How to configure dns server(2)


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

How to configure dns server(2)

  1. 1. PUNJAB COLLEGE OF TECHNICAL EDUCATION,BADDOWAL Report On How to Configure DNS Server Submitted to: Submitted by: Ms.Amandeep Kaur Harjinder Mann Sonia Mca-5th sem.
  2. 2. HOW TO CONFIGURE DNS SERVER WHAT IS DNS SERVER: The Domain Name System (DNS) is a distributed hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. An often-used analogy to explain the Domain Name System is that it serves as the "phone book" for the Internet by translating human-friendly computer hostnames into IP addresses. The Domain Name System makes it possible to assign domain names to groups of Internet users in a meaningful way, independent of each user's physical location. Because of this, World Wide Web (WWW) hyperlinks and Internet contact information can remain consistent and constant even if the current Internet routing arrangements change or the participant uses a mobile device. Internet domain names are easier to remember than IP addresses such as (IPv4) or 2001:db8:1f70::999:de8:7648:6e8 (IPv6). People take advantage of this when they recite meaningful URLs and e-mail addresses without having to know how the machine will actually locate them. The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their particular domains, and in turn can assign other authoritative name servers for their sub-domains. This mechanism has made the DNS distributed and fault tolerant and has helped avoid the need for a single central register to be continually consulted and updated. In general, the Domain Name System also stores other types of information, such as the list of mail servers that accept email for a given Internet domain. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet. WHAT IS IP ADDRESS? This number is an exclusive number all information technology devices (printers, routers, modems, et al) use which identifies and allows them the ability to communicate with each other on a computer network. There is a standard of communication which is called an Internet Protocol standard. In layman’s terms it is the same as your home address. In order for you to receive snail mail at home the sending party must have your correct mailing address (IP address) in your town (network) or you do not receive bills, pizza coupons or your tax refund. The same is true for all equipment on the internet. Without this specific address, information cannot be
  3. 3. received. IP addresses may either be assigned permanently for an Email server/Business server or a permanent home resident or temporarily, from a pool of available addresses (first come first serve) from your Internet Service Provider. A permanent number may not be available in all areas and may cost extra so be sure to ask your ISP. DYNAMIC IP ADDRESS: One that is not static and could change at any time. This type is issued to you from a pool of addresses allocated by your ISP or DHCP Server. This is for a large number of customers that do not require the same address all the time for a variety of reasons. Your computer will automatically get this number as it logs on to the network and saves you the trouble of having to know details regarding the specific network configurations. This number can be assigned to anyone using a dial-up connection, Wireless and High Speed Internet connections. If you need to run your own email server or web server, it would be best to have a static IP address. STATIC IP ADDRESS: One that is fixed and never changes. This is in contrast to a dynamic IP address which may change at any time. Most ISP's can offer to assign a single static IP or a block of static IP's for a few extra bucks a month and may require you upgrading to a business account. IPv4: Currently used by most network devices. However, with more and more computers accessing the internet, IPv4 IPs are running out quickly. Just like in a city, addresses have to be created for new neighborhoods but, if your neighborhood gets too large, you will have to come up with an entire new pool of addresses. IPv4 is limited to 4,294,967,296 IPs. IPv5: This is an experimental protocol for UNIX based systems. In keeping with standard UNIX (a computer Operating System) release conventions, all odd-numbered versions are considered experimental. It was never intended to be used by the general public. IPv6: The replacement for the aging IPv4. The estimated number of unique IPs for IPv6 is 340,282,366,920,938,463,463,374,607,431,768,211,456 or 2^128.
