There
are two ways to install the DNS Server role in Windows Server 2008. The
first is in the Initial Configuration Tasks window. This screen prompts
you to perform several actions after the initial installation of
Windows Server 2008, including adding roles and features to your
server. Another way is to launch Server Manager and choose Add roles.
Note
In
this article, you will add the DNS Server role using the Initial
Configuration Tasks window. In many cases, DNS needs to be installed
and configured as an initial task before you add other roles, such as
Active Directory Domain Services. You will add additional roles and
features in this chapter by using the Server Manager.
To install the DNS Server role, perform the following steps:
1. | In
the Initial Configuration Tasks window, click Add Roles in the
Customize This Server section. When the Add Roles Wizard appears, click
Before You Begin, verify the items that appear, and click Next.
| 2. | On the Select Server Roles screen, check the DNS Server role and click Next.
| 3. | On
the screen that appears next, which provides an overview of the DNS
Server role and information about DNS and Active Directory (Things to
Note), as well as links to additional information about DNS in Server
2008, click Next.
| 4. | The
confirmation screen provides an overview of the role(s) to be
installed. This screen provides an informational message explaining
that the server may need to be restarted after the DNS Server role is
installed (see Figure 1). Click Install to begin the installation.
| 5. | In
the next screen, which informs you that the installation is successful
and that DNS can now be configured in the DNS Manager, click Close.
| 6. | Restart the server if you are prompted to complete the installation of the DNS Server role.
|
You
have now installed the DNS Server role. The actual installation is
straightforward and quite simple. The installation gives enough
information for DNS to be operational. However, you will want to
consider how to create and configure zones and look at other
configuration tasks for the DNS Server role.
Create and Configure DNS Lookup Zones
The
DNS Server role is installed, but there is still work to perform. The
installation automatically created the forward lookup zone and the
Start of Authority (SOA) for your DNS server. If you need a reverse
lookup zone, you need to create one using the Configure a DNS Server
Wizard. To round out our discussion, we will look at how to create and
configure both forward and reverse lookup zones from start to finish.
You can use the Configure a DNS Server Wizard to work through the process:
1. | Select Start, Server Manager or Administrative Tools, DNS Manager.
| 2. | Highlight your DNS server, right-click, and choose Configure a DNS Server.
| 3. | When the Configure a DNS Server Wizard launches, click Next.
| 4. | Choose
the lookup zone types for your network: forward lookup (small
networks), forward and reverse lookup (large networks), or configure
root hints only. In this case, you want to configure forward and
reverse lookup zones. Choose the appropriate radio button and click
Next.
| 5. | On
the next page, click Yes to create a forward lookup zone (recommended).
Click No if you do not want to create a forward lookup zone. Click Next.
| 6. | Choose the zone type for this DNS server. These are the options:
- Primary: Creates a copy of the zone that can be updated directly on this server.
- Secondary: Creates a copy of a zone on another server. These zones are used for load balancing and fault tolerance.
- Stub:
Creates a copy of only the resource records needed to identify DNS
servers for that zone. These servers are not authoritative for that
zone.
Select the radio button Store the Zone in
Active Directory (which is available to writable domain
controllers).You will be setting up a primary zone because this is our
first DNS server in our 2008 domain. Click Next.
| 7. | Choose the replication scope of the zone data. Figure 2 shows the replication options. Choose to replicate to all DNS servers in this domain and click Next.
| 8. | Choose a zone name. This can be the domain name (for example, rare-tech.com), or perhaps the zone name will reflect a specific area of your domain (for example, research.rare-tech.com) and click Next.
| 9. | When
you are asked to choose how the zone handles dynamic updates—the
choices are Secure (recommended for Active Directory), both Secure and
Non-secure, and Do Not Allow Dynamic Updates—choose Secure and click
Next.
| 10. | The
wizard now prompts you to set up a reverse lookup zone. You want to
create a reverse lookup zone, so choose Yes and click Next.
| 11. | Choose the zone type for reverse lookups: Choose primary and click Next.
| 12. | Choose
a replication type for reverse lookups, just as you did for the forward
lookups: Choose to replicate all DNS servers in this domain and click
Next.
| 13. | Choose
whether to use an IPv4 or IPv6 reverse lookup zone. Your choice of IP
version will determine this choice. Choose your type and click Next.
| 14. | Choose
the network ID (IPv4) or the IP address prefix (IPv6) for the reverse
DNS zone. Enter the information for your reverse zone name and click
Next.
| 15. | Once again, choose how to handle dynamic updates. Pick your option and click Next.
| 16. | You
now have the option to add forwarders for DNS queries. You will not
configure this DNS server to forward queries, so choose no and click
Next.
