How to configure DNS for Internet access in Windows Server 2003 (323380)


The information in this article applies to:

  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, 64-Bit Datacenter Edition
  • Microsoft Windows Server 2003, 64-Bit Enterprise Edition
  • Microsoft Windows Small Business Server 2003, Standard Edition
  • Microsoft Windows Small Business Server 2003, Premium Edition
This article was previously published under Q323380
For a Microsoft Windows 2000 version of this article, see 300202.

IN THIS TASK

SUMMARY

This step-by-step guide describes how to configure Domain Name System (DNS) for Internet access in the Windows Server2003 products. DNS is the core name resolution tool that is used on the Internet. DNS handles resolution between host names and Internet addresses.

back to the top

How to Start with a Stand-Alone Server Running Windows Server 2003

The stand-alone server running Windows Server 2003 becomes a DNS server for your network. In the first step, you assign this server a static Internet Protocol (IP) address. DNS servers must not use dynamically assigned IP addresses because a dynamic change of address could cause clients to lose contact with the DNS server.

back to the top

Step 1: Configure TCP/IP

  1. Click Start, point to Control Panel, point to Network Connections, and then click Local Area Connection.
  2. Click Properties.
  3. Click Internet Protocol (TCP/IP), and then click Properties.
  4. Click the General tab.
  5. Click Use the following IP address, and then type the IP address, subnet mask, and default gateway address in the appropriate boxes.
  6. Click Advanced, and then click the DNS tab.
  7. Click Append primary and connection specific DNS suffixes.
  8. Click to select the Append parent suffixes of the primary DNS suffix check box.
  9. Click to select the Register this connection's addresses in DNS check box.

    Note that DNS servers running Windows Server 2003 must point to themselves for DNS. If this server needs to resolve names from its Internet service provider (ISP), you must configure a forwarder. Forwarders are discussed in the How to Configure Forwarders section later in this article.
  10. Click OK three times.

    NOTE: If you receive a warning from the DNS Caching Resolver service, click OK to dismiss the warning. The caching resolver is trying to contact the DNS server, but you have not finished configuring the server.
back to the top

Step 2: Install Microsoft DNS Server

  1. Click Start, point to Control Panel, and then click Add or Remove Programs.
  2. Click Add or Remove Windows Components.
  3. In the Components list, click Networking Services (but do not select or clear the check box), and then click Details.
  4. Click to select the Domain Name System (DNS) check box, and then click OK.
  5. Click Next.
  6. When you are prompted, insert the Windows Server 2003 CD-ROM into the computer's CD-ROM or DVD-ROM drive.
  7. On the Completing the Windows Components Wizard page, click Finish when Setup is complete.
  8. Click Close to close the Add or Remove Programs window.
back to the top

Step 3: Configure the DNS Server

To configure DNS by using the DNS snap-in in Microsoft Management Console (MMC), follow these steps:
  1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
  2. Right-click Forward lookup zones, and then click New Zone
  3. When the New Zone Wizard starts, click Next.

    You are prompted for a zone type. The zone types include:

    • Primary zone: Creates a copy of a zone that can be updated directly on this server. This zone information is stored in a .dns text file.
    • Secondary zone: A standard secondary zone copies all of the information from its master DNS server. A master DNS server can be an Active Directory, primary, or secondary zone that is configured for zone transfers. Note that you cannot modify the zone data on a secondary DNS server. All of its data is copied from its master DNS server.
    • Stub zone: A Stub zone contains only those resource records that are necessary to identify the authoritative DNS servers for that zone. Those resource records include Name Server (NS), Start of Authority (SOA), and possibly glue Host (A) records.
    There is also an option to the store zone in Active Directory. This option is only available if the DNS server is a Domain controller.
  4. The new forward lookup zone must be a primary or an Active Directory-integrated zone so that it can accept dynamic updates. Click Primary, and then click Next.
  5. The new zone contains the locator records for this Active Directory-based domain. The name of the zone must be the same as the name of the Active Directory-based domain, or be a logical DNS container for that name. For example, if the Active Directory-based domain is named "support.microsoft.com", valid zone names are "support.microsoft.com" only.

    Accept the default name for the new zone file. Click Next.

