Creating and Managing a DNS Zone Using Windows Server + Quick DNS Primer

This is a quick post, or maybe not so quick, just to illustrate how to create and add records to a DNS zone on your own Windows Server with the DNS role configured.  This server can be a domain controller with DNS installed or just a DNS server, it doesn’t make any difference.

A quick primer on DNS.  DNS, or domain name servers (services), provides the ability for servers to access systems by name instead of IP address.  Without DNS servers, we would all have to navigate the Internet by typing in IP addresses, like http://74.125.19.99.  From reading this link, you’d have no idea where you were navigating to, but it just so happens that this is one of Google’s many public IP addresses.  Try it.

dns 001

[ad#Google Adsense-1]

The reason that we can type in ‘Google.com’, is because our computers (based on our network settings) will go out to a public or private DNS server and ask that server for the IP address of whatever textual address that we’ve typed.  Then we’ll be able to navigate to that IP address via the textual address.  DNS keeps navigating the Internet user friendly.  Otherwise it’d be like trying to remember phone numbers all over again.  How many of us really know all of the phone numbers that we call regularly.  I personally don’t know many because I dial by name from my cell phone.  The Internet and DNS work the same way.  Instead of dialing up websites by their numbers, DNS allows us to dial by name.

Now that you have a basic understanding of what service DNS provides, I’ll quickly write about what the most common DNS records are.  There are two common DNS records:

  • A Records: Which are primary records, I’ll explain in just a moment
  • C Names: Which are aliases to A Records.

A Records are the primary records in a DNS system.  To follow the phone call analogy above, an A Record is akin to an entry in your phone book where a specific name is tied directly to a phone number.  For example:  google.com = 74.125.19.99.

C Names or aliases don’t have a direct correlation to your phone book, but are actually like being able to nickname a phone book record.  Phone book example:  You have an entry in your phone book for your mother, and it is written as Jane Public: 719-555-1234.  Then you create a speed dial to the Jane Public entry titled Mom.  You wouldn’t want to create a separate entry for mom, because if mom then changed her phone number, you would have to change it in 2 places, under both Jane Public and under ‘Mom’.  Back to DNS instead of analogy, you can see from the screenshot below, that ‘mail.google.com’ points to the same IP address (Internet location) as google.com.  I don’t know exactly how it’s configured, but it is very likely that mail.google.com is simply a C Name that is pointing to google.com.  If Google changes their public IP address, the C Name will stay up-to-date with whatever google.com is pointing to.

dns 002

Hope that makes sense.

Moving right along, you might ask yourself, why do I need my own DNS server.  To be honest, due to the technology and configuration of most home networks, you don’t need your own DNS server.  Most networks can use NAT (Network Address Translation) to get you to other named devices on your network, while if you type in an Internet address your router will know to go out to a public or external but private DNS server to direct you to where you are trying to go.  However, if you are running a lab, or a complex internal network environment which may or may not include directory services, it makes more sense to run your own DNS server for internal routing, and have that DNS server forward requests to an external DNS server for zones that it does not control (typically referred to as Authoritative.)

Example, my lab can be running an Active Directory infrastructure with a domain name titled dev.local.  I have a dev.local zone on my internal network and I’d like to be able to get to internal resources by multiple names.  I also have a public facing infrastructure titled d3planet.com, and I would like to route internally to those resources, otherwise I would have to go outside of my network to get pointed back into my network.  So I set up records that point to machines in either domain using my local IP addresses, but public DNS records would direct someone to my public facing stuff by my Internet IP address.  Phone analogy again: if you had a mansion, you would likely use an intercom of some sort to talk to other people within your mansion versus picking up the phone and dialing your public phone number. (YES YES… I know… in this day of cell phones, you’d probably just dial their cell. 😉 )

So now you have a basic understanding of what DNS is, what it does, and why you’d use it.  Yes, I know, this is very basic.  Below I’m going to post some screenshots of the Microsoft DNS interface and how you would do certain tasks, specifically:

  • Add DNS Zone
  • Add A Record
  • Add C Name
  • Checking your work

[ad#Google Adsense-1]

In Windows Server 2003 and higher, DNS is a role that can be installed through the manager your server wizard so I won’t go into how to install it, unless someone complains or posts that they need that.

