Friday, October 14, 2011

Installing a DNS Server Role in Windows Server 2008

DNS recognizes computers by alphanumeric names and translates the names to the numerical IP addresses recognized by computers and networking equipment. DNS resolves the computer names to the IP addresses.
DNS is installed as a role in Windows Server 2008. It can be installed with Server Manager and with the DNS Server command from the command prompt. The preferred way is to install the DNS Server Role when Active Directory Domain Services is installed, if you want to integrate the DNS domain namespace with the AD DS domain namespace. In addition, Server Core can act as a DNS Server.
DNS, Domain Name System is a hierarchical distributed database. InterNIC, the Internet's Network Information Center is responsible for managing the domain name space.
DNS is used to resolve Internet names and has been around since the early 1980’s, when the internet was previously managed by a single host file. DNS was conceived when the file grew so large it became unmanageable. DNS was created to manage the Internet’s huge number of forever growing hosts. 
My first memory of the Internet was in 1995 when as employees we were first exposed to the Internet in the Payroll IT department at Memorial Sloan-Kettering Cancer Center. It's amazing how far the internet has come even since then.
DNS Namespace
The DNS Namespace enables a DNS client to locate a computer. The namespace is organized in a hierarchical fashion in order to distribute information across many servers in the world wide web of DNS names. DNS Namespace Planning
Review existing names at

Root domain. The root domain is represented by a period. We don’t type this into the browser. It is assumed and sent out to one of the thirteen root servers.
Top-Level domain. In the US, we typically have .net, .com, .org., .mil, and .gov
Second-Level domain. Companies generally purchase the second-level domain space. Then they control the subdomains below that. 
Subdomain. Useful if you already have an existing DNS namespace for different locations in your company.
FQDN (Fully Qualified Domain Name). The actual client computer within the subdomain.

Domain name syntax

A domain name consists of one or more parts, technically called labels, that are conventionally concatenated, and delimited by dots, such as
  • The right-most label conveys the top-level domain; for example, the domain name www.example.combelongs to the top-level domain com.
  • The hierarchy of domains descends from the right to the left label in the name; each label to the left specifies a subdivision, or subdomain of the domain to the right. For example: the label examplespecifies a node as a subdomain of the com domain, and www is a label to, a subdomain of This tree of labels may consist of 127 levels. Each label may contain 1 up to and including 63 octets[clarification needed]. The empty label is reserved for the root node. The full domain name may not exceed a total length of 253 characters.[2] In practice, somedomain registries may have shorter limits.
  • hostname is a domain name that has at least one associated IP address. For example, the domain names and are also hostnames, whereas the com domain is not. However, other top-level domains, particularly country code top-level domains, may indeed have an IP address, and if so, they are also hostnames.
  • Hostnames impose restrictions on which characters may be used in the domain name. A valid hostname is also a valid domain name, but a valid domain name is not necessarily valid as a hostname.
DNS Improvements for Windows Server 2008
Background zone loading. Zone data loads in the background allowing for faster queries.
IPV6. Version 6 support.
New read-only domain controller support. Provides read-only zones on read-only domain controllers. Allows domain controllers and dns servers to be deployed in a small office or branch location that is lacking physical security. A RODC cannot write information back to Active Directory.
Global single names. A new zone type for Windows Server 2008. Supports machines that use single-name labels, like a WINS client or NetBios client, eliminating the need for WINS for this type of infrastructure. 

Installing the DNS Server Role using Server Manager
In this example, SVR-1 is the server name. 
Select Windows Firewall from Control Panel.
Select Change Settings.
Click on the Exceptions tab. There is not currently an exception for DNS. (attention: when we install the DNS using Server Manager, the firewall exception will be created automatically).
  1. Go to the Quick Launch toolbar to launch Server Manager.
  2. Scroll through the details pane until you get to Roles
  3. Select Add Roles.
  4. Click Next.
  5. Select DNS Server.
  6. Click Next.
  7. On this screen, there are links available to access the Help screen about DNS, if needed. Click Next.
  8. Select Install.
  9. After installation,you receive an Installation successful message. Click Close.
  10. Close Server Manager.
Go to the Start menu. Select Control Panel. Select Windows Firewall. Select Change Settings.
Select the Exceptions tab. Now you see the DNS Service listed under Program or Port. The necessary exception is created by adding DNS with Server Manager.
Removing the DNS Server Role using Server Manager
  1. Select Server Manager.
  2. Scroll to the Roles Summary.
  3. Select Remove Roles.
  4. Click Next.
  5. From the list of installed roles, uncheck DNS Server.
  6. Click Next.
  7. Click Remove.
  8. The DNS removal begins. You will receive a Restart Pending warning message indicating You must restart this server to finish the removal process.
  9. Click Close. A message asking “Do you want to restart now?” displays.
Installing the DNS Server Role through command prompt.
In this example, SVR-1 is the server name. 
A lot of administrators prefer using the command prompt instead of using Server Manager.
A new program called servermanagercmd, the Server Manager command, allows an administrator to use the command prompt to install DNS.
  1. Type cmd into the Start box to launch the command prompt.
  2. Type servermanagercmd –install dns –resultpath installresult.xml 
  3. Press enter. 
(note: resultpath installresult.xml feeds the results of the install to an xml file)
You will receive a bit of verbose output about the DNS installation, and then a “Success: Installation succeeded” message.
To review the results of the .xml file
  1. Select the Start button.
  2. Choose Administrator. This will open the Administrator folder and you will see the installresult.xml file.
  3. Right click on installresult and Open with Notepad to review and verify.
Another way to verify DNS is installed is to go to Administrator Tools on the Start menu and find DNS. You will see the Lookup Zones and Conditional Forwarders.
Considerations when Deploying the DNS Server Role
The DNS Server Role is critical in the Windows Active Directory Network infrastructure.
  • The user account must be a member of the local administrator group or equivalent.
  • Manually configure the server to use a static IP address is recommended.
  • Manually editing the server and boot files not recommended to manage the DNS server.
  • Use DNS console or dnscmd to manage the DNS server.
  • Active Directory-integrated DNS zones cannot be administered using a text editor.

1 comment:

"Comment As:" anonymous if you would rather not sign into an account!