Home-Payment systems-How to enable DNS server on a laptop. DNS server is not responding

How to enable DNS server on a laptop. DNS server is not responding

The modern Internet is nothing more than a multitude of different computers, laptops and mobile devices interconnected into one network. Essentially, all these devices are servers. After all, each of them has an IP address, which is unique. It is thanks to IP that devices are identified on the global network.

At the same time, the Internet requires two types of servers: main and auxiliary. The first one is used to host user sites. Depending on how much information is sent and received, the server can store different number sites - from one (facebook.com, mail.ru, odnoklassniki.ru) to many thousands. The second type is represented by auxiliary servers that help the main network operate, providing general interaction. One type of such auxiliary devices is DNS servers.

What is a DNS server and what is it used for?

A DNS server is essentially a computer, but not quite. It serves to host a distributed database that is part of the Domain Name System (DNS), which is used to receive, transmit, and communicate to users information about domains of interest. DNS servers are connected to a network and interact with each other using a specific protocol.

A simpler description can be given. With the help of a DNS server, the correspondence of the site’s familiar name to its IP address is determined. This information is stored in a constantly updated database.

Let's look at the whole sequence in practice. The browser in which the user opens the site initially contacts the DNS server and notifies it that it wants to find and get to the site whose address is entered in the text field of the address bar. Let's move on. The DNS server determines from its database where in the network a site with that name is located, matching it with the IP address of the server with the resource located on it and sends a request there. As a result, a response is generated consisting of a set various files, making up the site itself (HTML documents, images and tables, CSS styles) and is sent to the user’s browser.

Where are the DNS server settings and how to find out its address in Windows 7

Let's consider a situation where a user on his computer is running Windows control 7 calmly “travels” on the Internet. This means that the DNS server is working. You can verify this by going through the “Administration” tab of the control panel in the “Services” menu and look at the status of the DNS client. The service must be enabled when selected automatic type launch.

In order to find out the DNS server address, you should use the ipconfig /all command by entering it in the command line of the cmd.exe utility running as administrator.

How to install and configure: instructions

The DNS server is connected when configuring the network protocol.

Startup sequence:

  1. Select a network connection at the bottom of the desktop (right in the tray) by clicking on the corresponding icon, and in the pop-up window that opens, follow the link to the network connection management tab.
  2. Select a valid connection and in the window that opens, click the “Properties” button.
  3. Select the TCP/IPv4 Internet Protocol properties settings tab.
  4. Check the radio buttons to automatically obtain IP addresses and DNS servers, click OK and close all open tabs.

It should be noted that such automatic configuration is only possible if the DHCP client service is enabled, which ensures the launch and operation of a DHCP server on the network. Its settings can be viewed and changed by selecting the appropriate item in open window system services"Administration" tab of the control panel.

At automatic configuration The provider's DNS servers are used. This is not always advisable, as difficulties may arise. For example, the provider’s servers are not always able to cope with the resulting load and do not perform filtering. In this case, it is preferable to connect through large, well-known companies.

Yandex DNS servers:

  • 88.8.8;
  • 88.8.1.

Google DNS servers:

  • 8.8.8;
  • 8.4.4.

OpenDNS DNS servers:

  • 67.222.222;
  • 67.220.220.

Depending on the selected company, a pair of addresses is entered in the Internet Protocol properties window in the fields of the preferred and alternative DNS server when the radio button for their use is checked.

Possible problems and ways to solve them

If you have problems accessing the Internet, then do not rush to get upset. It is quite possible that this happened due to problems with the DNS server.

Main problems:

  • The Internet disappears and it is impossible to open a single site;
  • sites do not open in the browser, but the torrent client continues to work;
  • when trying to reboot network adapter the process freezes;
  • It is impossible to restart the DNS client, and an error is displayed.

