What is DNS?

DNS stands for Domain Name System. To know more about DNS visit Wikipedia DNS. In short
DNS maps complex 32-bit IP addresses to human readable and rememberable domain names i.e.
gopalthorve.com. DNS consists of a very large globally distributed database which hold zones
for domains and consequently these zones hold various resource records of the domain. As we all
know every device connected with the global internet is identified by a logical 32-bit number.
This IP address is further divided into 4 octal numbers separated by dot (.) i.e. 192.168.0.1
(dotted decimal format). It is DNS due to which we dont need to remember those complex 32-
bit IP addresses. Say thanks to DNS due to which we only need to enter say www.wordpress.com
and DNS takes care of resolving this name to respective IP address. To know how DNS Server
works and for detailed description about each and every term associated with DNS Server you
may find DNS on Windows Server 2003 interesting. I learned a lot of stuffs about DNS Server
from DNS and BIND (5th Edition).

Install DNS Server in Windows Server 2008

Launch Server Manager by clicking Start > Administrative Tools > Server Manager.
Click Roles and then Add Roles.

Select DNS Server from the list and then click Next button.
 A little introduction to DNS Server and a few useful links for further details as shown in
below image. Click Next to move on.
 Click Install button.
 DNS Server has been installed successfully as per below snapshot. Click Close to finish
the Add Roles Wizard.
Creating Forward Lookup Zone
Launch DNS Manager by clicking Start > Administrative Tools > DNS or type
dnsmgmt.msc in Run window (Press Windows Key + R) and press Enter.
Expand Server (e.g. WIN2008) > Right click Forward Lookup Zones > New Zone
which will launch New Zone wizard.
 Click Next on Welcome to the New Zone wizard.
 Since this is our primary DNS Server for the zone select Primary zone. Then move on
by clicking Next button.

Enter the domain name for which you want to create the zone for e.g. gopalthorve.com.
Say you want to build up DNS Server for your own Windows Server 2008 based hosting
server then enter your registered domain name here otherwise if it is for intranet only it
can be anything (domain naming conventions must be followed). The zone can also be
created for subdomain e.g. us.gopalthorve.com.
 Zone File Options:
o Create a new file with this file name: Enter the physical zone file name where
all zone information will be stored for this domain/subdomain. This file will be
created under %systemroot%\system32\dns. Follow standard zone file naming
convention e.g. gopalthorve.com.dns.
o Use this existing file: If you already have a zone file for this domain/subdomain
then select this option and specify zone file name here. You need to put this zone
file under %systemroot%\system32\dns folder
 Dynamic Update: Here you can specify if this DNS zone will accept secure, nonsecure
or no dynamic updates from client.
o Allow only secure dynamic updates (recommended for Active Directory): This is
available only for Active Directory integrated zones. This setting allows Active
Directory client machines to register their name as resource records pointing
towards their dynamic/static IP address.
o Allow both nonsecure and secure dynamic updates: This should never be enabled
because it allows all clients secure and nonsecure both to update from all clients.
o Do not allow dynamic updates: This should be the preferred setting if you are
setting up this zone for your own hosting server. This denies dynamic updates to
zone resource records from all client and you will need to change them manually
whenever required. We will choose this option and then move on.
 Forward lookup zone has been created successfully for gopalthorve.com and shows the
summary as in below image. Click Finish to close the New Zone Wizard.
Configure Forward Lookup Zone
Right click on gopalthorve.com (forward lookup zone recently created) and then click
Properties.

Name Servers: Here we can configure nameservers for the zone gopalthorve.com.
o Remove the default entry from the list.

o Click Add button to add new nameserver record.

o Tye fully qualified domain name (FQDN) of the nameserver for your domain. I
am configuring my own live DNS Server and hence I entered
ns1.gopalthorve.com.
o Enter the IP addresses to which ns1.gopalthorve.com will resolve to. I am entering
private IP address of my computer here for example purpose only. Please replace
it by your Public IP Address allotted by your ISP or dedicated or VPS hosting
provider.
o Similarly create another nameserver record. I created it as ns2.gopalthorve.com
pointing to 192.168.0.99 (Please replace it by your Public IP Address allotted by
your ISP or dedicated or VPS hosting provider.). Second nameserver record is
required because your domain name registrar will require atleast two nameservers
for pointing your domain to the DNS server we are configuring. We are
configuring both nameservers pointing to the same DNS Server configured with
multiple IP Addresses. (ns1.gopalthorve.com >> 192.168.0.98 and
ns2.gopalthorve.com >> 192.168.0.99).
o Click Apply to save changes.
 Start of Authority (SOA)
o Serial number: This is the serial number for the zone. This should be set to
YYYYMMDDNN where YYYY is the year, MM is the month, DD is the day and
NN is the count is the count indiciating how many times the zone modified on
that particular day. Whenever you change zone data occurs this serial number
must be incremented by one. When slave nameserver contacts master for zone
data it compares its own serial number with masters serial number and its less
than masters serial number then slave nameserver updates its zone data from
master.
o Primary server: This is the FQDN of nameserver which you want to set as
primary nameserver for this zone. In my case its ns1.gopalthorve.com.
o Responsible person: Specify the email address of the administrator who is
responsible for maintaining this zone. Here email address must be specified in
dotted format e.g. hostmaster@gopalthorve.com must be specified as
hostmaster.gopalthorve.com. This is required when other webmasters wants to
contact the maintainer of the zone in case of any issues.
o Refresh interval: This value instructs the slave nameserver how often to check
that the data for this zone is up to date. Set this to 1 day if zone doesnt change
frequently. For the DNS server for hosting purpose 1 day is idle.
o Retry interval: In case slave nameserver failed to connect to master after Refresh
interval (in case master is down or unreachable), slave tries to connect to master
 every interval specified here. Generally Retry interval is shorter than Refresh
interval but its not compulsory. Enter 2 hours here.
o Expires after: If the slave fails to connect master for this much time, the slave
expires the zone. Expiring the zone means it slave stops responding to queries for
this zone because the zone data that slave is having is very old. Enter 7 days here.
o Minimum (default) TTL: TTL stands for Time To Leave. This applies to all
negative responses from the authoratative nameservers. Enter 1 day here.
o TTL for this record: TTL for SOA record.

