Technical Editors
Tony Piltzecker (CISSP, MCSE, CCNA, CCVP, Check Point CCSA, Citrix CCA),
author and technical editor of Syngress Publishing’s MCSE Exam 70-296 Study
Guide and DVD Training System and How to Cheat at Managing Microsoft ­Operations
Manager 2005, is an independent consultant based in Boston, MA. Tony’s specialties
include network security design, Microsoft operating system and applications
architecture, and Cisco IP Telephony implementations. Tony’s background includes
positions as Systems Practice Manager for Presidio Networked Solutions, IT ­Manager
for SynQor Inc, Network Architect for Planning Systems, Inc, and ­Senior Networking
Consultant with Integrated Information Systems. Along with his ­various certifications,
Tony holds a bachelor’s degree in business administration. Tony ­currently resides in
Leominster, MA, with his wife, Melanie, and his daughters, Kaitlyn and Noelle.
Brien Posey is a freelance technical writer who has received Microsoft’s MVP award
four times. Over the last twelve years, Brien has published over 4,000 articles and
whitepapers, and has written or contributed to over 30 books. In addition to his technical writing, Brien is the co-founder of Relevant Technologies and also serves the IT
community through his own Web site.
Prior to becoming a freelance author, Brien served as CIO for a nationwide chain
of hospitals and healthcare facilities, and as a network administrator for the Department
of Defense at Fort Knox. He has also worked as a network administrator for some of
the nation’s largest insurance companies.
Brien wishes to thank his wife Taz for her love and support throughout his writing
career.




Contributing Authors
Tariq Bin Azad is the Principal Consultant and founder of NetSoft
Communications Inc., a consulting company located in Toronto, Canada.
He is considered a top IT professional by his peers, co-workers, colleagues,

and customers. He obtained this status by continuously learning and
improving his knowledge and information in the field of Information
Technology. Currently, he holds more than 100 certifications including
MCSA, MCSE, MCTS, MCITP (Vista, Mobile 5.0, Microsoft Communications Server 2007, Windows 2008, and Microsoft Exchange Server 2007),
MCT, CIW-CI, CCA, CCSP, CCEA, CCI,VCP, CCNA, CCDA, CCNP,
CCDP, CSE, and many more. Most recently, Tariq has been­ ­concentrating
on Microsoft Windows 2000/2003/2008, Exchange 2000/2003/2007,
Active Directory, and Citrix implementations. He is a professional speaker
and has trained architects, consultants, and engineers on topics such as
Windows 2008 Active Directory, Citrix Presentation Server and Microsoft
Exchange 2007. In addition to owning and operating an independent consulting company, Tariq works as a senior consultant, and has utilized his
training skills in numerous workshops, corporate trainings, and presentations.
Tariq holds a Bachelor of Science in Information Technology from Capella
University, USA, a Bachelor Degree in Commerce from University of
Karachi, Pakistan, and is working on his ALMIT (Masters of Liberal Arts
in Information Technology) from Harvard University, MA, USA. Tariq
has been a coauthor on multiple books, including the best selling MCITP:
Microsoft Exchange Server 2007 Messaging Design and Deployment Study Guide:
Exams 70-237 and 70-238 - (ISBN: 047018146X) and The Real MCTS/
MCITP Exam 640 Preparation Kit (ISBN: 978-1-59749-235-5). Tariq has
worked on projects or trained for major companies and organizations
including Rogers Communications Inc. Flynn Canada, Capgemini, HP,
Direct Energy, Toyota Motors, Comaq, IBM, Citrix Systems Inc., Unicom
Technologies, Amica Insurance Company, and many others. He lives in
Toronto, Canada, and would like to thank his father, Azad Bin Haider,

vi


and his mother, Sitara Begum, for his lifetime of guidance for their understanding and support to give him the skills that have allowed him to excel

