In Exercise 5.2, you will create and then modify the properties of a forward lookup zone. In addition, you’ll configure the zone to allow dynamic updates.
EXERCISE 5.2
Configuring a Zone for Dynamic Updates
- Open the DNS management snap- in by selecting Server Manager. Once in Server Manager, click DNS on the left side. In the Servers window (center screen), right- click your server name and choose DNS Manager.
- Click the DNS server to expand it and then click the Forward Lookup Zones folder. Right- click the Forward Lookup Zones folder and choose New Zone.
- At the New Zone Welcome screen, click Next.
- At the Zone Type screen, choose the Primary Zone option. If your DNS server is also a domain controller, do not select the option to store the zone in Active Directory. Click Next when you are ready.
- Enter a new zone name in the Zone Name field and click Next. (I used my last name— Panek.com.)
- Leave the default zone filename and click Next.
- Select the Do Not Allow Dynamic Updates radio button and click Next.
- Click Finish to end the wizard.
- Right- click the zone you just created and choose the Properties command.
- Click the down arrow next to Dynamic Updates. Notice that there are only two options (None and Nonsecure And Secure). The Secure Only option is not available because you are not using Active Directory Integrated. Make sure Nonsecure And Secure is chosen.
- Click OK to close the Properties box.
- Close the DNS management snap- in.
- Close the Server Manager snap- in.
Delegating Zones for DNS
DNS provides the ability to divide the namespace into one or more zones, which can then be stored, distributed, and replicated to other DNS servers. When deciding whether to divide your DNS namespace to make additional zones, consider the following reasons to use additional zones:
■ A need to delegate management of part of your DNS namespace to another location or department within your organization
■ A need to divide one large zone into smaller zones for distributing traffic loads among multiple servers, for improving DNS name- resolution performance, or for creating a more fault- tolerant DNS environment
■ A need to extend the namespace by adding numerous subdomains at once, such as to accommodate the opening of a new branch or site
Each newly delegated zone requires a primary DNS server just as a regular DNS zone does. When delegating zones within your namespace, be aware that for each new zone you create, you need to place delegation records in other zones that point to the authoritative DNS servers for the new zone. This is necessary both to transfer authority and to provide correct referral to other DNS servers and clients of the new servers being made authoritative for the new zone.
In Exercise 5.3, you’ll create a delegated subdomain of the domain you created in Exercise 5.2. Note that the name of the server to which you want to delegate the subdomain must be stored in an A or CNAME record in the parent domain.
EXERCISE 5.3
Creating a Delegated DNS Zone
- Open the DNS management snap- in by selecting Server Manager. Once in Server Manager, click DNS on the left side. In the Servers window (center screen), right- click your server name and choose DNS Manager.
- Expand the DNS server and locate the zone you created in Exercise 5.2.
- Right- click the zone and choose the New Delegation command.
- The New Delegation Wizard appears. Click Next to dismiss the initial wizard page.
- Enter ns1 (or whatever other name you like) in the Delegated Domain field of the Delegated Domain Name page. This is the name of the domain for which you want to delegate authority to another DNS server. It should be a subdomain of the primary domain (for example, to delegate authority for farmington.example.net, you’d enter farmington in the Delegated Domain field). Click Next to complete this step.
- When the Name Servers page appears, click the Add button to add the names and IP addresses of the servers that will be hosting the newly delegated zone. For the purpose of this exercise, enter the server name you used in Exercise 5.2. Click the Resolve button to resolve this domain name’s IP address automatically into the IP address field. Click OK when you are finished. Click Next to continue with the wizard.
- Click the Finish button. The New Delegation Wizard disappears, and you’ll see the new zone you just created appear beneath the zone you selected in step 3. The newly delegated zone’s folder icon is drawn in gray to indicate that control of the zone is delegated.
DNS Forwarding
If a DNS server does not have an answer to a DNS request, it may be necessary to send that request to another DNS server. This is called DNS forwarding. You need to understand the two main types of forwarding:
External Forwarding When a DNS server forwards an external DNS request to a DNS server outside of your organization, this is considered external forwarding. For example, a resolver requests the host www.microsoft.com. Most likely, your internal DNS server is not going to have Microsoft’s web address in its DNS database. So, your DNS server is going to send the request to an external DNS (most likely your ISP) or use the setup root hints.
Conditional Forwarding Conditional forwarding is a lot like external forwarding except that you are going to forward requests to specific DNS servers based on a condition. Usually this is an excellent setup for internal DNS resolution. For example, let’s say that you have two companies, stormwind.com and stormtest.com. If a request comes in for Stormwind.com, it gets forwarded to the Stormwind DNS server, and any requests for Stormtest.com will get forwarded to the Stormtest DNS server. Requests are forwarded to a specific DNS server depending on the condition that you set up.
Manually Creating DNS Records
From time to time you may find it necessary to add resource records manually to your Windows Server 2022 DNS servers. Although Dynamic DNS frees you from the need to fiddle with A and PTR records for clients and other such entries, you still have to create other resource types (including MX records, required for the proper flow of SMTP email) manually. You can manually create A, PTR, MX, SRV, and many other record types.
There are only two important things to remember for manually creating DNS records:
■ You must right- click the zone and choose either the New Record command or the Other New Records command.
■ You must know how to fill in the fields of whatever record type you’re using.
For example, to create an MX record, you need three pieces of information (the domain, the mail server, and the priority). To create an SRV record, however, you need several more pieces of information.
In Exercise 5.4, you will manually create an MX record for a mailtest server in the zone you created in Exercise 5.2.
EXERCISE 5.4
Manually Creating DNS RRs
- Open the DNS management snap- in by selecting Server Manager. Once in Server Manager, click DNS on the left side. In the Servers window (center screen), right- click your server name and choose DNS Manager.
- Expand your DNS server, right- click its zone, and choose New Host (A record).
- Enter mailtest in the Name field. Enter a TCP/IP number in the IP Address field. (You can use any number for this exercise, such as, for example, 192.168.1.254.) Click the Add Host button.
- A dialog box appears stating that the host record was created successfully. Click OK. Click Done.
- Right- click your zone name and choose New Mail Exchanger (MX).
EXERCISE 5.4 (continued)
- Enter mailtest in the Host Or Child Domain field and enter mailtest.yourDomain .com (or whatever domain name you used in Exercise 5.2) in the Fully- Qualified Domain Name (FQDN) Of Mail Server field and then click OK. Notice that the new record is already visible.
- Next create an alias (or CNAME) record to point to the mail server. (It is assumed that you already have an A record for mailtest in your zone.) Right- click your zone and choose New Alias (CNAME).
- Type mail into the Alias Name field.
- Type mailtest.yourDomain.com into the Fully- Qualified Domain Name (FQDN) For Target Host field.
- Click OK.
- Close the DNS management snap- in.
Leave a Reply