DNS Server: Setup & Management โ€” Complete Guide | ITVedas

DNS Server: Setup & Management

DNS (Domain Name System) is the internet's address book. It translates human-readable domain names (like www.example.com) into IP addresses (like 192.168.1.100) that computers use to communicate. Without DNS, you'd need to memorize IP addresses for every website and server you want to access.

DNS Fundamentals

DNS operates on a hierarchical system. When you type a URL, your computer queries a DNS server with a question: "What's the IP address for this domain?" The DNS server responds with the answer, and your computer can then connect to that server.

๐ŸŒ How DNS Resolution Works

  1. Client Query: Your computer asks local DNS server for www.example.com
  2. Recursive Query: If local DNS doesn't have answer, it queries root nameserver
  3. Root Nameserver Response: Points to TLD (Top-Level Domain) server for .com
  4. TLD Query: DNS server queries TLD server for example.com
  5. Authoritative Response: TLD server points to authoritative nameserver
  6. Final Response: Authoritative server returns IP address to local DNS
  7. Caching and Response: Local DNS caches result and returns to client

DNS Record Types

Record Type Purpose Example
A Maps hostname to IPv4 address www.example.com = 192.168.1.100
AAAA Maps hostname to IPv6 address www.example.com = 2001:db8::1
CNAME Alias one hostname to another www.example.com โ†’ example.com
MX Specifies mail servers mail.example.com priority 10
NS Specifies authoritative nameservers ns1.example.com, ns2.example.com
SOA Start of Authority - zone configuration Zone parameters, serial, refresh, retry
SRV Service records (used by AD) _ldap._tcp.example.com
PTR Reverse DNS (IP to hostname) 192.168.1.100 = server01.example.com
TXT Text records (SPF, DKIM, DMARC) v=spf1 include:example.com ~all

Installing DNS Server on Windows

Step-by-Step DNS Installation

  1. Open Server Manager
  2. Click Add Roles and Features
  3. Select Role-based or feature-based installation
  4. Select target server
  5. Check DNS Server in Server Roles
  6. Accept additional features
  7. Proceed through configuration pages
  8. Click Install and wait for completion
  9. Open DNS Manager from Administrative Tools
  10. Verify DNS service is running
# PowerShell: Install DNS Server Install-WindowsFeature -Name DNS -IncludeManagementTools # Start DNS service Start-Service DNS # Verify DNS service status Get-Service DNS

Creating and Managing DNS Zones

Zone Types:

  • Primary Zone: Authoritative copy where you make changes
  • Secondary Zone: Read-only copy for redundancy and load balancing
  • Stub Zone: Contains only NS, SOA, and glue records
  • Forward Lookup Zone: Maps names to IP addresses
  • Reverse Lookup Zone: Maps IP addresses back to names

Creating a Primary Forward Lookup Zone

  1. Open DNS Manager
  2. Expand your server
  3. Right-click Forward Lookup Zones
  4. Select New Zone
  5. Choose Primary Zone
  6. Enter zone name (e.g., example.com)
  7. Choose to create new file or use existing
  8. Complete the wizard
  9. Right-click zone and add DNS records

Creating DNS Records

Common Record Creation

A Record (Host):

  • Right-click zone โ†’ New Host (A or AAAA)
  • Enter hostname and IP address
  • Click Add Host

CNAME Record (Alias):

  • Right-click zone โ†’ New Alias (CNAME)
  • Enter alias name
  • Browse to target host
  • Click OK

MX Record (Mail Exchange):

  • Right-click zone โ†’ New Mail Exchanger (MX)
  • Enter mail server hostname
  • Set priority (lower = higher priority)
  • Click OK
# PowerShell: Create DNS records # Add A record Add-DnsServerResourceRecordA -Name "web" -ZoneName "example.com" ` -IPv4Address "192.168.1.100" -CreatePtr # Add CNAME record Add-DnsServerResourceRecordCName -Name "www" -HostNameAlias "web.example.com" ` -ZoneName "example.com" # Add MX record Add-DnsServerResourceRecordMx -Name "@" -MailExchange "mail.example.com" ` -Preference 10 -ZoneName "example.com" # Add SRV record (for Active Directory) Add-DnsServerResourceRecordSrv -Name "_ldap._tcp" -Target "dc1.example.com" ` -Port 389 -Priority 0 -Weight 100 -ZoneName "example.com"

Dynamic DNS (DDNS)

Dynamic DNS allows computers to automatically register and update their DNS records when their IP addresses change. This is essential for domain-joined computers and DHCP clients.

