Deploying Standalone DNS (Domain Name System) in Windows Server 2022

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everybody troy here and this video is part of my series on local area network management fundamentals we're going to look at one of the cornerstones of land management our friend dns domain name system we're going to be installing a standalone dns server in windows server 2022 we'll configure the primary forward and reverse lookup zones for both ipv4 and ipv6 so we can resolve dns queries from windows 10 client let's get this done all right as always we're going to go step by step through this deployment the time stamps for each section are listed in the description of the video below feel free to jump to the section you're looking for or walk with me step by step through this deployment as we set this up okay let's kick off with my network infrastructure as you can see from the diagram i'm running two virtual machines connected with a hyper-v private switch that means that these machines are addressed individually and specifically isolated from my host operating system i'm running two virtual machines the first one is a installation of windows server 2022 and the second is a client pc running an installation of windows 10 professional you can see that i'm going to be installing a standalone dns role and the addressing is listed for both of these machines in the diagram ahead of you now i will stress this as a standalone dns installation there is no active directory involved there will be a video coming up in the series deploying active directory with dns and when that video is ready it's going to show up in the description in the link below now with respect to core configuration on these machines the only thing that i've done is name the machine according to my topology and assign an ipv4 and an ipv6 address and confirm connectivity aside from that we'll be doing everything else in the video let's take a look at my machines there's my hyper-v manager running in the background let's take a quick look at our dns bacon machine so we are trying to build the authoritative source for bacon.com bacon everybody loves bacon let's start off in our server manager and we will install the dns roll i'm going to get rid of that pop-up here i'm going to start with my add roles and features option and this will lead me into the wizard where i add the requisite role for dns now the wizard gives me a few suggested pre-deployment configurations i should have us an administrator account with a strong password i should have a statically assigned ip address i should have run windows update to ensure my my my patches and security updates are run however this is just a lab environment so i'm not too concerned about that i'm going to click on the role based installation and you'll see i'm going to verify that i do have that valid ip address if i saw a 169 254 or otherwise known as an apipa or an auto provisioned ip address i would stop exit the wizard i'd go back and confirm those network settings because that static address is going to be very important for the records that are set up during this process everything looks good though i'm going to flip ahead and select the dns role including the management tools in the dns server tools that come with hit yes next i have no additional features that i want to add i'm going to hit next and away i go now there's an option here that will let me restart the the server automatically if required and this is deliberately set because if this were a production environment machine i don't want to perform an installation that's going to reboot a production machine without my preparation so by default it will not turn off without your knowledge that is unchecked i'm just going to now install the tools you'll see it's going to start this installation it'll just take a second i'll pause the video and fast forward and we're back so you can see my installation is completed and before i click close i do want to show you this section right here export configuration settings this is a handy little tool inside the wizard that allows me to export the configuration that i just set up so it could be subsequently run in different installations using powershell we will try to get to that in another video as well but i'm going to hit close and you'll see that a few services here have popped up i'm not going to worry about those for a second because i want to point to you on the left hand side there is now a dns tool ready here i can click here and you'll see that now my server is recognizing the dns role now i want to do is pop in and do some configuration let's go under the tools option and i'll see that i have a snap in for domain name system there we go i'm now looking at my dns manager and as i click on my server which is the dns bacon is the name of my machine you can see that i can expand here the tree on the left now you'll see that i have no zones added so this simply installed the role of dns i haven't made it the authoritative source for anything yet now it is going to be the authoritative source for the namespace called bacon.com so i'm going to use the tools embedded in the dns management snap in to set that up so now one of the primary jobs of dns is to resolve queries it's a translator it's a database it's a library of records those records provide all sorts of information to clients one of the most common requests is translating or resolving a name of a machine or a host or an object on our network with its corresponding ip address we call that a forward lookup i want to look up the name of something and find out the ip address i'm going to do that with by creating a forward lookup zone i'm going to right click select new zone up comes a wizard that's going to walk me through the creation i hit next i get a series of options for the zone i can create a primary zone which is going to make this zone the authoritative source of all the records inside it i could create a secondary zone which is a copy of a zone transferred from another server i'll be doing that in another video finally there's a third option called a stub zone which is a smaller subsection of a secondary zone where it only contains only brings over a subset of records what i'm going to do in this video is a primary zone and i have to create the zone name now this is my dns namespace now i've established in the beginning that that this namespace is going to be