It may happen that your provider has enabled blocking of some DNS servers, or the addresses specified in the network protocol settings have become unavailable. The solution to the problem is very simple. First, try changing the DNS server addresses, and if this doesn’t work, then enable them automatic receipt. If the problem is not solved, then you should look for another reason or contact a service center.

Video: What to do if DNS is not responding and how to fix other problems

DHCP server and its difference from DNS

A DHCP server is an auxiliary type of server that contains network protocol, providing dynamic configuration node at the stage of automatic configuration of any network device connected to the Internet. The network administrator sets only the range of addresses. In this case, there is no manual configuration and, accordingly, the number of errors that occur is reduced. This happens because the server automatically distributes addresses between computers in accordance with the specified range. Most TCP/IP networks operate using the DHCP protocol.

As many of you probably know, DNS Domain Name System - Domain Name System) became the name resolution system used in Windows. Without it, computers would take much longer to connect to each other. However, many administrators still use Windows Internet Name Service (WINS) and have little or no experience with DNS. If you fall into this category, this article is for you. It describes how to install, configure, and troubleshoot a DNS server on Windows Server 2008.

Installing a DNS server.

You can set the DNS server from the Control Panel ( Control Panel) or when converting a member server to a domain controller, as shown in Image A. During the conversion, the system, not finding a DNS server, will prompt you to install it.

Image A: Domain Controller

To set the DNS server from the Control Panel:

  • From the Start menu, select Control Panel| Administration (Administrative Tools) | Server Management.
  • Expand the tab and select the Roles object (image B).
  • Click Add Roles and follow the wizard, selecting DNS-server as the server role (Image C).
  • To install the DNS server on Windows Server 2008, click Install (Image D).

Image B. Expand the tab and select the Roles object

Image C. Role: DNS Server

Image D: DNS Setup

DNS Console and Configuration

Once complete, the DNS Server Management Console can be found in the Start | All Programs | Administration (Administrative Tools) | DNS. Windows 2008 has a built-in DNS Server Setup Wizard
To configure the DNS server, you will need to know the meaning of the following terms:

1…Forward lookup zone
2…Reverse lookup zone
3…Zone types

The forward lookup zone is responsible for resolving hostnames to IP addresses. The reverse lookup zone is responsible for recognizing the host's DNS name by the DNS server, that is, in fact, it is the opposite of the forward lookup zone. A reverse lookup zone is not required, but it is easily configured and provides full DNS functionality in Windows Server 2008 Server.

When choosing a type DNS zones given the following options: Active Directory(AD) Integrated, Standard Primary, and Standard Secondary. The AD Integrated zone stores information about a distributed database in AD and allows secure update database file. This option is only available if AD is configured accordingly. If you select it, AD will store and replicate zone files.

The Standard Primary zone stores the database in a text file that can be accessed by other DNS servers that also store information in text files. Finally the Standard Secondary zone creates a copy existing base data from another DNS server. This is necessary to equalize the load.

To open the DNS Server Setup Wizard:

1…
2...Highlight your computer name and click Action | Configure a DNS Server to launch the DNS Server Configuration Wizard.
3...Click Next and select the setting object: forward lookup zone, forward and reverse lookup zone, root hints only (Image E).
4...Click Next and then Yes to create the forward view zone (image F).
5...Tick the desired zone type (Image G).
6...Click Next and enter a name for the zone to be created.
7...Click Next and then Yes to create the reverse lookup zone.
8...Repeat step 5.
9...Select the reverse lookup zone protocol: IPv4 or IPv6 (Image H).
10... Click Next and enter the Reverse Lookup Zone ID (Image I).
11...You can create a new one or use a copy of an existing one DNS file(image J).
12...In the Dynamic Update window, select the DNS update method: secure, nonsecure, do not receive dynamic updates(no dynamic updates).
13...If desired, you can enable the forwarding DNS server in the Forwarders window (image K).
14...Click Finish (Image L).

