[#msdnssvr]:

Microsoft DNS Server software

This refers to the “DNS Server” installable Role that comes with Windows Server operating systems.

For the moment, some information may still be at section on DNS server software: subsection related to Microsoft DNS Server installable Role.

Basic setup guide/info
Add the role

First, the role will need to be added. See: software installation: installing roles in Windows Server.

Examples using a command line to install rather automatedly

The following should show a report on what is expected to happen during an installation attempt.

servermanagercmd -i DNS -resultPath result.xml -w -l log.txt

If that works well, try leaving off the -w to cause the actual installation.

Note: OCSetup and pkgmgr had no impact when trying to install various names (DNSServer or DNSServerRole or DNS or DNS-Server-Role or DNS-Server or DNS-Server-Core-Role).

start /w ocsetup DNSServerRole /passive /norestart /log:DNSLog

(Note: Extensions will be added to the specified log file.)

However, that is not expected to work in Windows Server 2008 Server Core. Instead, for a Server Core installation, something like the following may need to be run:

pkgmgr /iu:"DNS-Server-Core-Role" /norestart /l:pkgmgr.log

At the time of this writing, “Package Manager” seems to be one of the most compatible methods of installing packages. Other options do exist. Once again, these instructions will point out that more details are available in the section on software installation: installing roles in Windows Server.

Using the “Add Roles Wizard” (GUI installation)

This guide was made using Windows Server 2008 with Service Pack 1. (There is nothing particularly magical about Service Pack 1: That is simply the installation media that was handy.)

software installation: Microsoft Windows Server's Add Roles Wizard may see a screen such as: [“Add Roles Wizard” (with “DHCP Server” selected/highlighted].

[“Add Roles Wizard”: DNS Server selected]

[“Add Roles Wizard”: DNS Server checked, “Next >” button selected]

[“Add Roles Wizard”: DNS Server Introduction/Overview]

[“Add Roles Wizard”: DNS Server: Confirm Installation Selections] seems to threaten a possible restart. In fact, a restart is not going to be requested for the installation of this service (based on Windows Server 2008). However, uninstalling will require a restart before additional changes may be made to roles. (That was tested with Windows Server 2008, uninstalling using the GUI program Server Manager.)

Speaking of uninstalling the DNS server: TechNet's page called “Install a DNS Server notes that uninstalling the service may leave behind some zone files, but re-installing may result in creating zone files, which may overwrite any pre-existing zone files. So make sure to copy/backup those zone files before re-installing the service.

[“Add Roles Wizard”: DNS Server: Confirm Installation Selections]

Pressing Shift-Tab a couple of times will lead to highlighting the option to “Print, e-mail, or save this information”.

This will end up opening a web browser to file:///C:/Windows/logs/ServerManagerInstallationLog.html file (which may have been updated from previously).

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

From this screen, it is recommended to push Shift-tab a time or two.

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

Starting and configuring the graphical management interface

This is completely unnecessary if the command line interface is going to be used for handling the server.

Assuming that the full DHCP Server software has been installed (and not just the Server Core variation), the Administrative Tools folder should now have an icon called “DHCP” which runs “ %SystemRoot%\system32\dnsmgmt.msc /s ”.

At this point, it is presumed that the graphical interface is showing a server. If not, make sure the service is running, and then see the directions for when a DHCP server does not show up in the management interface for a similar situation.

[“Add Roles Wizard”: DNS Server: ]

Adding a new zone

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

Making a host record

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

Whatever gets typed in the first field, will start to get added to the second field.

[“Add Roles Wizard”: DNS Server: ]

Do go ahead and check the box. It will likely save time.

Upon saving the A record, if there is not a matching Reverse DNS entry, and if the checkbox was checked (indicating that a Reverse DNS entry should be made), then a warning may appear.

[“Add Roles Wizard”: DNS Server: ]

If that is encountered, then first make sure this record was created successfully. (The record probably was created successfully, and so the reason to check is just to verify and know what has actually happened.) Then go make a Reverse DNS record. Then edit the matching forward record. Then go confirm that the record was made in the DNS record.)

[“Add Roles Wizard”: DNS Server: ]

After a record is created, the software returns back to asking about creating a new domain. There's no acknowledgement by the foreground window that the new host record has been created.

[“Add Roles Wizard”: DNS Server: ]

Creating a Reverse DNS zone

This is generally pretty simple, as long as the subnet has been identified. (In other words, know what IP address range is being used.)

[“Add Roles Wizard”: DNS Server: ]

Use the Action menu, or the context/“shortcut”/“right click” menu of the “Reverse Lookup Zones” folder. Then choose “New Zone...”.

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ] (similar to picture 41)

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ] (similar to 47)

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

[“Add Roles Wizard”: DNS Server: ]

Now, go to the “Forward Lookup Zones” folder. Review all important records. (Especially do this for any important addresses, and hopefully any addresses that are not typically updated dynamically.) For each record being reviewed, make a change in the GUI. (For example, uncheck and then re-check the box related to whether a Reverse DNS record should be updated.) Then choose to Apply the change, which will create the appropriate Reverse DNS record for that host.

Creating names for hosts

Make sure every server has an appropriate Host Record. (Ideally, every such system should have an appropriate AAAA record and an appropriate “A” record.)

Enabling dynamic updates

If DHCP is also installed on the server, update the credentials.

Some resources to help: 282001, TechNet: Configure DNS dynamic update credentials (DHCP), Ask Premier Field Engineering (PFE) Platforms: DHCP, Dynamic DNS, and Domain Controllers: How about Some PowerShell to Spice Up a Mind-Numbing Topic?, TechNet page: DHCP: Credentials for DNS update should be configured if secure dynamic DNS update is enabled and the domain controller is on the same host as the DHCP server

Set Forwarders

Make sure that some DNS servers on the Internet can be reached. (See usable DNS servers.) For example, run:

nslookup google.com 8.8.8.8

If the servers worked, set the Forwarders.

Making the change using a graphical interface
Right click on the server. Choose “Properties”. Choose the “Forwarders” tab. Add appropriate servers.

Also, set the system's own DNS server to be 127.0.0.1, rather than the external servers. This way internal names can be looked up successfully.

(This was rather written by memory, and so may not have been tested.)

Ensure that the DNS Server role is installed (see software installation: Installing Roles and Features in Microsoft Windows Server operating systems. Those who wish to use the graphical approach may find details in the section about software installation: Microsoft Windows Server's Add Roles Wizard.)

Go to the DNS server's configuration console. (After the role is installed, this may be found on the Administrative Tools menu.)

Create a DNS domain. (If this is being done for an actual organization, name the domain after the organization. If this is being done in some sort of group (e.g., a class) type of environment, naming the domain after the network technician may be a better idea.) Have the domain end with .test (per RFC 2606) or “.local” (per a recommendation by Microsoft). Discussion on the use of such a name is discussed by the section on DNS (sub-section called “Alternate DNS roots”).

Once a DNS domain has been made, add a “Host” AAAA record for every server. Also add a “Host” A record for every server.