bacon.com this is the bounded or the dns namespace for this particular environment let's hit next and it's going to create a file to hold these records called bacon.com.dns i'll hit next again and now i get some options associated with how the records are going to be put in this zone you can see that it can be updated dynamically which means these records could propagate and be built as dns queries come in now this is a standalone server i'm not going to allow those dynamic updates which means for the purposes of this lab i have to do them manually i'm going to hit next and i get a summary screen that completes the construction of this zone now let's take a look now at my new folder you can see that two records have been built the first one is something called a start of a start of authority an soa record i can right click take a look at the properties and you can see that i have several tabs that tell me about the creation and the properties of this record the name server is not yet set now i want this machine to be a name server so i'm going to validate this name i'm going to select the edit button and it gives me a chance to create a connection to a name server well let's resolve this and see what it's found now i correctly found that this is a valid name server for the dns zone both on an ipv4 and ipv6 basis so that resolution was fairly important because that clarified the record i'm going to hit apply and close that now let's take a look at this record here this name server if i go to properties again i'm actually in the same place what i'm seeing here is the same the same options that i had before there's my start of authority that's the name server tab that i was just on a second ago again i can edit and validate that these records are fully resolved for this environment which means that these two addresses are going to serve as a name server and provide resolutions of queries that come their way let's click ok i'm going to click apply i'm going to click close now notice there are no other records here the reason is because we selected when we created this zone these records are not to be dynamically updated there are no records here that will be that will appear unless we manually create them the first thing we should do is set up a record for this server what i want to do is find be able to create something we call a glue record or a host record or formally an a record that will let other machines identify the name of this particular machine now our machine name here if i go under my system options here you see that the name of this machine is there's right dns bacon okay so what i'm going to do here is i'm going to create an a record for that new host a record dns dash bacon so this is the server now see what's happened here it is now created something called the fully qualified domain name so the bacon.com namespace has a machine in it a computer a server in this case called dns bacon the fully qualified domain name of that machine is dnsbacon.bacon.com and the ip address is going to match the topology that i set 192.168.0.1 now that's already been set in my network tcpip settings i'm just going to type them in here 192.168. oh we can type that properly 0.1 and now we have an option to create this thing that's called an associated pointer record now a ptr or a pointer record that's for reverse lookups that lets me translate ip addresses to the name now i haven't actually created a reverse zone where these records live so even if i clicked to create one it it can't create one because the zone that this record lives in doesn't exist yet we'll fix that let's hit add host and done and now you can see here that we now have an a record here let's do some validation some verification i'm going to go to my command line and i'm going to do an ipconfig and i'm just going to verify what you should be seeing here on this machine i set up the tcpip settings to include the address of 192.168.0.1 and the dns server my preferred ipv4 dns server is 192.168.0.1 so it is the preferred server for itself so when it's actually trying to resolve queries it's going to be looking to this address the way that we'll see that is through a tool called nslookup and what i'm going to do is i'm going to type in nslookup and i'm going to say hey i want to look up a machine called dnsbacon.bacon.com that's the fully qualified domain name of this server and if i hit enter it's going to resolve that with the answer in the record now notice what happened here the first thing that i can see is that it looked for actually the ipv6 address which i can see is actually right there it is one of my stipulated servers and it took just a second but it did return the record so i'll explain this part in a second but what happened here is that i did a successful lookup excellent now let's recraft our lookup a little bit what i want to do here is i don't want this server to respond what i want is i want this server to respond even though you and i both know it's the same server the computer doesn't i want the ipv4 version or the ipv4 address to be the resolution for this so the way i'm going to do that it's going to do a little bit of an up arrow here and this time i'm gonna i'm gonna append this request with the name of the server 0.1 so what i'm actually saying now is i want my ns look up to look for dnsbacon.bacon.com uh and the server that i want to respond the answer the server that i want to give the query is 192.168.0.1 i'm going to hit enter and there we go the server that responded was now my ipv4 version of the server now look i got this unknown here i wonder why that is we'll figure that out in a second but it did resolve the information contained in this a record now as you can see i'm running both ipv4 and ipv6 so i could add the ipv6 version of this the forward lookup and i can do that by adding doing a right click here adding a new host now this is a quad a record and what i'm going to do is i'm going to type in this dns-bacon.com and i'm going to add the ip address according to my topology right here this is going to be 2002 colon ac dc colon colon 1 on a 64. so it is going to be 2002 colon ac dc golden colon 1 hit add host away we go and we are done now you'll see that i have an a record and a quad a record let's go back and run that ns lookup again let's see what i get look at that now i have two addresses so not only did the the query respond with the ipv4 address but now