How to configure dns records windows server 2003

For both private and public networks i. DNS does this by using records stored in its database. On the Internet DNS mainly stores records for public domain names and servers whereas in private networks it may store records for client computers, network servers and data pertaining to Active Directory.

We will begin by setting up a cache-only DNS server and progress to creating a primary forward lookup zone, a reverse lookup zone, and finally some resource records. At the end of this article we will have set up a DNS server capable of resolving internal and external host names to IP addresses and the reverse. Before installing and configuring DNS on our server we have to perform some preliminary tasks.

The suffix will be used to fully-qualify the server name. To begin:. Our LAN is on a This tells the server to use its own DNS server service for name resolution, rather than using a separate server.

After filling out those fields , click the Advanced button. To do this:. When the Windows Components Wizard comes up, scroll down and highlight Networking Services and then click the Details button.

Note that, during the install, Windows may generate an error claiming that it could not find a file needed for DNS installation. The wizard should automatically find the file and allow you to select it.

After that, the wizard should resume the install. After this, DNS should be successfully installed. As our DNS server was just installed it is not populated with anything. The Forward Lookup Zones node stores zones that are used to map host names to IP addresses, whereas the Reverse Lookup Zones node stores zones that are used to map IP addresses to host names. A cache-only DNS server contains no zones or resource records.

Its only function is to cache answers to queries that it processes, that way if the server receives the same query again later, rather than go through the recursion process again to answer the query, the cache-only DNS server would just return the cached response, thereby saving time.

With its limited functionality, a cache-only DNS server is best suited for a small office environment or a small remote branch office. However, in a large enterprise where Active Directory is typically deployed, more features would be needed from a DNS server, such as the ability to store records for computers, servers and Active Directory. If it is required, the client performs the following steps to contact and dynamically update its primary server:.

The client sends a dynamic update request to the primary server that is determined in the SOA query response. If this update fails, the client next sends an NS-type query for the zone name that is specified in the SOA record. When the client receives a response to this query, the client sends an SOA query to the first DNS server that is listed in the response.

After the SOA query is resolved, the client sends a dynamic update to the server that is specified in the returned SOA record. If this update fails, the client repeats the SOA query process by sending to the next DNS server that is listed in the response. After the primary server that can perform the update is contacted, the client sends the update request, and the server processes it. The contents of the update request include instructions to add A, and possibly PTR, resource records for " newhost.

The server also checks to make sure that updates are permitted for the client request. For standard primary zones, dynamic updates are not secured. Any client attempt to update succeeds. For Active Directory-integrated zones, updates are secured and performed using directory-based security settings.

Dynamic updates are sent or refreshed periodically. By default, computers send an update every twenty-four hours. If the update causes no changes to zone data, the zone remains at its current version, and no changes are written. Updates that cause actual zone changes or increased zone transfers occur only if names or addresses actually change. Names are not removed from DNS zones if they become inactive or if they are not updated within the update interval of twenty-four hours.

DNS does not use a mechanism to release or to tombstone names, although DNS clients do try to delete or to update old name records when a new name or address change is applied. This value determines how long other DNS servers and clients cache a computer's records when they are included in a query response.

Scope clients can use the DNS dynamic update protocol to update their host name-to-address mapping information whenever changes occur to their DHCP-assigned address. This mapping information is stored in zones on the DNS server. This enables the client to notify the DHCP server as to the service level it requires. In this case, the option is processed and interpreted by Windows Server-based DHCP servers to determine how the server initiates updates on behalf of the client.

This is the default configuration for Windows. To configure the DHCP server to register client information according to the client's request, follow these steps:. By default, updates are always performed for newly installed Windows Server-based DHCP servers and any new scopes that you create for them.

The following examples show how this process varies in different cases. For these DHCP clients, updates are typically handled in the following manner:. After you integrate a zone, you can use the access control list ACL editing features that are available in the DNS snap-in to add or to remove users or groups from the ACL for a specific zone or for a resource record.

For more information, search for the "To modify security for a resource record" topic or the "To modify security for a directory integrated zone" topic in Windows Server Help.

By default, dynamic update security for Windows Server DNS servers and clients is handled in the following manner:. Windows Server-based DNS clients try to use nonsecure dynamic updates first. If the nonsecure update is refused, clients try to use a secure update. Also, clients use a default update policy that lets them to try to overwrite a previously registered resource record, unless they are specifically blocked by update security. By default, when you use standard zone storage, the DNS Server service does not enable dynamic updates on its zones.

For zones that are either directory-integrated or use standard file-based storage, you can change the zone to enable all dynamic updates.

This enables all updates to be accepted by passing the use of secure updates. The secure dynamic updates functionality can be compromised if the following conditions are true:. For more information, see the "Security considerations when you use the DnsUpdateProxy group" section. The secure dynamic update functionality is supported only for Active Directory-integrated zones.

If you configure a different zone type, change the zone type, and then integrate the zone before you secure it for DNS updates. If you use secure dynamic updates in this configuration with Windows Server-based DNS servers, resource records may become stale.

In some circumstances, this scenario may cause problems. When the Windows version of the tool is used, all tests executed both successful and failed end with the same "passed test" line. The Windows.

NET version reports results more correctly. The following output indicates that the authoritative zone w Starting test: DcPromo This computer cannot be promoted as a domain controller of the w This might be a serious problem: the existing DC for the specified domain could be promoted incorrectly. Then run DCdiag on that DC. In all cases when updating of an authoritative zone is not enabled on the DNS server or the server does not support dynamic updates , the command output will be similar to the following:.

Messages logged below this line indicate whether this domain controller will be able to dynamically register DNS records required for the location of this DC by other devices on the network. If any misconfiguration is detected, it might prevent dynamic DNS registration of some records, but does not prevent successful completion of the Active Directory Installation Wizard.

However, we recommend fixing the reported problems now, unless you plan to manually update the DNS database. This domain controller cannot register domain controller Locator DNS records.