    NOTE: Experienced DNS administrators may want to create a reverse lookup zone, and are encouraged to explore this branch of the wizard. A DNS server can resolve two basic requests: a forward lookup and a reverse lookup. A forward lookup is more common. A forward lookup resolves a host name to an IP address with an "A" or Host Resource record. A reverse lookup resolves an IP address to a host name with a PTR or Pointer Resource record. If you have your reverse DNS zones configured, you can automatically create associated reverse records when you create your original forward record.
back to the top

How to Remove the Root DNS Zone

A DNS server running Windows Server 2003 follows specific steps in its name-resolution process. A DNS server first queries its cache, it checks its zone records, it sends requests to forwarders, and then it tries resolution by using root servers.

By default, a Microsoft DNS server connects to the Internet to process DNS requests more with root hints. When you use the Dcpromo tool to promote a server to a domain controller, the domain controller requires DNS. If you install DNS during the promotion process, a root zone is created. This root zone indicates to your DNS server that it is a root Internet server. Therefore, your DNS server does not use forwarders or root hints in the name-resolution process.

  1. Click Start, point to Administrative Tools, and then click DNS.
  2. Expand ServerName, where ServerName is the name of the server, click Properties and then expand Forward Lookup Zones.
  3. Right-click the "." zone, and then click Delete.
back to the top

How to Configure Forwarders

Windows Server 2003 can take advantage of DNS forwarders. This feature forwards DNS requests to external servers. If a DNS server cannot find a resource record in its zones, it can send the request to another DNS server for additional attempts at resolution. A common scenario might be to configure forwarders to your ISP's DNS servers.
  1. Click Start, point to Administrative Tools, and then click DNS.
  2. Right-click ServerName, where ServerName is the name of the server, and then click the Forwarders tab.
  3. Click a DNS domain in the DNS domain list. Or, click New, type the name of the DNS domain for which you want to forward queries in the DNS domain box, and then click OK.
  4. In the Selected domain's forwarder IP address box, type the IP address of the first DNS server to which you want to forward, and then click Add.
  5. Repeat step 4 to add the DNS servers to which you want to forward.
  6. Click OK.
back to the top

How to Configure Root Hints

Windows can use root hints. The Root Hints resource records can be stored in either Active Directory or in a text file (%SystemRoot%\System32\DNS\Cache.dns). Windows uses the standard Internic root server. Also, when a server running Windows Server 2003 queries a root server, it updates itself with the most recent list of root servers.
  1. Click Start, point to Administrative Tools, and then click DNS.
  2. Right-click ServerName, where ServerName is the name of the server, and then click Properties.
  3. Click the Root Hints tab. The DNS server's root servers are listed in the Name servers list.

    If the Root Hints tab is unavailable, your server is still configured as a root server. See the How to Remove the Root DNS Zone section earlier in this article. You may have to use custom root hints that are different from the default. However, a configuration that points to the same server for root hints is always incorrect. Do not modify your root hints. If your root hints are incorrect and have to be replaced, click the following article number to view the article in the Microsoft Knowledge Base:

    237675 Setting up the Domain Name System for Active Directory

back to the top

How to Configure DNS Behind a Firewall

Proxy and Network Address Translation (NAT) devices can restrict access to ports. DNS uses UDP port 53 and TCP port 53. The DNS Service Management console also uses RCP. RCP uses port 135. These are potential issues that may occur when you configure DNS and firewalls.

back to the top

REFERENCES

For additional information about how integrate DNS Infrastructure if Active Directory is enabled in Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:

323418 How to integrate DNS with an existing DNS infrastructure if Active Directory is enabled in Windows Server 2003

For additional information about how to integrate a new DNS server into an existing DNS infrastructure in Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:

323417 How to integrate Windows Server 2003 DNS with an existing DNS infrastructure in Windows Server 2003

For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

816567 How to troubleshoot DNS name resolution on the Internet in Windows Server 2003

249868 Replacing root hints with the Cache.dns file

back to the top
Modification Type:MinorLast Reviewed:11/16/2004
Keywords:kbHOWTOmaster kbNetwork KB323380 kbAudITPro
©2004 Microsoft Corporation. All rights reserved.