PlayUKlottery.com - win up to 42 million Pounds
Lesson 4: Configuring the DNS Service

Cover
LOC Page
About This Book
Chapter and Appendix Overview
Getting Started
The Microsoft Certified Professional Program
Technical Support
Chapter 1 -- The Microsoft Windows 2000 Platform
Lesson 1: Overview of the Windows 2000 Platform
Lesson 2: Windows 2000 Professional
Lesson 3: Windows 2000 Server
Lesson 4: Windows 2000 Advanced Server and Windows 2000 Datacenter Server
Review
Chapter 2 -- Installing Windows 2000
Lesson 1: Preparing to Install
Lesson 2: Installing Windows 2000 from a CD-ROM
Lesson 3: Installing Windows 2000 over the Network
Lesson 4: Troubleshooting Windows 2000 Setup
Review
Chapter 3 -- Configuring the DNS Service
Lesson 1: Understanding DNS
Lesson 2: Resolving Names
Lesson 3: Installing the DNS Service
Lesson 4: Configuring the DNS Service
Lesson 5: Configuring a DNS Client
Lesson 6: Troubleshooting the DNS Service
Review
Chapter 4 -- Implementing Active Directory Directory Services
Lesson 1: Introduction to Active Directory Directory Services
Lesson 2: Active Directory Structure and Site Replication
Lesson 3: Active Directory Concepts
Lesson 4: Introduction to Planning
Lesson 5: Installing Active Directory Directory Services
Lesson 6: Configuring Active Directory Replication
Review
Chapter 5 -- Administering Active Directory Directory Services
Lesson 1: Creating Organizational Units
Lesson 2: Creating User and Computer Accounts
Lesson 3: Managing Groups
Lesson 4: Controlling Access to Active Directory Objects
Review
Chapter 6 -- Managing Desktop Environments with Group Policy
Lesson 1: Understanding Group Policy
Lesson 2: Applying Group Policy
Lesson 3: Configuring Group Policy
Review
Chapter 7 -- Managing Software by Using Group Policy
Lesson 1: Introducing the Software Installation and Maintenance Technology
Lesson 2: Deploying Software
Lesson 3: Upgrading Software
Lesson 4: Managing Software
Review
Chapter 8 -- Managing File Resources
Lesson 1: Sharing and Publishing File Resources
Lesson 2: Administering Shared Folders by Using Dfs
Lesson 3: Using NTFS Special Access Permissions
Lesson 4: Managing Disk Quotas on NTFS Volumes
Lesson 5: Increasing Security with EFS
Lesson 6: Using Disk Defragmenter
Review
Chapter 9 -- Configuring Remote Access
Lesson 1: Understanding the New Authentication Protocols in Windows 2000
Lesson 2: Configuring Inbound Connections
Lesson 3: Configuring Outbound Connections
Lesson 4: Examining Remote Access Policies
Lesson 5: Creating a Remote Access Policy
Review
Chapter 10 -- Supporting DHCP and WINS
Lesson 1: New DHCP Functionality
Lesson 2: New WINS Functionality
Review
Chapter 11 -- Managing Disks
Lesson 1: Introduction to Disk Management
Lesson 2: Common Disk Management Tasks
Review
Chapter 12 -- Implementing Disaster Protection
Lesson 1: Using Fault-Tolerant Volumes
Lesson 2: Using Advanced Startup Options
Lesson 3: Using the Recovery Console
Lesson 4: Using the Backup Utility
Lesson 5: Performing an Emergency Repair
Review
Chapter 13 -- Upgrading a Network to Windows 2000
Lesson 1: Planning a Network Upgrade
Lesson 2: Establishing the Root Domain
Lesson 3: Upgrading Domain Controllers and Member Servers
Lesson 4: Upgrading Client Operating Systems
Review
Chapter 14 -- Using Remote Installation Services
Lesson 1: Performing Remote Installations
Lesson 2: Creating Distribution Servers
Review
Appendix A -- Questions and Answers
Appendix B -- Creating Setup Disks
About This Electronic Book
About Microsoft Press


[Previous] [Next]

Lesson 4: Configuring the DNS Service

Once the DNS Service is installed, you can configure it by using the DNS snap-in. When you start the DNS snap-in for the first time, a wizard appears and guides you through the process of configuring the following options:

  • A root name server

  • A forward lookup zone

  • A reverse lookup zone

You can also use the DNS snap-in to add additional entries, called resource records, to the zone database file and to configure the DNS Service for Dynamic DNS (DDNS), which enables automatic updates to your zone files by other servers or services.

After this lesson, you will be able to

  • Configure the DNS Service.

  • Configure Dynamic DNS.

  • Configure the DHCP Service for DNS.