in work and life.
Colin Bowern is the Vice President of Technology at officialCOMMUNITY
in Toronto, Canada.Through his work with the clients, Colin and the team
help recording artists build and manage an online community to connect with
their fans. Colin came to officialCOMMUNITY from Microsoft where he
was a Senior Consultant with the Microsoft Consulting Services unit working
with enterprise customers on their adoption of Microsoft technology. During
his time at Microsoft, Colin worked with several product groups to incorporate customer feedback into future product releases, as well as the MCSE
certification exam development. Colin holds two Microsoft DeliverIt! awards
for work done within the financial industry in Canada to drive the adoption
of .NET as a development platform and developing an SMBIOS inventory
tool that was incorporated into the Windows Pre-installation Environment.
Colin has delivered a number of in-person and Microsoft Developer Network
(MSDN) webcast sessions since the early part of the decade on topics ranging
from .NET Development to infrastructure deployment with the Microsoft
platform. In addition to technical talks, Colin participates in the community
through active contributions on the MSDN and ASP.NET Forums, publishing
code examples, sharing experiences through his blog, and attending local
user group events. Colin has been a technical reviewer for Addison-Wesley’s
.NET development series, the Windows Server 2003 series from Microsoft
Press, and has co-authored a Windows Server 2003 MCSE study guide for
Syngress Publishing. In addition, he holds a Masters of Science degree from
the University of Liverpool.
Dustin Hannifin (Microsoft MVP – Office SharePoint Server) is a
Systems Administrator with Crowe Chizek and Company LLC. Crowe
(www.crowechizek.com), is one of the nation’s leading public accounting
and consulting firms. Under its core purpose of “Building Value with
Values®,” Crowe assists both public and private companies in reaching
their goals through services ranging from assurance and financial advisory
to performance, risk and tax consulting. Dustin currently works in Crowe’s


vii


Information Services delivery unit, where he plays a key role in maintaining
and supporting Crowe’s internal information technology (IT) ­infrastructure.
His expertise resides in various Microsoft products including Office SharePoint Server, System Center Operations Manager, Active Directory, IIS
and Office Communications Server. Dustin holds a bachelor’s degree
from Tennessee Technological University and is a founding member of
the Michiana IT Professionals Users Group. He regularly contributes to
technology communities including his blog (www.technotesblog.com)
and Microsoft newsgroups. Dustin, a Tennessee native, currently resides in
South Bend, Indiana.
Ira Herman (MCSE, CCAI, CCNA, CNA, A+, Network+, i-Net+, CIW
Associate) is Co-Chief Executive Officer and Co-Founder of Logic IT
Consulting (www.logicitc.com), a consulting firm specializing in Business
Information Technology solutions with an emphasis on Work-Life Balance,
Stress-Free Productivity, and Efficiency training and coaching. Prior to
founding Logic IT Consulting, Ira held various technical and executive
positions with companies including Microsoft, Keane, The University of
Arizona, Xynetik, and Brand X LLC. Ira has written and delivered technical
training for Logic IT Consulting and its clients as well as various organizations including Pima Community College, JobPath, and SeniorNet.
Ira holds Microsoft Certified Systems Engineer (MCSE and MCSE+I),
Cisco Certified Academy Instructor (CCAI), Cisco Certified Network
Associate (CCNA), Certified Novell Administrator (CNA), CompTIA
A+ Certified Computer Service Technician (A+), CompTIA Network+,
CompTIA Internetworking (i-Net+), and ProsoftTraining Certified Internet Webmaster Associate (CIW Associate) certifications as well as Microsoft
internal endorsements in Windows NT 4 Fundamentals (Workstation),
Windows NT 4 Advanced (Server), Microsoft TCP/IP on Windows NT 4,
Windows 2000 Foundational Topics, and Windows 2000 Setup Specialty.