o Click Apply to save changes.

Zone Transfers: Zone transfer is the process of transferring entire zone to the requesting
server/client. The best practice is to not allow every one to connect and transfer the zones.
You can allow only specific server for zone transfers i.e. the slave nameserver for the
zone. We can setup to notify the servers if any zone updates happen on this zone.
o Allow zone transfers: Enables/disables zone transfers.
 To any server: All server/clients will be allowed to transfer zones. Not
recommended.
Only to servers listed on the Name Servers tab: Zone transfers will only be
allowed to the nameservers specified under Name Servers tab
(ns1.gopalthorve.com, ns2.gopalthorve.com). Highly recommended for
DNS Servers for web hosting servers.
Only to the following servers: If you want to enter IP/FQDN to which
zone transfers will be allowed select this option and then click on Edit
button and list all IP/FQDN allowed for zone transfers.

o Notify:
Automatically notify: Enables/disables automatic notification of zone
changes to either nameserver listed on Nameservers tab or specified IP
addresses/FQDN names.
Servers listed on the Name Servers tab: Selecting this will only zone
update notification will only be sent to nameservers listed under Name
Servers tab. This is the recommended setting.
 The following servers: You can specify list of other name servers to whom
you want to send automatic notification of zone updates.

Configure DNS Server Properties

Open DNS Manager by clicking Start > Administrative Tools > DNS.
Right Click on the DNS Server for which you want to configure Properties for and click
Properties.
Interfaces: You can configure DNS Server to listen on specific interfaces/IP Addresses or
all IP addresses. If the server has multiple interfaces then you can configure DNS Server
to listen on specific interface. If the server is having only single interface with multiple IP
addresses configured then you can configure it to listen on specific IP addresses. By
default it is configured to listen on all interfaces and all IP addresses.
 Forwarders: You can add other DNS Servers provided by your ISP to forward DNS
queries to in case this server doesnt hold zones for the domains. These forwarder
addresses are only used recursion is enabled. Forwarders are required if you are having
an intranet/extranet DNS server serving a few zones and want to allow same server to
resolve other DNS queries too.
 Advanced: You can configure some advanced aspects of DNS Server here. A very
important options I want to discuss here is Disable recursion (also disables
forwarders). If you are setting up this DNS server to serve zones for domains hosted on
your DNS server (dedicated server, VPS Server, Cloud VPS Server) then enable Disable
recursion which also disables forwarders, doing this will only allow the zones hosted on
this server to be served.
 Root Hints: This is the list of root name servers.
 Debug Logging: For debugging purpose the debug logs can be enabled from here.
 Event Logging: DNS Server events can be enabled for troubleshooting purpose.
DNS Server listens on TCP and UDP port 53, so make sure to allow traffic on these ports in
Windows Firewall. Also make sure that if you are having any router or firewall device and DNS
server is behind any of these device, do necessary configuration to allow connection to DNS
Server.

Register Name Servers at Domain Name Registrar

If you have a registered domain name and want to host DNS services for the domain on the DNS
Server you recently configured then you have to create child name server at your Domain Name
Registrar. If you have administrative control of your domain you can do this with the help of
your domain name registrar otherwise ask them to do this for you. Create child name server like
this:

ns1.gopalthorve.com >> 192.168.0.98

ns2.gopalthorve.com >> 192.168.0.99
Replace private IP addresses with public IP addresses on which DNS Server will listen on.

Update Name Servers at Domain Name Registrar

After creating child name servers you have to update name servers for your domain at Domain
Name Registrar. If you have administrative control of your domain you can do this with the help
of your domain name registrar otherwise ask them to do this for you. Update name servers as
below:

Name Server 1: ns1.gopalthorve.com

Name Server 2: ns2.gopalthorve.com

To learn how to create various DNS Resource records (A, NS, CNAME, SPF, TXT, MX) visit
this link.

Related Posts:

Configure Secondary DNS Server in Windows Server 2008

Create various DNS resource record in Windows Server 2008
 Resolve DNS records using nslookup command
Android Web Server
How to use Wireless LAN Service in Windows Server 2008