Note
Forwarders
forward queries that your DNS server cannot resolve. If you do not
configure forwarders, the DNS server will simply use the built-in root
hints servers to find out how to route the requests.
| 17. | Finalize the DNS server role configuration by clicking Finish on the wizard. The zones are now created and ready for use. Figure 3 shows the DNS Manager with both IPv4 and IPv6 reverse lookup zones.
|
Now
that you have your zones set up, let’s look at some other configuration
options that will allow you to optimize and better manage your DNS
Server role.
Manage a DNS Server
You
now have a fully functioning DNS Server role installed, but you can
still do more configuring. Let’s will now take a look at monitoring,
logging, management of zone records, and other tasks you can perform.
Begin
by opening the DNS Manager and highlighting your DNS server. If you
right-click, you can immediately see that there are a number of tasks
you can perform at the DNS server level, including the following:
Configure a DNS Server: You use this to set up lookup zones, dynamic updates, replication, and forwarding. Create Default Application Directory Partitions: You use this to create a partition to store and replicate DNS data outside Active Directory. New Zone: You use this to create additional forward or reverse lookup zones. Set Aging/Scavenging for All Zones: You use this to set a schedule (hours or days) to search for and delete stale records in the DNS database. Scavenge Stale Resource Records: You use this to delete stale records in the DNS database immediately. Update Server Data Files: You use this to update all data files in a zone for which the DNS server is the primary. Clear Cache: You use this to clear out records of resolved queries. Launch nslookup: You use this to launch the command-prompt tool for performing DNS troubleshooting and testing. All Tasks: You use this to stop, start, pause, and restart. Properties: You can use these eight tabs for configuring and managing your DNS server. Table 1 shows the tabs and the options that can be configured. Table 1. DNS Server PropertiesProperties Tabs | Options/Settings |
---|
Interfaces | You
can select the IP addresses that will handle DNS queries. You can use
all IP addresses or designate which IP addresses will handle queries. | Forwarders | These
are DNS servers used to resolve queries that this DNS server cannot
resolve. If a forwarding server is not available, you can use root
hints. | Advanced | On this tab, you can provide the server version number and options to configure, such as the following:Disable recursion (and forwarders) BIND secondaries Fail on load if bad zone data Enable round robin Enable netmask ordering Secure cache against pollution
| | You
can also specify the type of name checking (multibyte UTF8 is the
default), from where to load zone data (Active Directory, the registry,
or both [the default]), and whether to enable automatic scavenging of
stale records. | Root Hints | Root
hints provides a method of resolving queries that do not exist on the
local DNS server. Root hints can be used in lieu of forwarders. You can
add, edit, remove, or even copy root hints from other servers. | Debug Logging | Debug logging assists in debugging DNS errors by capturing various DNS components, such as the following:
You can also set the log’s file path, name, and maximum size. | Event Logging | You
can maintain a record of errors, warnings, and other events. You can
log no events, errors only, errors and warnings, or all events (the
default). | Monitoring | You
can perform manual or automatic testing of your DNS server
configuration. You can test a simple query, recursive query, or both.
Automatic testing can be configured in intervals of seconds, minutes,
or hours. | Security | You
can add, remove, or change access and control permissions to this DNS
server for users, groups, and built-in security principals within
Active Directory. |
Manage a DNS Zone
As
you have seen so far, there are many parts involved in configuring and
managing a DNS server. In fact, although the initial installation of
the DNS Server role provides a functioning DNS server, it is hardly
complete, and there are many ways to customize the DNS server for a
particular environment.
It
is at the zone level that you perform most of the management of DNS for
your network. This is where you add and delete records, establish zone
transfers, and establish a WINS server (if needed).
Let’s
begin by looking at the properties page for your DNS zones. To view it,
right-click the server name in the DNS Manager. If you are using Server
Manager, highlight the server and choose Properties from the Action
menu to the right.
Note
In
the initial zone setup, you made many of these choices. Here you can
manage and change the choices you initially made while creating the
zone. You will also see many configuration settings that are similar to
those of the DNS server. These setting, of course, reflect changes at
only the zone level.
Forward
and reverse lookup zones have many of the same properties to manage.