Laura E. Hunter (CISSP, MCSE, MCT, MCDBA, MCP, MCP+I,
CCNA, A+, Network+, iNet+, Security+, CNE-4, CNE-5) is a Senior
IT Specialist with the University of Pennsylvania, where she provides
network planning, implementation, and troubleshooting services for various
business units and schools within the University. Her specialties include
viii


Microsoft Windows 2000/2003 design and implementation, troubleshooting,
and security topics. As an “MCSE Early Achiever” on Windows 2000,
Laura was one of the first in the country to renew her Microsoft credentials
under the Windows 2000 certification structure. Laura’s previous experience
includes a position as the Director of Computer Services for the Salvation
Army and as the LAN administrator for a medical supply firm. She also
operates as an independent consultant for small businesses in the Philadelphia
metropolitan area and is a regular contributor to the TechTarget family of
websites.
Laura has previously contributed to the Syngress Publishing’s Configuring
Symantec Antivirus, Corporate Edition (ISBN 1-931836-81-7). She has
also contributed to several other exam guides in the Syngress Windows
Server 2003 MCSE/MCSA DVD Guide and Training System series as a
DVD presenter, contributing author, and technical reviewer.
Laura holds a bachelor’s degree from the University of Pennsylvania
and is a member of the Network of Women in Computer Technology, the
Information Systems Security Association, and InfraGard, a cooperative
undertaking between the U.S. Government other participants dedicated
to increasing the security of United States critical infrastructures.
John Karnay is a freelance writer, editor, and book author living in Queens,
NY. John specializes in Windows server and desktop deployments utilizing
Microsoft and Apple products and technology. John has been working with

Microsoft products since Windows 95 and NT 4.0 and consults for many
clients in New York City and Long Island, helping them plan migrations to
XP/Vista and Windows Server 2003/2008. When not working and writing,
John enjoys recording and writing music as well as spending quality time
with his wife Gloria and daughter Aurora.You can contact/visit John at:
www.johnkarnay.com.
Jeffery A. Martin, MS/IT, MS/M (MCSE, MCSE:Security, MCSE:
Messaging, MCDBA, MCT, MCSA, MCSA:Security, MCSE:Messaging,
MCP+I, MCNE, CNE, CNA, CCA, CTT, A+, Network+, I-Net+,
Project+, Linux+, CIW, ADPM) has been working with computer networks
for over 20 years. He is an editor, co-editor, author, or co-author of over

ix


15 books and enjoys training others in the use of technology. He can be
contacted at
Shawn Tooley owns a consulting firm, Tooley Consulting Group, LLC, that
specializes in Microsoft and Citrix technologies, for which he is the Principle
Consultant and Trainer. Shawn also works as Network Administrator for a
hospital in North Eastern Ohio. Shawn’s certifications include Microsoft
Certified Trainer (MCT), Microsoft Certified System Engineer (MCSE),
Citrix Certified Enterprise Administrator, Citrix Certified Sales Professional,
HP Accredited System Engineer, IBM XSeries Server Specialist, Comptia A+,
and Comptia Certified Trainer. In his free time he enjoys playing golf.




Chapter 1


Configuring
Network Services
Solutions in this chapter:
■
■

■

Configuring Domain Name System (DNS)
Configuring Dynamic Host Configuration
Protocol (DHCP)
Configuring Windows Internet Naming
Service (WINS)

˛Summary
˛Solutions Fast Track
˛Frequently Asked Questions





Chapter 1 • Configuring Network Services

Introduction
When internetworking was first conceived and implemented in the 1960s and 1970s,
the Internet Protocol (IP) addressing scheme was also devised. It uses four sets of 8
bits (octets) to identify a unique address, which is comprised of a network address
and a unique host address. This provided enormous flexibility because the scheme