Image E. Setup

Image F. Forward viewing area

Image G. Desired area

Image H. IPv4 or IPv6

Image I. Reverse Lookup Zone

Picture J. New or existing file DNS

Image K: Redirection Window

Image L. Completion

Managing DNS Records

Once the DNS server is installed and configured, you can add records to the created zone(s). There are several types of DNS records, many of which you may never use. The main ones are listed below:

  • SOA (Start of Authority) record - Initial zone record
  • NS (Name Server) Record - Name Server
  • Record A (Host) - Host record
  • PTR (Pointer) Record - Pointer
  • CNAME (Canonical Name) or Alias ​​record - Canonical entry name (Nickname)
  • MX Record (Mail Exchange) - Mail exchanger

Initial zone entry (SOA)

The SOA record is the primary record in any standard zone. On the Start of Authority tab, you can make any settings if necessary, for example, change the primary server on which the SOA record is stored or select the person responsible for managing the SOA. And finally, the main thing Windows feature 2008 is the ability to change the DNS server configuration without recreating it and deleting zones (image M).


Image M. Changing the configuration

Name servers

Name Servers records define server names for a specific domain. With their help, all names of primary and secondary servers are established.

To create an NS record:

  • Select the DNS object from the Administrative Tools folder to open the DNS server management console.
  • Expand the Forward Lookup Zone tab.
  • Click right click on the required domain and select the Properties menu item (image N).
  • Go to the Name Servers tab and click Add.
  • Enter the FQDN Server name and IP address of the DNS server to be added.


Image N. Name Server

A-record

The A record associates a hostname with an IP address. They help identify servers in the forward lookup zone and improve query performance in multi-zone environments. You can also create a pointer record (PTR) that associates a host's IP address with its name.

To create a new host:

  • Select the DNS object from the Administrative Tools folder to open the DNS server management console.
  • Expand the Forward Lookup Zone tab and click on the folder representing your domain.
  • From the Action menu, select New Host.
  • Enter the name and IP address of the node to be created (Image O).
  • Check the Create Associated Pointer (PTR) Record option if you want to create a pointer record (PTR) at the same time. Or you can create it later.
  • Click the Add Host button.


Image O. Record A

Record Reverse (PTR).

To perform reverse lookup requests, pointers (PTRs) create corresponding incoming messages in the reverse lookup zone. As you can see in Image H, when you create a host, you can also create a PTR record. If you have not used this option at that time, you can create an index at any time.

To create a PTR record:

  • Select the DNS object from the Administrative Tools folder to open the DNS server management console.
  • Select the reverse lookup zone where the index will be created.
  • From the Action menu, select the command New index(New Pointer) (Image P).
  • Enter the Host IP Number and Host Name.
  • Click OK.


Image P. New index

Canonical name (CNAME) or alias

A canonical name (CNAME) or alias allows a DNS server to assign multiple names to a single host. For example, an alias can contain multiple entries that point to a single server in the environment. This is often used when the web server and mail server are on the same machine.

To create an alias:

  • Select the DNS object from the Administrative Tools folder to open the DNS server management console.
  • From the Action menu, select New Alias.
  • Enter the canonical Alias ​​Name (Image Q).
  • Enter full name domain (Fully qualified domain name, FQDN).
  • Click OK.

Image Q. Canonical name

MX record

This entry indicates mail exchange servers in the database DNS data inside the zone. With its help, you can assign priorities and track the placement of all mail servers.

To create an MX record:

  • Select the DNS object from the Administrative Tools folder to open the DNS server management console.
  • Expand the Forward Lookup Zone tab and select the folder representing your domain.
  • From the Action menu, select New Mail Exchanger.
  • Enter the Host or Domain name (Image R).
  • Enter Name mail server (Mail Server Name) and set the Mail Server Priority.
  • Click OK.


Image R. Node or Domain

Other new entries

You can create other types of posts. For detailed description In the DNS console window, select Other New Records from the Action menu (image S). Select any entry and read its description.


