次の方法で共有


DNS server role: Configuring a DNS server

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

DNS server role: Configuring a DNS server

Domain Name System (DNS) servers host records of a distributed DNS database and use the records they host to resolve DNS name queries sent by DNS client computers, such as queries for the names of Web sites or computers in your network or on the Internet. If you plan to use this computer to answer DNS queries for computers in your network, then add the DNS server role.

This topic explains the basic steps that you must follow to configure a DNS server for either a small organization or a branch office in a large organization. For both scenarios, this topic explains the basic steps you must follow to configure a DNS server and configure it with a DNS zone for your network. This topic will also cover how to forward queries for external resources to a DNS server either run by an Internet service provider (ISP), as in the case of a small organization, or run by the central office of a large organization, as in the case of the branch office.

This process involves using the Configure Your Server Wizard, the Configure a New DNS Server Wizard, and Manage Your Server to configure the server as a DNS server. When you have finished setting up a DNS server, you can complete additional configuration tasks, depending on how you want to use the DNS server.

Note

  • A DNS server is not usually necessary in a small business because the Windows Internet Name Service (WINS) name resolution method is used to locate network resources, and resources on the Internet are located using the DNS servers run by an ISP. However, as more networks are becoming integrated with the Internet, DNS is becoming more common in small networks.

    Using DNS in your network does not necessarily require that you administer a DNS infrastructure. If you have a small network in which information is maintained dependably, then you can choose to have your DNS namespace administered by a different organization that specializes in DNS administration, such as your government or an ISP. In this case, the different organization will host and administer your DNS information for you or integrate your computers with an existing DNS server hosted in its network.

This topic covers:

Before you begin

Configuring your DNS server

Next steps: Completing additional tasks

Before you begin

Before you configure your computer as a DNS server, verify whether or not:

  • The operating system is configured correctly. In the Windows Server 2003 family, the DNS Server service depends on the appropriate configuration of the operating system and its services, such as TCP/IP. If you have a new installation of a Windows Server 2003 operating system, then you can use the default service settings. No further action is necessary. If you upgraded to a Windows Server 2003 operating system, or if you want to verify that your service settings are configured correctly for the best performance and security, then see Default settings for services.

  • All available disk space is allocated. You can use Disk Management or DiskPart.exe to create a new partition from unallocated space. For more information, see Create a partition or logical drive.

  • All existing disk volumes use the NTFS file system. FAT32 volumes are not secure, and they do not support file and folder compression, disk quotas, file encryption, or individual file permissions.

  • Windows Firewall is enabled. For more information, see Enable Windows Firewall with no exceptions.

  • The Security Configuration Wizard is installed and enabled. For information about the Security Configuration wizard, see Security Configuration Wizard Overview.

The following table lists the information that you need to know before you add a DNS server role.

For all organizations

 

Before adding a DNS server role

Comments

Determine if you are adding the DNS server role to support Active Directory.

If you are going to deploy Active Directory, then the DNS servers used to support Active Directory will be installed and configured automatically by the Active Directory Installation Wizard. For more information, see Typical setup for a first server and Domain controller role: Configuring a domain controller.

Inventory the security policies of your network and company to see how they can be maintained when broadcasting DNS data over the Internet.

DNS was originally designed as an open protocol and is therefore vulnerable to attackers. Windows Server 2003 DNS provides features for a very secure DNS infrastructure. To configure DNS to support these security policies, have your company's security policies available when designing and deploying your DNS server, zones, and resource records. For more information, see Security information for DNS.

Review the DNS checklist.

Review the information in Checklist: Installing a DNS server.

For a small organization

 

Before adding a DNS server role

Comments

Choose the first DNS domain name for your company.

Choosing the first DNS domain name for your company involves selecting a domain name that is unique within the DNS namespace of the Internet.

If your organization has a Web site, use your existing Web site name as a starting point for your DNS domain name. If the name of your Web site is www.humongousinsurance.com, create the first domain name as an extension of this name using the subdomain name corp, for example, corp.humongousinsurance.com.

Check with your ISP to determine that your network Internet Protocol (IP) addresses are registered with an Internet registrar.

In order for your DNS deployment to work over the Internet, both the IP addresses and DNS domain name used by your network must be registered with an authorized Internet registrar. These organizations are responsible for assigning IP addresses and DNS domain names and keeping public records of the assignments.

If you are connected to the Internet, then your company's network is most likely a subnet of your ISP's network. In this case, the IP addresses of the subnet will have been registered with the Internet registrar.

Register your DNS domain name with an Internet registrar.