Estimated lesson time: 45 minutes

Configuring a DNS Name Server

When you start the DNS snap-in for the first time, a wizard appears and provides you the option of configuring the server as a root name server. Root name servers store the location of name servers with authority for all the top-level domains in the domain name space (for example, the com domain). These top-level name servers can then provide a list of name servers with authority for the second-level domains (for example, the microsoft.com domain).

Configure a root name server for your intranet only when the following conditions apply:

  • You are not connecting to the Internet. Therefore, the root level domain is for your intranet only.

  • You are using a proxy service to gain access to the Internet. You are creating the root of your local DNS domain name space, and the proxy service will do the translation and connection necessary to access the Internet.

Creating Forward Lookup Zones

A forward lookup zone enables forward lookup queries. On name servers, you must configure at least one forward lookup zone for the DNS Service to work.

To create a new forward look up zone, right-click the Forward Lookup Zone folder, and a wizard guides you through the process. The wizard presents the following configuration options: Zone Type, Zone Name, and Zone Database File Name.

Zone Type

There are three types of zones that you can configure:

  • Standard Primary. A standard primary zone is the master copy of a new zone and is stored in a standard text file. You administer and maintain a primary zone on the computer at which you create the zone.

  • Standard Secondary. A standard secondary zone is a replica of an existing zone. Secondary zones are read-only and are stored in standard text files. A primary zone must be configured in order to create a secondary zone. When creating a secondary zone, you must specify the DNS server, called the master server, which will transfer zone information to the name server containing the standard secondary zone. You create a secondary zone to provide redundancy and to reduce the load on the name server containing the primary zone database file.

  • Active Directory Integrated. An Active Directory Integrated zone is the master copy of a new zone. The zone uses directory services based on Active Directory technology to store and replicate zone files.

NOTE
For more information on Active Directory directory services, see Chapter 4, "Implementing Active Directory Directory Services."

Zone Name

Typically, a zone is named after the highest domain in the hierarchy that the zone encompasses—that is, the root domain for the zone. For example, for a zone that encompasses both microsoft.com and sales.microsoft.com, the zone name would be microsoft.com.

Zone Database File Name

The zone database file name defaults to the zone name with a .DNS extension; for example, if your zone name is microsoft.com, the default zone database file name is microsoft.com.dns.

When migrating a zone from another server, you can import the existing zone file. You must place the existing file in the systemroot\System32\DNS folder on the target computer before creating the new zone.

NOTE
Traditionally, zone database files are maintained on servers that are running the DNS Server Service. In Microsoft Windows 2000, the zone database can be stored in Active Directory directory services. In this case, the zone is called an Active Directory-integrated zone.

Creating Reverse Lookup Zones

A reverse lookup zone enables reverse lookup queries. Reverse lookup zones are not required. However, a reverse lookup zone is required to run troubleshooting tools, such as Nslookup, and to record a name instead of an IP address in Internet Information Services (IIS) log files.

To create a new reverse lookup zone, right-click the Reverse Lookup Zone folder in the DNS snap-in, and a wizard guides you through the process. The wizard presents the configuration options described in the following sections.

Zone Type

For the zone type, select Standard Primary, Standard Secondary, or Active Directory Integrated, as defined above.

Network ID and Subnet Mask

Enter your network ID and subnet mask; for example, an IP address of 169.254.16.200 and a subnet mask of 255.255.0.0 would result in a network ID of 169.254. All reverse lookup queries within the 169.254. network are resolved in this new zone.

Zone File Name

The network ID and subnet mask determine the default zone file name. DNS reverses the IP octets and adds the in-addr.arpa suffix. For example, the reverse lookup zone for the 169.254 network becomes 254.169.in-addr.arpa.dns.

When migrating a zone from another server, you can import the existing zone file. You must place the existing file in the systemroot\System32\DNS directory on the target computer before creating the new zone.

Adding Resource Records

Once you create your zones, you can use the DNS snap-in to add resource records. Resource records are entries in the zone database file. To add a resource record, right-click the zone to which you want to add the record, click New, and then select the type of record that you want to add.

There are many different types of resource records. When a zone is created, DNS automatically adds two resource records: the Start of Authority (SOA) and the Name Server (NS) resource records.

Table 3.4 describes these records, along with the most commonly used resource records.

