Install and configure DNS Server in Windows Server 2008

What is DNS?

DNS stands for Domain Name System. To know more about DNS visit Wikipedia DNS. In short DNS maps complex 32-bit IP addresses to human readable and rememberable domain names i.e. gopalthorve.com. DNS consists of a very large globally distributed database which hold zones for domains and consequently these zones hold various resource records of the domain. As we all know every device connected with the global internet is identified by a logical 32-bit number. This IP address is further divided into 4 octal numbers separated by dot (.) i.e. 192.168.0.1 (dotted decimal format). It is DNS due to which we don’t need to remember those complex 32-bit IP addresses. Say thanks to DNS due to which we only need to enter say www.wordpress.com and DNS takes care of resolving this name to respective IP address. To know how DNS Server works and for detailed description about each and every term associated with DNS Server you may find DNS on Windows Server 2003 interesting. I learned a lot of stuffs about DNS Server from DNS and BIND (5th Edition).

Install DNS Server in Windows Server 2008

• Launch Server Manager by clicking Start > Administrative Tools > Server Manager. Click Roles and then Add Roles.

• Select DNS Server from the list and then click Next button.

• A little introduction to DNS Server and a few useful links for further details as shown in below image. Click Next to move on.

• Click Install button.

• DNS Server has been installed successfully as per below snapshot. Click Close to finish the Add Roles Wizard.

Creating Forward Lookup Zone

• Launch DNS Manager by clicking Start > Administrative Tools > DNS or type dnsmgmt.msc in Run window (Press Windows Key + R) and press Enter.
• Expand Server (e.g. WIN2008) > Right click Forward Lookup Zones > New Zone which will launch New Zone wizard.
  

•  Click Next on Welcome to the New Zone wizard.

• Since this is our primary DNS Server for the zone select Primary zone. Then move on by clicking Next button.

• Enter the domain name for which you want to create the zone for e.g. gopalthorve.com. Say you want to build up DNS Server for your own Windows Server 2008 based hosting server then enter your registered domain name here otherwise if it is for intranet only it can be anything (domain naming conventions must be followed). The zone can also be created for subdomain e.g. us.gopalthorve.com.

•  Zone File Options:
  • Create a new file with this file name: Enter the physical zone file name where all zone information will be stored for this domain/subdomain. This file will be created under %systemroot%\system32\dns. Follow standard zone file naming convention e.g. gopalthorve.com.dns.
  • Use this existing file: If you already have a zone file for this domain/subdomain then select this option and specify zone file name here. You need to put this zone file under %systemroot%\system32\dns folder

• Dynamic Update: Here you can specify if this DNS zone will accept secure, nonsecure or no dynamic updates from client.
  • Allow only secure dynamic updates (recommended for Active Directory): This is available only for Active Directory integrated zones. This setting allows Active Directory client machines to register their name as resource records pointing towards their dynamic/static IP address.
  • Allow both nonsecure and secure dynamic updates: This should never be enabled because it allows all clients secure and nonsecure both to update from all clients.
  • Do not allow dynamic updates: This should be the preferred setting if you are setting up this zone for your own hosting server. This denies dynamic updates to zone resource records from all client and you will need to change them manually whenever required. We will choose this option and then move on.

• Forward lookup zone has been created successfully for gopalthorve.com and shows the summary as in below image. Click Finish to close the New Zone Wizard.

Configure Forward Lookup Zone

• Right click on gopalthorve.com (forward lookup zone recently created) and then click Properties.

• Name Servers: Here we can configure nameservers for the zone gopalthorve.com.
  • Remove the default entry from the list.
  • Click Add… button to add new nameserver record.
  • Tye fully qualified domain name (FQDN) of the nameserver for your domain. I am configuring my own live DNS Server and hence I entered ns1.gopalthorve.com.
  • Enter the IP addresses to which ns1.gopalthorve.com will resolve to. I am entering private IP address of my computer here for example purpose only. Please replace it by your Public IP Address allotted by your ISP or dedicated or VPS hosting provider.
  • Similarly create another nameserver record. I created it as ns2.gopalthorve.com pointing to 192.168.0.99 (Please replace it by your Public IP Address allotted by your ISP or dedicated or VPS hosting provider.). Second nameserver record is required because your domain name registrar will require atleast two nameservers for pointing your domain to the DNS server we are configuring. We are configuring both nameservers pointing to the same DNS Server configured with multiple IP Addresses. (ns1.gopalthorve.com >> 192.168.0.98 and ns2.gopalthorve.com >> 192.168.0.99).
  • Click Apply to save changes.

