Overblog Suivre ce blog
Editer l'article Administration Créer mon blog
15 juillet 2013 1 15 /07 /juillet /2013 12:41

Now that we know how to choose the right domain name, let's see the DNS Server implementation.
We'll use Windows Server 2008 R2 here, and keep a special focus over IPv6.

D7o.gif

 

 

Our DNS Server won't be authoritative over external Internet servers. This is a heavy task ( Having servers in distinct physical locations, facing flooding and DNS poisoning, ...) and is beyond the scope of this post. Further more, it only makes sense in very special cases or for big firms.

So our DNS server will be authoritative only over our local network. We'll use example.net as our domain name, but you can replace it with int.example.com if you wish, it's the same.

See previous post for more details about Domain name design and choice in DNS Server / Active Directory implementation.

PC1, PC2, VEFSNA and Router1 ( LAN ) are on the subnet 192.168.3.0 / fd07:44de:a327:3::/64

PC3 and Router2 ( LAN ) are on the subnet 192.168.2.0 / fd07:44de:a327:2::/64

Since we're using ULAs, we don't even have to think about DNS Server Authority. Our DNS Server will be authoritative over our local network and will forward all queries to an outside DNS Server.

 

 


Server preparation

 

We first clean up any previous DNS Server implementations in our WS2008 R2 by cleaning up the folders :

C:\Windows\System32\DNS
C:\Windows\System32\DNS\Backup

only leaving these two empty folders.

 

We can clean some previous DNS Server logs :

 

D7n.gif

 

In network connections, we set our interfaces DNS IPs to either :

 

                . [Server IP]

 

or            . Loopback ( 127.0.0.1 / ::1 )

 

 

In Advanced System Properties, we check our Server name and DNS sufix :

 

. computer name :                 [Server Name]
. dns sufix  :                             example.net

And we reboot

 

 

 

DNS Role installation and configuration

 

We then add the DNS Server Role : Server Manager ) Add Roles ) DNS Server

D7b

 

 

 

We will then configure our DNS Server expanding the Server Manager tree :

 

Server Manager ) Roles ) DNS Server ) DNS ) [ Server Name ] ) Right click : Configure a DNS Server :

 

D7c.gif

 

 

We will use these settings for the configuration :

 

       . Create a forward lookup zone
       . This server maintains the zone
       . Zone name : example.net
       . File name : default ( example.net.dns in this case )
       . Dynamic Updates : Do not allow dynamic updates                  ( there is no AD here )
       . Forward queries :    . Yes                                                                 
                                             . IPv4 ISP DNS or openDNS
    .

 

we use forward queries, because we want the DNS querie we are not authoritative upon to be directly forwarded to an outside DNS Caching Server or Recursive DNS Server.

 

 

 

Lookup Zones configuration

 

We will then configure our Reverse Lookup Zones, both for IPv4 and IPv6.

 

Server Manager ) Roles ) DNS Server ) DNS ) [ Server Name ] ) Reverse Lookup Zone ) Right click : new zone

 

D7d.gif

 

 

We use these settings for this IPv4 Reverse Lookup Zone :

 

    . Primary zone
    . IPv4 Reverse Lookup Zone
    . 192.168.3
    . zone file : new file ( default )                                                                     ( 3.168.192.in-addr.arpa.dns in this case )
    . Dynamic updates : Do not allow dynamic updates                             ( there is no AD here )

We then create a second Reverse Lookup Zone, for IPv6 this time ( Right click ) New Zone ) :


    . Primary zone
    . IPv6 Reverse lookup zone
    . fd07:44de:a327:3::/64
    . zone file : new file : net03.dns                                                                  (create your own name here)
    . Dynamic updates : : Do not allow dynamic updates                           (there is no AD here )

 

Do note two things about IPv6 in DNS Server :

 

    . You have to enter the zone subnet using a [prefix]/[prefix length] format :

 

D7e.gif

 

    . There is no default zone file created, so you have to make one up. I like to tag the subnet, so I use Net03.dns in this case ( because the subnet is fd07:44de:a327:3::/64 and I use the last hex quad for subnet tagging ). Just make it end with .dns :

 

D7f.gif

 

Normally, the NS and SOA fiels have been automatically filled with the right settings and host records have been automatically made for the Server IP addresses :

 

D7m.gif

 

Finally, we have to add PTR records ( Reverse Lookup ) for our Server own IP.

Using Server Manager ) Roles ) DNS Server ) DNS ) [ Server Name ] ) Reverse Lookup Zone :

 

We right click our IPv4 zone ( 3.168.192.in-addr.arpa here ) and choose ' new PTR record ' :

 

 

and then add our Server Name ( vefsna ) and IPv4 DNS address here :

 

 

We do it againg for the DNS Server IPv6 address.