i've got the ipv6 address so both of these records showed up in my ns lookup fantastic we're rocking with fire i want to fix this unknown thing look at this this is still driving me crazy why is that okay well here's the reason i've asked the server to use one of these addresses and the problem is is the server says okay i need an answer to this query i need to resolve the the question who is or what is the ip address for the machine called dns bacon.bacon.com the section here of this response is clarifying the server that's responding with the information now it says i absolutely know the ipv4 address of the server but i don't know the name of it the reason it doesn't know the name of it is it has no information to take an ip address and convert that or translate it or resolve it to a fully qualified domain name so let's fix that problem what i'm going to do is i'm going to go to my reverse lookup zone and i'm going to create a new zone the reverse lookup zones give me records that let me take an ip address and find the name of a machine i'm going to right click create a new zone and i'm going to follow the wizard again let's create a primary zone and this is going to be ipv4 we're going to have to do this twice because you can see ipv6 is going to be handled differently i'm going to click ipv4 click next and now i get a chance to enter the network id now this is the network portion of the namespace that this zone will be the authoritative source for now my network id is a slash 24 and this happens to be a 192.168.0 network i'm going to hit next and there's the file that's created look at it's backwards because it's reading it's technically reading the fully qualified domain and the network right to left is what's going on there i'm going to accept the default name i'm going to hit next again it gives me a chance to decide whether i'm going to allow these records to be dynamically updated meaning automatically updated again because this is a standalone server i can't validate the sources i'm going to keep this as a manual process i'm not going to allow dynamic updates and hit next my wizard finishes and now you can see i have a new reverse lookup zone and look at this it it created new records an soa record and it created a name server now again i have that same problem that i had before so this is why it's really important to validate these records i see that the name server is not resolved i'm going to click on the edit button and i'm going to ask the server to resolve itself and it finds that it has both an ipv4 and an ipv6 address excellent i'm going to click apply close and you'll see now i can add reverse i can add pointer records i have different options if i go under the forward lookup zone here and i right click look at the options i have here so all of these are different style of records and you can look those up and see what those records do right now i'm only trying to do a records quad a records and pointer records no there's no pointer record here because a pointer record goes number to name or ip address to fully qualified domain name an a record goes fully qualified domain name to an ip address i've got two records in there i'm going to go to my reverse lookup zone i'm going to right click and i'm going to create a new pointer record okay there we go it says what's the ip address of this host well i'm going to build a record for the server the ip address is dot one one nine two one six eight zero dot one and the name of this host i can actually browse for it i can actually go into my forward lookup and i can find there's the record right there that's the record in my forward lookup zone i can actually select so there's no chance of me mistyping it and now you can see i have both a forward and a reverse record for my server called dns-bacon.bacon.com let's verify that in nslookup i'm going to click back here and now what i'm going to do is i'm going to do the same lookup just do the same lookup and i'm going to see look what's changed so you can see right out of the gate something cool has been fixed so the nslookup the server was now able to resolve it it was able to say i'm sending a query to this server which is 192.1680.1 i wonder who that server is if there's a pointer record for it i could take the number and i can find the fully qualified domain name of this in which case the fqdn the fully qualified domain name is dns.bacon.bacon.com we got that from right here this pointer record and now i could do the same thing for ipv6 only let's watch the problem here what i'm going to do is i'm going to go to ns lookup and i'm going to look for a forward lookup of dns bacon.bacon.com i want to ask it on the ipv4 6 address ac dc golden colon 1. let's see what happens there and i'm going to hit enter i might get a little bit of a time out there oh but it did give me the answer so again i was successful in obtaining the records okay my lookup is working but again i got this unknown reason being is that my server said i asked the server that lives at two zero zero two colon ac dc colon colon 1 it gave me answers however i don't know the name of that server because i was unable to resolve it however we can fix that the same way we did with ipv4 i'm going to right click new zone and i'm going to click on another primary zone this time guess what an ipv6 reverse lookup zone so now everybody i've got two lookup zones for reverse i've got one primary forward and i've got two primary reverse what's my prefix my prefixes 2002 colon ac dc colon colon slash 64. that's the network address with the prefix i'm going to hit next i'm going to create a new file and i'm going to go let's create an ipv6 rev look excellent click ok i'm not going to allow dynamic updates let's hit finish there's my file right there and i'm going to now go back to mybacon.com let's right click select properties i'm going to update my record right here click update apply and go back notice how it took that command because if i go back here and i do a little bit of a refresh right here there's my record let me go back here and just validate my soa you can see how this typically is a pain in the butt i'm going to go to my name server hit edit resolve there's my addresses my record is validated i'm going to click apply hit ok and away i go now watch this if i go back here and i'm going to hit my bacon.com i'm nslookupdns.bacon.com do the same thing again and there is my successful