Enabling Dynamic DNS Updates

  1. Open DNS Manager
  2. Right-click your zone โ†’ Properties
  3. Under General tab, set Allow dynamic updates to Secure only (recommended)
  4. On Domain Controller, run: ipconfig /registerdns
  5. On DHCP servers, enable DDNS to update non-DHCP clients
  6. Verify records appear in DNS zone after 30 seconds
โš ๏ธ Security Note: "Secure only" mode for dynamic updates is critical. This ensures only authorized computers can register their records, preventing DNS spoofing and security issues.

DNS Replication and Secondary Zones

Zone Transfer Process:

  • Secondary zone queries primary zone for full copy
  • SOA record contains Serial number for change tracking
  • Secondary zone syncs when Serial increases
  • Full zone transfer (AXFR) copies all records
  • Incremental transfer (IXFR) copies only changes
# PowerShell: Create Secondary Zone Add-DnsServerSecondaryZone -Name "example.com" ` -ZoneFile "example.com.dns" ` -MasterServers @("192.168.1.10") # Force zone transfer Start-DnsServerZoneTransfer -Name "example.com"

DNS Troubleshooting

Problem: DNS Resolution Not Working

Diagnosis:

  1. Check DNS service running: Get-Service DNS
  2. Verify zone exists: Open DNS Manager
  3. Check zone file permissions: Everyone needs read access
  4. Test with: nslookup example.com 192.168.1.10
  5. Check DNS event logs for errors
  6. Verify forwarders configuration if applicable

Solutions:

  • Start DNS service: Start-Service DNS
  • Repair zone database: Right-click zone โ†’ All Tasks โ†’ Reload
  • Reset forwarders if misconfigured
  • Check firewall allows DNS traffic (port 53 UDP/TCP)
  • Restart DNS service after major changes

Problem: Clients Cannot Resolve Domain Names

Causes: Incorrect DNS server IP, DNS server unreachable, zone not configured, records missing

Solutions:

  • Verify client DNS settings: ipconfig /all
  • Ensure DNS server IP is correct
  • Ping DNS server to verify connectivity
  • Query DNS directly: nslookup domain.com DNSServerIP
  • Check zone exists and is Active
  • Verify A records exist for requested hosts
  • Check for typos in record names

Problem: DNS Name Resolution Slow

Causes: Zone transfer delays, too many recursive queries, forwarders misconfigured, DNS service overloaded

Solutions:

  • Review DNS query logs to identify bottlenecks
  • Check secondary zone transfer status
  • Configure conditional forwarders for specific domains
  • Implement DNS caching at multiple levels
  • Monitor DNS server CPU and memory usage
  • Consider load balancing with multiple DNS servers

DNS Best Practices

  • Redundancy: Deploy at least two DNS servers for each zone
  • Delegation: Use DNS delegation for subdomains to distribute load
  • Scavenging: Enable DNS record scavenging to clean up stale records
  • Monitoring: Monitor DNS service health and query response times
  • Security: Restrict zone transfers to authorized servers only
  • Forwarders: Configure forwarders for external domain resolution
  • Documentation: Maintain detailed records of all zones and records
  • Testing: Regularly test DNS resolution and failover scenarios

Key Takeaways

  • DNS translates names to IP addresses
  • Multiple record types serve different purposes (A, CNAME, MX, SRV, etc.)
  • Zones are managed collections of DNS records
  • Dynamic DNS enables automatic registration
  • Secondary zones provide redundancy
  • Proper configuration ensures network-wide name resolution