allowed for millions of addresses. The original inventors of this system probably didn’t
envision the networking world as it is today—with millions of computers spanning
the globe, many connected to one worldwide network, the Internet.
Network Services are to Active Directory what gasoline is to a combustion
engine—without them, Active Directory would simply be a shiny piece of metal that
sat there and looked pretty. As a matter of fact, network services are not only crucial
to Active Directory, but are equally important to networking on a much larger scale.
Imagine watching television at home and hearing the voice-over for a Microsoft
commercial say “Come visit us today at 207.46.19.190!” instead of “Come visit us
today at www.microsoft.com!” Networking services make networking much easier to
understand for the end user, but they also go well beyond that in terms of what they
provide for a networking architecture.
In this chapter, we will explore the Domain Name System (DNS), a method of
creating hierarchical names that can be resolved to IP addresses (which, in turn, are
resolved to MAC addresses). We explain the basis of DNS and compare it to alternative
naming systems. We also explain how the DNS namespace is created and resolved
to an IP address throughout the Internet or within a single organization. Once you
have a solid understanding of DNS, you will learn about Windows Server 2008
DNS servers, including the different roles DNS servers can play, the ways DNS
Servers resolve names and replicate data, and how Windows Server 2008 Active
Directory integrates with DNS. By the end of this chapter, you’ll have a detailed
understanding of DNS on the Internet, as well as how DNS works within a Windows
Server 2008 network.
We will also discuss two additional services: Windows Internet Naming Service
(WINS) and Dynamic Host Configuration Protocol (DHCP), two common services
used on Transmission Control Protocol/Internet Protocol (TCP/IP) networks. Each
of these services plays an important role in your environment, ultimately assisting IT
professionals in their quest to automate much of the mundane tasks that would
otherwise need to be managed manually.


www.syngress.com




Configuring Network Services • Chapter 1

Configuring Domain Name System (DNS)
Microsoft defines the Domain Name System (DNS) as a hierarchical distributed
database that contains mappings of fully qualified domain names (FQDNs) to
IP addresses. DNS enables finding the locations of computers and services
through user-friendly names and also enables the discovery of other types of
records used for additional resources (which we will discuss later) in the DNS
database.
A much broader definition comes from the original Request For Comment
(RFC), which was first released way back in November of 1983. RFC 882 (http://
tools.ietf.org/html/rfc882) describes DNS conceptually, explaining how various
components (domain name space, name servers, resolvers) come together to provide
a domain name system.
As you can imagine, a number of changes have been made to the original RFC.
In fact, there have been three major RFC releases since the original debuted 25 years
ago: RFC 883, RFC 1034, and RFC 1035.
As you probably came to realize by looking at the date of the original DNS
RFC, Microsoft was certainly not the first company to develop DNS services.
In fact, the first Unix-based DNS service was written by four college students
way back in 1984. Later, the code was rewritten by an engineer at Digital Equipment
Corporation (DEC) and renamed Berkeley Internet Name Domain, or BIND, as
it is more commonly known. Since the original DNS code was written, it has
been rewritten by several companies, including Microsoft, Novell, Red Hat, and
many others.

Now that you’ve had a little history lesson on DNS, let’s discuss some of the various
record types that can be held inside a DNS database. The record type will determine
what information is provided to a DNS client requesting data. For instance, if the DNS
server is configured to use an “A” record (a naming resource record), it converts an IP
address to a hostname. As an example, consider using 207.46.19.190 as the IP address,
and www.microsoft.com as the hostname. This would be a good example of how DNS
resolution works.
Another example of a record in use is the MX record. This record type is used
when an e-mail server is trying to determine the IP address of another e-mail
server. Table 1.1 outlines the types of records that can exist in a Windows Server
2008 DNS.

www.syngress.com






Chapter 1 • Configuring Network Services

Table 1.1 Common DNS Record Types
Type

Description

Host (A)

Maps a domain name (such as.www.microsoft.com)
to an IP address


Canonical Name (CNAME)

Maps an alias domain name to another
server name

Mail exchanger (MX)

Maps a domain name to a system that controls
mail flow

Pointer (PTR)

Reverses the mapping process; used to convert
domain names to IP addresses

Service location (SRV)