Image S: Creating entries in the DNS console

Troubleshooting DNS servers

The best assistant in troubleshooting DNS servers is the nslookup utility. It is flexible and easy to use utility command line, included with Windows 2008. It can test DNS server queries, which can help identify the causes of name resolution problems and other related problems. You can run nslookup (image T) directly from the DNS management console.

Continuing the topic of website building, let's talk about this important aspect How does the Domain Name System (DNS) work? Many issues related to the initial placement, as well as the transfer of sites between different servers and hostings, are associated with the setup and location of the DNS zone. Understanding how the domain name system works allows you to easily manage own domains and related sites and other services.

What's happened domain name? For many, this is synonymous with a website address, for example, www.site. By typing this address, you are firmly confident that you will end up on this site and not somewhere else. At the same time, a domain name can designate not only a website, but also an email server, short messaging server, or other Internet and network service. Domain names are included in domain zones, which are located within each other in a hierarchical order.

In a general sense, a domain is a symbolic name that allows you to uniquely address an autonomous namespace on the Internet. And not only address, but also allow any client to quickly find the required node, without even having the slightest idea about its location. It is no exaggeration to say that the DNS system is the basis of the modern Internet in the form in which we all know and are accustomed to it.

The DNS system is global and has a strict hierarchy. Let's consider the following diagram:

The top level of the hierarchy is the root domain, denoted by a dot, which contains information about first-level domains, e.g. ru, com, org etc. The work of the root zone is ensured by 13 root servers located around the world and constantly replicating their data among themselves. In fact, there are more root servers, but protocol features allow you to specify only 13 nodes top level, therefore, the scalability and fault tolerance of the system is ensured by the mirrors of each root server.

First-level domains are domain zones familiar to us and can be managed by both national and international organizations and have their own terms of use. Each first-level domain zone allows you to place an unlimited number of second-level domains, which are familiar to every Internet user as website addresses.

In turn, second-level domains are also domain zones and allow you to place third-level domains, into which, like in a nesting doll, you can place domains of the fourth, fifth, etc. levels. In order to be able to unambiguously identify nodes located in different zones, the concept fully specific name domain (FQDN, Fully Qualified Domain Name), which includes all parent domain names in the DNS hierarchy. For example, for our site the FQDN will be: website. Exactly like that, ending with a dot indicating the root zone.

This is very important point. In everyday use, it is customary to discard the trailing period, but in DNS records the absence last point means that this domain name belongs to the current domain zone, i.e. The DNS server will add to this name its own domain zone and all higher-level zones up to the root.

For example, on our server in the zone website we add a CNAME type record that will point to third party server, say, Yandex mail. The correct entry should look like this:

MailIN CNAMEdomain.mail.yandex.net.

IN in this case name mail is not an FQDN and will be expanded to mail.site., if we forget to put a period at the end of the Yandex domain name, then this name will also not be perceived as an FQDN and must be completed with the full domain name. The following is an incorrect entry:

Mail IN CNAME domain.mail.yandex.net

It’s difficult to notice the difference with the untrained eye, but instead of the Yandex mail web interface, this design will send us to a non-existent address: domain.mail.yandex.net.site.

One more thing. All records for a domain zone are entered by zone administrators on their own DNS servers, how do these records become known to the DNS system? After all, we do not notify higher-level DNS servers that we have changed any record.

Any DNS zone contains records only about its member nodes and child zones. Information about nodes in a downstream zone is stored on its own servers. This is called delegation and allows you to reduce the load on root servers and provide the necessary autonomy to the owners of child domain zones.

So you bought a domain, let's say example.org, after which you must delegate it, i.e. specify name servers (DNS servers) that will contain records for this file zone. These can be either your own servers or public services, for example, Yandex DNS.

In this case, in the domain zone org an entry will be added:

Example IN NS dns1.yandex.net.