Add DNS Zone

From the DNS Snap-In, which can be found under Start > Control Panel > Administrative Tools > DNS (after it’s installed of course), expand your server name, and highlight ‘Forward Lookup Zones’.

dns 003

Right-Click on ‘Forward Lookup Zones’ and Choose ‘Add Zone’.

dns 004

The ‘Welcome to the New Zone Wizard’ should open on the screen.  Click ‘Next’.

dns 005

On the ‘Zone Type’ screen, select what type of zone you want to add.  There are pretty good descriptions with each type.  A primary zone is a zone that you can maintain from the server, secondary zone is a zone that is maintained on another server, but you would like to have running on this server for redundancy and load balancing, or a Stub zone which is a non-authoritative zone (not the primary) but contains records  or partial information about a zone.  Typically you’ll use the Primary Zone for labs etc, so that’s what I’m going with.  You can choose to store this record in Active Directory if you are running an AD which will cause the zone to be synchronized across all of your domain controllers that are running DNS.  For this tutorial we’ll keep it checked as it is a good practice.  Click ‘Next’

dns 006

On the ‘Active Directory Zone Replication Scope’ page. You can choose your replication options.  The default is typically fine for the needs of someone likely to be reading this blog, which is domain level replication.  If you’re running a forest, you’re likely more advanced than this tutorial. ;)  Click ‘Next’.

dns 007

On the ‘Zone Name’ window, type in what you want the zone name to be.  This will be the base of how you want to navigate to the sites using the zone.  Example, a domain name titled ‘google.com’ can then have records for ‘www’, ‘mail’, and ‘lab’, and facilitate navigation to those servers as ‘www.google.com’, ‘mail.google.com’, and ‘lab.google.com’.  Click ‘Next’.

dns 008

On the ‘Dynamic Update’ page of the wizard, leave the default: ‘Allow only secure dynamic updates…’ radio button marked, and click ‘Next’.

dns 009

On the ‘Completing the New Zone Wizard’, review your choices and click ‘Finish’.

dns 010

You now have a new zone under your ‘Forward Lookup Zones’.  Highlight that zone, then right-click the right panel of the window and you can see your choices. 🙂

dns 011

Add an A Record

Right-Click in the details pane of the zone that you want to modify and click on New Host (A or AAAA)…

dns 012

In the ‘New Host’ window, type in the name that you want for the record.  Navigation will be ‘name.whatever.local’ in my example.  Do NOT type in the complete URL.  You have the base URL already because of the zone, you only want what is to be in front of the base URL, ie. www, mail, data, name, etc.  In the IP address field, type in the IP address of the server that you want this FQDN (fully qualified domain name) to point to.  For a development environment or small environment, I usually do not create PTR records or check allow any authenticated user to update checkboxes.  Then simply click ‘Add Host’ and the record is created.  The ‘New Host’ window will stay open in case you want to add more hosts.

dns 013 dns 014

Add a C Name (alias record)

Right-Click in the details pane of the zone that you want to modify and click on New Alias (CNAME)…

dns 011

From the ‘New Resource Record’ window, type in the what you want the alias to be, review the FQDN for the alias, then either type or browse to the A record that you want to point to.  In this example, I pointed to the record that I created above ‘name.whatever.local’.  Click ‘OK’ and your new alias is created.

dns 015 dns 016

Checking Your Work

Checking your work is pretty easy.  Simply open a Command Prompt by going to Start > Programs > Accessories > Command Prompt, or by pressing the Windows Key + R and typing ‘cmd’, or however you usually get to the command prompt. 😉

From the command prompt, type ‘nslookup’ and hit enter.  This command stands for Name Server Lookup.  It will connect to your default primary DNS server.  Then type in the record names that you just created and they should resolve to the IP addresses that you created.  Example pictured below.

dns 017

You can see from the screenshot that the zone resolves to the local machine (since I’m using the command prompt on that machine), ‘name.whatever.local’ resolves to the IP assigned, and ‘alias.whatever.local’ resolves to ‘name.whatever.local’ and it’s associated IP address.  You can type ‘quit’ to exit nslookup.