Used to map domain names to a specific service

Regardless of the type of DNS you’re using—Microsoft, Linux, or another vendor—
the DNS database holds a nearly identical format. Several components make up a
DNS database. Figure 1.1 provides an example of a primary zone database (we will
discuss the various types of zones later in this chapter).
Figure 1.1 A DNS Database File

www.syngress.com





Configuring Network Services • Chapter 1

Let’s take a moment to discuss some of the other information held in the
database file.
■

■

■

■

■

■

■

IN – Internet Name This calls out that the information preceding the IN is
the common name of the server. In the first line of the preceding database
file, it indicates that the name at the top-left is the domain name this server
supports. The names shown after the IN are the actual names of the server.
SOA – Start of Authority This indicates that the server shown in Figure 1.1
is authoritative over this particular domain. Thus, it has rights to add, remove,
and change records for the domain.
1 – Serial number Each time a change is made to a DNS database, a new
serial number is assigned. Other servers—known as secondary servers—can
copy DNS databases for local storage. If this serial number changes, the
secondary servers know they need to update their copy.

900 – Refresh Rate How often—in seconds—the secondary computer
checks to see if it needs to update its database.
600 – Retry How long a secondary DNS server should wait before
requesting another update, should an update fail.
86400 – Expire How long a secondary server can hold a database—without
update—before it must purge its records.
3600 – Time to Live (TTL) How long a client machine can store a
requested record before it must request a refreshed record.

Thus far, we’ve been focusing on how an individual DNS server is configured.
However, we must also look at DNS structures on a much higher level as well.
The first thing to understand is that the worldwide DNS structure is just incredibly
massive—and continues to grow on a daily basis as new domains are brought online.
As large as it is, the general structure behind it is relatively simple. DNS is based on a
“tree” format—and an upside-down tree, at that. At the top of the tree is the root—
the root is the beginning of all DNS naming conventions and has total authority
over all naming conventions beneath it. DNS Root is essentially a period—yes, a
period. Technically speaking, if you decide to shop online at Elsevier’s Web site, you
are shopping at “www.elsevier.com.” If that doesn’t make sense, let’s break it down.
Basically, domains (and domain server names) are really read from right-to-left in the
computer world. The “.” is assumed in any DNS resolution, but is still the highest level.
www.syngress.com




Chapter 1 • Configuring Network Services

Com would be the second-highest level, followed by another period for separation, and
then Elsevier. So, in regards to DNS hierarchy, the top level domain would be “.”,

followed by the second-highest level domain, which would be com, followed by the
third-highest level domain, Elsevier. When combined to form an FQDN, the result
would be “Elsevier.com.”
WWW represents nothing more than the name of a server that exists in the
Elsevier.com domain. WWW has become commonplace for World Wide Web services,
but it could just as easily be supercalafragalisticexpialidotious.elsevier.com—though
I doubt it would get as many hits. If you are still confused by how DNS naming
structures work, take a look at Figure 1.2, which shows a sample of how a DNS
tree looks.
Figure 1.2 A Sample DNS Tree

The summit of the DNS namespace hierarchy is the root, which has several servers
managed by the Internet Name Registration Authority (INRA). Immediately below
the root are the COM, NET, EDU, and other top-level domains listed in Table 1.2.
Each of these domains is further divided into namespaces that are managed by the
organizations that register them. For example, syngress.com is managed by a different
organization than umich.edu.
Table 1.2 Domain Suffixes Used on the Internet
Domain Suffix

Typical Usage

.mil

United States military

.edu

Educational facilities


.com

Commercial organizations
Continued

www.syngress.com




Configuring Network Services • Chapter 1

Table 1.2 Continued. Domain Suffixes Used on the Internet
Domain Suffix

Typical Usage

.net

Networks

.org

Nonprofit organizations

.gov

United States government—nonmilitary

.us


United States

.uk

United Kingdom

.au

Australia

.de

Germany

Other two-letter abbreviations (.xx)

Other countries

Note
In addition to the domain suffixes shown in Table 1.2, you will also find
the occasional privately used domain suffix .local. The .local suffix is not
managed by a DNS root server, so the namespace cannot be published on
the Internet when you design the namespace for an Active Directory network,
you can choose to use the .local suffix for domains that will not have any
hosts on the Internet. Keep in mind that using the .local namespace internally
will not prevent an organization from using Internet resources, such as
browsing the Web.

