PUNJAB COLLEGE OF TECHNICAL EDUCATION,BADDOWAL
How to Configure DNS Server
Submitted to: Submitted by:
Ms.Amandeep Kaur Harjinder Mann
HOW TO CONFIGURE DNS SERVER
WHAT IS DNS SERVER:
The Domain Name System (DNS) is a distributed hierarchical naming system for computers,
services, or any resource connected to the Internet or a private network. It associates various
information with domain names assigned to each of the participants. Most importantly, it
translates domain names meaningful to humans into the numerical (binary) identifiers associated
with networking equipment for the purpose of locating and addressing these devices worldwide.
An often-used analogy to explain the Domain Name System is that it serves as the "phone book"
for the Internet by translating human-friendly computer hostnames into IP addresses.
The Domain Name System makes it possible to assign domain names to groups of Internet users
in a meaningful way, independent of each user's physical location. Because of this, World Wide
Web (WWW) hyperlinks and Internet contact information can remain consistent and constant
even if the current Internet routing arrangements change or the participant uses a mobile device.
Internet domain names are easier to remember than IP addresses such as 22.214.171.124 (IPv4)
or 2001:db8:1f70::999:de8:7648:6e8 (IPv6). People take advantage of this when they recite
meaningful URLs and e-mail addresses without having to know how the machine will actually
The Domain Name System distributes the responsibility of assigning domain names and
mapping those names to IP addresses by designating authoritative name servers for each domain.
Authoritative name servers are assigned to be responsible for their particular domains, and in
turn can assign other authoritative name servers for their sub-domains. This mechanism has
made the DNS distributed and fault tolerant and has helped avoid the need for a single central
register to be continually consulted and updated.
In general, the Domain Name System also stores other types of information, such as the list of
mail servers that accept email for a given Internet domain. By providing a worldwide, distributed
keyword-based redirection service, the Domain Name System is an essential component of the
functionality of the Internet.
WHAT IS IP ADDRESS?
This number is an exclusive number all information technology devices (printers, routers,
modems, et al) use which identifies and allows them the ability to communicate with each other
on a computer network. There is a standard of communication which is called an Internet
Protocol standard. In layman’s terms it is the same as your home address. In order for you to
receive snail mail at home the sending party must have your correct mailing address (IP address)
in your town (network) or you do not receive bills, pizza coupons or your tax refund. The same is
true for all equipment on the internet. Without this specific address, information cannot be
received. IP addresses may either be assigned permanently for an Email server/Business server
or a permanent home resident or temporarily, from a pool of available addresses (first come first
serve) from your Internet Service Provider. A permanent number may not be available in all
areas and may cost extra so be sure to ask your ISP.
DYNAMIC IP ADDRESS:
One that is not static and could change at any time. This type is issued to you from a pool of
addresses allocated by your ISP or DHCP Server. This is for a large number of customers that do
not require the same address all the time for a variety of reasons. Your computer will
automatically get this number as it logs on to the network and saves you the trouble of having to
know details regarding the specific network configurations. This number can be assigned to
anyone using a dial-up connection, Wireless and High Speed Internet connections. If you need to
run your own email server or web server, it would be best to have a static IP address.
STATIC IP ADDRESS:
One that is fixed and never changes. This is in contrast to a dynamic IP address which may
change at any time. Most ISP's can offer to assign a single static IP or a block of static IP's for a
few extra bucks a month and may require you upgrading to a business account.
Currently used by most network devices. However, with more and more computers accessing the
internet, IPv4 IPs are running out quickly. Just like in a city, addresses have to be created for
new neighborhoods but, if your neighborhood gets too large, you will have to come up with an
entire new pool of addresses. IPv4 is limited to 4,294,967,296 IPs.
This is an experimental protocol for UNIX based systems. In keeping with standard UNIX (a
computer Operating System) release conventions, all odd-numbered versions are considered
experimental. It was never intended to be used by the general public.
The replacement for the aging IPv4. The estimated number of unique IPs for IPv6 is
340,282,366,920,938,463,463,374,607,431,768,211,456 or 2^128.
