Overblog Suivre ce blog
Editer l'article Administration Créer mon blog
15 juillet 2013 1 15 /07 /juillet /2013 12:41

Now that we know how to choose the right domain name, let's see the DNS Server implementation.
We'll use Windows Server 2008 R2 here, and keep a special focus over IPv6.




Our DNS Server won't be authoritative over external Internet servers. This is a heavy task ( Having servers in distinct physical locations, facing flooding and DNS poisoning, ...) and is beyond the scope of this post. Further more, it only makes sense in very special cases or for big firms.

So our DNS server will be authoritative only over our local network. We'll use example.net as our domain name, but you can replace it with int.example.com if you wish, it's the same.

See previous post for more details about Domain name design and choice in DNS Server / Active Directory implementation.

PC1, PC2, VEFSNA and Router1 ( LAN ) are on the subnet / fd07:44de:a327:3::/64

PC3 and Router2 ( LAN ) are on the subnet / fd07:44de:a327:2::/64

Since we're using ULAs, we don't even have to think about DNS Server Authority. Our DNS Server will be authoritative over our local network and will forward all queries to an outside DNS Server.



Server preparation


We first clean up any previous DNS Server implementations in our WS2008 R2 by cleaning up the folders :


only leaving these two empty folders.


We can clean some previous DNS Server logs :




In network connections, we set our interfaces DNS IPs to either :


                . [Server IP]


or            . Loopback ( / ::1 )



In Advanced System Properties, we check our Server name and DNS sufix :


. computer name :                 [Server Name]
. dns sufix  :                             example.net

And we reboot




DNS Role installation and configuration


We then add the DNS Server Role : Server Manager ) Add Roles ) DNS Server





We will then configure our DNS Server expanding the Server Manager tree :


Server Manager ) Roles ) DNS Server ) DNS ) [ Server Name ] ) Right click : Configure a DNS Server :





We will use these settings for the configuration :


       . Create a forward lookup zone
       . This server maintains the zone
       . Zone name : example.net
       . File name : default ( example.net.dns in this case )
       . Dynamic Updates : Do not allow dynamic updates                  ( there is no AD here )
       . Forward queries :    . Yes                                                                 
                                             . IPv4 ISP DNS or openDNS


we use forward queries, because we want the DNS querie we are not authoritative upon to be directly forwarded to an outside DNS Caching Server or Recursive DNS Server.




Lookup Zones configuration


We will then configure our Reverse Lookup Zones, both for IPv4 and IPv6.


Server Manager ) Roles ) DNS Server ) DNS ) [ Server Name ] ) Reverse Lookup Zone ) Right click : new zone





We use these settings for this IPv4 Reverse Lookup Zone :


    . Primary zone
    . IPv4 Reverse Lookup Zone
    . 192.168.3
    . zone file : new file ( default )                                                                     ( 3.168.192.in-addr.arpa.dns in this case )
    . Dynamic updates : Do not allow dynamic updates                             ( there is no AD here )

We then create a second Reverse Lookup Zone, for IPv6 this time ( Right click ) New Zone ) :

    . Primary zone
    . IPv6 Reverse lookup zone
    . fd07:44de:a327:3::/64
    . zone file : new file : net03.dns                                                                  (create your own name here)
    . Dynamic updates : : Do not allow dynamic updates                           (there is no AD here )


Do note two things about IPv6 in DNS Server :


    . You have to enter the zone subnet using a [prefix]/[prefix length] format :




    . There is no default zone file created, so you have to make one up. I like to tag the subnet, so I use Net03.dns in this case ( because the subnet is fd07:44de:a327:3::/64 and I use the last hex quad for subnet tagging ). Just make it end with .dns :




Normally, the NS and SOA fiels have been automatically filled with the right settings and host records have been automatically made for the Server IP addresses :




Finally, we have to add PTR records ( Reverse Lookup ) for our Server own IP.

Using Server Manager ) Roles ) DNS Server ) DNS ) [ Server Name ] ) Reverse Lookup Zone :


We right click our IPv4 zone ( 3.168.192.in-addr.arpa here ) and choose ' new PTR record ' :



and then add our Server Name ( vefsna ) and IPv4 DNS address here :



We do it againg for the DNS Server IPv6 address.