Organizations often split the ownership of their DNS namespace. One team

might be responsible for everything inside the firewall, while another team may be
responsible for the namespace that faces the public. Since Active Directory often
replaces Windows NT as an upgrade, the team responsible for Windows NT will
often take over the DNS namespace management for Active Directory domains.
Since Active Directory DNS design and implementation does differ somewhat from
the standard DNS design and implementation, you can often find the two types of
tasks split between two different groups in the same organization.
Those are the basics on how Domain Name Services function on a much
grander scale. In the coming sections of this chapter, we will discuss how to use DNS
within a Windows Server 2008 environment. First, though, let’s discuss how to install
and perform the initial configuration of a DNS on Windows Server 2008.
www.syngress.com






Chapter 1 • Configuring Network Services

Identifying DNS Record Requirements
A Resource Record (RR) is to DNS what a table is to a database.
A Resource Record is part of DNS’s database structure that contains the name
information for a particular host or zone. Table 1.3 contains an aggregation of the
most popular RR types that have been collected from the various RFCs that define
their usage:
Table 1.3 RR Types
Record Type

Common Name


Function

Address record

Maps FQDN to 32-bit IPv4
addresses.

IPv6 address record

Maps FQDN to 128-bit IPv6
addresses.

Andrews file system

Maps a DNS domain name to a
server subtype that is either an
AFS Version 3 volume or an
authenticated name server
using DCE or NCA.

ATMA

Asynchronous Transfer
Mode address

Maps a DNS domain name in
the owner field to an ATM
address referenced in the atm_
address field.


CNAME

Canonical name or alias
name

Maps a virtual domain name
(alias) to a real domain name.

Host info record

Specifies the CPU and operating
system type for the host.

ISDN info record

Maps an FQDN to an ISDN
telephone number.

RFC
A
RFC1035
AAAA
RFC1886
AFSDB

RFC1183

RFC1035
HINFO

RFC1700
ISDN

Continued

www.syngress.com




Configuring Network Services • Chapter 1

Table 1.3 Continued. RR Types
Record Type

Common Name

Function

KEY

Public key resource record

Contains a public key that is
associated with a zone. In full
DNSSEC (defined later in this
chapter) implementation,
resolvers and servers use KEY
resource records to authenticate SIG resource records
received from signed zones.

KEY resource records are signed
by the parent zone, allowing a
server that knows a parent
zone’s public key to discover
and verify the child zone’s key.
Name servers or resolvers
receiving resource records from
a signed zone obtain the corresponding SIG record, and then
retrieve the zone’s KEY record.

MB

Mailbox name record

Maps a domain mail server
name to the host name of the
mail server.

Mail group record

Maps a domain mailing group
to the mailbox resource records.

Mailbox info record

Specifies a mailbox for the person
who maintains the mailbox.

Mailbox renamed
record


Maps an old mailbox name to a
new mailbox name for forwarding purposes.

Mail exchange record

Provides routing info to reach a
given mailbox.

RFC1183

RFC1035
MG
RFC1035
MINFO
RFC1035
MR

RFC1035
MX

Continued

www.syngress.com




10


Chapter 1 • Configuring Network Services

Table 1.3 Continued. RR Types
Record Type

Common Name

Function

Name server record

Specifies that the listed name
server has a zone starting with
the owner name. Identify
servers other than SOA servers
that contain zone information
files.

NXT

Next resource record

Indicates the nonexistence of a
name in a zone by creating a
chain of all of the literal owner
names in that zone. It also
indicates which resource record
types are present for an existing
name.


