Dns tutorial windows 2003

Sometimes this process isn't enough however. A simple example is a company that has Active Directory deployed on its internal network and uses a private top-level domain like. For example, say a company has a single Active Directory domain named test Here's what happens DNS-wise as far as name resolution is concerned:.

Now that's a lot of steps, and if the company has a slow WAN link to the Internet then you're using valuable bandwidth. A better approach than "going up to root" to resolve www. A forwarder is a name server that handles name queries that can't be resolved by another name server. Let's see how the above scenario works when a forwarder is configured on the internal name server SRV Note that this procedure takes about the same number of steps as before, but most of these steps are performed offsite by the ISP's name server, so the amount of bandwidth used over the Internet connection is considerably less and the processing load on the internal name server SRV is minimized as well.

And these are good things from an administrator's perspective. Of course, if the forwarder doesn't respond within the timeout configured, the server can either try another forwarder if configured or use root hints if available or give up and return an error.

What's different in Windows Server is the concept of conditional forwarding, which I'll look at next. A conditional forwarder is one that handles name resolution only for a specific domain.

For example, you could configure your name server to forward any requests for hosts in the domain google. What this does is speed up the name resolution process by eliminating the need to go up to root to find this authoritative server.

In this case our previous example would now look like this:. First let's find a name server authoritative for the google. Go to this page, type google. Domain names in the. Whois Server: whois. Now that we have the IP address of one of the name servers authoritative for the google. Key points will be highlighted that will help to make the installation of DNS on Windows effective. This article will have a security slant to it as security is a compelling part of any well built network. Planning of the DNS installation is beyond the scope of this article and will be covered in later articles.

The installation of DNS in itself is not at all complicated but mitigating aspects and considerations need to be addressed so that security is taken into account as well as planning and redundancy has been factored in to allow for normal operational downtime without disruption to the clients.

Specific rules like where to place such a server and how to secure it needs to be taken into consideration and adequate planning will result in successful role out of the service. For example, users prefer the friendly name www. Historically files located on the local machine were used these files were known as host files and need to be maintained and updated by an administrator on every machine so that the resolution of names could be easily facilitated. Imagine maintaining the hosts file for all of the internet domain names and sub domains today.

For more information on the process refer to RFCs and If you are running Windows you will soon realize that a vital service that the active directory can not function without is DNS. DNS is necessary as you already know to resolve names and the interoperation of active directory and other services and applications have come to rely if not take DNS for granted.

DNS is very useful and necessary in all functional active directory networks for this reason it is recommended that the server computer where DNS is installed is secured and isolated from radical change. To insure that the server is always available be certain that no one makes changes to the server without testing and backing up the configuration.

In most cases a successful backup strategy ensures that in the event of a minor mishap or disaster the configuration can be restored on an alternate system. Do not overlook DNS as complex configurations can be difficult to restore without documentation and prior knowledge of destroyed systems. In terms of integrity you need to ensure that no one but authorized users have access and control over the DNS sever this is important as you do not want your resources abused and miss-configured by intruders that have other plans for you vital naming service.

If you are in a high security environment it is essential that this server be locked down as it is an easy target for intruders that want to cause a denial of service on you active directory.

It may be a good idea to only let LAN users that are part of the domain to query your DNS server to ensure confidentiality of your naming conventions and other sensitive information. If any nameservers are already listed in this screen, click on them and remove them. After removing existing nameservers, click the Add button:.

The IP address of your primary nameserver will now appear in the box below. Click OK :. The last entry you need to add is the MX mail entry.