HOW TO: Configure DNS for Internet Access in Windows 2000

SUMMARY

Domain Name System (DNS) is the core name-resolution tool that is used on the Internet. DNS handles resolution between host names and Internet addresses. This step-by-step guide describes how to configure DNS for Internet access.

back to the top

Starting with a Windows 2000-Based Standalone Server

This server becomes a DNS server for your network. In the first step, you assign this server a static Internet Protocol (IP) address. DNS servers should not use dynamically assigned IP addresses because a dynamic change of address could cause clients to lose contact with the DNS server.

back to the top

Step 1: Configure TCP/IP

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Network and Dial-up Connections.
3. Right-click Local Area Connection, and then click Properties.
4. Click Internet Protocol (TCP/IP), and then click Properties.
5. Assign this server a static IP address, subnet mask, and gateway address.
6. Click Advanced, and then click the DNS tab.
7. Click Append primary and connection specific DNS suffixes.
8. Click to select the Append parent suffixes of the primary DNS suffix check box.
9. Click to select the Register this connection's addresses in DNS check box.
   
   Note that Windows 2000-based DNS severs should point to themselves for DNS. If this server needs to resolve names from its Internet service provider (ISP), you should configure a forwarder. Forwarders are discussed later in this article.
10. Click OK to close Advanced TCP/IP Settings properties.
11. Click OK to accept the changes to your TCP/IP configuration.
12. Click OK to close Local Area Connections properties.
    
    NOTE: If you receive a warning from the DNS Caching Resolver service, click OK to dismiss the warning. The caching resolver is trying to contact the DNS server, but you have not finished configuring the server.

back to the top

Step 2: Install Microsoft DNS Server

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs.
3. Click Add and Remove Windows Components.
4. The Windows Components Wizard starts. Click Next.
5. Click Networking Services, and then click Details.
6. Click to select the Domain Name System (DNS) check box, and then click OK.
7. Click OK to start server Setup. The DNS server and tool files are copied to your computer.

back to the top

Step 3: Configure the DNS Server Using DNS Manager

These steps guide you through configuring DNS by using the DNS Manager snap-in in Microsoft Management Console (MMC).

1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2. Right-click Forward lookup zones, and then click New Zone.
3. When the New Zone Wizard starts, click Next. You are then prompted for a zone type. The zone types include:
   • Active Directory-integrated: An Active Directory-integrated zone stores the DNS zone information in Active Directory instead of in a .dns file.
   • Standard primary: A standard primary zone stores the DNS zone information a .dns text file instead of in Active Directory.
   • Standard secondary: A standard secondary zone copies all of the information from its master DNS server. A master DNS server can be an Active Directory, primary, or secondary zone that is configured for zone transfers. Note that you cannot modify the zone data on a secondary DNS server. All of its data is copied from its master DNS server.
4. The new forward lookup zone must be a primary or an Active Directory-integrated zone so that it can accept dynamic updates. Click Primary, and then click Next.
5. The new zone contains the locator records for this Active Directory-based domain. The name of the zone must be the same as the name of the Active Directory-based domain, or be a logical DNS container for that name. For example, if the Active Directory-based domain is named "support.microsoft.com", valid zone names are "support.microsoft.com" only.
6. Accept the default name for the new zone file. Click Next.
   
   NOTE: Experienced DNS administrators may want to create a reverse lookup zone, and are encouraged to explore this branch of the wizard. A DNS server can resolve two basic requests: a forward lookup and a reverse lookup. A forward lookup is more common. A forward lookup resolves a host name to an IP address with an "A" or Host Resource record. A reverse lookup resolves an IP address to a host name with a PTR or Pointer Resource record. If you have your reverse DNS zones configured, you can automatically create associated reverse records when you create your original forward record. For additional information about reverse DNS configuration, click the article number below to view the article in the Microsoft Knowledge Base:

   174419 How to Configure a Subnetted Reverse Lookup Zone on Windows NT

A Windows 2000-based DNS server follows specific steps in its name-resolution process. A DNS server first queries its cache, then it checks its zone records, then it sends requests to forwarders, and finally it tries resolution by using root servers.

By default, a Microsoft DNS server connects to the Internet to further process DNS requests with root hints. When you use the Dcpromo tool to promote a server to a domain controller, the domain controller requires DNS. If you install DNS during the promotion process, you get a root zone. This root zone indicates to your DNS server that it is a root Internet server. Therefore, your DNS server does not use forwarders or root hints in the name-resolution process.

back to the top

To Remove the Root DNS Zone

1. In DNS Manager, expand the DNS Server object. Expand the Forward Lookup Zones folder.
2. Right-click the "." zone, and then click Delete.

Windows 2000 can take advantage of DNS forwarders. This feature forwards DNS requests to external servers. If a DNS server cannot find a resource record in its zones, it can send the request to another DNS server for additional attempts at resolution. A common scenario might be to configure forwarders to your ISP's DNS servers.

back to the top

To Configure Forwarders

1. In DNS Manager, right-click the DNS Server object, and then click Properties.
2. Click the Forwarders tab.
3. Click to select the Enable Forwarders check box.
4. In the IP address box, type the first DNS server to which you want to forward, and then click Add.
5. Repeat step 4 until you have added all the DNS servers to which you want to forward.

back to the top

To Configure Root Hints

Windows includes the ability to use root hints. The Root Hints resource records can be stored in either Active Directory or text files (%SystemRoot%\System32\DNS\Cache.dns files). Windows uses the standard InterNIC root server. Also, when a Windows 2000-based server queries a root server, it updates itself with the most recent list of root servers.

1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
2. In the DNS Management console, right-click the server name, and then click Properties.
3. Click the Root Hints tab. Your DNS server's root servers are listed on this tab.
   
   If the Root Hints tab is unavailable, your server is still configured as a root server. See the "To Remove the Root DNS Zone" section in this article. You may need to use custom root hints that are different from the default. However, a configuration that points to the same server for root hints is always incorrect. You should not modify your root hints. If your root hints are incorrect and need to be replaced, see the following Microsoft Knowledge Base article:

   249868 Replacing Root Hints with the Cache.dns File

back to the top

To Configure DNS Behind a Firewall

Proxy and Network Address Translation (NAT) devices can restrict access to ports. DNS uses UDP and TCP port 53. The DNS Service Management console also uses remote procedure call (RPC). RPC uses port 135. These are potential issues that could arise when you configure DNS and firewalls.

back to the top