How To Open Dns Manager In Windows Server 2008

Nowadays all major domain registrars offer managed DNS service along with the domain proper noun(south) you register with them. Y'all can use them to create most of the ordinarily used DNS records like A, MX, CNAME and some even allow you to create AAAA(IPv6), SRV and TXT records. Just if you want full control over the DNS of your domain(s) its better to setup your own server for DNS hosting.

Setting up a full fledged authoritative DNS server is not and then hard as it sounds. If your know how DNS works you can easily setup your own DNS hosting server to host an unlimited number of domains. In this article I've setup an authoritative DNS server using Windows Server 2008 R2.

Requirements:

• Static public IP accost
• Static individual IP assigned to the server (if your server is backside a NAT device)
• A very reliable Internet connection with 100% uptime (not required if you're just testing)
• Server with a capacity to handle DNS requests running Windows Server 2008
• A registered domain name, if you're just doing a test setup register a free dot.tk domain proper noun.

Check for Static IP address

The IP accost assigned to your server (either private or public) must be static else you'll get the following alarm message when installing the "DNS server" role.

Yous'll be presented with this warning when adding the DNS role if your server has a dynamic IP accost

The Preferred and Alternate DNS settings can be anything just Non the loopback IP address (127.0.0.1) because we're setting up an authoritative only DNS server and non a recursive one. In the following screenshot I've set it to the IP accost of my gateway device as it functions as a DNS forwarder as well. Since my exam server is behind a NAT device I'thou using private IP addresses.

My server is is backside a modem which performs NAT hence I've assigned a static IP address

You may wonder how queries for the authoritative domain we're configuring will be answered, I'll provide an explanation at the end.

Install the DNS server role

Hit [windows] + R to open the Run dialog box and enter "servermanager.msc"

The server director can exist opened by going to Run and typing servermanager.msc

Click "Add roles", in the wizard that appears click next and choose "DNS Server".

Click "Install" in the confirmation page.

After installation cull to restart your figurer.

Once complete you tin open the DNS manager in 1 of the post-obit ways, open the "Run" dialog box and enter "dnsmgmt.msc"

or Open Get-go menu > Administrative tools > DNS

Disabling recursion and root hints

Every bit I mentioned earlier we're configuring an administrative server so leaving recursion to its default (which is enabled) will create a vulnerability for DNS DoS attacks. Open the DNS Manager, right-click the name of your server and click properties.

Go to the Advanced tab and check "Disable recursion (as well disables forwarders)" and click OK.

Only information technology isn't washed yet, the server nonetheless has root DNS servers in its configuration so it returns the root DNS server details each fourth dimension information technology is queried for a non existent domain proper noun. To forbid this we demand to create a forrad lookup zone with the name "." y'all read that correct it is just a single dot. Right-click "Forward Lookup Zones" and select "New Zone".

Proceed with the wizard and choose "Master Zone" blazon.

Enter the zone name equally "." (without quotes) and click side by side.

Place a dot for the zone proper name when creating a root zone for disabling root hints

In the "Dynamic updates" page go out it to the defaults and press Side by side.

Finally click "Finish"

Now a root zone has been created and then this server will return a NXDOMAIN (non existing domain) answer whenever a recursive query is made.

Creating an administrative zone

This is similar to the steps followed previously, right-click the "Frontward lookup zone", click "New Zone"

Choose "primary zone"

At present enter your registered domain name, for the purpose of this commodity I'll be using a free dot.tk domain name.

Enter your registered domain name

Leave "dynamic updates" to its defaults and stop the magician.

In the next few steps we'll be creating records for this zone, this is where steps for users with NAT and public IP differ.

Creating DNS records

While creating records for the domain always remember to use merely public IP addresses. First we'll be editing the NS and SOA records that were automatically created with this zone. Open the properties of the NS record and edit the proper noun server entry in it.

Modify the NS record of the newly created zone, enter the public IP accost of your server and change the FQDN

If your server has a directly assigned public IP and then editing the FQDN alone if enough, set information technology to something like dns1.yourdomain.com. For servers behind a NAT device edit the FQDN likewise as the IP address. Remove the private IP accost in the listing and enter your public cyberspace facing IP address. When you salvage this setting y'all'll be asked whether you lot want to remove the individual IP address, press "Yeah"

At this indicate DNS manager will automatically create an A record pointing "dns1.yourdomain.com" to <Public IP address>. Next modify the SOA record, change the Main server to the NS record merely edited and enter your email accost under "Responsible Person" replacing @ with a dot (user@instance.com is entered as user.example.com).

Change the default SOA record, change the Master Server and e-mail address

Create an A record for the parent domain proper name.

Create an A tape pointing to the server which will handle requests for this domain (e.chiliad a webserver)

I've entered the IP accost of the web server hosting this blog. Create a CNAME record for the www part of the domain name.

Create a CNAME record to point the world wide web portion of the domain to the parent domain

After everything is washed brand sure your firewall allows inbound port 53 both TCP and UDP, test this be going to the Open port checker

Cheque if port 53 is open using the open port check tool

Login to your domain registrar'south control panel and configure name servers. You may also create additional records like MX and TXT if required.

Configure the domain name

Finally the domain proper noun'due south proper name server must exist set to the IP address of the server we've just configured. Login to your domain registrar'southward command panel and create a child proper noun server. A kid name server also known as a glue record looks like a subdomain of the major domain but is the authoritative name server for it. For example, the domain myowndns.tk will have a kid name server dns.myowndns.tk forth with the IP accost of the server we're setting upward.

Create a kid proper noun server for your domain from the domain control panel

The IP address must be the public IP address through which the DNS server is accessible and query-able (port 53 allowed). Once this is done expect for "DNS propagation" to occur, theoretically it may take more a twenty-four hours for propagation around the world simply y'all can encounter the results in 10 minutes. Open an online DNS lookup tool which gives a lot of detail like network-tools.com. Offset query the default DNS server and have a look at the results.

Query a public DNS service to cheque for propagation

Querying a public DNS server returns a recursive response

And so query the authoritative DNS server directly and await at the results.

Querying the authoritative DNS server directly

To check if DNS has propagated throughout the world practise a DNS lookup at whatsmydns.net

You can too setup secondary (or slave/backup) DNS servers the aforementioned way or get them free as mentioned in this article.

Whatever doubts or bug driblet a comment beneath and I'll assist you lot out.

Source: https://websistent.com/authoritative-dns-in-windows-server-2008/

Posted by: mileyclus1971.blogspot.com

Share this post