OPT

Option resource record

One OPT resource record can be
added to the additional data
section of either a DNS request
or response. An OPT resource
record belongs to a particular
transport level message, such as
UDP, and not to actual DNS
data. Only one OPT resource
record is allowed, but not
required, per message.

PTR

Pointer resource record

Points to another DNS resource
record. Used for reverse lookup
to point to A records.

Responsible person info
record

Provides info about the server
admin.

Route-through record


Provides routing info for hosts
lacking a direct WAN address.

RFC974
NS

RFC1035

RFC1035
RP
RFC1183
RT

Continued

www.syngress.com




Configuring Network Services • Chapter 1

Table 1.3 Continued. RR Types
Record Type

Common Name

Function


SIG

Signature resource
record

Encrypts an RRset to a signer’s
(the RRset’s zone owner)
domain name and a validity
interval.

SOA

Start of Authority
resource record

Indicates the name of origin for
the zone and contains the
name of the server that is the
primary source for information
about the zone. It also indicates
other basic properties of the
zone. The SOA resource record
is always first in any standard
zone. It indicates the DNS server
that either originally created it
or is now the primary server for
the zone. It is also used to store
other properties such as version
information and timings that
affect zone renewal or expiration. These properties affect

how often transfers of the zone
are done between servers that
are authoritative for the zone.

Service locator record

Provides a way of locating
multiple servers that provide
similar TCP/IP services.

Text record

Maps a DNS name to a string of
descriptive text.

Well-known services
record

Describes the most popular TCP/
IP services supported by a
protocol on a specific IP
address.

RFC1183

RFC1537
SRV

RFC2052
TXT

RFC1035
WKS

Continued

www.syngress.com

11


12

Chapter 1 • Configuring Network Services

Table 1.3 Continued. RR Types
Record Type

Common Name

Function

X.25 info record

Maps a DNS address to a public
switched data network (PSDN)
address number.

RFC1035
X25


RFC1183

The official IANA (Internet Assigned Numbers Authority) list of DNS parameters
can be found at www.iana.org/assignments/dns-parameters, and a really good
DNS glossary is available at www.menandmice.com/online_docs_and_faq/glossary/
glossarytoc.htm.

Installing and Configuring DNS
DNS can be installed and configured on any version of Windows Server 2008—Web
Edition, Standard Edition, Enterprise Edition, or Datacenter Edition. It is a network
service that can be integrated with Active Directory (for security and replication
purposes), or as a stand-alone service. A Windows Server 2008 DNS can manage not
only internal namespaces, but external (Internet-facing) namespaces as well.
In the following examples, we will be installing DNS on a Windows Server 2008
Standard Server.
1. Choose Start | Administrative Tools | Server Manager.
2. Scroll down to Role Summary and click Add Roles.
3. When the Before You Begin page opens, click Next.
4. On the Select Server Roles page, select DNS Server (see Figure 1.3), and
then click Next.

www.syngress.com




Configuring Network Services • Chapter 1

Figure 1.3 Selecting the DNS Server Role


5. At the DNS Server window, read the overview, and then click Next.
6. Confirm your selections, and then click Install.
7. When installation is complete, click Close.
Next, we will configure some basic server settings:
1. Choose Start | Administrative Tools | DNS.
2. Find your server name in the left pane and double-click it. This will open
the DNS configuration for this server (see Figure 1.4).

www.syngress.com

13


14

Chapter 1 • Configuring Network Services

Figure 1.4 The Opening DNS Configuration Data

3. Look at the DNS properties of this server. Right-click the server name and
select Properties from the drop-down menu.
4. The first tab that opens is the Interfaces tab. This tab can be adjusted
if you have additional NICs in your server. This is particularly useful if
you only want DNS queries to be answered by systems on a particular
subnet. In general, you will likely leave it at the default of All IP
Addresses.
5. Click the Root Hints tab. Notice there are multiple name servers with
different IP addresses (Figure 1.5). With root hints, any queries that cannot
be answered locally are forwarded to one of these root servers. Optionally,
we can clear our root hints by selecting them and clicking Remove.