Table 3.4 Types of Resource Records

Resource record DNS Snap-in name Description
SOA Start of Authority Identifies which name server is the authoritative source of information for data within this domain. The first record in the zone database file must be the Start of Authority record.
NS Name Server Lists the name servers that are assigned to a particular domain.
A Host Lists the host name-to-IP-address mappings for a forward lookup zone.
PTR Pointer Points to another part of the domain name space. For example, in a reverse lookup zone, it lists the IP-address-to-name mapping.
SRV Service Identifies which servers are hosting a particular service in a single query operation. For example, if a client needs to find a server to validate logon requests, the client can send a query to the DNS server to obtain a list of domain controllers and their associated IP addresses.
CNAME Alias Creates an alias, or alternate name, for the specified host name. You can use a canonical name (CNAME) record to use more than one name to point to a single IP address. For example, you can host a File Transfer Protocol (FTP) server, such as ftp.microsoft.com, and a Web server, such as www.microsoft.com, on the same computer.
MX Mail Exchanger Identifies which mail exchanger to contact for a specified domain and in what order to use each mail host.
HINFO Host Information Identifies the central processing unit (CPU) and operating system used by the host. Use this record as a low-cost resource-tracking tool.

NOTE
For more information on resource records, see RFC 1034, RFC 2052, and RFC 2065.

Configuring Dynamic DNS

The DNS Service includes a dynamic update capability called Dynamic DNS (DDNS). With DNS, when there are changes to the domain for which a name server has authority, you must manually update the zone database file on the preferred name server. With DDNS, name servers and clients within a network automatically update the zone database files.

Dynamic Updates

You can configure a list of authorized servers to initiate dynamic updates. This list can include secondary name servers, domain controllers, and other servers that perform network registration for clients, such as servers running the DHCP Service or the Microsoft Windows Internet Name Service (WINS).

DDNS and DHCP

DDNS interacts with the DHCP Service to maintain synchronized name-to-IP-address mappings for network hosts. By default, the DHCP Service allows clients to add their own A (Host) records to the zone, and the DHCP Service adds the PTR (Pointer) record to the zone (see Figure 3.6) when the client leases the IP address. The DHCP Service cleans up both the A (Host) and PTR records in the zone when the lease expires.

NOTE
To send dynamic updates, use the DHCP snap-in to configure the DHCP server to point to the appropriate DNS servers.

Click to view at full size.

Figure 3.6 Dynamic DNS updates the zone database when IP addresses change

DNS Management

Use the DNS snap-in to configure a zone for DDNS as follows:

  1. From the DNS snap-in, right-click the forward or reverse lookup zone that you want to configure, and then click Properties.

  2. On the General tab, under Dynamic Update, click one of the following options:

    • None. Do not allow dynamic updates for this zone.

    • Allow Updates. Allow all dynamic DNS update requests for this zone.

    • Allow Secure Updates. Allow only dynamic DNS updates that use secure DNS for this zone.

    The Allow Secure Updates option only appears if the zone type is Active Directory Integrated. If you click Allow Secure Updates, the requestor's permission to update the records in the zone database is tested by using mechanisms specified in a subsequent secure DNS update protocol.

NOTE
For more information on Dynamic DNS, see RFC 2136 and RFC 2137.

Practice: Configuring the DNS Service

In this practice, you will create a forward lookup zone, create a reverse lookup zone, and configure the DNS Service to allow Dynamic DNS.

Exercise 1: Creating Zones

In this exercise, you will configure the DNS Service by creating a forward lookup zone and a reverse lookup zone.

  • To create a forward lookup zone and a reverse lookup zone

    1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.

    2. Click your server in the console tree.

      3. Information about configuring the DNS server appears in the details pane.

    3. From the Action menu, select Configure The Server.

      4. The Configure DNS Server wizard appears.

    4. In the Configure DNS Server wizard, click Next.

    5. On the Root Server page, ensure that the This Is The First DNS Server On This Network option is selected, and then click Next.

    6. On the Forward Lookup Zone page, verify that Yes, Create A Forward Lookup Zone is selected, and then click Next.

      7. The Zone Type page appears.

    7. Verify that the Standard Primary option is selected, and then click Next.

      8. The Zone Name page appears.

    8. Type domain.com and then click Next.

    NOTE
    If you are on a network, check with your network administrator to make sure it is OK to use this as your DNS domain name. This should be the same domain name that you used in step 12 of the "To configure TCP/IP for DNS" procedure in Exercise 1 in Lesson 3.

      The Zone File page appears.

    1. Ensure that the Create A New File With This File Name option is selected and that the name of the file to be created is domain.com.dns.

    NOTE
    If you did not use domain.com as the domain name in step 8, this will be the domain name you typed in step 8 with a .DNS extension on the end.

    1. Click Next.

    2. On the Reverse Lookup Zone page, verify that Yes, Create A Reverse Lookup Zone is selected, and then click Next

    3. On the Zone Type page, verify that the Standard Primary option is selected, and then click Next.

    4. On the Reverse Lookup Zone page, ensure that the Network ID option is selected, and type 192.168.1 in the Network ID box.

      5. If you are on a network and did not use 192.168.1.201 as your IP address, type in the first three octets of your static IP address. This should be the same IP address that you used in step 7 of the "To configure TCP/IP for DNS" procedure in Exercise 1 in Lesson 3.

