Setting up DNS

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Setting up DNS

Domain Name System (DNS) is used in Transmission Control Protocol/Internet Protocol (TCP/IP) networks, such as the Internet, to locate computers and services through user-friendly names. When a user enters a DNS name in an application, DNS can resolve the name to other information associated with the name, such as an IP address. If your network is homogeneous (all hosts use the same operating system), and it uses a name resolution method other than DNS, you can continue to use that method without needing DNS. If your network is heterogeneous (the hosts use different operating systems), or it connects to the Internet, you will want to deploy DNS as the Internet consists of protocols that require DNS.

Setting up DNS in your network does not necessarily require that you administer a large DNS infrastructure or become an expert DNS administrator. If you have a very small network in which information is maintained dependably, you may choose to have your DNS namespace administered by a different organization that specializes in DNS administration, such as your government or an Internet Service Provider (ISP). In this case, the other organization will host and administer your DNS zone data for you or integrate your hosts with an existing DNS zone hosted in their network. Once your network expands beyond a small number of hosts, you will want to begin administering DNS yourself in order to better serve the name resolution needs of your expanding network.

Setting up a DNS server typically involves configuring the DNS server with DNS zones to administer the DNS domain names in your network, adding DNS resource records for the hosts in your network to your DNS zones, and delegating administration for these zones by creating a delegation from the parent DNS server previously authoritative for a domain name to the child DNS server that is accepting responsibility for a domain name. Lastly, a DNS server administrator should maintain the integrity of DNS zone data by securing the DNS servers in the network. You can also set up a DNS server from the command line. For more information, see DNS tools. For more information about setting up DNS, see DNS How To....

To configure a DNS server

  1. Open DNS.

  2. If needed, add and connect to the applicable server in the console.

  3. In the console tree, click the applicable DNS server.

    Where?

    • DNS/Applicable DNS server

  4. On the Action menu, click Configure a DNS server.

  5. Follow the instructions in the Configure a DNS Server Wizard.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • To open DNS, click Start, click Control Panel, double-click Administrative Tools, and then double-click DNS.

  • If the DNS server is running locally, you do not need to perform stepĀ 2.

  • The Configure a DNS Server Wizard allows you to specify zones, root hints, and forwarders.

  • If you are setting up DNS for your intranet and you want your computers to connect to the Internet also, configure the root hints with the IP addresses of the DNS servers located at your ISP.

  • When you finish configuring the server, you will need to complete additional tasks, such as configuring your network hosts to use this DNS server as their preferred DNS server, enabling dynamic update for the zones on this DNS server, or adding resource records to its zones.

To add a resource record to a zone

  1. Open DNS.

  2. In the console tree, right-click the applicable zone and click Other New Records.

  3. In Select a resource record type list box, select the type of resource record you want to add.

  4. Click Create Record.

  5. In New Resource Record, enter the information needed to complete the resource record.

  6. After you specify all of the necessary information for the resource record, click OK to add the new record to the zone.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • To open DNS, click Start, click Control Panel, double-click Administrative Tools, and then double-click DNS.

  • Add a resource record for every host in your network that will use DNS. If you have configured your DNS zones to accept dynamic updates, and your network hosts support dynamic update and are configured to use this DNS server as their preferred DNS server, then your network hosts will add their resource records automatically.

  • For more information about the different types of resource records you can add, see Resource records reference.

To create a zone delegation

  1. Open DNS.

  2. In the console tree, right-click the applicable subdomain, and then click New Delegation.

  3. Follow the instructions provided in the New Delegation Wizard to finish creating the new delegated domain.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • To open DNS, click Start, click Control Panel, double-click Administrative Tools, and then double-click DNS.

  • All domains (or subdomains) that appear as part of the applicable zone delegation must be created in the current zone prior to performing delegation as described here. As necessary, use the DNS console to first add domains to the zone before completing this procedure. For more information, see Delegating zones.

To secure a DNS server

  1. Open DNS.

  2. In the console tree, right-click the applicable DNS server, and then click Properties.

  3. On the Interfaces tab, ensure that the DNS server is listening to the correct interfaces.

  4. On the Advanced tab, select the Secure cache against pollution check box.

  5. If this DNS server will not perform recursive resolution, then select the Disable recursion check box.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • To open DNS, click Start, click Control Panel, double-click Administrative Tools, and then double-click DNS.

  • If a DNS zone is stored in Active Directory, you can also secure that DNS zone and its resource records by using the security features of Active Directory.

  • By default, a DNS zone is only permitted to allow zone transfers from the DNS servers that are listed in the DNS zone properties.

  • By default, the DNS service listens for DNS message communications on all IP addresses that are configured for the server computer.

  • Server IP addresses that are added here need to be statically managed. If you later change or remove addresses specified here from the TCP/IP configurations maintained at this server, update this list accordingly.

  • The Secure cache against pollution check box is selected by default.

  • If you disable recursion on this DNS server, you cannot use this DNS server to answer recursive queries from DNS clients or to list this DNS server as a DNS forwarder. Disable recursion on DNS servers that only perform iteration with other DNS servers.

  • By disabling recursive resolution on this DNS server, you can prevent a Denial of Service (DoS) attack in which a malicious user attempts to have this DNS server respond to recursive queries for a domain in a DNS zone under the malicious user's control.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.