UEU-co logo

ch15lev1sec3.html


Previous Page Next Page

Configuring the DNS Server

The Domain Name Service that has been installed on the server is managed through the DNS snap-in. You open the DNS snap-in in the Server Manager by expanding the Roles and DNS Server nodes in the Nodes pane.

The Server Manager also provides you with a quick fix in terms of monitoring the DNS service in that it shows events being logged that are related to DNS. The services needed to run the DNS role (the DNS service) are also displayed. Figure 15.5 shows the Server Manager with the DNS role selected.

Figure 15.5. Server Manager shows events and services associated with DNS.

[View full size image]

The other alternative for configuring DNS is the DNS snap-in running in the Microsoft Management Console (MMC). You lose the Server Manager view of the events and services related to DNS but you still have access to the lookup zones and other options related to DNS. If you have managed DNS by using servers running Windows Server 2003, you are familiar with the DNS snap-in running in the MMC.

Let’s take a look at some of the configuration issues related to DNS, such as the creation of lookup zones, zone replication, and working with resource records. The discussion begins with a look at forward lookup zones.

Creating a Forward Lookup Zone

A forward lookup zone allows for forward lookup queries, which enable a host to find the IP address using the hostname of a particular computer or device. (It finds the address because the DNS answers the host computer’s query.) For DNS to work on the network, at least one forward lookup zone is required.

To create a new forward lookup zone, follow these steps:

1. With the DNS and Server nodes expanded in the DNS snap-in (in the Server Manager or MMC window), right-click the Forward Lookup Zones folder (in the node tree) and select New Zone. The New Zone Wizard opens. Click Next to bypass the initial wizard screen.

2. On the next screen, you are provided with three options for creating different types of forward lookup zones:

  • Primary Zone— A primary zone is the master copy of the DNS database. The primary zone is administered on the computer server where the zone was created. So, the server would be considered the authoritative DNS server for the zone.
  • Secondary Zone— A secondary zone uses a database file that is a read-only replica of an existing zone. The DNS server configured with the standard secondary zone helps the primary DNS server handle the name resolution required for the network.
  • Stub Zone— A stub zone contains only the records necessary to specify the authoritative DNS server (or servers) for a particular zone. The stub zone basically points at the servers that manage the primary zone.

If you are bringing the first DNS server onto the network, you need to create the primary zone (which is assumed for this series of steps). Select the Primary Zone option (see Figure 15.7). Click Next to continue.

Did you Know?

A check box on this DNS wizard screen also is selected by default to store the zone in the Active Directory. This means that the zone (along with the Active Directory) is replicated to other domain controllers on the network that are also running DNS.

Figure 15.6. Create a primary zone for the DNS server.

[View full size image]

3. The next screen provides options related to the replication of the DNS data for the new zone.

  • To All DNS Servers in This Forest— Using this option, all the DNS servers in the forest share and replicate their DNS databases. This means that all the DNS servers have access to the same zones and records.
  • To All DNS Servers in This Domain— Using this option, all the domain DNS servers (DNS servers in the domain named) share their zones and records through replication.
  • To All Domain Controllers in This Domain (for Windows 2000 Compatibility)— This option is useful if you are running DNS on your domain controllers. The DNS database is stored as part of the Active Directory and is replicated (shared) among the domain controllers/DNS servers. Note that this is the default option and is considered the best practice for DNS deployment. This option is also backward compatible with Windows 2000.

Select the option that you want to use (use the default option for the sake of discussion) and then click Next.

Did you Know?

It is important that DNS servers on the network replicate the DNS database (and the zone records) so that they share the same DNS records. Because each DNS server uses the same replicated database, any of these DNS servers can field a query by a host for a hostname-to-IP-address resolution (or vice versa).

4. The next wizard screen requests a name for the new forward lookup zone (see Figure 15.7). The name of the zone is the same as the DNS domain name for the portion of your network for which this DNS server is authoritative (which can be the same as your AD DS domain name). For example, if your DNS domain for the network is spinach.com, the zone name would be spinach.com. If you are setting up DNS in a child domain (of spinach.com) named popeye, the zone would be popeye.spinach.com. Enter the name and then click Next to continue.

