This is a quick post, or maybe not so quick, just to illustrate how to create and add records to a DNS zone on your own Windows Server with the DNS role configured. This server can be a domain controller with DNS installed or just a DNS server, it doesn’t make any difference.
A quick primer on DNS. DNS, or domain name servers (services), provides the ability for servers to access systems by name instead of IP address. Without DNS servers, we would all have to navigate the Internet by typing in IP addresses, like http://126.96.36.199. From reading this link, you’d have no idea where you were navigating to, but it just so happens that this is one of Google’s many public IP addresses. Try it.
The reason that we can type in ‘Google.com’, is because our computers (based on our network settings) will go out to a public or private DNS server and ask that server for the IP address of whatever textual address that we’ve typed. Then we’ll be able to navigate to that IP address via the textual address. DNS keeps navigating the Internet user friendly. Otherwise it’d be like trying to remember phone numbers all over again. How many of us really know all of the phone numbers that we call regularly. I personally don’t know many because I dial by name from my cell phone. The Internet and DNS work the same way. Instead of dialing up websites by their numbers, DNS allows us to dial by name.
Now that you have a basic understanding of what service DNS provides, I’ll quickly write about what the most common DNS records are. There are two common DNS records:
- A Records: Which are primary records, I’ll explain in just a moment
- C Names: Which are aliases to A Records.
A Records are the primary records in a DNS system. To follow the phone call analogy above, an A Record is akin to an entry in your phone book where a specific name is tied directly to a phone number. For example: google.com = 188.8.131.52.
C Names or aliases don’t have a direct correlation to your phone book, but are actually like being able to nickname a phone book record. Phone book example: You have an entry in your phone book for your mother, and it is written as Jane Public: 719-555-1234. Then you create a speed dial to the Jane Public entry titled Mom. You wouldn’t want to create a separate entry for mom, because if mom then changed her phone number, you would have to change it in 2 places, under both Jane Public and under ‘Mom’. Back to DNS instead of analogy, you can see from the screenshot below, that ‘mail.google.com’ points to the same IP address (Internet location) as google.com. I don’t know exactly how it’s configured, but it is very likely that mail.google.com is simply a C Name that is pointing to google.com. If Google changes their public IP address, the C Name will stay up-to-date with whatever google.com is pointing to.
Hope that makes sense.
Moving right along, you might ask yourself, why do I need my own DNS server. To be honest, due to the technology and configuration of most home networks, you don’t need your own DNS server. Most networks can use NAT (Network Address Translation) to get you to other named devices on your network, while if you type in an Internet address your router will know to go out to a public or external but private DNS server to direct you to where you are trying to go. However, if you are running a lab, or a complex internal network environment which may or may not include directory services, it makes more sense to run your own DNS server for internal routing, and have that DNS server forward requests to an external DNS server for zones that it does not control (typically referred to as Authoritative.)
Example, my lab can be running an Active Directory infrastructure with a domain name titled dev.local. I have a dev.local zone on my internal network and I’d like to be able to get to internal resources by multiple names. I also have a public facing infrastructure titled d3planet.com, and I would like to route internally to those resources, otherwise I would have to go outside of my network to get pointed back into my network. So I set up records that point to machines in either domain using my local IP addresses, but public DNS records would direct someone to my public facing stuff by my Internet IP address. Phone analogy again: if you had a mansion, you would likely use an intercom of some sort to talk to other people within your mansion versus picking up the phone and dialing your public phone number. (YES YES… I know… in this day of cell phones, you’d probably just dial their cell. 😉 )
So now you have a basic understanding of what DNS is, what it does, and why you’d use it. Yes, I know, this is very basic. Below I’m going to post some screenshots of the Microsoft DNS interface and how you would do certain tasks, specifically:
- Add DNS Zone
- Add A Record
- Add C Name
- Checking your work
In Windows Server 2003 and higher, DNS is a role that can be installed through the manager your server wizard so I won’t go into how to install it, unless someone complains or posts that they need that.
