Name services are essential for communications for Transmission Control Protocol/Internet Protocol (TCP/IP) networking. Microsoft Windows Server 2003 uses the Domain Name System (DNS) as its primary method of name resolution. DNS enables computers to register and resolve DNS domain names. DNS defines the rules under which computers are named and how names are resolved to IP addresses. Windows Server 2003 also supports Windows Internet Naming Service (WINS), which is covered in detail in Chapter 28. WINS provides a similar service for NetBIOS names as DNS provides for DNS domain names. WINS maps NetBIOS names to IP addresses for hosts running NetBIOS over TCP/IP.
The way you install the DNS Server service depends on whether you plan to use DNS with the Active Directory directory service or without Active Directory. Once you make that decision, you can install DNS as necessary using the Add Or Remove Programs utility or using the Configure Your Server Wizard.
On a domain with Active Directory, DNS is required to install the first domain controller in a domain. Active Directory doesn't necessarily require Windows DNS, however. Active Directory is designed to work with any DNS server that supports dynamic updates and Service Location (SRV) records. This means Active Directory can work with any DNS server running Berkeley Internet Name Domain (BIND) version 8.1.2 or later. If you have DNS servers that use BIND version 8.1.2 or later, you can use those servers. If you don't already have BIND servers, you probably won't want to set these up because there are many benefits to using the Microsoft DNS Server service.
When you install the DNS Server service as part of the Active Directory installation process, you can use Active Directory–integrated zones and take advantage of the many replication and security benefits of Active Directory. Here, any server configured as a domain controller with DNS and using Active Directory–integrated zones is an Active Directory primary name server.
Here's how installation of DNS on the first domain controller in a domain works:
You use the Domain Controller Promotion tool (Dcpromo) to install the first domain controller. During the installation process, you are prompted to specify the Active Directory domain name, as shown in the following screen. This sets the DNS name for the domain as well.
Note
For more information about promoting domain controllers, see the section entitled "Installing Active Directory".
When the Active Directory installation process begins, the Active Directory Installation Wizard will check the currently configured DNS servers on the server. If the IP addresses aren't valid or can't be reached, you will be prompted to install DNS as shown in the following screen:
In most cases, you'll want to install DNS. If you install DNS, the Active Directory Installation Wizard will install and then configure DNS. As the next screen shows, this means a forward lookup zone will be created for the domain. The forward lookup zone will have a Start Of Authority (SOA), Name Server (NS), and Host address (A) record for the server you are working with. This designates it as the authoritative name server for the domain. If desired, you can also create reverse lookup zones to allow for IP-address-to-host-name lookups.
For the first DNS server in a forest, the Active Directory Installation Wizard creates the forest-side locator records and stores them in the _msdcs subdomain. Unlike Microsoft Windows 2000, Windows Server 2003 creates this as a separate zone, which is referred to as the forest root zone.
Inside Out: Forest root zones
The forest root zone is an important part of Active Directory. It is in this zone that Active Directory creates SRV resource records used when clients are looking for a particular resource such as global catalog servers, Lightweight Directory Access Protocol (LDAP) servers, and Kerberos servers. The _msdcs subdomain was moved to its own zone to improve performance with remote sites. With Windows 2000, remote sites have to replicate the entire DNS database to access forest root records, which means increased replication and bandwidth usage. As a separate zone, only the zone can be replicated to the DNS servers in remote sites as long as Active Directory application partitions are used. In Windows Server 2003, you can enable application partitions for use with DNS as discussed in the section entitled "Configuring Default Application Directory Partitions and Replication Scope" later in this chapter.
On subsequent domain controllers, you must specifically install the DNS Server service. You do this using the Add or Remove Programs utility or the Configure Your Server Wizard as detailed in the section entitled "DNS Setup" later in this chapter.
In an Active Directory domain, secondary and stub zones can also be useful, as discussed in the section entitled "DNS Zones and Zone Transfers". In fact, in certain situations you might have to use a secondary or stub zone for name resolution to work properly. Consider the case when you have multiple trees in a forest, each in their own namespace. For instance, City Power & Light and The Phone Company are both part of one company and use the domains cpandl.com and thephone-company.com, respectively. If the namespaces for these domains are set up as separate trees of the same forest, your organization would have two namespaces. In the cpandl.com domain, you might want users to be able to access resources in thephone-company.com domain and vice versa. To do this, you would configure DNS as shown in Figure 27-1.
The implementation steps for this example are as follows:
Set up a secondary or stub zone for thephone-company.com on the authoritative name server for cpandl.com.
Set up a secondary or stub zone for cpandl.com on the authoritative name server for thephone-company.com.
Configure zone transfers between cpandl.com and thephone-company.com.
Configure zone transfers between thephone-company.com and cpandl.com.