Figure 15.7. Enter a name for the new zone.

[View full size image]

5. The next screen provides options related to dynamic updates of your host computers as they register (and update) their records with the DNS server. The default option button is Allow Only Secure Dynamic Updates (Recommended for Active Directory). This option allows only secure updates. There are two other option buttons: Allow Both Nonsecure and Secure Dynamic Updates and Do Not Allow Dynamic Updates. The option that allows nonsecure and secure dynamic updates could open some security holes in your network. Selecting the no dynamic updates option means that you will have to manually enter all the records for this zone. Make sure that the default dynamic update option is selected for the new zone and click Next to continue.

By the Way

The dynamic update option (which is the default) provides the greatest security, but it also requires that the DNS servers be running Active Directory, meaning that they will also be serving as domain controllers. It also means that only domain members can create and update their own resource records.

6. The summary screen appears for the New Zone Wizard. Click Finish to close the wizard and create the zone.

The new zone is added to your DNS configuration. Resource records are added to the new DNS zone automatically if you chose dynamic updates. If you did not choose dynamic updates, you need to add resource records to the zone, which is discussed later in the hour.

Creating a Reverse Lookup Zone

Forward lookup zones are used to resolve FQDNs to IP addresses. Another zone type, the reverse lookup zone, allows for the resolution of IP addresses to hostnames, which is called a reverse lookup query. You don’t have to configure a reverse lookup zone on your DNS server for it to work (remember at least one forward lookup zone is required), but reverse lookup zones are useful. For example, if you want to enable Internet Information Service to record hostnames as well as IP addresses in its log file, you need to configure your DNS server with a reverse lookup zone.

To create a reverse lookup zone, follow these steps:

1. With the DNS and Server nodes expanded in the DNS snap-in (in the Server Manager or MMC window) and the Reverse Lookup Zones folder selected, right-click the Reverse Lookup Zones folder (in the node tree) and select New Zone. The New Zone Wizard opens. Click Next to bypass the initial wizard screen.

2. The next screen asks you to select the zone type: primary, secondary, or stub. Because this is the first reverse lookup zone on the authoritative DNS server, a primary reverse lookup zone is the appropriate choice (this is also the default). Click Next to continue.

3. The next screen asks you to select the type of replication for the new reverse lookup zone (see Figure 15.8). You can have the zone data replicated to all the DNS servers in the forest, all the DNS servers in the domain, or all the DNS/domain controllers in the domain. The latter choice is the default. It is also the best choice in environments in which DNS is running on your domain controllers. Click Next to continue.

Figure 15.8. Select the replication type for the reverse lookup zone.

[View full size image]

4. On the next screen, select the IP type for the reverse look zone: IPv4 or IPv6 (this example assumes IPv4). Then click next.

5. On the next screen (see Figure 15.9) provide your network ID. This is used to create the name for the reverse lookup zone. The network ID is the portion of an IP address that does not contain any references to host address. For example, in the Class C IP address 192.168.5.1, only the fourth octet contains host address information. (The default Class C subnet mask of 255.255.255.0 basically tells you which octet is used for host addressing.) This means that the 192.168.5 is the network ID and would be entered as 192.168.5. Enter the network ID and then click Next.

Figure 15.9. Enter the network ID to name the reverse lookup zone.

[View full size image]

By the Way

For more information related to IPv4, IPv6, and IP addressing issues, see Hour 7, “Working with the TCP/IP Network Protocol.”

6. The next screen asks you to choose the type of dynamic updates used by the new zone: secure dynamic updates, secure and nonsecure updates, or no dynamic updates. It is best to go with the default of secure dynamic updates. Click Next to continue.

7. The New Zone Wizard completion screen appears with a list of the settings for the new zone. Click Finish to create the zone and close the wizard.

The new zone will be listed in the Reverse Lookup Zones folder in the DNS tree on your server. If you enabled Dynamic Updates (the default) on the reverse lookup zone, member computers automatically create a reverse lookup, or PTR, record. You can also add resource (pointer or PTR) records to the zone as needed.

Previous Page Next Page

Leave a Reply


Time limit is exhausted. Please reload the CAPTCHA.

Categories

apply_now Pepperstone Group Limited