Книга: Windows Server 2012 R2 Storage, Security, & Networking Pocket Consultant

Configuring a primary DNS server

Configuring a primary DNS server

Every domain should have a primary DNS server. You can integrate this server with Active Directory, or it can act as a standard primary server. Primary servers should have forward lookup zones and reverse lookup zones. You use forward lookups to resolve domain names to IP addresses. You need reverse lookups to authenticate DNS requests by resolving IP addresses to domain names or hosts.

After you install the DNS Server service on the server, you can configure a primary server by following these steps:

1. Start the DNS Manager console. If the server you want to configure isn’t listed, connect to it as described previously in “Installing and configuring the DNS Server service.”

2. An entry for the DNS server should be listed in the tree view pane of the DNS Manager console. Press and hold or right-click the server entry, and then tap or click New Zone to start the New Zone Wizard. Tap or click Next.

3. As Figure 9–3 shows, you can now select the zone type. If you’re configuring a primary server integrated with Active Directory (on a domain controller), select Primary Zone and be sure the Store The Zone In Active Directory check box is selected. If you don’t want to integrate DNS with Active Directory, select Primary Zone, and then clear the Store The Zone In Active Directory check box. Tap or click Next.


FIGURE 9–3 In the New Zone Wizard, select the zone type.

4. If you’re integrating the zone with Active Directory, choose one of the following replication strategies; otherwise, proceed to step 6.

? To All DNS Servers Running On Domain Controllers In This Forest Choose this strategy if you want the widest replication strategy. Remember, the Active Directory forest includes all domain trees that share the directory data with the current domain.

? To All DNS Servers Running On Domain Controllers In This Domain Choose this strategy if you want to replicate DNS information within the current domain.

? To All Domain Controllers In This Domain (For Windows 200 °Compatibility) Choose this strategy if you want to replicate DNS information to all domain controllers within the current domain, as needed for Windows 2000 compatibility. Although this strategy gives wider replication for DNS information within the domain and supports compatibility with Windows 2000, not every domain controller is a DNS server as well (nor do you need to configure every domain controller as a DNS server).

5. Tap or click Next. Select Forward Lookup Zone, and then tap or click Next.

6. Enter the full DNS name for the zone. The zone name should help determine how the server or zone fits into the DNS domain hierarchy. For example, if you’re creating the primary server for the microsoft.com domain, you would enter microsoft.com as the zone name. Tap or click Next.

7. If you’re configuring a primary zone that isn’t integrated with Active Directory, you need to set the zone file name. A default name for the zone’s DNS database file should be filled in for you. You can use this name or enter a new file name. Tap or click Next.

8. Specify whether dynamic updates are allowed. You have three options:

? Allow Only Secure Dynamic Updates When the zone is integrated with Active Directory, you can use access control lists (ACLs) to restrict which clients can perform dynamic updates. With this option selected, only clients with authorized computer accounts and approved ACLs can dynamically update their resource records in DNS when changes occur.

? Allow Both Nonsecure And Secure Dynamic Updates Choose this option to allow any client to update its resource records in DNS when changes occur. Clients can be secure or nonsecure.

? Do Not Allow Dynamic Updates Choose this option to disable dynamic updates in DNS. You should use this option only when the zone isn’t integrated with Active Directory.

9. Tap or click Next, and then tap or click Finish to complete the process. The new zone is added to the server, and basic DNS records are created automatically.

10. A single DNS server can provide services for multiple domains. If you have multiple parent domains, such as microsoft.com and msn.com, you can repeat this process to configure other forward lookup zones. You also need to configure reverse lookup zones. Follow the steps listed in “Configuring reverse lookups” later in this chapter.

11. You need to create additional records for any computers you want to make accessible to other DNS domains. To do this, follow the steps listed in “Managing DNS records” later in this chapter.

REAL WORLD Most organizations have private and public areas of their network. The public network areas might be where web and external email servers reside. Your organization’s public network areas shouldn’t allow unrestricted access. Instead, public network areas should be configured as part of perimeter networks. (Perimeter networks are also known as DMZs, demilitarized zones, and screened subnets. These are areas protected by your organization’s firewall that have restricted external access and no access to the internal network.) Otherwise, public network areas should be in a completely separate and firewall-protected area.

? The private network areas are where the organization’s internal servers and work stations reside. On the public network areas, your DNS settings are in the public Internet space. here, you might use a.com,org, or.net DNS name that you’ve registered with an Internet registrar and public IP addresses that you’ve purchased or leased. On the private network areas, your DNS settings are in the private network space. here, you might use adatum.com as your organization’s DNS name and private IP addresses, as discussed in Chapter 7.

Оглавление книги


Генерация: 1.541. Запросов К БД/Cache: 3 / 1
поделиться
Вверх Вниз