DNS Lookup Zone Configuration
The configuration of the lookup zones is not all that confusing, and when using the wizards available it becomes even easier. As shown in Figure 1, the DNS server role has been installed on the server and is shown in the left pane. For those looking to perform this configuration on Windows Server 2008 R2, access to the DNS Manager can be achieved either through Server Manager or Administrative Tools.
- Once DNS is selected from the left pane, a list of known DNS servers will be displayed. Right-click on the target server and select DNS Manager.
- At this point the DNS Manager window will open (which looks similar in Windows Server 2008 R2); this is shown below in Figure 3.
- To start the DNS configuration wizard, right-click on the server name and select Configure a DNS Server.
- The initial screen is very basic and gives a brief description of what the wizard can do. Skim over the text and select Next.
- The screen shown below in Figure 5 asks which configuration tasks should be performed with the wizard. For the purpose of this walkthrough, both forward and reverse lookup zones will be created. Choose a configuration action, then select Next.
- The next screen verifies that a forward lookup zone should be created. Choose to create a forward lookup zone and select Next.
- You'll be asked which type of zone should be created, as seen here in Figure 6. The wizard offers a good description of the different options, but the option that is selected depends on whether this server will be the central authority for the zone (domain) being created. Choose a zone type and select Next.
- Now you'll be asked for the name of the zone, which is commonly known as a domain name. For the purpose of this walkthrough, a locally specific zone name was used, but if the server being created by the reader is a public domain, simply type in the name of the domain (i.e. yahoo.com). Type in the name of the zone and select Next.
- The next screen asks for the file name that will store the zone information being created with the wizard; generally this can be left using the default option. Choose a file name and select Next.
- The next screen (as shown below) will ask if dynamic updates should be allowed. For a non-Active Directory integrated zone the only two options are insecure/secure updates or none. From a security perspective it makes sense to disable this functionality without AD. Choose an option and select Next.
- If both the forward and reverse options were selected as shown in Figure 5, you'll begin the process of creating a reverse zone. Choose to create a reverse zone and select Next.
- As shown below, you will be prompted about the reverse zone type. Choosing an option here will most likely mirror what was selected as shown in Figure 6 above. Choose an option and select Next.
- The next screen will ask whether the reverse lookup zone should be for IPv4 or IPv6. Choose the appropriate one and select Next. If both are needed, you will have to configure separately.
- Now you'll be asked for the network ID for the zone. This screen will differ if an IPv6 reverse zone is chosen. Enter the network ID and select Next.
- The next screen asks for the file name that will store the zone information being created with the wizard; generally this can be left using the default option. Choose a file name and select Next.
- Once again you'll be asked whether dynamic updates should be allowed. Choose an option and select Next.
- The next screen (as shown below) asks if the server should forward queries to unknown addresses or names. If no forwarders are selected then the local server will go out to the root servers itself and find the information. Choose an option and select Next.
- Next, you'll confirm the completion of the DNS configuration wizard, then select Finish. This will bring it back to the main DNS Manager screen (as shown below); as shown both a forward and reverse lookup zone have been created.
At this point the DNS server contains no information and is only able to look up remotely configured names and addresses. However, it is authoritative for the testing.local (or whatever zone name the reader configured) domain and records can be created that can be used both locally and remotely depending on the network configuration. Stay tuned for a follow-up article that will review the different available record types and how to configure them.
No comments:
Post a Comment