We right click our IPv6 zone ( net03.dns here ) and choose ' new PTR record ' :

 

 

and then add our server Name ( vefsna here ) and IPv6 DNS address :

 

 

 

 

We can check our DNS server functionning by doing :

Roles ) DNS Server ) DNS ) [ Server Name ] ) right click ) nslookup :

 

D7p.gif

 

the DNS Server should be able to resolve its own name, IPv4 and IPv6 addresses. Further more, the field ' DNS Server ' should list our Server name ( vefsna in this case )

 

 

 

Adding DNS records for network hosts and routers

 

To add a record, we just have to add a new host in the Forward Lookup Zone. The PTR record will be created automatically. Please note that you have to create 2 records for each host : 1 IPv4 record and 1 IPv6 record.

 

Roles ) DNS Server ) DNS ) [ Server Name ] ) Forward lookup zone ) example.net ) right click :
new host ( A or AAAA ) :

 

D7g.gif

 

 As an example, for PC1, we create an IPv4 Record using these settings :

 

   PC1
    192.168.3.140
    Create associated PTR Record : yes
    Add Host ( click )

 

D7h.gif

 

 

 and we create an IPv6 record using these settings :

 

   PC1
    fd07:44de:a327:3::140
    Create associated PTR Record : yes
    Add Host ( click )

D7i.gif

 

We create records the same way for PC2 and Router1 (Lan IP).

We can test these records functionning using the Server Manager Nslookup Tool :

 

Roles ) DNS Server ) DNS ) [ Server Name ] ) right click ) nslookup

 

 

Client computers configuration

 

We have to make sure PC1 and PC2 get the Server DNS IP and domain prefix for DNS resolution :

 

. Either statically, using Network Connections ( for DNS IP ) and Advanced System Properties ( for domain sufix )

. Either dynamically, registering these two settings in Router1

 

 

 

Testing DNS resolution

 

We can test forward DNS resolution using these commands :

 

nslookup [name]                                                                           ( resolves [name] into its IPs )

nslookup [name] [DNS Server IP]                                              ( forces the use of a specific IP for DNS resolution )

 

 

We can test reverse DNS resolution using these commands :

 

nslookup [IP]                                                                                  ( performs a reverse-lookup over [IP] )

nslookup [IP] [DNS Server IP]

 

Please note these special commands :

 

ping -a [IP]                                                                                       ( performs a ping+reverse-lookup )

tracert -d [name]                                                                             ( tracert without intermediate nodes reverse-lookups )

tracert -d [IP]                                                                                    ( idem )

 

for example, here is a sequence to test DNS query, reverse lookup, sufix settings and DNS forwarding :


nslookup pc1.example.net fd07:44de:a327:3::210
nslookup pc1.example.net
nslookup pc1
nslookup www.wikipedia.org

 

nslookup fd07:44de:a327:3::140

 

 

Adding more zones

 

We might want to add more zones to our DNS Server. In this example, we will add the zone that contains PC3 and Router2 ( Lan IP ) :

 

D7o

 

This means adding two new reverse lookup zones :

. 192.168.2.0 subnet

. fd07:44de:a327:2::/64 subnet

 

we do it the same way we added the two first reverse lookup zones :

Server Manager ) Roles ) DNS Server ) DNS ) [ Server Name ] ) Reverse Lookup Zone ) Right click : new zone

 

we add a new IPv4 reverse lookup zone : 192.168.2

and a new IPv6 reverse lookup zone : fd07:44de:a327:3::/64

 

we now have 4 reverse lookup zones :

 

D7k.gif

 

 

we can now add new hosts records : PC3 and Router2
( using Roles ) DNS Server ) DNS ) [ Server Name ] ) Forward lookup zone ) example.net ) right click :
new host ( A or AAAA ) :

 

D7l.gif

 

 

we can now start experimenting with our two subnets, doing as an example :

tracert router2

 

we can see nodes reverse name resolution occuring on the fly.

we can login in our routers using router1 or router2 ( domain sufix is added on the fly )

we can even add more subnets to manage to our DNS Server

 

 

 

Registering our public-access services

 

 

D7o

 

We finally have to register our public-access services, which reside on our outside domain example.com.

 

Of course, the Web/FTP server and the Internet Gateway have to use Global Unicast Address.

 

To do this, we just have to login to our registrar page, and add A and AAAA records for both :

www.example.com

ftp.example.com

 

pointing to our public IPv4 IP for the A records                                                    ( Port forwarding needed for IPv4 )

pointing to our Web/FTP server IPv6 IP in the case of IPv6                               ( No port forwarding needed for IPv6 )

 

for our inside network hosts, www.example.com and ftp.example.com will be resolved by query forwarding

 

Partager cet article

Repost 0
Published by computer outlines - dans Windows Server 2008 R2
commenter cet article

commentaires

Présentation

  • : Computer Outlines Blog
  • : Blog mainly focused over IPv6, Windows Server, and Networking in general.
  • Contact

Recherche

Liens