Therefore, we will look at them from a forward lookup zone viewpoint
and make reference to any dissimilarity between the two zones.
The properties page contains six tabs to manage DNS zones. They are the following:
General:
Here you can pause/restart, change the zone type (and Active Directory
integration), change replication type, choose how to handle dynamic
updates, and set aging/scavenging for this zone. Start of Authority (SOA):
You use this tab to set the SOA for the zone. On this tab you specify
the primary server, the zone administrator’s e-mail address,
refresh/retry/expiration intervals, and TTL settings. Name Servers: You use this tab to manage authoritative name servers for this zone. WINS:
Here you can create a WINS lookup database for use with legacy clients
or applications that rely on WINS for name resolution. For reverse
lookup zones, we configure WINS-R. Zone Transfers: On this tab you enable zone data replication to specified servers. Security:
You can add, remove, or change access and control permissions to this
DNS server for users, groups, and built-in security principals within
Active Directory.
Right-clicking the server name (or choosing the Action menu) in a zone reveals several other management functions:
Update Server Data File: Sends a command to update the zone file. Reload: Sends a command to reload this zone. New Host (A or AAAA): Creates a new resource record for a host. New Alias (CNAME): Creates a new alias resource record. New Mail Exchanger (MX): Creates a new mail exchange record. New Domain: Creates a new DNS domain under the current domain. New Delegation: Creates a new delegated domain. Other New Records: Creates other records. See Table 2 for a list of other DNS records that can be created. Table 2. Other DNS Record TypesOther Records | Function Provided |
---|
Andrew File System Database (AFSDB) | Indicates
the location of either of the following standard server subtypes: an
AFS volume location (cell database) server or a Distributed Computing
Environment (DCE) authenticated name server. | ATM Address (ATMA) | Maps a DNS domain name to an ATM address. | Host Information (HINFO) | Indicates RFC-1700 reserved character string values for CPU and operating system types for mapping to specific DNS host names. | ISDN (ISDN) | Maps a DNS domain name to an ISDN telephone number. | Mail group (MG) | Adds
domain mailboxes, each specified by a mailbox (MB) record in the
current zone, as members of a domain mailing group that is identified
by name in this record. | Mailbox (MB) | Maps a specified domain mailbox name to a host that hosts this mailbox. | Mailbox or Mail List Information (MINFO) | Specifies
a domain mailbox name to contact. Also, specifies a mailbox for
receiving error messages for the mailing list or mailbox specified in
the record. | Next (NXT) | Indicates
the nonexistence of a name in a zone by creating a chain of all the
literal owner names in that zone. NXT records also indicate what
resource record types are present for an existing name. | Pointer (PTR) | Used in domains to perform reverse lookups of address-to-name mappings. Points to a location in the domain name space. | Public Key (KEY) | Stores
a public key that is related to a DNS domain name. This public key can
be of a zone, a user, or a host or another end entity. Authentication
occurs via a SIG record. | Renamed Mailbox (MR) | Specifies a domain mailbox name, used as a forwarding entry for a user who has moved to a different mailbox. | Responsible Person (RP) | Specifies
the domain mailbox name for a responsible person and maps this name to
a domain name for which text (TXT) resource records exist. | Route Through (RT) | Provides
an intermediate-route-through binding for internal hosts that do not
have their own direct wide area network (WAN) address. | Service (SRV) | Allows administrators to use several servers for a single DNS domain. | Cryptographic Signature (SIG) | Authenticates
a resource record set of a particular type, class, and name and binds
it to a time interval and the signer’s DNS domain name. | Text (TXT) | Serves
as descriptive text to be associated with a specific DNS domain name.
How this descriptive string of characters is used depends on the DNS
domain. | Well Known Service (WKS) | Describes
the well-known TCP/IP services supported by a particular protocol and
provides TCP and UDP availability information for TCP/IP servers. | X.25 (X25) | Maps a DNS domain name to a public switched data network (PSDN) address. |
Many of the other record types listing in Table 2
are unique to Windows Server 2008. So, as you have seen, you need to do
more than just click Next to create a complete installed, configured,
and managed DNS server.
Note
We
looked at how to install and configure DNS as an individual role. If
you were installing Active Directory Domain Services on this server,
installing this role would automatically launch the installation of the
DNS Server role.
Now
that the DNS role is set up and configured, you can begin installing
other roles, such as Active Directory Domain Services or DHCP, for your
server. In fact, let’s look now at installing and configuring the DHCP
Server role in Windows Server 2008.
|