DOMAIN NAME SPACE:
o The domain name space consists of a tree of domain names. Each node or leaf in
the tree has zero or more resource records, which hold information associated
with the domain name. The tree sub-divides into zones beginning at the root zone.
A DNS zone consists of a collection of connected nodes authoritatively served by
an authoritative name server. (Note that a single name server can host several
o Administrative responsibility over any zone may be divided, thereby creating
additional zones. Authority is said to be delegated for a portion of the old space,
usually in form of sub-domains, to another name server and administrative entity.
The old zone ceases to be authoritative for the new zone.
DNS ROOT SERVERS:
DNS servers communicate with each other using private network protocols. All DNS servers are
organized in a hierarchy. At the top level of the hierarchy, so-called root servers store the
complete database of Internet domain names and their corresponding IP addresses. The Internet
employs 13 root servers that have become somewhat famous for their special role. Maintained by
various independent agencies, the servers are aptly named A, B, C and so on up to M. Ten of
these servers reside in the United States, one in Japan, one in London, UK and one in Stockholm,
The Domain Name System is maintained by a distributed database system, which uses the client-
server model. The nodes of this database are the name servers. Each domain has at least one
authoritative DNS server that publishes information about that domain and the name servers of
any domains subordinate to it. The top of the hierarchy is served by the root nameservers, the
servers to query when looking up (resolving) a top-level domain name (TLD).
AUTHORITATIVE NAME SERVER:
An authoritative name server is a name server that gives answers that have been configured by an
original source, for example, the domain administrator or by dynamic DNS methods, in contrast
to answers that were obtained via a regular DNS query to another name server. An authoritative-
only name server only returns answers to queries about domain names that have been specifically
configured by the administrator.
An authoritative name server can either be a master server or a slave server. A master server is a
server that stores the original (master) copies of all zone records. A slave server uses an
automatic updating mechanism of the DNS protocol in communication with its master to
maintain an identical copy of the master records.
Every DNS zone must be assigned a set of authoritative name servers that are installed in NS
records in the parent zone.
When domain names are registered with a domain name registrar their installation at the domain
registry of a top level domain requires the assignment of a primary name server and at least one
secondary name server. The requirement of multiple name servers aims to make the domain still
functional even if one name server becomes inaccessible or inoperable. The designation of a
primary name server is solely determined by the priority given to the domain name registrar. For
this purpose generally only the fully qualified domain name of the name server is required,
unless the servers are contained in the registered domain, in which case the corresponding IP
address is needed as well.
Primary name servers are often master name servers, while secondary name server may be
implemented as slave servers.
An authoritative server indicates its status of supplying definitive answers, deemed authoritative,
by setting a software flag (a protocol structure bit), called the Authoritative Answer (AA) bit in
its responses. This flag is usually reproduced prominently in the output of DNS administration
query tools (such as dig) to indicate that the responding name server is an authority for the
domain name in question.
Install Microsoft DNS Server:
1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs.
3. Click Add and Remove Windows Components.
4. The Windows Components Wizard starts. Click Next.
5. Click Networking Services, and then click Details.
6. Click to select the Domain Name System (DNS) check box, and then click OK.
7. Click OK to start server Setup. The DNS server and tool files are copied to your
8. Continue to the next step to configure the DNS server.
Configure the DNS Server Using DNS Manager:
These steps guide you through configuring DNS by using the DNS Manager snap-in in
Microsoft Management Console (MMC).
1. Click Start, point to Programs, point to Administrative Tools, and then click DNS
Manager. You see two zones under your computer name: Forward Lookup Zone and
Reverse Lookup Zone.
2. The DNS Server Configuration Wizard starts. Click Next.
3. If the Wizard does not auto-start, right-click your server name object in the DNS
Manager console and choose Configure your Server.
1. Choose to add a forward lookup zone. Click Next. The new forward lookup zone must be
a primary zone so that it can accept dynamic updates. Click Primary, and then click Next.