Which will indicate that all records of this zone are located on the server dns1.yandex.net. According to the rules, each domain zone must have at least two NS servers located in different subnets. In practice, they often make do with one server, purchasing two IP addresses for it from different ranges.

Now let's look at how the search for the DNS record we need occurs and why the record made on your server allows visitors from anywhere in the world to get to your site.

Let's say the user wants to visit popular resource Yandex Market, it dials in address bar browser corresponding to the site name and presses the Enter button. In order to display the contents of a page to the user, the browser must send a request to the web server serving the site, and for this you need to know its IP address. Therefore, the browser contacts the DNS client to find out which address matches the domain name entered by the user.

In turn, the DNS client checks the entries in the hosts file, then in the local cache and, not finding it there necessary records, sends the request to the one specified in network settings DNS server. This will most likely be a local caching DNS proxy such as dnsmasq or a local enterprise DNS server. These solutions are usually not full-fledged servers of the global DNS system and are not part of it, serving only the local zone and caching DNS requests, so such a request, if the data is not in the cache, is transferred to a higher-level DNS server, usually the provider’s server.

Having received the request, the provider's server will check own recordings, then its own cache, and if the result is found, will report it to the client, otherwise the server will be forced to resort to recursion- search in the global DNS system. To better understand the mechanism of this process, we have prepared the following diagram:

So, the client sends a DNS request to the provider’s server in order to find out the domain address market.yandex.ru, the provider's server does not have such information, so it contacts one of the root servers, passing the request to it. The root server also does not have the necessary records, but responds that it knows the server responsible for the zone ru - a.dns.ripn.net. Along with this name, the root server can immediately report its IP address (and in most cases will), but it may not do this if it does not have such information, in which case, before contacting this server, you will need to do more one recursive query, only to determine his name.

Having found out the address of the server responsible for the ru zone, the provider’s server will send the request to it, but this server also does not have the necessary records, but will report what the zone is yandex server responds ns1.yandex.ru And Necessarily will give his address. Otherwise, the recursion will not be able to be completed, since the zone yandex the server located in the zone responds yandex. To do this, in the higher zone, in addition to the NS record about the name servers serving the zone, a "linked" A-record, which allows you to find out the address of such a server.

Finally, by sending a request to the server serving the zone yandex, the provider's server will receive the address of the required domain and report it to the client. It will also place the resulting result in cache for the time specified by the TTL value in the SOA record of this domain. In practice, since recursive queries are very expensive, record caching time for providers can ignore domain TTL values ​​and reach values ​​from two to four hours to several days or even a week.

Now let's look at one more point. Queries can be recursive or non-recursive. A recursive request provides for obtaining a ready-made answer, i.e. IP addresses or messages that the domain does not exist, is not delegated, etc. A non-recursive request provides a response only about the zone for which the given server is responsible or returns an error.

Since recursive queries are quite resource-intensive, most servers DNS networks process recursive queries non-recursively. Or they can do this selectively, for example, the provider’s DNS servers perform recursive queries only for their clients, and the rest non-recursively.

In our case, the client sent a recursive request to the provider's server, which, in turn, sequentially sent non-recursive requests until it found the required server, which gave the required response. At the same time, not only the results of the user request, but also the results of intermediate requests are placed in the cache of the provider’s server, which allows the following such requests to be executed non-recursively or with a minimum number of requests.

For example, if a user, after visiting Yandex Market, decides to use postal service, then the server will immediately send the request to ns1.yandex.ru, since it already knows which server contains records for the zone yandex.