    NOTE
    In the Reverse Lookup Zone Name box at the bottom of the Reverse Lookup Zone page, notice that the in-addr arpa name is filled in and is 1.168.192.3 in-addr. arpa. If you did not use 192.168.1.201, your reverse lookup zone name will match the first three octets of your IP address, in reverse, that you're using.

    1. Click Next.

      2. The Zone File page appears.

    2. Ensure that the Create A New File With This File Name option is selected and that the name of the file to be created is 1.168.192 in-addr.arpa.dns.

    NOTE
    If you did not use 192.168.1.201 as your IP address in step 7 of the procedure in Exercise 1 in Lesson 3, the filename will be based on the IP address and subnet mask that you used.

    1. Click Next.

      2. The Completing The Configure DNS Server Wizard page appears.

    2. Review the information on the Completing The Configure DNS Server Wizard page, and then click Finish.

      3. If you used the suggested name and IP address, your information should match the information shown in Figure 3.7.

    Click to view at full size.

    Figure 3.7 Lookup zone information upon completing the Configure DNS Server wizard

    Exercise 2: Configuring Dynamic DNS Service

    In this exercise, you will configure the DNS Service to allow dynamic updates.

  • To configure Dynamic DNS

    1. In the console tree, expand Server1.

    NOTE
    If you did not use Server1 as your server name, expand your server.

    1. Expand Forward Lookup Zones, expand Domain.com, right-click Domain.com, and then click Properties.

    NOTE
    If you did not use Domain.com as your DNS domain name, right-click your DNS domain name.

      The Domain.com Properties dialog box appears.

    1. In the Allow Dynamic Updates? drop-down list on the General tab, click Yes, and then click OK.

      2. This configures Dynamic DNS for the forward lookup zone.

    2. Expand Reverse Lookup Zones, and expand 192.168.1.x Subnet.

    NOTE
    There is nothing to expand, but the plus sign in front of 192.168.1.x Subnet will go away.

    1. Right-click 192.168.1.x Subnet, and then click Properties.

      2. The 192.168.1.x Subnet Properties dialog box appears.

    2. In the Allow Dynamic Updates? drop-down list on the General tab, click Yes, and then click OK.

      3. This configures the Dynamic DNS for the reverse lookup zone.

  • To create a pointer record for your DNS server

    • NOTE
    Computers running Windows 2000 can use the DHCP Client service to dynamically register and update their PTR RR in DNS when an IP configuration change occurs. All other DHCP-enabled client computers can have their PTR RRs registered and updated by the DHCP server if they obtain their IP lease from a qualified server. The DHCP service provided with Windows 2000 Server provides this capability. In this lab you are not using the DHCP service, so you must manually create the PTR record.

    1. In the console tree, click Reverse Lookup Zones.

    2. Click 192.168.1.x Subnet.

    NOTE
    If you did not use 192.168.1.201 as the static IP address for your server name, click the appropriate subnet.

      What types of records exist in the reverse lookup zone?

    1. In the console tree, right-click 192.168.1.x Subnet, and then click New Pointer.

    NOTE
    If you did not use 192.168.1.201 as the static IP address for your server name, click the appropriate subnet.

    1. In the Host IP Number box, type in the selected octet, 201, of your IP address.

    NOTE
    If you did not use 192.168.1.201 as the static IP address for your server name, type in the appropriate octet. If you did not use 255.255.255.0 as your subnet mask, you may have to type in more than one octet.

    1. In the Host Name box, type the fully qualified domain name of your computer, followed by a period. In our example, if your computer name is Server1, type server1.domain.com. Remember to include the trailing period.

    2. Click OK.

      3. A Pointer record appears in the details pane.

    3. Close the DNS tool.

    Exercise 3: Testing Your DNS Server

    In this exercise, you will confirm that your DNS Service is working.

  • To test your DNS server using Nslookup

    1. Open a command prompt.

    2. At the command prompt, type nslookup and then press Enter.

      3. Record your results in the following table.

      Parameter Value
      Default server  
      Address  

      Answers

    3. Type exit and then press Enter.

    4. Type exit and press Enter to close the command prompt.

    Lesson Summary

    You can configure the DNS Service by using the DNS snap-in. When you start the DNS snap-in for the first time, a wizard appears and guides you through the process of configuring a root name server, a forward lookup zone, and a reverse lookup zone. Root name servers store the location of name servers with authority for all the top-level domains in the domain name space, and the top-level name servers can provide a list of name servers with authority for the second-level domains. In the practice portion of this lesson, you configured your DNS Service by creating a forward lookup zone and a reverse lookup zone.

    You can also use the DNS snap-in to add additional entries, called resource records, to the zone database file and to configure the DNS Service for Dynamic DNS (DDNS), which enables automatic updates to your zone files by other servers or services.