Managing DNS Records
| Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
By William R. Stanek
Archived content - No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
from Chapter 16, Windows NT Administrator's Pocket Consultant.
After you create the necessary zone files, you can add records to the zones. Computers that need to be accessed from other DNS domains must have DNS records. DNS records for other computers are optional and usually unnecessary. Although there are many different types of DNS records, most of these records types are not commonly used. So rather than focus on records types you probably won't use, let's focus on the ones you will use:
A (Address) Maps a host name to an IP address. When a computer has multiple adapter cards and IP addresses, it should have multiple address records.
CNAME (Canonical Name) Sets an alias for a host name. For example, using this record, zeta.tvpress.com can have an alias as www.tvpress.com.
MX (Mail Exchange) Specifies a mail exchange server for the domain, which allows mail to be delivered to the correct mail servers in the domain.
NS (Name Server) Specifies a name server for the domain, which allows DNS lookups within various zones. Each primary and secondary name server should be declared through this record.
PTR (Pointer) Creates a pointer that maps an IP address to a host name for reverse lookups.
SOA (Start of Authority) Declares the host that is the most authoritative for the zone and, as such, is the best source of DNS information for the zone. Each zone file must have an SOA record (which is created automatically when you add a zone).
Adding Address and Pointer Records
The A record maps a host name to an IP address and the PTR record creates a pointer to the host for reverse lookups. Address and pointer records can be created together using the New Host option or separately using the New Record option.
Create a new host entry with A and PTR records by doing the following:
In DNS Manager, right-click on the zone you want to update and then choose New Host from the pop-up menu. This opens the dialog box shown in Figure 16-6.
Enter the host name and IP address and then select the Create Associated PTR Record check box.
Note: PTR records can only be created if the in-addr.arpa file for the zone is available. You can create this file by following the steps listed in the section of this chapter titled "Configuring Reverse Lookups."
Click Add Host.
Repeat as necessary to add other hosts.
Click Done when you are finished.
.gif "Cc722542.16wnta06(en-us,TechNet.10).gif")
Figure 16-6: Create A records and PTR records simultaneously with the New Host option.
.gif "Cc722542.16wnta07(en-us,TechNet.10).gif")
Figure 16-7: PTR records can be added later, if necessary, with the New Resource Record dialog box.
.gif "Cc722542.16wnta06(en-us,TechNet.10).gif")
.gif "Cc722542.16wnta07(en-us,TechNet.10).gif")
Adding a PTR Record Later
If you need to add a PTR record later, you can do so by completing the following steps:
In DNS Manager, right-click on the in-addr.arpa entry for the network or subnet you want to work with and then choose New Record from the pop-up menu. This opens the dialog box shown in Figure 16-7.
In the Record Type field, select PTR Record.
Enter the IP address and fully qualified host name in the fields provided.
Click OK.
Adding DNS Aliases with CNAME
You specify host aliases using CNAME records. Aliases allow a single host computer to appear to be multiple host computers. For example, the host gamma.tvpress.com can be made to appear as www.tvpress.com and ftp.tvpress.com.
To create a CNAME record, follow these steps:
In DNS Manager, right-click on the zone you want to update and then choose New Record from the pop-up menu.
If the address record for the host hasn't been created yet, select A Record and then enter a host name and IP address. Afterward, click OK.
This creates the A record for the host. Now right-click on the zone again and choose New Record.
In the Record Type field, select CNAME Record. As shown in Figure 16-8, on the following page, you can now enter an alias for a designated host. Enter the alias in the Alias Name field and the fully qualified host name in the For Host DNS Name field.
Click OK.
.gif "Cc722542.16wnta08(en-us,TechNet.10).gif")
Figure 16-8: When you create the CNAME record, be sure to use the fully qualified host name.
.gif "Cc722542.16wnta08(en-us,TechNet.10).gif")
Adding Mail Exchange Servers
MX records identify mail exchange servers for the domain. These servers are responsible for processing or forwarding mail within the domain. When you create an MX record, you must specify a preference number for the mail server. A preference number is a value from 0 to 65,535 that denotes the mail server's priority within the domain. The mail server with the lowest preference number has the highest priority and is the first to receive mail. If mail delivery fails, the mail server with the next lowest preference number is tried.
Create an MX record by doing the following:
In DNS Manager, right-click on the zone you want to update and then choose New Record from the pop-up menu.
If the address record for the host hasn't been created yet, select A Record and then enter a host name and IP address. Afterward, click OK.
This creates the A record for the host. Now right-click on the zone again and choose New Record.
In the Record Type field, select MX Record. As shown in Figure 16-9, you can now create a record for the mail server by filling in these fields:
Host Name (Optional) Enter the optional host name, such as mail.
Mail Exchange Server DNS Name Enter the fully qualified host name, such as mail.tvpress.com.
Preference Number Enter a preference number for the host from 0 to 65,535.
Click OK.
.gif "Cc722542.16wnta09(en-us,TechNet.10).gif")
Figure 16-9: Mail servers with the lowest preference number have the highest priority.
.gif "Cc722542.16wnta09(en-us,TechNet.10).gif")
Tip: Assign preference numbers that leave room for growth. For example, use 10 for your highest priority mail server, 20 for the next, and 30 for the one after that.
Adding Name Servers
NS records specify the name servers for the domain. Each primary and secondary name server should be declared through this record. If you obtain secondary name services from an Internet service provider, be sure to insert the appropriate NS records.
Create an NS record by doing the following:
In DNS Manager, right-click on the zone you want to update and then choose New Record from the pop-up menu.
If the name server is located in the domain and its address record hasn't been created yet, select A Record and then enter a host name and IP address. Afterward, click OK.
