1.168.192.in-addra.arpa. Click Next.
Figure 3.4 If you are creating a reverse lookup zone, you must supply the network ID
- In the Zone File screen, select whether to create a new zone file or to use an existing one (see Figure 3.5). This option appears when creating a forward or reverse lookup zone. Click Next.
Figure 3.5 You must provide a filename for the zone file or select an existing file
- Specify how the DNS zone will receive updates from DNS client computers. Three options are available, as shown in Figure 3.6. If the zone is Active Directory–integrated, you can allow secure updates only. You can allow both nonsecure and secure updates, or you can turn off dynamic updates so that the resource records must be manually updated. Dynamic updates are covered in more detail later in the chapter in the section "Dynamic Updates."
Figure 3.6 You must configure how the DNS zone will receive dynamic updates
- Click Finish.
Creating Resource Records
After a zone has been created, it can be populated with resource records. Remember, if your clients are all running Windows Server 2003, Windows XP, or Windows 2000 and the zone is configured for dynamic updates, the clients can add and update their own resource records. You can also manually add resource records to a zone file through the DNS management console. A number of resource records can be created. To view all the resource records supported by Windows Server 2003 DNS, right-click a zone and select Other New Records (see Figure 3.7).
Figure 3.7 The next step in zone creation is populating the zone with DNS resource records
The following list summarizes some of the more common resource records you might encounter:
- Host Address (A) record— Maps a DNS name to an IP address. An A record represents a specific device on the network.
- Start of Authority (SOA) record— Identifies the primary DNS server for the zone. This is the first resource record in a zone file.
- Mail Exchanger (MX) record— Routes messages to a specified mail exchanger for a specified DNS domain name.
- Pointer (PTR) record— Points to a location in the DNS namespace. PTR records map an IP address to a DNS name and are commonly used for reverse lookups.
- Alias (CNAME) record— Specifies another DNS domain name for a name that is already referenced in another resource record.
- Service Locator (SRV) record— Used to identify network services offered by hosts, the port used by the service, and the protocol. SRV records are used to locate domain controllers in an Active Directory domain.
As already mentioned, resource records can be created using the DNS management console. To create a new host record, simply right-click the zone in which you want to create the record and select the New Host (A) option. In the New Host dialog box, type the name and IP address for the host. To automatically create a pointer record, select the Create Associated Pointer (PTR) Record check box (see Figure 3.8).
Figure 3.8 You can add a new host record via the DNS management console
To create additional resource records, simply select the type of record you want to create and fill in the required information.
Configuring DNS Simple Forwarding
As you learned earlier in the chapter, a DNS server can be configured to send all queries that it cannot resolve locally to a forwarder. To configure DNS forwarders, follow these steps:
- Within the DNS management console, right-click the DNS server and click Properties.
- From the Properties window for the DNS server, click the Forwarders tab.
- Under DNS Name, select a domain name. To add a new domain name, click the Add button.
- Under the Selected Domain's Forwarder IP Address list, type the IP address of the forwarder and click Add.