Register the DNS domain name you will use for your company even if you are deploying DNS in a private network. If you do not register the name and later attempt to use it on the Internet, or connect to a network that is connected to the Internet, you might find that the name is unavailable because some other company has registered the name. You can also have your ISP register your DNS domain name for you.

When deciding on your DNS domain name, search the Internet to see what domain names are available using one of the Web sites provided by an authorized Internet registration authority. To search the Internet for available domain names, see the Internet Network Information Center (InterNIC) Web site. Web addresses can change, so you might be unable to connect to the Web site or sites mentioned here.

Understand that the name of the first DNS zone this DNS server will host is the same as the DNS domain name you registered.

When you configure the DNS server role, you will define the first DNS zone that this DNS server will host using the domain name of the DNS domain of your network, such as corp.humongousinsurance.com.

Obtain the IP address of one or more DNS servers hosted by your ISP to use as a forwarder.

You will configure the DNS server with a forwarder to send queries for names that are not in your network to a DNS server at your ISP.

For a branch office in a large organization

 

Before adding a DNS server role

Comments

Obtain the DNS domain name for your network from your central office.

The first DNS domain name for your branch office is a subdomain of a domain used in the network at your central office. For example, if your central office uses the domain name corp.humongousinsurance.com, the DNS domain name for your branch office could be seattle.corp.humongousinsurance.com. Always confirm that your DNS domain name has been properly delegated from the central office.

Configuring your DNS server

To configure a DNS server, start the Configure Your Server Wizard by doing either of the following:

  • From Manage Your Server, click Add or remove a role. By default, Manage Your Server starts automatically when you log on. To open Manage Your Server, click Start, click Control Panel, double-click Administrative Tools, and then double-click Manage Your Server.

  • To open the Configure Your Server Wizard, click Start, point to All Programs, point to Administrative Tools, and then click Configure Your Server Wizard.

On the Server Role page, click DNS server, and then click Next.

This section covers:

Summary of Selections

Setting a static DNS server IP address

Using the Configure a DNS Server Wizard

Completing the Configure Your Server Wizard

Removing the DNS server role

Summary of Selections

On the Summary of Selections page, view and confirm the options that you have selected. If you selected DNS Server on the Server Role page, the following appears:

  • Install DNS Server

  • Run the Configure a DNS Server Wizard to configure DNS

If the Summary of Selections page lists these two items, click Next. If the Summary of Selections page does not list these two items, click Back to return to the Server Role page, click DNS server, and then click Next.

Setting a static DNS server IP address

After you click Next, the Configure Your Server Wizard installs the DNS Server service. During the installation of the DNS Server service, the Configure Your Server Wizard determines whether the IP address for this server is static or is configured automatically. DNS servers are located by DNS clients by using static IP addresses, and an IP address that is automatically configured can cause problems for DNS clients when the IP address changes.

If this server is currently configured to obtain its IP address automatically, the Configuring Components page of the Windows Components Wizard appears, and prompts you to configure this server with a static IP address. In the Local Area Connection Properties dialog box, click Internet Protocol (TCP/IP), and then click Properties. In the Internet Protocols (TCP/IP) Properties dialog box, click Use the following IP address, and then type the static IP address, subnet mask, and default gateway for this server. In Preferred DNS server, type the IP address of this server. In Alternate DNS server, type the IP address of the DNS server hosted by your ISP or central office. When you finish setting up the static addresses for your DNS server, click OK, and then click Close.

Notes

  • For a small organization, the static IP address for this server will be used to register the DNS domain name for your company with an authorized Internet registrar. The Internet registrar will map the DNS domain name for your company with the IP address so that computers on the Internet looking for computers in your network will know the IP address of the DNS server for your network.

  • For a branch office, the static IP address for this server will be used in the domain name delegation configured on a DNS server at the central office of your organization. Computers in your organization and on the Internet looking for computers in your network will use the IP address of the DNS server for your network. For this reason, it is very important that you do not change the IP address of this server after you have added the DNS server role.

Using the Configure a DNS Server Wizard

After you click Close, the Configure a DNS Server Wizard starts. If you cancel the Configure a DNS Server Wizard, the DNS Server service remains installed, but it cannot resolve names until you configure DNS settings. If you choose to configure DNS settings later, you can do so using the DNS console.

This section describes the following steps in the Configure a DNS Server Wizard:

Select Configuration Action

Primary Server Location

Zone Name

Dynamic Update

Forwarders

Completing the Configure a DNS Server Wizard

Select Configuration Action

On the Select Configuration Action page, select Create a forward lookup zone, and then click Next.