This creates the A record for the name server. Now right-click on the zone again and choose New Record.
In the Record Type field, select NS Record. As shown in Figure 16-10, on the following page, you can now create a record for the name server. Enter the fully qualified host name, such as names1.tvpress.com.
Click OK.
Viewing and Updating DNS Records
To view or update DNS records, follow these steps:
Double-click on the zone you want to work with. Zone Info should be displayed in the right pane.
.gif "Cc722542.16wnta10(en-us,TechNet.10).gif")
Figure 16-10: Configure name servers for the domain with the New Resource Record dialog box.
In Zone Info, double-click on the DNS record you want to view or update. This opens the record's Properties dialog box.
Make the necessary changes and click OK.
.gif "Cc722542.16wnta10(en-us,TechNet.10).gif")
Updating Zone Properties and the SOA Record
Each zone has separate properties that you can configure. These properties set general zone parameters by using the SOA record, change notification, and WINS integration. In DNS Manager, you set zone properties by doing the following:
Right-click on the zone you want to update and then choose Properties from the pop-up menu.
Select the zone and then choose Properties from the DNS menu.
Selecting Properties opens the Zone Properties dialog box shown in Figure 16-11. Tasks you'll accomplish using this dialog box are covered in the sections that follow.
Modifying the Start of Authority Record
An SOA record designates the authoritative name server for a zone and sets general zone properties, such as retry and refresh intervals. You can modify this information by doing the following:
In DNS Manager, right-click on the zone you want to update and then choose Properties from the pop-up menu.
Click on the SOA Record tab and then update the fields shown in Figure 16-12.
.gif "Cc722542.16wnta11(en-us,TechNet.10).gif")
Figure 16-11: Use the Zone Properties dialog box to set general properties for the zone and to update the SOA record.
.gif "Cc722542.16wnta11(en-us,TechNet.10).gif")
The fields of the SOA Record tab are used as follows:
Primary Name Server DNS Name The fully qualified domain name for the name server, followed by a period. The period is used to terminate the name and ensure that the domain information is not appended to the entry.
Responsible Person Mailbox DNS Name The e-mail address of the person in charge of the domain. The default entry is administrator followed by a period, meaning administrator@your_domain. If you change this entry, substitute a period in place of the @ symbol in the e-mail address and terminate the address with a period. For example, if william@tvpress.com is the responsible person, you would enter: william.tvpress.com.
Serial Number A serial number that indicates the version of the DNS database files. The number is updated automatically whenever you make changes to zone files. You can also update the number manually. Secondary servers use this number to determine if the zone's DNS records have changed. If the primary server's serial number is larger than the secondary server's serial number, the records have changed and the secondary server can request the DNS records for the zone. You can also configure DNS to notify secondary servers of changes (which may speed up the update process).
.gif "Cc722542.16wnta12(en-us,TechNet.10).gif")
Figure 16-12: Set zone and authority properties using the SOA Record tab.
Refresh Interval The interval at which a secondary server checks for zone updates. If set to 60 minutes, NS record changes may not get propagated to a secondary server for up to an hour. You reduce network traffic by increasing this value.
Retry Interval The time the secondary waits after a failure to download the zone database. If set to 10 minutes and a zone database transfer fails, the secondary will wait 10 minutes before requesting the zone database once more.
Expire Time The period of time for which zone information is valid on the secondary. If the secondary can't download data from a primary server within this period, the secondary server lets the data in its cache expire and stops responding to DNS queries. Setting the Expire Time to seven days allows the data on a secondary server to be valid for seven days.
Minimum Default TTL Sets the minimum time-to-live value for cached records on a secondary server. When this value is reached, the secondary expires the associated record and discards it. The next request for the record will need to be sent to the primary for resolution. Set this value to a relatively high value, such as 24 hours, to reduce traffic on the network and increase efficiency. However, keep in mind that a higher value slows down the propagation of updates through the Internet.
.gif "Cc722542.16wnta12(en-us,TechNet.10).gif")
Notifying Secondaries of Changes
You set properties for a zone with its Start of Authority Record. These properties control how DNS information is propagated on the network. You can also specify that the primary server should notify secondary name servers when changes are made to the zone database. To do this, follow these steps:
In DNS Manager, right-click on the zone you want to update and then choose Properties from the pop-up menu.
Click on the Notify tab shown in Figure 16-13 and then enter the IP addresses of secondary servers to notify them of changes.
Click OK.
Note: Under normal DNS operations, you don't need to notify secondaries of changes to the primary zone database. However, if you want to restrict access to the primary zone database, you must configure the Notify List before you can set access restrictions.
.gif "Cc722542.16wnta13(en-us,TechNet.10).gif")
Figure 16-13: Enter the IP addresses of servers in the Zone Properties dialog box to notify them when changes occur.
Restricting Access to the Primary Zone Database
Restricting access to the primary zone database is a security precaution you may want to consider using on your network. When you restrict access to the primary zone database, only secondary servers that you've configured on the Notify List can request updates from the zone's primary server. This allows you to funnel requests through a select group of secondary servers, such as your Internet service provider's secondary name servers, and to hide the details of your internal network from the outside world.
To restrict access to the primary zone database, follow these steps:
In DNS Manager, right-click on the zone you want to update and then choose Properties from the pop-up menu.
Click on the Notify tab and then enter the IP addresses of secondary servers that should have access to the primary zone database.
Select Only Allow Access From Secondaries Included On Notify List and then click OK.
To enforce the changes immediately, select Update Server Data Files from the DNS menu.
from Windows NT Administrator's Pocket Consultant by William R. Stanek. Copyright © 1999 Microsoft Corporation.
.gif "Link")