Installing the DNS Server role
Installing DNS can be done the same way as you would install any other server role. To install DNS perform the following steps:
1. | Open Server Manager from Start | Administrative Tools | Server Manager.
|
2. | Click
to highlight the Roles node in the left pane. Then click the Add Roles
link in the middle pane. This will launch the Add Roles Wizard.
|
3. | Click Next to begin the installation process.
|
4. | Select DNS Server from the list of available roles (see Figure 3). Then click Next.
|
5. | The Introduction to DNS Server page will appear. Click Next to continue.
|
6. | Confirm that DNS was selected on the summary page, and then click Install.
|
7. | After
DNS installation is completed, you will be taken to an installation
results page. Verify that the DNS role was installed successfully, and
then click Close.
|
8. | You should now see the DNS role listed under the Roles node in Server Manager as seen in Figure 4.
|
Configuring DNS Servers
After DNS is installed, you will need to configure
the service to support name resolution. The primary DNS configuration
tool is the DNS console in Server Manager. Let us take a look at DNS
Server configuration settings.
You can access the server’s DNS properties by expanding the nodes Roles | DNS Server | DNS, and then right clicking the listed DNS Server and choosing Properties as seen in Figure 5.
The properties window will open and you will be presented with a series of configuration tabs as seen in Figure 6.
We
will now take a look at each of the configuration tabs and explore the
options that can be set up. The following configuration tabs are
displayed in the DNS properties window:
Interfaces
—The Interfaces tab allows you to select the IP addresses (including
IPv6 addresses) that you want to listen for DNS requests on. By default,
the option to listen on all interfaces is selected.
Forwarders
—The Forwarders option allows you to specify the DNS Servers that the
current DNS Server can forward the requests to, if it cannot resolve the
requested query.
|
Using DNS forwarders
As a best practice, you should have a set of DNS
Servers that use root hints to perform DNS lookups. You should then
configure all other DNS Servers on your network to forward
Internet-based requests to these servers. Forwarders provide additional
security against DNS cache poisoning by limiting which servers pull
records from Internet DNS Servers.
|
Advanced —Most
DNS installations will not require you to modify the settings on the
Advanced tab; however, there may be occasions where changing these
options are necessary.
Disable recursion
—Disabling recursion will prevent the DNS Server from performing a
referral lookup of zones not hosted on this DNS Server. If recursion is
disabled and a client queries the DNS Server for a zone that is not
hosted on the DNS Server, the query will fail.
BIND Secondaries
—Enabling this option will allow Windows DNS Servers to perform fast
zone transfers to compatible BIND DNS Servers. Fast zone transfers use
compression to perform a faster transfer of data from a primary DNS
Server to secondary DNS Servers.
Fail on load if bad zone data —Enabling this option will instruct the DNS Server to not load the zone if there are errors in the zone files.
Enable round robin —This
feature, enabled by default, allows DNS to use round robin techniques
to send traffic to multiple IP addresses for a single host.
Enable netmask ordering
—This feature, also enabled by default, ensures that a host IP on the
client’s local subnet will be returned if multiple IP addresses (host
records) are given for a single hostname.
Secure cache against pollution
—This feature attempts to prevent the local DNS cache from being
polluted by discarding records in the cache that could be considered
insecure due to the fact that they were received from a DNS Server that
is not part of the domain path that the original request was sent to.
Root Hints —The root hints tab lists the root DNS Servers that the server will use to resolve a query if it does not host the zone.
Debug Logging
—Debug Logging allows you to create a very detailed log of DNS packets
sent and received by the DNS Server. Debug Logging can create very large
logs depending on how many packets are captured. It is only recommended
that you turn on Debug Logging when troubleshooting DNS problems.
Event Logging —This setting configures what type of DNS events should be written to the DNS Event Log. By default, the All Events option is selected.
Trust Anchors
—Trust Anchors are part of DNS Security Extensions (DNSSEC). Trust
Anchors are used to validate responses from remote DNS Servers.
Monitoring —The Monitoring tab allows you to perform basic or recursive queries against the DNS Server manually or on a scheduled basis.