On a domain without Active Directory, DNS servers act as standard primary or standard secondary name servers. You must install the DNS Server service on each primary or secondary server. You do this using the Add or Remove Programs utility or the Configure Your Server Wizard as detailed in the section entitled "DNS Setup" later in this chapter.
On primary name servers, you configure primary zones for forward lookups and as necessary for reverse lookups. The forward lookup zone will have an SOA, NS, and A record for the server you are working with. This designates it as the authoritative name server for the domain. You can also create reverse lookup zones to allow for IP-address-to-host-name lookups.
On secondary name servers, you configure secondary zones to store copies of the records on the primary name server. You can create secondary zones for the forward lookup zones as well as the reverse lookup zones configured on the primary.
Stub zones and forwarders are also options for these DNS servers.
You can install the DNS Server service using the Add or Remove Programs utility or the Configure Your Server Wizard. Follow these steps for using the Add or Remove Programs utility to do this:
In Control Panel, double-click Add Or Remove Programs. Then in the Add Or Remove Programs dialog box, click Add Windows Components to start the Windows Components Wizard.
On the Windows Components page, select Networking Services, and then click Details.
In the Networking Services dialog box, shown in the following screen, ensure the correct components are selected, but don't clear selections if a service has already been installed.
Click OK. Click Next to begin the installation, and then click Finish.
Follow these steps for using the Configure Your Server Wizard to do this:
Select Configure Your Server Wizard on the Administrative Tools menu. When the wizard starts, click Next twice.
The server's current roles are shown. Select DNS Server, and then click Next.
The wizard will then install DNS. When it finishes, the wizard launches the Configure A DNS Server Wizard, shown in the following screen.
If you want to create the initial DNS setup using the wizard, click Next and follow the steps outlined in the section entitled "Configuring DNS Using the Wizard" later in this chapter.
Otherwise, click Next when the wizard displays the Select Configuration Action page shown in the following screen. Select Configure Root Hints Only, click Next, and then click Finish. You will then need to configure zones, forwarders, and other DNS settings manually.
After you install the DNS Server service, the DNS console is available on the Administrative Tools menu. Start the console by clicking Start, Programs or All Programs as appropriate, Administrative Tools, DNS. Then select the DNS server you are working with to see its status. If you haven't yet created zones, the details pane will appear as shown in Figure 27-2. This is telling you to create a scope so that the clients can get IP addresses dynamically assigned by this server.
You don't have to complete the rest of the configuration at the server. If you've installed the Administrative Tools (Adminpak.msi) as discussed in the section entitled "Installing Windows Server 2003 Administration Tools on Windows XP", you can remotely manage and configure DNS. Simply start the DNS console on your workstation, right-click the DNS node in the left pane, and select Connect To DNS Server. In the Connect To DNS Server dialog box, select The Following Computer, type the name or IP address of the DNS server, and then click OK.
The command-line counterpart to the DNS console is DNSCMD. DNSCMD is included in the Windows Support Tools. From the command prompt on a computer running Windows Server 2003, you can use DNSCMD to perform most of the tasks available in the DNS console as well as to perform many troubleshooting tasks that are specific to DNSCMD. Unlike NETSH, DNSCMD doesn't offer internal command prompts. You can specify only the server you want to work with followed by the command and the command-line options to use for that command. Thus, the syntax is as follows:
dnscmd ServerName Command CommandOptionswhere
ServerName is the name or IP address of the DNS server you want to work with, such as CORPSVR03 or 192.168.10.15.
Command is the command to use.
CommandOptions are the options for the command.
Note
If you are working on the server you want to configure, you don't have to type the server name or IP address.
After you set up a DNS server, you should configure the server's TCP/IP settings so that the server attempts to resolve its own DNS queries. You do this by setting the server's primary DNS server address to its own IP address. In Control Panel, access Network Connections, and then select or double-click the primary network connection. In the Status dialog box, click Properties.
In the Properties dialog box, open the Internet Protocol (TCP/IP) Properties dialog box by double-clicking Internet Protocol (TCP/IP). Select the Use The Following DNS Server Address. For Preferred DNS Server, type the computer's own IP address. Set an alternate DNS server as necessary. When you're finished, click OK.
You can also set the preferred DNS server IP address from the command line. Type the following command:
netsh interface ip set dns ConnectionName staticServerIPAddress
where ConnectionName is the name of the local area connection and ServerIPAddress is the IP address of the server.
Consider the following example:
netsh interface ip set dns "Local Area Connection" static 192.168.1.100
Here, you set the preferred DNS server address for the network connection named Local Area Connection to 192.168.1.100. The Static option says that you want to use the local setting for DNS rather than the Dynamic Host Configuration Protocol (DHCP) setting when applicable.
You can confirm the new setting by typing ipconfig /all at the command prompt and checking for the DNS server entry. The server should have the same setting for IP address and primary DNS server.