We right click our IPv6 zone ( net03.dns here ) and choose ' new PTR record ' :



and then add our server Name ( vefsna here ) and IPv6 DNS address :





We can check our DNS server functionning by doing :

Roles ) DNS Server ) DNS ) [ Server Name ] ) right click ) nslookup :




the DNS Server should be able to resolve its own name, IPv4 and IPv6 addresses. Further more, the field ' DNS Server ' should list our Server name ( vefsna in this case )




Adding DNS records for network hosts and routers


To add a record, we just have to add a new host in the Forward Lookup Zone. The PTR record will be created automatically. Please note that you have to create 2 records for each host : 1 IPv4 record and 1 IPv6 record.


Roles ) DNS Server ) DNS ) [ Server Name ] ) Forward lookup zone ) example.net ) right click :
new host ( A or AAAA ) :




 As an example, for PC1, we create an IPv4 Record using these settings :


    Create associated PTR Record : yes
    Add Host ( click )





 and we create an IPv6 record using these settings :


    Create associated PTR Record : yes
    Add Host ( click )



We create records the same way for PC2 and Router1 (Lan IP).

We can test these records functionning using the Server Manager Nslookup Tool :


Roles ) DNS Server ) DNS ) [ Server Name ] ) right click ) nslookup



Client computers configuration


We have to make sure PC1 and PC2 get the Server DNS IP and domain prefix for DNS resolution :


. Either statically, using Network Connections ( for DNS IP ) and Advanced System Properties ( for domain sufix )

. Either dynamically, registering these two settings in Router1




Testing DNS resolution


We can test forward DNS resolution using these commands :


nslookup [name]                                                                           ( resolves [name] into its IPs )

nslookup [name] [DNS Server IP]                                              ( forces the use of a specific IP for DNS resolution )



We can test reverse DNS resolution using these commands :


nslookup [IP]                                                                                  ( performs a reverse-lookup over [IP] )

nslookup [IP] [DNS Server IP]


Please note these special commands :


ping -a [IP]                                                                                       ( performs a ping+reverse-lookup )

tracert -d [name]                                                                             ( tracert without intermediate nodes reverse-lookups )

tracert -d [IP]                                                                                    ( idem )


for example, here is a sequence to test DNS query, reverse lookup, sufix settings and DNS forwarding :

nslookup pc1.example.net fd07:44de:a327:3::210
nslookup pc1.example.net
nslookup pc1
nslookup www.wikipedia.org


nslookup fd07:44de:a327:3::140



Adding more zones


We might want to add more zones to our DNS Server. In this example, we will add the zone that contains PC3 and Router2 ( Lan IP ) :




This means adding two new reverse lookup zones :

. subnet

. fd07:44de:a327:2::/64 subnet


we do it the same way we added the two first reverse lookup zones :

Server Manager ) Roles ) DNS Server ) DNS ) [ Server Name ] ) Reverse Lookup Zone ) Right click : new zone


we add a new IPv4 reverse lookup zone : 192.168.2

and a new IPv6 reverse lookup zone : fd07:44de:a327:3::/64


we now have 4 reverse lookup zones :





we can now add new hosts records : PC3 and Router2
( using Roles ) DNS Server ) DNS ) [ Server Name ] ) Forward lookup zone ) example.net ) right click :
new host ( A or AAAA ) :





we can now start experimenting with our two subnets, doing as an example :

tracert router2


we can see nodes reverse name resolution occuring on the fly.

we can login in our routers using router1 or router2 ( domain sufix is added on the fly )

we can even add more subnets to manage to our DNS Server




Registering our public-access services





We finally have to register our public-access services, which reside on our outside domain example.com.


Of course, the Web/FTP server and the Internet Gateway have to use Global Unicast Address.


To do this, we just have to login to our registrar page, and add A and AAAA records for both :




pointing to our public IPv4 IP for the A records                                                    ( Port forwarding needed for IPv4 )

pointing to our Web/FTP server IPv6 IP in the case of IPv6                               ( No port forwarding needed for IPv6 )


for our inside network hosts, www.example.com and ftp.example.com will be resolved by query forwarding


Partager cet article

Repost 0
Published by computer outlines - dans Windows Server 2008 R2
commenter cet article



  • : Computer Outlines Blog
  • : Blog mainly focused over IPv6, Windows Server, and Networking in general.
  • Contact