Microsoft DNS Server software
This refers to the “DNS Server” installable Role that comes with Windows Server operating systems.
For the moment, some information may still be at section on DNS server software: subsection related to Microsoft DNS Server installable Role.
- Basic setup guide/info
- Microsoft KB Q172953: “How to Install and Configure Microsoft DNS Server” (for Win NT 4).
- TechNet: Checklist: Implementing a Secure DNS configuration
- Add the role
First, the role will need to be added. See: software installation: installing roles in Windows Server.
- Examples using a command line to install rather automatedly
The following should show a report on what is expected to happen during an installation attempt.
If that works well, try leaving off the
-wto cause the actual installation.
had no impact when trying to install various names (
DNSServerRole /passive /norestart
(Note: Extensions will be added to the specified log file.)
However, that is not expected to work in Windows Server 2008 Server Core. Instead, for a Server Core installation, something like the following may need to be run:
At the time of this writing, “Package Manager” seems to be one of the most compatible methods of installing packages. Other options do exist. Once again, these instructions will point out that more details are available in the section on software installation: installing roles in Windows Server.
- Using the “Add Roles Wizard” (GUI installation)
This guide was made using Windows Server 2008 with Service Pack 1. (There is nothing particularly magical about Service Pack 1: That is simply the installation media that was handy.)
[“Add Roles Wizard”: DNS Server: Confirm Installation Selections] seems to threaten a possible restart. In fact, a restart is not going to be requested for the installation of this service (based on Windows Server 2008). However, uninstalling will require a restart before additional changes may be made to roles. (That was tested with Windows Server 2008, uninstalling using the GUI program Server Manager.)
Speaking of uninstalling the DNS server: TechNet's page called “Install a DNS Server notes that uninstalling the service may leave behind some zone files, but re-installing may result in creating zone files, which may overwrite any pre-existing zone files. So make sure to copy/backup those zone files before re-installing the service.
Pressing Shift-Tab a couple of times will lead to highlighting the option to “Print, e-mail, or save this information”.
This will end up opening a web browser to file:///C:/Windows/logs/ServerManagerInstallationLog.html file (which may have been updated from previously).
From this screen, it is recommended to push Shift-tab a time or two.
- Starting and configuring the graphical management interface
This is completely unnecessary if the command line interface is going to be used for handling the server.
Assuming that the full DHCP Server software has been installed (and not just the Server Core variation), the Administrative Tools folder should now have an icon called “DHCP” which runs “
At this point, it is presumed that the graphical interface is showing a server. If not, make sure the service is running, and then see the directions for when a DHCP server does not show up in the management interface for a similar situation.
- Adding a new zone
- Making a host record
Whatever gets typed in the first field, will start to get added to the second field.
Do go ahead and check the box. It will likely save time.
Upon saving the A record, if there is not a matching Reverse DNS entry, and if the checkbox was checked (indicating that a Reverse DNS entry should be made), then a warning may appear.
If that is encountered, then first make sure this record was created successfully. (The record probably was created successfully, and so the reason to check is just to verify and know what has actually happened.) Then go make a Reverse DNS record. Then edit the matching forward record. Then go confirm that the record was made in the DNS record.)
After a record is created, the software returns back to asking about creating a new domain. There's no acknowledgement by the foreground window that the new host record has been created.
- Creating a Reverse DNS zone
This is generally pretty simple, as long as the subnet has been identified. (In other words, know what IP address range is being used.)
Use the Action menu, or the context/“shortcut”/“right click” menu of the “Reverse Lookup Zones” folder. Then choose “New Zone...”.
[“Add Roles Wizard”: DNS Server: ] (similar to picture 41)
[“Add Roles Wizard”: DNS Server: ] (similar to 47)
Now, go to the “Forward Lookup Zones” folder. Review all important records. (Especially do this for any important addresses, and hopefully any addresses that are not typically updated dynamically.) For each record being reviewed, make a change in the GUI. (For example, uncheck and then re-check the box related to whether a Reverse DNS record should be updated.) Then choose to Apply the change, which will create the appropriate Reverse DNS record for that host.
- Creating names for hosts
Make sure every server has an appropriate Host Record. (Ideally, every such system should have an appropriate AAAA record and an appropriate “A” record.)
- Enabling dynamic updates
If DHCP is also installed on the server, update the credentials.
Some resources to help: 282001, TechNet: Configure DNS dynamic update credentials (DHCP), Ask Premier Field Engineering (PFE) Platforms: DHCP, Dynamic DNS, and Domain Controllers: How about Some PowerShell to Spice Up a Mind-Numbing Topic?, TechNet page: DHCP: Credentials for DNS update should be configured if secure dynamic DNS update is enabled and the domain controller is on the same host as the DHCP server
- Set Forwarders
Make sure that some DNS servers on the Internet can be reached. (See usable DNS servers.) For example, run:
If the servers worked, set the Forwarders.
- Making the change using a graphical interface
- Right click on the server. Choose “Properties”. Choose the “Forwarders” tab. Add appropriate servers.
Also, set the system's own DNS server to be 127.0.0.1, rather than the external servers. This way internal names can be looked up successfully.
(This was rather written by memory, and so may not have been tested.)
Ensure that the DNS Server role is installed (see software installation: Installing Roles and Features in Microsoft Windows Server operating systems. Those who wish to use the graphical approach may find details in the section about software installation: Microsoft Windows Server's Add Roles Wizard.)
Go to the DNS server's configuration console. (After the role is installed, this may be found on the Administrative Tools menu.)
Create a DNS domain. (If this is being done for an actual organization, name the domain after the organization. If this is being done in some sort of group (e.g., a class) type of environment, naming the domain after the network technician may be a better idea.) Have the domain end with .test (per RFC 2606) or “.local” (per a recommendation by Microsoft). Discussion on the use of such a name is discussed by the section on DNS (sub-section called “Alternate DNS roots”).