Hopefully if you’re in the tech field you know that DNS is one of the main pillars of the Internet and what makes having those delightful friendly domain names (like www.TrainSignalTraining.com and www.TrainSignal.com) possible instead of having to memorize a long list of boring IPs (69.16.232.158).
For those of you that might need a refresher, the DNS service is the addressing book of the networking world, allowing the translation of human friendly names to IP addresses at its base level. It also stores other types of records that helps in delivery of different types of information from one end of the Internet to the other.
Why Have An External DNS Server?
This is especially useful if you are running IIS and have a lot of sites and don’t want to use a 3rd party option for DNS. For example, at a client I worked with, they owned over 250 domain names and wanted to keep tight control over their DNS in case of server moves and other email considerations.
An external DNS server will also help limit the exposure of your network to security leaks in case the server is compromised. If you connect the Internet facing server to the rest of your DNS servers you will have your internal network AD information stored on there. Should this external facing server get hacked or compromised they would find quite a bit more information than just some publicly available resource records.
Once you have setup the external DNS servers you have your internal DNS servers with your private information forward requests to the external DNS server for clients needing name resolution to the outside world.
How to Install Windows DNS Server 2008
The first thing we will have to do is setup the DNS Role on the server that we want to use. Let’s walk through that first:
NOTE: This walkthrough is for EXTERNAL DNS servers and will not include information on integrating with Active Directory or installing other components other than what is needed.
1. Open Server Manager and click on Roles in the left pane and then click on Add Roles in the center pane.
2. Depending on whether you checked off to skip the Before You Begin page while installing another service, you will now see warning pages telling you to make sure you have strong security, static IP, and latest patches before adding roles to your server.
If you get this page, then just click Next.
3. Next is the Select Server Roles window, and we are going to go ahead and check DNS Server in the list of possible roles.
Now if you don’t have a Static IP Address assigned to your server you will get the warning:
Either choose to ignore the warning and continue to install or go back and set a Static IP for the server. Either way you come back to the Select Server Roles screen, you can now choose to click Next.
4. Next is the DNS Server information screen giving some links to understanding the DNS integration with AD and other information.
Of course since we are configuring an External DNS server we will click Next to continue.
5. Confirm the Installation Selections by reviewing the list and then clicking Install.
6. After a little while you should now see the Installation Results page, and hopefully see aInstallation Succeeded message across from DNS Server, and then click Close.
That’s it! You have now installed the DNS Role on a Windows Server 2008. Let’s go to some configuration tasks now.
Please note that when you install the DNS service the server will automatically open up port 53 TPC/UDP for DNS related traffic.
How to Configure Windows DNS Server 2008
Ok, before we start configuring your server there are a few basics we should cover.
Remember I said basics, because I am not going to go beyond what is needed for an External DNS server and confuse the issue, but there are other options beyond what I am going to review here.
- Forward Lookup Zone – A DNS Zone that does lookups for the domain name to IP address. This is the most common form of zone that people will use.
- Reverse Lookup Zone – This DNS Zone is the exact opposite of the Forward Lookup Zone and allows an IP to be assigned to a domain/hostname.
Note: Most external Reverse Lookup Zones will not work unless you own your block of IPs. The ISP/WebHost service that you use will more than likely own the reverse IP records, and you will have to request them to make any changes you require.
If you have gone through my earlier IIS articles you know that I have used a test domain called logfiletest.com. Let’s go ahead and create a forward lookup zone for that domain.
1. Open DNS Manager
2. Since I am local to the server it will automatically have itself in the DNS Manager. Expand out the server then right click on Forward Lookup Zones, and then left click on New Zone.
3. Welcome to the New Zone Wizard, should be the next window you see. Go ahead and clickNext.
4. Next we are going to pick a zone type. Since this is going to be the primary DNS server for logfiletest.com choose Primary Zone, and then click Next.
5. Now we are going to enter the Zone Name, in this case it is logfiletest.com. After entering the name of your zone go ahead and click Next.
6. The next window is about the zone file.
Non-Active Directory zones are kept in a flat text file in %SystemRoot%\system32\dns on the server. You have the option of creating a new one or using one that was copied over from a different server. In our case we will use the default naming and create a new one, by clicking Next.
7. Dynamic Updates allow client computers to create and update their own resource records. For external servers this would be bad, so we will go with the Do not allow dynamic updates radio button and then click Next.
8. Completing the New Zone Wizard will be the next window and it has a review of the settings you specified during the wizard.
Go ahead and click on Finish to complete the setup of the Forward Lookup Zone for logfiletest.com.
9. At the completion you will now return back to the DNS Manager, and you can seelogfiletest.com is now listed under the Forward Lookup Zone folder.
Congratulations on your setup! Though the domain is setup it currently has no resource records in it to resolve! Let’s fix that and give this server a purpose.
There are different types of resource records, in this case we are going to create a Host (A) record, which maps a name to an IP address.
How to Create a Host (A) Record on Server 2008 DNS
The most basic and simple host record is going to be for a website, so let’s go ahead and map the www of the domain name to the IP that the website uses.
For our example, the IP of logfiletest.com is 192.168.11.5.
1. Open DNS Manager
2. Choose the Forward Lookup Zone you want to work with, in this case it is logfiletest.comand right click on it. Select New Host (A or AAAA) and left click on it.
Note: Don’t be confused by the AAAA, as that is used for IPv6 records.
3. The new host window will now popup allowing you to enter the name (if blank it will use the parents domain name), which we will type in www, and fill in the IP address we want logfiletest.com to resolve to, which is 192.168.11.5.
If we choose to we can associate a PTR record with this, which would create the reverse lookup. Not necessary in this case since we don’t control the IPs.
Click Add Host when done.
4. You will get a message that confirms the creation of the Host Record, so click OK.
5. Now in the DNS Manager you will see your A resource record for www mapped to the correct IP.
6. Now let’s do a quick test with NSLookup and you will see that the name resolves correctly.
Summary for Creating External DNS Server
So we have walked through the following:
- Installing DNS Role on a Windows Server 2008
- Created a Forward Lookup Zone
- Created a Host (A) Resource Record
Again this is just the basics for getting you started in running your own External DNS Server.
In the future we will discuss the different types of resource records and how they are used, how to make use of features such as round robin DNS and setup redundancies to keep your sites resolving correctly.