I hope my explanation and examples help someone get past any issues they are having and get things configured nicely.

As always, questions / comments / concerns are welcome.

Good luck.

Advertisements

7 thoughts on “Creating and Managing a DNS Zone Using Windows Server + Quick DNS Primer”

  1. Hi Clement, I found your article hoping that it would point me in the right direction to setting up my Windows 2003 Server R2 (Standard Edition). I’m a web developer and trying to set up this server in my home as a development server. I’m sure this is probably a load to put on this box but I’d also like to have it as a File Server/Domain Controller/DNS and maybe DHCP server. Here is what I have so far:

    [ISP: Comcast]
    |
    [Linksys Cable Modem]
    |
    [LinkSys WRT-400N Dual N-band Router] — [4-port Linksys switch]
    Router IP: 192.168.1.1

    I’ve disabled DCHP on the router and have installed the File Server/DC/DNS/DHCP roles on my W2K3 box. It’s IP is set as static at 192.168.1.103

    I also have 3 Windows based computers (2 running Windows 7 and 1 running Windows XP Home. One of the Windows 7 PCs is wireless) which are all pointing to my router currently.

    I’m hoping you can give me some guidance as to where to go from here which would be greatly appreciated.

    Many thanks! 🙂

    Jim

  2. @Jim, How beefy is your server? What are the specs? And what about specs of the other machines? What do you dev primarily, Windows or Web? Also, what kind of environment are you deploying to?

    Basically I’ve found that I tend to prefer to create a virtual machine(s), I use VMware Workstation, to configure dev environments. I like doing it that way since if I need to I can trash the environment and start over again without affecting my other network infrastructure. Virtualization also allows you to snapshot your VMs so that you can return to previous states. If you want to go the virtualization route, you can run VMware Workstation, Virtual PC, VMware Server, or Hyper-V depending on what technology you’re comfortable with and how beefy a dev machine you have. Of course I’d recommend a VMware technology. 😉

    If you want to use your server for development without virtualization, you’re off to a great start, but I would put DHCP and DNS services back on your router, and not join any machines to the domain. That way, if you do something that takes your server down, you don’t lose your DHCP and DNS services. Also, if you locate your file server on something other than the OS drive, if you need to reinstall the OS or DC for some reason, your files will remain intact. I have a separate network and VMs that I use for development typically.

    If one of the Win7 machines is beefy enough for development, you can use your server for staging and deployment, and dev on the Win7 box. Whichever environment you’re going to use, I’d install IIS, and then VS.NET 2010. It’s got some great new features.

    These are just some general things that I’d do.

    If you answer the questions above, I’ll let you know exactly how I’d lay it out based on what you’ve got and maybe some next steps. 🙂

    Let me know.

  3. Great tutorial. This and the one for setting up a Domain. I’m just playing around with my internal network at home, and want to set up some websites for internal development. This was exactly what I needed. Thanks!

  4. Great piece of information, Now to fully understand the concept if you explain first how to setup DNS server & also create reverse lookup zone with same above examples then it will be helpful for us.

  5. Clement,

    I am a newbie in this server thing, am getting most knowledge on my own thru research, thanx your blog has helped me alot.

    But one more problem, l followed the steps up to adding a record, but when l do the nslookup am getting this response

    Default server are not available
    ***Default server: unknown
    Address; 127.0.0.1

    wats may be the error? please help

    1. @Moses: There may be no problem at all. 127.0.0.1 is the localhost / loopback address. Are you seeing this when you use nslookup on the server itself? If so, that’s ok. Do your records still show up if you type them in at the ‘>’? If you’re seeing this on another system that is not the dns server, then you need to check that machine’s DNS entries under the network properties and make sure that it is pointing to your DNS server. Again, if you’re seeing this at the command prompt from the DNS server itself, that is just fine if it is returning lookups properly.

      Let me know.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s