Add DNS Zone
From the DNS Snap-In, which can be found under Start > Control Panel > Administrative Tools > DNS (after it’s installed of course), expand your server name, and highlight ‘Forward Lookup Zones’.
Right-Click on ‘Forward Lookup Zones’ and Choose ‘Add Zone’.
The ‘Welcome to the New Zone Wizard’ should open on the screen. Click ‘Next’.
On the ‘Zone Type’ screen, select what type of zone you want to add. There are pretty good descriptions with each type. A primary zone is a zone that you can maintain from the server, secondary zone is a zone that is maintained on another server, but you would like to have running on this server for redundancy and load balancing, or a Stub zone which is a non-authoritative zone (not the primary) but contains records or partial information about a zone. Typically you’ll use the Primary Zone for labs etc, so that’s what I’m going with. You can choose to store this record in Active Directory if you are running an AD which will cause the zone to be synchronized across all of your domain controllers that are running DNS. For this tutorial we’ll keep it checked as it is a good practice. Click ‘Next’
On the ‘Active Directory Zone Replication Scope’ page. You can choose your replication options. The default is typically fine for the needs of someone likely to be reading this blog, which is domain level replication. If you’re running a forest, you’re likely more advanced than this tutorial. ;) Click ‘Next’.
On the ‘Zone Name’ window, type in what you want the zone name to be. This will be the base of how you want to navigate to the sites using the zone. Example, a domain name titled ‘google.com’ can then have records for ‘www’, ‘mail’, and ‘lab’, and facilitate navigation to those servers as ‘www.google.com’, ‘mail.google.com’, and ‘lab.google.com’. Click ‘Next’.
On the ‘Dynamic Update’ page of the wizard, leave the default: ‘Allow only secure dynamic updates…’ radio button marked, and click ‘Next’.
On the ‘Completing the New Zone Wizard’, review your choices and click ‘Finish’.
You now have a new zone under your ‘Forward Lookup Zones’. Highlight that zone, then right-click the right panel of the window and you can see your choices. 🙂
Add an A Record
Right-Click in the details pane of the zone that you want to modify and click on New Host (A or AAAA)…
In the ‘New Host’ window, type in the name that you want for the record. Navigation will be ‘name.whatever.local’ in my example. Do NOT type in the complete URL. You have the base URL already because of the zone, you only want what is to be in front of the base URL, ie. www, mail, data, name, etc. In the IP address field, type in the IP address of the server that you want this FQDN (fully qualified domain name) to point to. For a development environment or small environment, I usually do not create PTR records or check allow any authenticated user to update checkboxes. Then simply click ‘Add Host’ and the record is created. The ‘New Host’ window will stay open in case you want to add more hosts.
Add a C Name (alias record)
Right-Click in the details pane of the zone that you want to modify and click on New Alias (CNAME)…
From the ‘New Resource Record’ window, type in the what you want the alias to be, review the FQDN for the alias, then either type or browse to the A record that you want to point to. In this example, I pointed to the record that I created above ‘name.whatever.local’. Click ‘OK’ and your new alias is created.
Checking Your Work
Checking your work is pretty easy. Simply open a Command Prompt by going to Start > Programs > Accessories > Command Prompt, or by pressing the Windows Key + R and typing ‘cmd’, or however you usually get to the command prompt. 😉
From the command prompt, type ‘nslookup’ and hit enter. This command stands for Name Server Lookup. It will connect to your default primary DNS server. Then type in the record names that you just created and they should resolve to the IP addresses that you created. Example pictured below.
You can see from the screenshot that the zone resolves to the local machine (since I’m using the command prompt on that machine), ‘name.whatever.local’ resolves to the IP assigned, and ‘alias.whatever.local’ resolves to ‘name.whatever.local’ and it’s associated IP address. You can type ‘quit’ to exit nslookup.
I hope my explanation and examples help someone get past any issues they are having and get things configured nicely.
As always, questions / comments / concerns are welcome.