Thursday, May 24, 2012

A basic DNS server in Windows 2008 R2

Alright, we will quickly stand up an instance of Domain Name System server in Windows 2008 R2. This is going to be an internal DNS server meant to be the master for all internal zones and hosts records. At this point, we are also not integrating this DNS with the Active Directory Domain Services. There will not be caching, no forwarding nor is it located in the DMZ. The DNS server could however support the access from the internal facing web tier through a forwarder.

Under Windows 2008 R2, majority of the services are exposed via a construct called 'Role'. Each role  encompasses one or more role services, and their corresponding database, collectively delivers a capability commonly required in an enterprise infrastructure. For example, the Remote Desktop Services role, comprised of a set of services such as Remote Desktop Session Host, Remote Desktop Gateway, Remote Desktop Web Access and others which can be optionally included.

In the case of DNS, the role contains only one role service, that is the Domain Name Service.

For the sake of completeness, first make sure we have assigned a static IP address to the Windows 2008 R2 server. If you server is multi homed, you need to ensure every network interface is configured with static IP address.

To install DNS server, we start with installing the DNS role using the Server Manager Management Console.

Steps to add DNS role in Windows 2008 R2
1) In the run menu, enter ServerManager.msc and press enter. A MMC (Microsoft Management Console) will be launched.


2) Under the 'Roles' node in the tree, click 'Add Role'.



3) Check the 'DNS Server' role and click 'Next'



4) If you want to learn more about DNS, read all text and links provided in this page. They are sufficient to provide a good overview of DNS offering in Windows 2008 R2 platform. Click 'Next' if you are in a hurry.




5) Click 'Install' and when the installation finish successfully, click on 'Close'.




6) You will see in the Server Manager console the installed role and the DNS server status.




After the DNS role is installed, you will be able to create a DNS zone that fits your administrative purpose. In our example, I will create a zone call web host zone and the TLD is lab.keinjuan.com.au.


7) Click on 'Go to DNS server' to further configure the service.


8) Expand the tree menu to get to the 'Forward Lookup Zones' leave. Right click and select the 'New Zone...' sub-menu. A wizard will show itself.



9) Click 'Next', select 'Primary Zone', and click 'Next' again to specify a zone name. You will have to make one up. For a flat namespace, not much thought is needed. I have chosen the following naming:

in.lab.keinjuan.org


Short explanation:
  • The 'in' part refers to 'internal' or my intranet.
  • The 'lab' indicates that this is part of my laboratory. I may have something in the future call 'kitch' for my kitchen appliances such as rice cooker, fridge and so forth. Or I will omit it for my real 'production' elements.
  • The 'keinjuan.org' is my unofficial domain name. Doesn't not exist on the internet, doesn't matter.



10) Accept the default 'Do not allow dynamic update'. We don't need that sophistication, we will add the DNS entries manually through the console.


11) Finally click on the 'Finish' button to start installation.


12) Upon the completion, the Server Manager console will display the status of the new DNS you have just created.



Lets add some A type records to resolve our iPlanet webserver and the global zone it resides in. The hostnames and their corrresponding IPv4 IP addresses are as follow:

13) Right click on the newly created forward lookup zone (in.lab.keinjuan.org)


14) In the dialog box, enter the host name in the 'Name' field, and the corresponding IP address in the 'IP address' field. If you enter an IPv4 IP address here, you will get a 'A' record, and a 'AAAA' record when you entered a valid IPv6 address.


I have configure a test IPv6 AAAA record and 2 'A' records for the Solaris global zone as well as the local zone.

15) Test your DNS server by querying the entries using nslookup command from the command prompt, in the DNS box itself. This does not require a connectivity to the hostname being queried at this point of time. Just make sure your DNS server entry in the IP configuration of your server is 127.0.0.1 (localhost).


The nslookup results for each records in the DNS.


C:\Users\Administrator.DC-PRIM>nslookup websvr-g01.in.lab.keinjuan.org
Server:  localhost
Address:  127.0.0.1

Name:    websvr-g01.in.lab.keinjuan.org
Address:  192.168.1.2

C:\Users\Administrator.DC-PRIM>nslookup websvr01.in.lab.keinjuan.org
Server:  localhost
Address:  127.0.0.1

Name:    websvr01.in.lab.keinjuan.org
Address:  192.168.1.3

C:\Users\Administrator.DC-PRIM>nslookup anIPv6Host.in.lab.keinjuan.org
Server:  localhost
Address:  127.0.0.1

Name:    anIPv6Host.in.lab.keinjuan.org
Address:  2001:db8:85a3::8a2e:370:7334


You can also create a reverse lookup zone for the PTR record so you can lookup the hostname by IP address. Play with it.

That is all. In the next article we will look at hooking up the websvr-g01 and websvr01 to this DNS server and browser the webserver using the hostname from the DNS server.

Cheers,


No comments:

Post a Comment