  4. 4. STRUCTURE:  DOMAIN NAME SPACE: o The domain name space consists of a tree of domain names. Each node or leaf in the tree has zero or more resource records, which hold information associated with the domain name. The tree sub-divides into zones beginning at the root zone. A DNS zone consists of a collection of connected nodes authoritatively served by an authoritative name server. (Note that a single name server can host several zones.) o Administrative responsibility over any zone may be divided, thereby creating additional zones. Authority is said to be delegated for a portion of the old space, usually in form of sub-domains, to another name server and administrative entity. The old zone ceases to be authoritative for the new zone. DNS ROOT SERVERS: DNS servers communicate with each other using private network protocols. All DNS servers are organized in a hierarchy. At the top level of the hierarchy, so-called root servers store the complete database of Internet domain names and their corresponding IP addresses. The Internet employs 13 root servers that have become somewhat famous for their special role. Maintained by various independent agencies, the servers are aptly named A, B, C and so on up to M. Ten of these servers reside in the United States, one in Japan, one in London, UK and one in Stockholm, Sweden. NAME SERVERS: The Domain Name System is maintained by a distributed database system, which uses the client- server model. The nodes of this database are the name servers. Each domain has at least one authoritative DNS server that publishes information about that domain and the name servers of any domains subordinate to it. The top of the hierarchy is served by the root nameservers, the servers to query when looking up (resolving) a top-level domain name (TLD). AUTHORITATIVE NAME SERVER: An authoritative name server is a name server that gives answers that have been configured by an original source, for example, the domain administrator or by dynamic DNS methods, in contrast to answers that were obtained via a regular DNS query to another name server. An authoritative- only name server only returns answers to queries about domain names that have been specifically configured by the administrator. An authoritative name server can either be a master server or a slave server. A master server is a server that stores the original (master) copies of all zone records. A slave server uses an
  5. 5. automatic updating mechanism of the DNS protocol in communication with its master to maintain an identical copy of the master records. Every DNS zone must be assigned a set of authoritative name servers that are installed in NS records in the parent zone. When domain names are registered with a domain name registrar their installation at the domain registry of a top level domain requires the assignment of a primary name server and at least one secondary name server. The requirement of multiple name servers aims to make the domain still functional even if one name server becomes inaccessible or inoperable. The designation of a primary name server is solely determined by the priority given to the domain name registrar. For this purpose generally only the fully qualified domain name of the name server is required, unless the servers are contained in the registered domain, in which case the corresponding IP address is needed as well. Primary name servers are often master name servers, while secondary name server may be implemented as slave servers. An authoritative server indicates its status of supplying definitive answers, deemed authoritative, by setting a software flag (a protocol structure bit), called the Authoritative Answer (AA) bit in its responses. This flag is usually reproduced prominently in the output of DNS administration query tools (such as dig) to indicate that the responding name server is an authority for the domain name in question. Install Microsoft DNS Server: 1. Click Start, point to Settings, and then click Control Panel. 2. Double-click Add/Remove Programs. 3. Click Add and Remove Windows Components. 4. The Windows Components Wizard starts. Click Next. 5. Click Networking Services, and then click Details. 6. Click to select the Domain Name System (DNS) check box, and then click OK. 7. Click OK to start server Setup. The DNS server and tool files are copied to your computer. 8. Continue to the next step to configure the DNS server.
  6. 6. Configure the DNS Server Using DNS Manager: These steps guide you through configuring DNS by using the DNS Manager snap-in in Microsoft Management Console (MMC). 1. Click Start, point to Programs, point to Administrative Tools, and then click DNS Manager. You see two zones under your computer name: Forward Lookup Zone and Reverse Lookup Zone. 2. The DNS Server Configuration Wizard starts. Click Next. 3. If the Wizard does not auto-start, right-click your server name object in the DNS Manager console and choose Configure your Server.
  7. 7. 1. Choose to add a forward lookup zone. Click Next. The new forward lookup zone must be a primary zone so that it can accept dynamic updates. Click Primary, and then click Next.
  8. 8. 1. The zone name must be exactly the same as your Active Directory Domain name, or, if on a stand-alone or workgroup environment - the same as the suffix for all of the network computers that are to register with this DNS server. Type the name of the zone, and then click Next. 2. Accept the default name for the new zone file. Click Next.