1. The zone name must be exactly the same as your Active Directory Domain name, or, if
on a stand-alone or workgroup environment - the same as the suffix for all of the network
computers that are to register with this DNS server. Type the name of the zone, and then
2. Accept the default name for the new zone file. Click Next.
3. Choose to add a reverse lookup zone now. Click Next.
4. Click Primary, and then click Next.
5. Type the name of the zone, and then click Next. The zone name should match the
Network ID of your local subnet. For example, if your subnet range is from 192.168.0.1
to 192.168.0.254, type 192.168.0 in the name value.
6. Accept the default name for the new zone file. Click Next.
7. Click Finish to complete the Server Configuration Wizard.
Note: After the Server Configuration Wizard is finished, DNS Manager starts. Proceed to
the next step to enable dynamic update on the zone you just added.
Enable Dynamic Update on the Forward and Reverse Lookup Zones (Optional -
1. In DNS Manager, expand the DNS Server object.
2. Expand the Forward Lookup Zones folder.
3. Right-click the zone you created, and then click Properties.
4. On the General tab, click to select the Allow Dynamic Update check box, and then click
OK to accept the change.
1. Do the same for the Reverse Lookup Zone.
Enable DNS Forwarding for Internet connections:
1. Click Start, point to Programs, point to Administrative Tools, and then click DNS to start
the DNS Management Console.
2. Right click the DNS Server object for your server in the left pane of the console, and
1. Click the Forwarders tab.
2. Check the Enable forwarders check-box.
3. In the IP address box enter the IP address of the DNS servers you want to forward queries
to - typically the DNS server of your ISP. You can also move them up or down. The one
that is highest in the list gets the first try, and if it does not respond within a given time
limit - the query will be forwarded to the next server in the list.
8. Click OK.
HOW TO CONFIGURE FORWARDERS:
Windows Server 2003 can take advantage of DNS forwarders. This feature forwards DNS requests to
external servers. If a DNS server cannot find a resource record in its zones, it can send the request to
another DNS server for additional attempts at resolution. A common scenario might be to configure
forwarders to your ISP's DNS servers.
1. Click Start, point to Administrative Tools, and then click DNS.
2. Right-click ServerName, where ServerName is the name of the server, and then click the
3. Click a DNS domain in the DNS domain list. Or, click New, type the name of the DNS domain
for which you want to forward queries in the DNS domain box, and then click OK.
4. In the Selected domain's forwarder IP address box, type the IP address of the first DNS server
to which you want to forward, and then click Add.
5. Repeat step 4 to add the DNS servers to which you want to forward.
6. Click OK.
DNS primarily uses User Datagram Protocol (UDP) on port number to serve requests. DNS
queries consist of a single UDP request from the client followed by a single UDP reply from the
server. The Transmission Control Protocol (TCP) is used when the response data size exceeds
512 bytes, or for tasks such as zone transfers. Some operating systems, such as HP-UX, are
known to have resolver implementations that use TCP for all queries, even when UDP would
DNS was not originally designed with security in mind, and thus has a number of security
issues. One class of vulnerabilities is DNS cache poisoning, which tricks a DNS server
into believing it has received authentic information when, in reality, it has not.
DNS responses are traditionally not cryptographically signed, leading to many attack
possibilities; The Domain Name System Security Extensions (DNSSEC) modifies DNS
to add support for cryptographically signed responses. There are various extensions to
support securing zone transfer information as well.
Even with encryption, a DNS server could become compromised by a virus (or for that
matter a disgruntled employee) that would cause IP addresses of that server to be
redirected to a malicious address with a long TTL. This could have far-reaching impact to
potentially millions of Internet users if busy DNS servers cache the bad IP data. This
would require manual purging of all affected DNS caches as required by the long TTL
(up to 68 years).
Some domain names can spoof other, similar-looking domain names. For example ,
"paypal.com" and "paypa1.com" are different names, yet users may be unable to tell the
difference when the user's typeface (font) does not clearly differentiate the letter l and the
numeral 1. This problem is much more serious in systems that support internationalized
domain names, since many characters that are different, from the point of view of ISO
10646; appear identical on typical computer screens. This vulnerability is often exploited
Techniques such as Forward Confirmed reverse DNS can also be used to help validate