Remove all of the servers, and click Forwarders.
www.syngress.com




Configuring Network Services • Chapter 1

Figure 1.5 DNS Root Hints

6. On the Forwarders tab, we can specify where DNS queries that are not
resolved locally will be resolved. As opposed to Root Hints, this gives us
much more control over where our queries are sent. For example, we can
click Edit… and enter 4.2.2.1—a well-known DNS server. After you enter
the IP address, click OK.
7. Look through the other tabs in the Properties dialog box. In particular, take
a look at the Advanced tab (Figure 1.6). Notice the check box for BIND
Secondaries—this makes it possible for BIND servers to make local copies
of DNS databases. Also, look at the Enable Automatic Scavenging Of
Stale Records option. With this option, you can specify the period before
which DNS will perform a cleanup of old records.
www.syngress.com

15


16

Chapter 1 • Configuring Network Services


Figure 1.6 Advanced DNS Settings

8. Click Apply to save the changes we made, and then click OK to close the
window.
We still have a lot to do with configuring a DNS server, but before we move on
to configuring zones, let’s walk through the process of installing DNS on a Windows
Server 2008 Core Installation.

www.syngress.com




Configuring Network Services • Chapter 1

Using Server Core and DNS
As we discussed in Chapter 1, a Windows Server 2008 Core Server Installation can
be used for multiple purposes. One of the ways Server Core can be used is to provide
a minimal installation for DNS. In the coming sections, we will discuss the various
ways you can manipulate, manage, and configure DNS servers through the various
Windows Server 2008 DNS Graphical User Interfaces (GUIs): DNS Manager and
the Server Manager tool.
However, as you will recall, no GUIs are provided with Windows Server 2008
Core Server. A number of advantages to running DNS within Server Core include:
■

■
■

Smaller Footprint: Reduces the amount of CPU, memory, and hard disk

needed.
More Secure: Fewer components and services running unnecessarily.
No GUI: No GUI means that users cannot make modifications to the
DNS databases (or any other system functions) using common/user-friendly
tools.

If you are planning to run DNS within a Server Core install, several steps must
be performed prior to installation. The first step is to set the IP information of the
server. To configure the IP addressing information of the server, do the following:
1. Identify the network adapter. To do this, in the console window, type netsh
interface ipv4 show interfaces and record the number shown under the
Idx column.
2. Set the IP address, Subnet Mask, and Default Gateway for the server. To do
so, type netsh interface ipv4 set address name=”<ID>” source=static
address=<StaticIP> mask=<SubnetMask> gateway=<DefaultGateway>.
ID represents the interface number from step 1, <StaticIP> represents the
IP address we will assign, <SubnetMask> represents the subnet mask, and
<Default Gateway> represents the IP address of the server’s default gateway.
See Figure 1.7 for our sample configuration.

www.syngress.com

17


18

Chapter 1 • Configuring Network Services

Figure 1.7 Setting an IP Address in Server Core


3. Assign the IP address of the DNS server. If this server is part of an Active
Directory domain and is replicating Active Directory–integrated zones
(we will discuss those next), we would likely point this server to another
AD-integrated DNS server. If it is not, we would point it to another external
DNS server—usually the Internet provider of your company. From the
console, type netsh interface ipv4 add dnsserver name=”<ID>”
address=<DNSIP> index=1. >. ID represents the number from step 1,
while <StaticIP> represents the IP address of the DNS server.
Once the IP address settings are completed—you can verify this by typing
ipconfig /all—we can install the DNS role onto the Core Server
installation:
4. To do this, from the command line, type start /w ocsetup
DNS-Server-Core-Role.
5. To verify that the DNS Server service is installed and started, type NET
START. This will return a list of running services.
6. Use the dnscmd command-line utility to manipulate the DNS settings.
For example, you can type dnscmd /enumzones to list the zones hosted
on this DNS server.
www.syngress.com