As our DNS server was just installed it is not populated with anything. The Forward Lookup Zones node stores zones that are used to map host names to IP addresses, whereas the Reverse Lookup Zones node stores zones that are used to map IP addresses to host names.
A cache-only DNS server contains no zones or resource records. Its only function is to cache answers to queries that it processes, that way if the server receives the same query again later, rather than go through the recursion process again to answer the query, the cache-only DNS server would just return the cached response, thereby saving time. With its limited functionality, a cache-only DNS server is best suited for a small office environment or a small remote branch office.
However, in a large enterprise where Active Directory is typically deployed, more features would be needed from a DNS server, such as the ability to store records for computers, servers and Active Directory.
The DNS server stores those records in a database, or a zone. DNS has a few different types of zones, and each has a different function. We will first create a primary forward lookup zone titled firewall.
We do not want to name it firewall. On the Zone Type screen, make sure that Primary zone is selected and click Next. We now have a foundation that we can place resource records in for name resolution by internal clients. Contrary to the forward lookup zone, a reverse lookup zone is used by the DNS server to resolve IP addresses to host names.
Not as frequently used as forward lookup zones, reverse lookup zones are often used by anti-spam systems in countering spam and by monitoring systems when logging events or issues. To create a reverse lookup zone:. On the Reverse Lookup Zone Name screen, enter There is now a reverse lookup zone titled Follow the below figure 1.
After installing DNS you will need to test if the installation was successful and if you are able to resolve names. Nslookup is a built-in utility that can be used to test if the service has been installed and configured correctly. Remember to test both internal and external names before concluding your tests. You will then be able to type in the name you want to lookup i. In this article I covered important stages of DNS installation and basic recommendations relating to security and architecture.
It is important to understand these processes before installing DNS and to take the security recommendations into consideration before installing DNS. Remember that DNS is your central point of failure as it is the naming system that Windows uses.
Ricky is on multiple advisory boards for vendors, customers and cyber security industry bodies and periodically works with leading analyst firms to help device strategy and advise on cyber security. Ricky Magalhaes is a seasoned cyber security strategist, architect and cyber expert, Ricky has trained government agencies and a myriad of governmental agencies on various information security disciplines and has speaks at national and international embassies, conferences on behalf of cyber software vendors.
Your email address will not be published. Learn about the latest security threats, system optimization tricks, and the hottest new technologies in the industry. Over 1,, fellow IT Pros are already on-board, don't be left out! TechGenix reaches millions of IT Professionals every month, and has set the standard for providing free technical content through its growing family of websites, empowering them with the answers and tools that are needed to set up, configure, maintain and enhance their networks.
More Insider Sign Out. Sign In Register. Sign Out Sign In Register. Latest Insider. Check out the latest Insider stories here. More from the IDG Network. Ron Nutter helps a reader who wants to know if he can avoid running DNS servers on his network I was reading your article about the number of DNS servers you need when handling mail and Web hosting.
When Windows Server contacts a remote DNS server, this capability is negotiated and enabled if both ends support it, resulting in DNS record sets of a size greater than bytes. Unfortunately, some firewalls have trouble with this enhancement as they are configured to drop DNS packets in excess of bytes.
As you can imagine, this will result in significant problems with DNS servers on opposite sides of the firewall! It will drop back to using the RFC defined limits. These tools are located in the Support Tools folder on the Windows Server CD and can be installed by running the suptools.
You should restart the DNS service after you make this change.
0コメント