  9. 9. 3. Choose to add a reverse lookup zone now. Click Next. 4. Click Primary, and then click Next. 5. Type the name of the zone, and then click Next. The zone name should match the Network ID of your local subnet. For example, if your subnet range is from to, type 192.168.0 in the name value.
  10. 10. 6. Accept the default name for the new zone file. Click Next. 7. Click Finish to complete the Server Configuration Wizard. Note: After the Server Configuration Wizard is finished, DNS Manager starts. Proceed to the next step to enable dynamic update on the zone you just added.
  11. 11. Enable Dynamic Update on the Forward and Reverse Lookup Zones (Optional - Recommended): 1. In DNS Manager, expand the DNS Server object. 2. Expand the Forward Lookup Zones folder. 3. Right-click the zone you created, and then click Properties. 4. On the General tab, click to select the Allow Dynamic Update check box, and then click OK to accept the change.
  12. 12. 1. Do the same for the Reverse Lookup Zone. Enable DNS Forwarding for Internet connections: 1. Click Start, point to Programs, point to Administrative Tools, and then click DNS to start the DNS Management Console. 2. Right click the DNS Server object for your server in the left pane of the console, and click Properties.
  13. 13. 1. Click the Forwarders tab. 2. Check the Enable forwarders check-box. 3. In the IP address box enter the IP address of the DNS servers you want to forward queries to - typically the DNS server of your ISP. You can also move them up or down. The one that is highest in the list gets the first try, and if it does not respond within a given time limit - the query will be forwarded to the next server in the list.
  14. 14. 8. Click OK. HOW TO CONFIGURE FORWARDERS: Windows Server 2003 can take advantage of DNS forwarders. This feature forwards DNS requests to external servers. If a DNS server cannot find a resource record in its zones, it can send the request to another DNS server for additional attempts at resolution. A common scenario might be to configure forwarders to your ISP's DNS servers. 1. Click Start, point to Administrative Tools, and then click DNS. 2. Right-click ServerName, where ServerName is the name of the server, and then click the Forwarders tab. 3. Click a DNS domain in the DNS domain list. Or, click New, type the name of the DNS domain for which you want to forward queries in the DNS domain box, and then click OK. 4. In the Selected domain's forwarder IP address box, type the IP address of the first DNS server to which you want to forward, and then click Add. 5. Repeat step 4 to add the DNS servers to which you want to forward.
  15. 15. 6. Click OK. PROTOCOL DETAILS: DNS primarily uses User Datagram Protocol (UDP) on port number to serve requests. DNS queries consist of a single UDP request from the client followed by a single UDP reply from the server. The Transmission Control Protocol (TCP) is used when the response data size exceeds 512 bytes, or for tasks such as zone transfers. Some operating systems, such as HP-UX, are known to have resolver implementations that use TCP for all queries, even when UDP would suffice. SECURITY ISSUES: DNS was not originally designed with security in mind, and thus has a number of security issues. One class of vulnerabilities is DNS cache poisoning, which tricks a DNS server into believing it has received authentic information when, in reality, it has not. DNS responses are traditionally not cryptographically signed, leading to many attack possibilities; The Domain Name System Security Extensions (DNSSEC) modifies DNS to add support for cryptographically signed responses. There are various extensions to support securing zone transfer information as well. Even with encryption, a DNS server could become compromised by a virus (or for that matter a disgruntled employee) that would cause IP addresses of that server to be redirected to a malicious address with a long TTL. This could have far-reaching impact to potentially millions of Internet users if busy DNS servers cache the bad IP data. This would require manual purging of all affected DNS caches as required by the long TTL (up to 68 years). Some domain names can spoof other, similar-looking domain names. For example , "" and "" are different names, yet users may be unable to tell the difference when the user's typeface (font) does not clearly differentiate the letter l and the numeral 1. This problem is much more serious in systems that support internationalized domain names, since many characters that are different, from the point of view of ISO 10646; appear identical on typical computer screens. This vulnerability is often exploited in phishing. Techniques such as Forward Confirmed reverse DNS can also be used to help validate DNS results.