lookup right there you see it's validated okay now what have i done let's let's unpack this i have created three primary zones the first primary zone was a forward lookup zone that contains both a records and quad a records it lets me translate the name of a server or a machine a fully qualified domain name to an ip address both ipv4 and ipv6 i then created two separate and distinct reverse lookup zones the first one was ipv4 it contained the associated ptr or pointer records with ipv4 addresses and i created a ipv6 forward primary lookup zone for quad a records that live in my forward lookup zone excellent so i validated this through lookup let's do one last thing and validate with my windows 10 client okay now what i'm going to do here is i'm going to go back to let's minimize this and go to my windows 10 pc now i'm going to go back to my command line let's take a look here and i'm going to do a quick little ipconfig let's type that in properly please and forward slash all there we go let's take a quick look here you see that i have preset when i set this machine up i set it up to have two dns servers ipv4 and ipv6 and these i've already confirmed my connectivity to that server so what i'm going to do now is i'm going to ask the server to do an ns lookup let's get in there ns look up and let's look up the server called dns dash bacon there we go dot bacon dot com you see what i've done i've i've typed in the full fully called fully qualified domain name and the server that i want to respond i'd like it to be 192.168.0 that's the address of the server that i want to have the response from and i got the same successful lookup that i did when i was on the command line of the server fantastic what about this machine though okay this machine is called pc01 what if i did a lookup for myself what i want to do is i want to find out mi on here as a pc let's type in pc01 hit enter and it says no no no i cannot find you i do not have a record so the server called dns bacon at dotbacon.com at this address could not find a record that said i have an ip address for this machine called pc 0.1 now what i'm going to do though is i'm going to go back in what if i fix the let's see if i can do this here let's look up the fully qualified name bacon.com maybe that's it nope same problem well this is the reason is that we don't actually have a record here let's go back to the server and let's add a record for pc01 and that problem is going to go away let's bring up my dns again i'm going to go to my forward lookup and i'm going to right click and i'm going to create a new a file pc01 and you can see that it's already adding the correct name space for my fully qualified domain name and the ip address for this is 192.168.0.10. let's go back here nine two one six eight zero ten and now because the reverse zone is already created if i have this checkbox enabled when i add the host it's gonna create not only my forward look up but my revert let me refresh there it is my reverse lookup and so now if i go back here and i say do you know the computer so if i if i say to hey mr server who lives at 192.1680.1 do you know the address the ip address of the computer called pc01.bacon.com and the answer is and the answer is yes i do see so i can see now i have successfully looked up the a record what about the quad a record what about the ipv6 well this computer has an address which is 2002 ac dc colon colon 10. let's go add that record in there as well i'm going to go to bacon.com forward look up right click add a quad a record pc 0 1 and the ip address is 2002 pardon me 2002 ac dc colon colon 10. i'm going to ensure that this is checked off because it does have a reverse lookup zone ready for us to go i'm going to hit add host and not only did it create the quad a record if i pop it down here and i do a little refresh in this reverse lookup zone you'll see that it has the ipv6 address for pc01.bacon.com i'm going to go back to my pc and let's do another look up here and i'm going to hit enter and now you can see that i have both addresses resolved from this server and i can actually i can ask not only it on the ipv4 but i can ask for it on the ipv6 2002 ac dc colon colon one that's the ip address of my dns server and when i ask it on that address i get equally a good result now guess what because i've got forward and reverse lookup zones for my machine i can actually say i would like not necessarily the address but i could say please give me the ipv4 and ipv6 address for the machine called pc01.bacon.com and the server i'd like to respond is dns dash bacon.bacon.com hit enter and that works as well so now i can resolve based on either the ip address or the fqdn of the server so what i've now been able to do was create a completely completely standalone authoritative zone full of records that will resolve name to ip and ip to name of all the machines on my network now we got lots more to do hopefully that came together for you as nicely as it did for me we've got lots of other videos in the series take a boo through some of these other lan management fundamentals hopefully that helps out see you again soon
Info
Channel: Troy Berg
Views: 7,016
Rating: undefined out of 5
Keywords:
Id: 8lzaqKxRjvE
Channel Id: undefined
Length: 29min 33sec (1773 seconds)
Published: Sun Jan 23 2022
Related Videos
Configuring Transfers Between Primary and Secondary DNS Zones in Windows Server 2022
Troy Berg
4K
DNS Records Explained
PowerCert Animated Videos
244K
You want a real DNS Server at home? (bind9 + docker)
Christian Lempa
226K
Network Protocols - ARP, FTP, SMTP, HTTP, SSL, TLS, HTTPS, DNS, DHCP - Networking Fundamentals - L6
Practical Networking
1.8M
Configuring DHCP Load Balancing and Failover Using Windows Server 2022
Troy Berg
5.7K
DNS Essentials - Understanding & Working With DNS
ittaster
135K
Configuring Dynamic Host Control Protocol (DHCP) in Windows Server 2022
Troy Berg
3.9K
Linux DNS Server Configuration for Beginners
SkillsBuild Training
13K
DNS Zones
ITFreeTraining
213K
Introduction to Using DNS Server on Windows Server 2012
Eli the Computer Guy
550K
Getting Started with Nessus Essentials - From Installation to Your First Vulnerability Scan
Troy Berg
4K
Windows Server 2022 - Joining A Windows 11 Computer To A Domain | Session 3
ittaster
31K
Virtual Machines vs Containers
PowerCert Animated Videos
781K
PowerShell Made Easy
Andy Malone MVP
85K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.