From theory to practice

When you purchase a domain from a registrar, you will be asked to delegate it, i.e. specify the DNS servers on which the domain zone will be located. These can be registrar servers (usually free), hoster servers, public DNS-services or your own name servers, if it is located in the same domain zone, then you will also need to specify IP addresses. For example, this is what the domain delegation window looks like for one famous registrar:

What exactly should I put there? It depends on where and how you will host your site. If you use shared hosting, then all the necessary records are created by the hoster automatically, when you add your site to the hosting control panel, all you need is to delegate the domain to the hoster’s NS server, i.e. indicate them in this window. This method is well suited for beginners due to its simplicity, but there are also reverse side, the user’s ability to manage the DNS zone is absent or minimal. In addition, on shared hosting, the site’s IP address can be changed by administrators without notifying the user, so if you do not want to use the hoster’s NS server, then this issue should definitely be discussed with technical support.

If you are transferring a site to another hoster, then you will need to transfer the site and change the name servers of the old hoster to the servers of the new one at the registrar. But keep in mind that the information in the cache of DNS servers is not updated instantly, but at least after the TTL domain value has expired, so for some time your site may still be accessible at the old address. If you need to work with it urgently, you can, without waiting for your provider’s DNS cache to update, add it to the file hosts entry with the following content:

1.2.3.4 example.com

Where 1.2.3.4 And example.com accordingly, the new IP address and your domain name.

If you have your own VPS or want to completely control the domain zone, then you should use the registrar’s servers or public services. Creation own server names, in our opinion, is not a worthwhile idea, unless you do your own hosting.

In this case, you need to create at least two A records that will point to the web server serving the site in this domain:

@ IN A 1.2.3.4
www IN A 1.2.3.4

The dog character in DNS records denotes the domain itself, and you should also create a record for the www subdomain so that users who type the site address with www can also access it.

We will not consider adding entries for email; you can read about this in our article:

When migrating a site, you will only need to change the IP addresses in A-records and wait for the update DNS information. Usually, this is the most unpleasant moment - everything seems to be done, but you can’t change anything, you can only wait. But if you follow some recommendations, then this process can be carried out as painlessly and unnoticed by visitors as possible.

First of all, change the TTL value in the SOA record. By default, it is equal to several hours and that is how long you will have to wait for your entry in the DNS server cache to be updated. To find out the current TTL value, you can run the command by specifying the desired domain name:

Nslookup -typr=soa site

In our case it is 4 hours:

Therefore, at least 4 hours (old TTL value) before the planned transfer, change the TTL value to a lower value, for example, 900 (15 minutes). Then set your site to read-only mode and migrate it to new server. The site should not be turned off or transferred for maintenance; it can and should remain accessible. But you must prevent users from changing and adding information, i.e. prohibit registration, commenting, placing orders, etc. Also, be sure to prominently post a message about the technical work and an approximate completion date.

In order to work with a new server without changing DNS records, add the required line to hosts file. Having placed the site on the new site and made sure that it is working properly, change the DNS records, now within 15 minutes the first users will begin to visit your site on the new server. The functionality of the old server needs to be maintained for some time, ideally up to a week, since not all providers use the TTL value from the SOA record to update the cache; your own settings can be used to reduce the load on the equipment.

After a successful migration, the TTL value should be increased to its previous values ​​so as not to create unnecessary load on the name servers.

We have considered the most simple diagram, but in practice, in addition to the site, there is usually also office network, many of whose resources must also be available externally. Consider the following diagram:

We have public servers for the website and email and an office network for which we have allocated a subdomain office. If there are no special issues with the mail and web server, then there are options with the office area. Typically, a local zone is served by its own DNS and has no connection to the mother zone. For global DNS system zone office.example.com does not exist, but the host of the same name exists. This is justified if the enterprise network is behind NAT and its nodes have only gray addresses, and access from the outside is carried out only to the gateway to which the corresponding ports from internal nodes are forwarded.

In this case of DNS zone records example.com may look like this:

@ IN A 1.2.3.4
www IN A 1.2.3.4
mail IN A 1.2.3.5
office IN A 5.6.7.8

But some complexity arises; within the network, clients turn to network services by internal names: corp.office.example.com or rdp.office.example.com, which point to internal "gray" addresses." However, outside local network It is not possible to resolve the IP address for such names because there is no global DNS zone containing them. A mechanism called Split-DNS allows you to get out of this situation, which allows you to give different results depending on the client’s position.

