Implementation of a DNS Server running Windows Server 2008 Or 2008 R2
________________________________________
Follow us on Facebook
Follow us on Google+
________________________________________
Introduction :
Firstly and as an introduction I suggest you see or review the solutions offered by Windows Server for name resolution. Many of you already have the DNS word to mouth. But not only offers Windows DNS solution as there are three distinct solutions!
The first solution is LLMNR is Link Local Multicast Name Resolution. This solution has two weaknesses pale DNS (Domain Name System). The first weakness is that for name resolution via DNS, you have a DNS infrastructure (server and client (s)). Or in a local network, in business, it can be interesting to be able to connect to a machine via a UNC (Universal Naming Convention) rather than its IP address. LLMNR proposes that, by activating the iPv6 and "Network Discovery" (can be enabled in the network center eet sharing). So once its IPv6 and Network Discovery enabled LLMNR can do name resolution. To connect to a machine named PC-Lolokai just type "\ \ PC-Lolokai" (This is the UNC machine).
The second solution is NetBios, which has the same purpose but LLMNR works with IPv4 addresses, and especially with machines running XP or even earlier. NetBios is a service name and a protocol that will be used for compatibility with older Windows network services. LLMNR as it works locally allows for hostname resolution in IPv4 address, it can also "ping" a machine via its UNC. NetBios is enabled by default on a Windows machine.
The last solution is the most common DNS: Domain Name System. DNS resolves names him and supports Internet Services Active Directory domains. This solution is fundamental in a corporate network more or less consistent. That is why we will see step by step how to set up a DNS server. For this post we will start a Member Server standalone ie not install it on our DNS Server Active Directory domain controller.
In writing this post I had some little trouble at VmWare. So I used the machine in the cloud and thank you for this great invention that is the cloud! : D Do not be shocked if you see the screenshots in this post shows a system in English. So I use a machine running Windows Server 2008 R2 in a Workgroup named insert lolokai.local and the machine is called ServeurDNS.
Installation :
First we must add the role "DNS Server" to our server. For this Start -> All Programs -> Administrative Tools -> Server Manager. You "Add a role" and select DNS Server:
Now the role is installed you just need to configure it.
First we check on how our listening interface DNS server. By default, it listens on all IP addresses associated with the local computer. It is important for you to change: Start -> All Programs -> Administrative Tools -> DNS -> Right click on your DNS server -> Properties -> tab interface.
Then we check if there are root servers, because if our DNS server has not identified the root server, it can only resolve addresses of their network or subnet. For this tab "indicator root."
Then you need to configure a redirection, ie if our DNS server can respond to the request it redirects the request to another DNS server. So we must learn the IP address of the DNS forwarder. Go to the tab "Redirector".
We will go to one of the most important steps the creation area. Indeed, the DNS server works with zones, you create a zone or a namespace where you inform the DNS addresses that should be able to solve.
For this Start -> All Programs -> Administrative Tools -> DNS -> Right click on your DNS server -> New Zone.
Then you will get a window to select what type of area you want to create. It is therefore important to know what areas exist and why?
There are 3 zones: primary, secondary and area stub area.
The primary zone: when you set a primary zone in DNS server, it is said that in this area he is the "master DNS" zone. This means that this area is what DNS server that has the master zone file ("file example"). The DNS server has full authority over the zone file it is he who edits it and he can read to answer the query.
The secondary zone: this is when information on our DNS zone already created. He indicates the zone and the zone file master he has the right to read only to meet the request. Only having to create DNS zone as the primary write access. Using this procedé to alleviate traffic when there is a area where a lot of DNS query.
The stub zone: This zone is very similar to the second zone, the only difference is that it only keeps a copy of the zone file. It does not name resolution, its purpose is just to have a copy of the updated file.
Be chosen for example to create a primary zone and disable recording in the Active Directory as my machine is not connected to any AD.
Once the zone type selected, we are asked to choose whether you want a 'lookup zone "or a" reverse lookup zone. "Forward Lookup Zone: The DNS server maps the fully qualified domain name (FQDN) to an IP address.
Reverse lookup zone: the DNS server matches the IP address FQDN, it must be reversed for the first 3 octets of the IP address and add "in-addr.arpa." Eg to create a reverse zone on the subnet 192.168.1.0/24 is actually a reverse zone whose address will 1.168.192.in-addr.arpa.
For good name resolution in an area are strongly advised to make an area and its reverse zone. So we decided to start lookup zone.
Then we are asked to choose the name of the zone, you may notice that your machine follows the domain name name of our area. Example is in my machine is integrated so there is no field to succeed ". Dns".
Then the utility allows you to create a zone file or use an existing file. In our case we ask to learn and create a file that will edit later.
Once the file is created, we arrive at a window that invites us to make up-to-date. In fact, it is to make up-to-date our zone file. Can allow dynamic updates are allowed machines to be members of the Active Directory and only them to transmit up-to-day zone file. Either we allow all machines to do so. Or otherwise asked not to update to update the zone file this is what we do in the example.Now our area is created, but it is essential in an area to have two types of registration SOA (Start of Authority) and NS (Name Server).
- SOA: Defines the basic properties of our zone. Indeed when a zone is created, you must also create its property: ID, main server ...
- NS: Defines the name servers authoritative for the zone, a secondary server, root server ...
/!\ ATTENTION:
the serial number in the SOA can not be invented! It is incremented every time a resource record (mail server, name server ..). It is essential not to touch it because this ID will allow secondary servers whether they have the correct zone file. If the serial numbers do not provide the DNS zone file "master" (where the DNS zone is configured as primary) is sent to the secondary servers.
Now that you have changed your SOA and NS you can add your different machines you have in your network. For this you have 3 options of resource record, a host A or AAAA, CNAME alias or a mail exchanger MX.
- A or AAAA host: lets just resolve the name of a machine via its IP address. A just means we're talking about an IPv4 address and an IPv6 address AAAA.
- CNAME alias: as its name suggests it allows you to create aliases. Indeed it can be called a resource alias eg retrieve ftp "ftp1.lolokai.com" to "ftp.lolokai.com."
- MX Mail Exchanger: simply allows to determine a mail server.
We implemented a DNS primary zone file. You should be able to do it again with your machines, your IP, your recordings. Last warning we have a zone file but it is only half the work! To make the DNS resolution IP -> FQDN and FQDN -> IP it is essential to create a reverse zone! For this as indicated at the beginning it will be the same records by reversing the first 3 bytes and add "in-addr.arpa."