• Start of Authority (SOA)
  • Serial number: This is the serial number for the zone. This should be set to YYYYMMDDNN where YYYY is the year, MM is the month, DD is the day and NN is the count is the count indiciating how many times the zone modified on that particular day. Whenever you change zone data occurs this serial number must be incremented by one. When slave nameserver contacts master for zone data it compares its own serial number with master’s serial number and its less than masters serial number then slave nameserver updates its zone data from master.
  • Primary server: This is the FQDN of nameserver which you want to set as primary nameserver for this zone. In my case its ns1.gopalthorve.com.
  • Responsible person: Specify the email address of the administrator who is responsible for maintaining this zone. Here email address must be specified in dotted format e.g. hostmaster@gopalthorve.com must be specified as hostmaster.gopalthorve.com. This is required when other webmasters wants to contact the maintainer of the zone in case of any issues.
  • Refresh interval: This value instructs the slave nameserver how often to check that the data for this zone is up to date. Set this to 1 day if zone doesn’t change frequently. For the DNS server for hosting purpose 1 day is idle.
  • Retry interval: In case slave nameserver failed to connect to master after Refresh interval (in case master is down or unreachable), slave tries to connect to master every interval specified here. Generally Retry interval is shorter than Refresh interval but its not compulsory. Enter 2 hours here.
  • Expires after: If the slave fails to connect master for this much time, the slave expires the zone. Expiring the zone means it slave stops responding to queries for this zone because the zone data that slave is having is very old. Enter 7 days here.
  • Minimum (default) TTL: TTL stands for Time To Leave. This applies to all negative responses from the authoratative nameservers. Enter 1 day here.
  • TTL for this record: TTL for SOA record.
  • Click Apply to save changes.

• Zone Transfers: Zone transfer is the process of transferring entire zone to the requesting server/client. The best practice is to not allow every one to connect and transfer the zones. You can allow only specific server for zone transfers i.e. the slave nameserver for the zone. We can setup to notify the servers if any zone updates happen on this zone.
  • Allow zone transfers: Enables/disables zone transfers.
    • To any server: All server/clients will be allowed to transfer zones. Not recommended.
    • Only to servers listed on the Name Servers tab: Zone transfers will only be allowed to the nameservers specified under Name Servers tab (ns1.gopalthorve.com, ns2.gopalthorve.com). Highly recommended for DNS Servers for web hosting servers.
    • Only to the following servers: If you want to enter IP/FQDN to which zone transfers will be allowed select this option and then click on Edit button and list all IP/FQDN allowed for zone transfers.

• Notify…:
  • Automatically notify: Enables/disables automatic notification of zone changes to either nameserver listed on Nameservers tab or specified IP addresses/FQDN names.
  • Servers listed on the Name Servers tab: Selecting this will only zone update notification will only be sent to nameservers listed under Name Servers tab. This is the recommended setting.
  • The following servers: You can specify list of other name servers to whom you want to send automatic notification of zone updates.

Configure DNS Server Properties

• Open DNS Manager by clicking Start > Administrative Tools > DNS.
• Right Click on the DNS Server for which you want to configure Properties for and click Properties.
• Interfaces: You can configure DNS Server to listen on specific interfaces/IP Addresses or all IP addresses. If the server has multiple interfaces then you can configure DNS Server to listen on specific interface. If the server is having only single interface with multiple IP addresses configured then you can configure it to listen on specific IP addresses. By default it is configured to listen on all interfaces and all IP addresses.

• Forwarders: You can add other DNS Servers provided by your ISP to forward DNS queries to in case this server doesn’t hold zones for the domains. These forwarder addresses are only used recursion is enabled. Forwarders are required if you are having an intranet/extranet DNS server serving a few zones and want to allow same server to resolve other DNS queries too.

•  Advanced: You can configure some advanced aspects of DNS Server here. A very important options I want to discuss here is Disable recursion (also disables forwarders). If you are setting up this DNS server to serve zones for domains hosted on your DNS server (dedicated server, VPS Server, Cloud VPS Server) then enable “Disable recursion” which also disables forwarders, doing this will only allow the zones hosted on this server to be served.

•  Root Hints: This is the list of root name servers.

• Debug Logging: For debugging purpose the debug logs can be enabled from here.

• Event Logging: DNS Server events can be enabled for troubleshooting purpose.

DNS Server listens on TCP and UDP port 53, so make sure to allow traffic on these ports in Windows Firewall. Also make sure that if you are having any router or firewall device and DNS server is behind any of these device, do necessary configuration to allow connection to DNS Server.

Register Name Servers at Domain Name Registrar

If you have a registered domain name and want to host DNS services for the domain on the DNS Server you recently configured then you have to create child name server at your Domain Name Registrar. If you have administrative control of your domain you can do this with the help of your domain name registrar otherwise ask them to do this for you. Create child name server like this:

ns1.gopalthorve.com >> 192.168.0.98

ns2.gopalthorve.com >> 192.168.0.99

Replace private IP addresses with public IP addresses on which DNS Server will listen on.

Update Name Servers at Domain Name Registrar

After creating child name servers you have to update name servers for your domain at Domain Name Registrar. If you have administrative control of your domain you can do this with the help of your domain name registrar otherwise ask them to do this for you. Update name servers as below:

Name Server 1: ns1.gopalthorve.com

Name Server 2: ns2.gopalthorve.com

To learn how to create various DNS Resource records (A, NS, CNAME, SPF, TXT, MX) visit this link.