Primary Server Location

To specify that this DNS server will host a DNS zone that contains DNS resource records for your network resources, on the Primary Server Location page, select This server maintains the zone, and then click Next.

Zone Name

On the Zone Name page, in Zone name, specify the name of the DNS zone for your network, and then click Next. The name of the zone is the same as the name of the DNS domain for your small organization or branch office.

Dynamic Update

On the Dynamic Update page, click Allow both nonsecure and secure dynamic updates, and then click Next. This will automate the update of the DNS resource records for the resources in your network.

Forwarders

On the Forwarders page, click Yes, it should forward queries to DNS servers with the following IP addresses, and then click Next. By selecting this configuration, you forward all DNS queries for DNS names outside of your network to a DNS server at either your ISP or central office. Type one or more IP addresses used by DNS servers run by either your ISP or central office.

Completing the Configure a DNS Server Wizard

On the Completing the Configure a DNS Server Wizard page of the Configure a DNS Server Wizard, you can click Back to change any of the settings. To apply your selections, click Finish.

Completing the Configure Your Server Wizard

After you complete the Configure a DNS Server Wizard, the Configure Your Server Wizard displays the This Server is Now a DNS Server page. To review all of the changes made to your server by the Configure Your Server Wizard or to ensure that a new role was installed successfully, click Configure Your Server log. The Configure Your Server Wizard log is located at systemroot\Debug\Configure Your Server.log. To close the Configure Your Server Wizard, click Finish.

To verify that your server is secure and has the most recent updates, do the following:

  1. Run Windows Update. For more information, see Windows Update.

  2. Run the Security Configuration Wizard. For more information, see Security Configuration Wizard Overview.

Removing the DNS server role

If you need to reconfigure your server for a different role, you can remove existing server roles. If you remove the DNS server role from this server you should configure the TCP/IP settings of this server, and any clients using this server as their DNS server, with the IP address of a different DNS server.

To remove the DNS server role, restart the Configure Your Server Wizard by doing either of the following:

  • From Manage Your Server, click Add or remove a role. By default, Manage Your Server starts automatically when you log on. To open Manage Your Server, click Start, click Control Panel, double-click Administrative Tools, and then double-click Manage Your Server.

  • To open the Configure Your Server Wizard, click Start, click Control Panel, double-click Administrative Tools, and then double-click Configure Your Server Wizard.

On the Server Role page, click DNS server, and then click Next. On the Role Removal Confirmation page, review the items listed under Summary, select the Remove the DNS server role check box, and then click Next. After you click Next, the Configuring Components page of the Windows Components Wizard appears, and then closes automatically. You cannot click Back or Next on this page. On the DNS Server Role Removed page, click Finish.

Next steps: Completing additional tasks

After you complete the Configure Your Server Wizard and the Configure a New DNS Server Wizard, your server is ready for use as a DNS server. Up to this point, you have completed the following tasks:

  • Set the DNS server to use a static IP address.

  • Configured the DNS zone for your network.

  • Configured the DNS server to forward all DNS queries for DNS names outside your network to a DNS server at your ISP or central office.

When you complete the Configure Your Server Wizard, it automatically installs the DNS console, which you use to manage your DNS server. To open DNS, click Start, click Control Panel, double-click Administrative Tools, and then double-click DNS.

The following table lists some of the additional tasks that you might want to perform on your DNS server.

Tasks Purpose of task Reference

Configure the computers in your network to use this DNS server as their preferred DNS server.

To connect your DNS clients to the DNS server and dynamically update the zone with the DNS resource records required for name resolution.

Configure TCP/IP to use DNS; Dynamic update

If this server is a multihomed computer, configure the DNS Server service to respond to queries on the local network IP address only.

To secure your DNS server from external queries. For example, a server acting as proxy server can have two network adapters, one for the intranet and one for the Internet. If that server is also running the Windows Server 2003 DNS Server service, you can configure the service to only use the intranet network adapter. By configuring this server to respond only to queries on the local network IP address, you will secure the server from unwanted Internet queries.

Restrict a DNS server to listen only on selected addresses

Verify the server configuration.

To ensure that the DNS configuration performed using the Configure a New DNS Server Wizard is correct.

Verifying server configuration

Verify DNS server responsiveness using the nslookup command.

To verify that the DNS server is able to resolve DNS queries for resources in your network.

Verify DNS server responsiveness using the nslookup command

Verify that a resource records exist in DNS.

To verify that the computers that use the DNS server can be located on the network.

To verify A resource records exist in DNS

Configure ports to allow remote administration.

To manage the DNS server from other computers on the network.

Windows Firewall Settings