Windows DNS Server
Introduction
Domain Name System (DNS) is a system that is used in TCP/IP networks for naming computers and network services that is organized into a hierarchy of domains. DNS naming locates computers and services through user-friendly names. When a user enters a DNS name in an application, DNS services can resolve the name to other information that is associated with the name, such as an IP address. Source:Technet.microsoft.com
Objectives
- To run an authoritative DNS server for your Domain.
- Add DNS server role to your Windows 2008 VM.
- To configure and maintain a primary DNS server for a given domain.
Hardware and software requirements (Bring to all Labs)
- CentOS 6.5 x86_64 Live CD/DVD
- CentOS 6.5 x86_64 Installation DVD1
- Windows Server 2008 R2 Installation DVD
- SATA Hard Disk (500GB+) in removable disk tray
- USB Memory Stick (8GB+)
- Lab Logbook
Prerequisites
- Complete Task 5 of Lab 2 - A working Windows server 2008 VM with GUI.
- Has been assigned a network ID (Please ask you professor if you haven't got one yet.) and recorded on front page of your Lab Logbook.
- Has requested and been assigned a DNS domain name for this course.
Task 1: Assign a static IP to your Windows 2008 Server
Follow the following steps to assign the static IP 192.168.x.82 to your Windows 2008 Server
- Start -> Network -> Network and Sharing Center -> Manage network Connections
- Select the Local Area Connection that is connected to your "SRT210" network (check MAC address to verify).
- Right click the icon and select "Properties" from the pop-up menu.
- Select
- From the Local Area Connection Properties Dialogue box, select "Internet Protocol Verions 4 (TCP/IPv4) and click the Properties button.
- Assign IP 192.168.x.82 and leave the gateway and DNS fields.
- Save and exit.
Task 2: Install DNS Server Role
Follow the following steps to add DNS server role:
- Start up Server Manager: Start -> Administrative Tools -> Server Manager
- From the left panel, click the "Roles" item
- Click "Add Roles" on the right panel
- Follow the instruction provided by the "Add Roles Wizard" to add DNS Server role.
Task 3: Create two zones for your domain
Start the DNS Manager: Start -> Administrative Tools -> DNS
In the left panel of the DNS Manager Windows, click the HOST name of your Windows 2008. Record the entries displayed on the right panel. You should see the following items:
Global Logs Forward Lookup Zones Reverse Lookup Zones Conditional Forwards Root Hints Forwards
Click the item "Forward Lookup Zones" to add a forward lookup zone for your domain.
Follow the New Zone Wizard to create a new zone using your Learn ID + .net
Using the following information for the new zone (replace [LearnID] with your Seneca email ID):
Zone Type: Primary Zone Zone Name: [LearnID].net Replace [LearnID] with your actual Learn ID Zone File: Create a new file with the suggested file name Dynamic Update: Do not allow dynamic updates
Click the item "Reverse Lookup Zones" To add a reverse lookup zone for your network.
Follow the New Zone Wizard to create a new reverse zone (replace "x" with your assigned network ID):
Zone type: Primary Zone Reverse Lookup Zone Name: IPv4 Reverse Lookup Zone Network ID: 192.168.x [Reverse Lookup Zone Name: x.168.192.in-addr.arpa ] Zone File: Create a new file with the suggested file name Dynamic Update: Do not allow dynamic updates
Task 4: Add resource records to your zone
Click on the new zone created on the left panel. Two resource records should appear on the right panel: the SOA and NS records.
Resource Record: Start of Authority (SOA)
- Created automatically when creating the zone. Record the "Name" and "Data" for the SOA resource record to your lab log book.
Part 1: Resource Record: Name Server (NS) Record
Created automatically when creating the new zone. Record the "Name" and "Data" for the NS resource record in your lab log book.
Part 2: Resource Record: IPv4 Host Address (A) Record
To create an A record:
- Right click the forward lookup zone name or the "Action" on the menu bar and select "New Host (A or AAAA)
- Type in "win-ns" into the "Name" field.
- Type in the static IP address of your Windows 2008
- Check the box for "Create associated pointer (PTR) record.
- Click the "Add Host" button to create the A and PTR record.
Add another host record:
FQDN: smtp.[LearnID].net IP: 192.168.x.25
to your forward lookup zone and reverse lookup zone.
Part 3: Resource Record: IPv4 Host Pointer (PTR) Record
The PTR record should be created when creating the A record in the previous section.
Part 4: Resource Record: Canonical Name (CNAME) Record
To create a CNAME record:
- Right click the forward lookup zone name or the "Action" on the menu bar and select "New Alias (CNAME)
- Type "www" into the "Alias name" field.
- Click the "Browse" button for the "Fully qualified domain name (FQDN) for target host"
- Select "win-ns.[LearnID].net" as the target host
Part 5: Resource Record: Mail Exchanger (MX) Record
To create an MX record:
- Right click the forward lookup zone name or the "Action" on the menu bar and select "New Mail Exchanger (MX)" item.