In the local network, DNS requests of clients are served by local server, which has corresponding records, requests outside of it will be sent to the server serving the zone example.com. At the same time, everything corporate resources, which are represented by various servers on the local network, are accessible from the outside at a single address: office.example.com. Therefore, it's time to remember the nickname or CNAME record. This entry allows additional mnemonic names or aliases to be associated with the real hostname. Please note that using aliases in other entries is unacceptable. In our case, we should add the following entries:

Corp.office IN CNAME office.example.com.
rdp.office IN CNAME office.example.com.

Now a client, regardless of its location, can use the same name to access resources, but the results will be different. On the local network he will receive real address server and connect directly, and outside it will be directed to the network gateway.

Also, CNAME type records can be used to redirect outside the accepted domain zone. The main condition is that the CNAME record must point to a real name in FQDN format.

Another use of aliases is to shorten an address. Let's say, as a mail server for the entire domain example.com we want to use a server that is located in the Moscow office and has the address mail.office.msk.example.com, you must admit, it doesn’t look very attractive. It would be much more convenient to have an address like mail.example.com, there is nothing simpler, add the following entry:

Mail IN CNAME mail.office.msk.example.com.

But remember that in other resource records you should only use real names, so this record will be incorrect:

Example.com. IN MX 10 mail

The correct way would be:

Example.com. IN MX 10 mail.office.msk

Finally, let's talk about the delegation of domain zones. In the example above, we looked at a situation where within a domain different divisions are allocated their own subdomains, since each division has its own infrastructure, it makes sense to delegate management of their own domain zones to them. For this purpose in the zone example.com an NS and associated A record should be placed for each zone. For example:

Msk IN NS ns1.msk.example.com.
msk IN NS ns2.msk.example.com.

ns1.msk IN A 1.2.3.4
ns2.msk IN A 5.6.7.8

Now when accessing an address, let's say mail.office.msk.example.com zone name servers example.com will display the name and address of the server serving the zone msk.example.com. This allows zone administrators to make the necessary changes themselves without affecting the functioning of the parent zone or contacting its administrators for any issue that requires changing records.

  • Tags:

Please enable JavaScript to view the

Now let's go through the basic DNS settings.

Let's go to our DNS server and select DNS-right click. We see what's in context menu, you can create a new zone, set clearing properties for all zones, very convenient, clear the cache, run nslookup, and also restart.

Let's go to properties of this server. The first tab that interests us is Interfaces. It lists the interfaces that the DNS server should listen to.

The Forwarding Server tab allows you to set DNS that resolves everything else except the zones of this server, most often these are provider dns or Google ones like mine.

Additional tab.

Allows you to enable automatic removal old records

and also set where the zone will be loaded from at startup

The Monitor tab allows you to check whether your DNS settings are correct.

Trust anchors are needed to configure DNSSEC digital signature zones

Now let's look at the properties of a specific zone: right-click properties on the zone you need. The first one will be the General tab.

You can set the zone update, it is better to leave it as safe

The Clear button enables the removal of old records for this zone; the numbers specified here are summed up with the number specified in the DNS server properties.

Initial zone entry (SOA)

The serial number is the zone number; DNS servers rely on it to check whether any updates have occurred since the last synchronization.

Primary server - The server responsible for this zone

Responsible person - here you can enter the email address of the person responsible.

Well, everything about intervals is clear from the name.

Let's return to the general tab and select AD Integrated Edit

We see that here you can change the zone type and, if you want, remove the checkbox, store it not in AD but in a file.

If you uncheck the box, the zone will be saved to a file

The Replication Edit option allows you to select the zone replica level.

