Read Windows Server 2008 R2 Unleashed Online
Authors: Noel Morimoto
Getting Started with DNS on Windows Server 2008 R2
265
NOTE
Dynamic updates allow DNS clients to register and update their own resource records in
the DNS zone. When enabling dynamic updates to be accepted by your DNS server, be
sure you know the sources of dynamic updated information. If the sources are not reli-
able, you can potentially receive corrupt or invalid information from a dynamic update.
12. The next page allows for the creation of a reverse lookup zone. Here, select Yes,
Create a Reverse Lookup Zone Now, and click Next.
13. Select Primary Zone for the reverse lookup zone type, and click Next.
14. If storing the zone in Active Directory, select the replication scope and click Next.
15. Accept the default IPv4 Reverse Lookup Zone, and click Next.
16. Type in the network ID of the reverse lookup zone, and click Next. (The network ID
is typically the first set of octets from an IP address in the zone. If a Class C IP range
of 192.168.3.0/24 is in use on a network, you would enter the values 192.168.3, as
illustrated in Figure 10.2.)
ptg
FIGURE 10.2
Reverse lookup zone creation.
17. Again, if creating a non-AD-integrated zone, you are offered the option to create a
new zone file or to utilize an existing file. For this example, choose Create a New File
10
with This File Name, and click Next to continue.
18. Again, you are presented the option for dynamic updates. For this example, select
Allow Both Nonsecure and Secure Updates, and click Next to continue.
19. The next page deals with the setup of forwarders, which is described in more detail
in the “Understanding DNS Zones” section later in this chapter. In this example,
choose No, It Should Not Forward Queries, and click Next to continue.
266
CHAPTER 10
Domain Name System and IPv6
20. The final window displays a summary of the changes that will be made and the
zones that will be added to the DNS database. Click Finish to finalize the changes
and create the zones.
NOTE
Depending on network connectivity, there might be a pop-up dialog box between the two
clicks to finish the DNS changes in step 20. If you are not connected to a local area
network (LAN), an error dialog box is displayed regarding searching for root hints.
Although the dialog box notes the root hint error, clicking OK will still configure DNS
successfully.
Configuring DNS Server to Point to Itself
One subtask that should be accomplished after the installation is configuring the DNS
server address in the TCP/IP settings to point to itself for DNS resolution, unless there is a
specific reason not to do so. To accomplish this task, perform the following steps:
1. Launch Server Manager.
2. Click the View Network Connections link.
ptg
3. While in Network Connections, right-click the Local Area Connection icon and
select Properties.
4. Double-click Internet Protocol Version 4 (TCP/IPv4).
5. In the DNS Server boxes, make sure that Use the Following DNS Server Addresses is
selected and then type the IP address of the DNS server into the Preferred DNS
Server box.
6. If you have another DNS server, you can enter it into the Alternate DNS Server box.
7. Click OK twice to complete the changes.
NOTE
Previous recommendations for Windows 2000 stipulated that a root DNS server point
to another DNS server as the primary name server. This recommendation was made in
response to what is known as the “island” problem in Windows DNS. Administrators
will take heart in the fact that Windows Server 2003 and higher (including Windows
Server 2008 R2) are no longer subject to this problem, and it is now recommended
that you configure a DNS server to point to itself in most cases. You can find more
information on this concept later in this chapter.
In the DNS hierarchy, objects are identified through the use of resource records (RRs).
These records are used for basic lookups of users and resources within the specified
domain and are unique for the domain in which they are located. Because DNS is not a
Resource Records
267
flat namespace, however, multiple identical RRs can exist at different levels in a DNS hier-
archy. The distributed nature of the DNS hierarchy allows such levels.
Several key resource records exist in most DNS implementations, especially in those associ-
ated with Windows Server 2008 R2 Active Directory Domain Services. A general familiarity
with these specific types of RRs is required to gain a better understanding of DNS.
Start of Authority (SOA) Records
The Start of Authority (SOA) record in a DNS database indicates which server is authorita-
tive for that particular zone. The server referenced by the SOA records is subsequently the
server that is assumed to be the authoritative source of information about a particular
zone and is in charge of processing zone updates. The SOA record contains information
such as the Time to Live (TTL) interval, the contact person responsible for DNS, and other
critical information, as illustrated in Figure 10.3.
ptg
FIGURE 10.3
A sample SOA record.
An SOA record is automatically created when DNS is installed for Active Directory Domain
10
Services in Windows Server 2008 R2 and is populated with the default TTL, primary server,
and other pertinent information for the zone. After installation, however, these values can
be modified to fit the specific needs of an organization.
Host (A) Records
The most common type of RR in DNS is the host record, also known as an A record. This
type of RR simply contains the name of the host and its corresponding IP address, as illus-
trated in Figure 10.4.
268
CHAPTER 10
Domain Name System and IPv6
FIGURE 10.4
Sample host record.
ptg
The vast majority of RRs in DNS are A records because they are used to identify the IP
addresses of most resources within a domain.
NOTE
Most resource records also contain advanced information about the record, which
includes the Time to Live (TTL) and, optionally, the record time stamp. To view or update
this information, select Advanced from the View menu of the DNS Management console.
Name Server (NS) Records
Name Server (NS) records identify which computers in a DNS database are the name
servers, essentially the DNS servers for a particular zone. Although there can be only one
SOA record for a zone, there can be multiple NS records for the zone, which indicate to
clients which machines are available to run DNS queries against for that zone.
NOTE
Name Server records, or NS records, do not actually contain the IP information of a par-
ticular resource. In fact, in most cases, only A records contain this information. NS
records and other similar records simply point to a server’s A record. For example, an
NS record will simply point to server1.companyabc.com, which will then direct the query
to the server1 A record in the companyabc.com zone.
Resource Records
269
Service (SRV) Records
Service (SRV) records are RRs that indicate which resources perform a particular service.
Domain controllers in Active Directory Domain Services are referenced by SRV records
that define specific services, such as the global catalog (GC), Lightweight Directory Access
Protocol (LDAP), and Kerberos. SRV records are a relatively new addition to DNS, and did
not exist in the original implementation of the standard. Each SRV record contains infor-
mation about a particular functionality that a resource provides. For example, an LDAP
server can add an SRV record, indicating that it can handle LDAP requests for a particular
zone. SRV records can be very useful for Active Directory Domain Services because
domain controllers can advertise that they handle global catalog requests, as illustrated in
Figure 10.5.
ptg
FIGURE 10.5
Sample SRV record for an AD GC entry.
NOTE
Because SRV records are a relatively new addition to DNS, they are not supported by
several down-level DNS implementations, such as UNIX BIND 4.1.x and NT 4.0 DNS. It
is, therefore, critical that the DNS environment that is used for Windows Server 2008
10
R2’s Active Directory Domain Services has the capability to create SRV records. For
UNIX BIND servers, version 8.1.2 or higher is recommended.
Mail Exchanger (MX) Records
A Mail Exchanger (MX) record indicates which resources are available for Simple Mail
Transfer Protocol (SMTP) mail reception. MX records can be set on a domain basis so that
mail sent to a particular domain will be forwarded to the server or servers indicated by
270
CHAPTER 10
Domain Name System and IPv6
the MX record. For example, if an MX record is set for the domain companyabc.com, all
mail sent to [email protected] will be automatically directed to the server indicated
by the MX record.
Pointer (PTR) Records
Reverse queries to DNS are accomplished through the use of Pointer (PTR) records. In
other words, if a user wants to look up the name of a resource that is associated with a
specific IP address, he would do a reverse lookup using that IP address. A DNS server
would reply using a PTR record that would indicate the name associated with that IP
address. PTR records are most commonly found in reverse lookup zones.
Canonical Name (CNAME) Records
A Canonical Name (CNAME) record represents a server alias, and allows any one of a
number of servers to be referred to by multiple names in DNS. The record essentially
redirects queries to the A record for that particular host. CNAME records are useful when
migrating servers and for situations in which friendly names, such as mail.companyabc.
com, are required to point to more complex server-naming conventions, such as
sfoexch01.companyabc.com.
ptg
Other DNS Record Types
Other, less common forms of records that might exist in DNS have specific purposes, and
there might be cause to create them. The following is a sample list, but is by no means
exhaustive:
.
AAAA—
Maps a standard IP address into a 128-bit IPv6 address. This type of record
will become more prevalent as IPv6 is adopted and is discussed later in the chapter.
.
ISDN—
Maps a specific DNS name to an ISDN telephone number.