- Leave the "Host or child domain" field blank.
- Click the "Browse" button and select "smtp.[LearnID].net" as the fully qualilfied domain name (FQDN) of mail server.
- Keep the default value "10" for the "Mail Server priority".
- Click the "OK" button to save.
Task 5: Testing your Windows 2008 DNS Server
- Configure your CentOS VM to use your Windows VM for DNS query. [Hint: update the /etc/resolv.conf file. with your Windows VM's IP.]
- Use one or more DNS lookup programs on your CentOS machine to query your Windows DNS server.
- If you have trouble getting DNS response from your Windows DNS server, check the network connectivity between your Linux host and your Windows VM. Please note that incoming ICMP packets are dropped by default if Windows firewall is on. You can either stop the firewall on Windows or add the following rule (all in one line) to your Windows server 2008 to allow incoming ICMP packets:
netsh advfirewall firewall add rule name="ICMP Allow incoming ICMP V4" protocol=icmpv4 dir=in action=allow
Part 1: Using nslookup
The following paragraph is from the description on the man page for nslookup:
nslookup is a program to query Internet domain name servers. Nslookup has two modes: interactive and non-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non-interactive mode is used to print just the name and requested information for a host or domain.
Consult the nslookup man page for all available options.
Run the following DNS query commands on your CentOS VM system to test your Windows DNS server set up. Replace [LearnID] with your Seneca email ID and "x" with your assigned ID. Record the outputs in your eLog book.
- nslookup -query=SOA [LearnID].net 192.168.x.82
- nslookup -query=A win-ns.[LearnID].net 192.168.x.82
- nslookup -query=A www.[LearnID].net 192.168.x.82
- nslookup -query=MX [LearnID].net 192.168.x.82
- nslookup -query=NS [LearnID].net 192.168.x.82
- nslookup www.[LearnID].net 192.168.x.82
- nslookup 192.168.x.53 192.168.x.82
- nslookup 192.168.x.25 192.168.x.82
Part 2: Using dig
The following are from the description on the man page for dig:
- dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.
- Although dig is normally used with command-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command-line arguments and options is printed when the -h option is given. Unlike earlier versions, the BIND 9 implementation of dig allows multiple lookups to be issued from the command line.
- Unless it is told to query a specific name server, dig will try each of the servers listed in /etc/resolv.conf.
- When no command line arguments or options are given, dig will perform an NS query for "." (the root).
- It is possible to set per-user defaults for dig via ${HOME}/.digrc. This file is read and any options in it are applied before the command line arguments.
- The IN and CH class names overlap with the IN and CH top level domains names. Either use the -t and -c options to specify the type and class, use the -q the specify the domain name, or use "IN." and "CH." when looking up these top level domains.
Consult the dig man page for all available options.
Run the following DNS query commands on your CentOS VM system to test your Windows DNS server set up. Replace [LearnID] with your Seneca email ID and "x" with your assigned ID. Record the outputs in your eLog book.
- dig @192.168.x.82 [LearnID].net SOA
- dig @192.168.x.82 win-ns.[LearnID].net A
- dig @192.168.x.82 www.[LearnID].net A
- dig @192.168.x.82 [LearnID].net MX
- dig @192.168.x.82 [LearnID].net NS
- dig @192.168.x.82 www.[LearnID].net
- dig @192.168.x.82 -x 192.168.x.53
- dig @192.168.x.82 -x 192.168.x.25
Part 3: Using host
The following paragraph is from the description on the man page for host:
host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given, host prints a short summary of its command line arguments and options.
Consult the host man page for all available options.
Run the following DNS query commands on your CentOS VM system to test your Windows DNS server set up. Replace [LearnID] with your Seneca email ID and "x" with your assigned ID. Record the outputs in your eLog book.
- host -C [LearnID].net 192.168.x.82
- host -a win-ns.[LearnID].net 192.168.x.82
- host -a www.[LearnID].net 192.168.x.82
- host -t MX [LearnID].net 192.168.x.82
- host -t NS [LearnID].net 192.168.x.82
- host www.[LearnID].net 192.168.x.82
- host 192.168.x.53 192.168.x.82
- host -t PTR 192.168.x.25 192.168.x.82
Part 4: Test Results
Verify that the response for each DNS query gave the expected result. Compare the differences in the responses returned by nslookup, dig, and host.
Completing the Lab
Show your eLog book for this lab to your professor and study the following questions:
- What is DNS?
- What does each type of DNS Servers do?
- What type of DNS server does a computer need to browser the Internet?
- What is a root name DNS server? How many are there? What are their names and IP addresses? Who can query the root name server? Who can make changes to the root name servers?
- Which DNS server should you use?
- Is it safe to use any DNS servers on the Internet?
- How can we trust DNS server and use the information they provide when browsing the Internet? Who has control on the mapping of DNS names to IP addresses?