Configuring replication of Active Directory-integrated zones

Active Directory-integrated zones can only be installed on domain controllers that have the DNS Server role installed. Active Directory-integrated zones, unlike standard zones, provide multi-level data replication, simplified configuration, and increased security and efficiency. With Active Directory-integrated storage, DNS clients can push updates to any Active Directory-integrated DNS server. These updates are then copied through replication to other Active Directory-integrated DNS servers.

Replication and Application Directory Partition

DNS data for a single zone can be replicated among domain controllers in various ways, depending on the application directory partition where the DNS zone data is stored.

A partition is a data structure in Active Directory that defines the data to be replicated. By default, domain controllers include two application directory partitions reserved for DNS data: DomainDnsZones and ForestDnsZones. The DomainDnsZones partition is replicated across all domain controllers that are also DNS servers in the individual domain, and the ForestDnsZones partition is replicated across all domain controllers that are also DNS servers in each domain in the Active Directory forest.

Each of these application directory partitions is named after the FQDN of the child DNS domain. These keys can be viewed in DNS Manager. In addition, each zone contains the name DomainDnsZones, which identifies the partition that is replicated only in local domains.

In addition to these two partitions, you can also create a custom or user-defined partition in the Application Catalog and name it as you wish. You can then configure a zone to store data in this new structure. Default new section The application directory exists only on the server where it is created, however, other servers can be listed in this section so that the replication data of its contents is copied there.

Storing DNS data in a domain partition Active Directory-integrated zone data is stored in the domain partition along with the rest of the domain data. In this configuration, DNS data is replicated not only across the domain controllers that are also DNS servers, but across all local domain controllers. However, when using this option, it generates additional traffic replication. It should be used to replicate DNS data to Windows computers Server 2000.

Selecting a zone replication scope

The partition in which a zone is stored effectively defines the replication scope for that Active Directory-integrated zone. When you use the Dcpromo program to designate a server as a new domain controller, a new Active Direcrory-integrated zone is automatically created in the DomainDnsZones section. However, when you create a new zone using the New Zone Wizard, you can select a partition to save the zone on the Active Directory Zone Replication Scope page.

The Active Directory Zone Replication Scope page provides four options.

For everyoneDNS-servers in this forest (ThatAll DNS Servers In This Forest)

The new zone is saved in the ForestDnsZones section. Every domain controller in the entire forest where the DNS server is installed will receive a copy of this zone.

For everyoneDNSservers in this domain (ThatAll DNS Servers In This Domain)

The new zone is saved in the DomainDnsZones section. Each local domain controller where the DNS server is installed will receive a copy of this zone.

For all domain controllers in this domain (ThatAll Domain Controllers In ThisDomain)

The zone is stored in the domain partition. Each local domain controller will receive a copy of this zone, regardless of whether there is a DNS server installed on it.

On All controllers domain, specified V region given section catalog(ThatAll Domain Controllers Specified In The Scope Of This Directory Partition)

The zone is saved in a user-created partition of the application directory that is listed in the drop-down list. In order for a domain controller to be included in the scope of such a directory partition, you must manually specify the domain controller in the partition.

The replication scope of a created zone can be changed at any time. To do this, on the General tab, click the Change button next to the replication option.

The Change Zone Replication Scope dialog box opens, providing the same replication scope selection options as the New Zone Wizard page.

When choosing a replication area, you need to take into account that increasing this area leads to an increase in volume network traffic related to replication. For example, if you choose to replicate an Active Directory-integrated zone to all DNS servers in the forest, the volume of network traffic will be greater than if you replicate DNS zone data only to all DNS servers in the local domain. On the other hand, replicating zone data to all DNS servers in the forest can speed up name resolution and provide fault tolerance.

NOTE: Re-creating zonesDomalnDnsZonesAndForestDnsZones

Deleted or damaged application directory partitions can be recreated in DNS Manager by right-clicking the server node and using the Create Default Application Directory Partitions command.

In the next article we will talk about nslookup dnscmd and the Directory section.



Related publications: