Servers70-240 in 15 minutes a week: Active Directory and DNS - Part...

70-240 in 15 minutes a week: Active Directory and DNS – Part 2 Page 2

ServerWatch content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.




Note that
the option for an Active Directory-integrated zone is
unavailable since Active Directory has not yet been set up.
Choosing a standard primary would be our only real option, since
a secondary requires a primary to exist. This primary zone can
later be changed to AD-integrated as we’ll see in a bit. The
zone must be named, so I have chosen win2000trainer.com, which
will create a zone file called win2000trainer.com.dns. Notice
that the zone file exists under the Forward Lookup Zone area in
the screen below:


After creating a zone, ensure that the TCP/IP properties of the server
you wish to promote to a domain controller point to this newly
created DNS server (it may be the same system). Also note that
the properties on the zone can be accessed to change settings
such as the zone type (which can be changed once we install AD),
support for dynamic updates (disabled by default), SOA, Name
Server, WINS, and Zone Transfer information, as shown below:

Note that the properties configured for a zone are different than those configured for a DNS server, which may support many zones. Properties for a DNS server are shown below, allowing you to control elements including the configuration of interfaces, forwarders, advanced properties, root hints, logging, and monitoring.

Note that dynamic updates are not allowed by default. You’ll need to change this in order for domain controllers to automatically register their service records.

Also remember that a zone can only be compromised of domains in a contiguous namespace. As such, if you wanted to support domains called test.com and win2000trainer.com from the same DNS server, you would be required to created separate zones. However, a single zone could handle the domains win2000trainer.com and research.win2000trainer.com without issue.

Although not required for Active Directory support, it is also good practice to create reverse lookup zones for all forward lookup zones created, since these provide IP address to hostname resolution services. A reverse zone name will be in a format that reverses the network portion of the IP address range in use, and appends the reverse-lookup domain name. For example, the domain name for a reverse zone that supports network 192.168.0.0 would be 168.192.in-addr.arpa. You should also enable dynamic updates for this zone in order for reverse records to be added automatically.

Troubleshooting DNS servers

Three main options exist for troubleshooting DNS servers that you should be aware of. The first is the monitoring tab on the properties of the DNS server, as shown below:

This tool allows you to pass queries to the DNS server to ensure it is functioning correctly. A simple query is passed only to this server for resolution, and will either pass or fail. A recursive query is one in which a DNS server will attempt to query other DNS servers to obtain an answer, which will again be presented as a pass or fail. This tool can also be used to test DNS on a regular basis, as specified by the test interval. 

DNS logging can also be used for troubleshooting purposes, as it will log when certain DNS events occur. Found on the Logging tab of a DNS server’s properties, all output is saved to a text file called
dns.log located in the %systemroot%system32dns folder on the server. Note that excessive logging may have a negative impact on server performance, and as such should only be used for troubleshooting purposes.

More commonly, Nslookup is the tool used to query a DNS server. This command line utility allows you to search for resource records relating to a domain. Use the /? option for a list of supported commands. 

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends & analysis

Latest Posts

Related Stories