Scribd Logo
Upload

Welcome to Scribd!

  • 17 views

    Creating A Forward Lookup Zone: Paul Hill

    Uploaded by

    quang nguyengoc

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Creating A Forward Lookup Zone: Paul Hill

    Uploaded by

    quang nguyengoc
    17 views5 pages

    Original Title

    Creating+DNS+Zones

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    17 views5 pages

    Creating A Forward Lookup Zone: Paul Hill

    Uploaded by

    quang nguyengoc

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Paul Hill | itFlee.

    com

    Creating a Forward Lookup Zone


    Now that you understand DNS zones, let’s hop onto our Windows Server and create a zone. In Server Manager, select
    Tools > DNS

    To create a new DNS zone, right click Forward Lookup Zones and select New Zone. Choose Next and then either select
    Primary, Secondary, or Stub Zone. If you are creating a Primary or Stub Zone you may choose to store the zone in Active
    Directory. If you select this checkbox this zone will be considered an Active Directory Integrated Zone.

    On the next screen, if you chose to store the zone in Active Directory you will be able to choose how you want it to be
    replicated.

    Paul Hill | PaulH@itflee.com | itFlee.com


    Paul Hill | itFlee.com

    The first option allows you to replicate the zone across all domain controllers that have the DNS server role in the forest.
    This means that the zone can be replicated across multiple domains. This is the broadest replication scope you can
    choose.

    The second option will replicate the zone to all domain controllers with the DNS role installed on this current domain.

    The third option allows you to replicate the DNS zone to all domain controllers in the current domain. Choose this option
    if you are working with Windows 2000 domain controllers.

    The final option is grayed out because this server has not been enlisted in a DNS Application Directory Partition. With
    DNS directory partitions you fine tune exactly which domain controllers you want this zone to be replicated to.

    I am going to leave the default option checked, and click next.

    The next screen will prompt you to enter your zone name. I am going to enter “mytestzone,” and click next.

    If you did not choose to integrate with Active Directory, you will now be asked to create a DNS file.

    Paul Hill | PaulH@itflee.com | itFlee.com


    Paul Hill | itFlee.com

    Since I choose to integrate with Active Directory, I am not brought to the Dynamic Update screen.

    You can either choose secure, non-secure or no dynamic updates. I strongly recommend you choose the first option
    unless you have some specific need to do otherwise. Allowing non-secure dynamic updates imposes a great unnecessary
    security vulnerability to your DNS server, and disabling dynamic updates will require you to manually create and
    maintain the DNS resource records in the zone.

    If you did not choose to integrate this zone with Active Directory, you will only be able to choose between allowing both
    nonsecure and secure or not allowing dynamic updates. In this scenario your best option is to not allow dynamic
    updates as you will be unable to use active directories secure dynamic updates. Since I chose to integrate this DNS zone
    with Active Directory, I am going to leave the Allow only secure dynamic updates option selected, and click next.

    You will now be presented with the finish screen. Click Finish.

    Paul Hill | PaulH@itflee.com | itFlee.com


    Paul Hill | itFlee.com

    I now have created my new Forward Lookup Zone. I can see it has the two required records which are the SOA and NS
    records.

    Creating a Reverse Lookup Zone


    Now that you have created a Forward Lookup Zone, let’s create a Reverse Lookup Zone. The process is almost the same
    but there are a few subtle differences we should cover. Right-click on Reverse Lookup Zones and select New Zone…

    Click next. On the next screen I am going to choose a Primary Zone and I will leave the Store the zone in Active
    Directory checkbox selected. Click next. I am going to leave the default option selected for all DNS servers and click next.

    Now we have the option of choosing either an IPv4 or IPv6 Reverse Lookup Zone. Since my network is using IPv4 I will
    go with this option.

    On the next screen I need to identify the reverse lookup zone. You can either type in the network ID or the zone name. It
    is easier to type in the Network ID. This should be the first three octets of the subnet your zone is located in. In my case,
    I am on the 10.0.2.X subnet, so I will type this in.

    Paul Hill | PaulH@itflee.com | itFlee.com


    Paul Hill | itFlee.com

    Notice the Reverse lookup zone name is automatically populated based on the IP address you enter above. Click next
    and then we can choose our preference for dynamic updates. I am going to allow only secure updates and click next.
    Now click Finish.

    I can now see the reverse lookup zone has been created and it has the required SOA and NS records. This zone will be
    automatically populated as clients check in with the DNS server.

    Now you know how to create a forward and reverse lookup zone!

    Paul Hill | PaulH@itflee.com | itFlee.com

    You might also like