D 2: Making a DNS Server on Windows Server 2022 (20 pts.)

What You Need for This Project

A virtual machine running Windows Server 2022

Purpose

Make a DNS server on Windows 2022 Server.

Installing Wireshark

Wireshark is a protocol analyzer, useful to examine network traffic.

Open Internet Explorer and go to wireshark.org

Download and install Wireshark for Windows.

Using an External DNS Server

On your Windows Server desktop, click Start. Type COM

Click "Command Prompt".

In the Command Prompt window, execute this command:

nslookup ccsf.edu

Your router performs a recursive DNS lookup, finding a non-authoritative answer, as shown below.

Finding Your Windows Machine's IP Address

In the Command Prompt window, execute this command:

ipconfig

Your IP address apears, with the Subnet Mask and Default Gateway, as shown below.

Assigning a Static Address

A DNS server should have a fixed network address.

From your Windows Server desktop, click Start. Type NETWORK

Click "Ethernet settings".

Click "Change adapter options".

Right-click Ethernet0 and click Properties.

Double-click "Internet Protocol Version 4 (TCP/IPv4)".

Assign the same IP address, Subnet Mask and Default Gateway your saw in the IPCONFIG results, as shown below.

Set the DNS Server field to 127.0.0.1 and click OK. Click OK again.

Attempting to Resolve a Domain Name

In the Command Prompt window, execute this command:

nslookup ccsf.edu

Your computer tries to connect to a DNS server at 127.0.0.1, but there is no response, as shown below.

Adding the DNS Server Role

In Server Manager, at the top left, click Dashboard.

At the center top, click "Add roles and features", as shown below.

In the "Before You Begin" screen, click Next.

In the "Select installation type" screen, accept the default selection of "Role-based or feature-based installation" and click Next.

In the "Select destination server" screen, accept the default selection and click Next.

In the "Select Server Roles" screen, click the check box next to "DNS Server", as shown below:

A box pops up. Click the "Add features" button.

Click Next.

In the "Select features" screen, click Next.

In the "DNS Server" screen, click Next.

In the "Confirm Installation Selections" screen, click Install.

When the installation completes, click Close.

Resolving a Domain

From your Windows Server desktop, open a Command Prompt window.

Execute this command:

NSLOOKUP CCSF.EDU

You should see two lines identifying the DNS server as "localhost" and "127.0.0.1", followed by a "Non-authoritative answer", as shown below.

Observing the DNS Resolution Process

From your Windows Server desktop, click Start. Type Wireshark. Launch Wireshark.

In the main Wireshark window, double-click Ethernet0, as shown below.

In the the "Capturing from Ethernet0" window, at the top left, in the "Apply a display filter" bar, type dns and press Enter.

The filter bar turns green, as shown below.

Resolving a Domain

From your Windows Server desktop, open a Command Prompt window.

Execute this command:

NSLOOKUP yahoo.com

You see some IP addresses, as shown below.

Wireshark shows a series of DNS requests to various servers, as shown below.

Notice the first destination address, outlined in red in the image above. Your address will probably be different.

How did your DNS server know that address?

Viewing Root Hints

From your Windows Server desktop, click Start. Type DNS. Launch DNS.

In "DNS Manager", on the left side, left-click your server to highlight it. Then right-click your server and click Properties, as shown below.

In the Properties sheet, click the "Root Hints" tab.

The IP address you saw in Wireshark is in this list. Your DNS server starts from the root of DNS, and performs a series of queries to find the IP address.

Close the Properties sheet.

Using an Authoritative DNS Server

The DNS server you have made isn't in charge of any particular domain. It just asks other servers for information and caches it for a while. That's known as "non-authoritative".

To find the authoritative server for CCSF.EDU, from your Windows Server desktop, in a Command Prompt window, execute this command:

NSLOOKUP

This starts NSLOOKUP in interactive mode, displaying a > prompt.

At the > prompt, enter these two commands, pressing Enter after each one (be careful, the "set" command is case-sensitive):

set type=SOA CCSF.EDU

You see that the primary DNS server for the CCSF.EDU domain is ns3.CCSF.EDU, as shown below:

At the > prompt, execute these commands:

set type=A CCSF.EDU ns3.CCSF.EDU

You see information about the domain, without the "Non-authoritative answer" message, as shown below.

Flag D 2.1: TXT Record (15 pts)
At the > prompt, execute these commands:
set type=TXT D2.SAMSCLASS.INFO
The flag appears, covered by a green rectangle in the image below.

Restarting the Wireshark Capture

In Wireshark, from the menu bar, click Capture, Restart.

Click "Continue without Saving".

Wireshark is listening for new DNS traffic, as shown below.

Performing a Reverse DNS Lookup

From your Windows Server desktop, open a Command Prompt window.

Execute this command:

NSLOOKUP 192.168.1.1

Your server reports that this is a non-existent domain, as shown below.

Wireshark shows a series of DNS requests trying to find a public DNS name for the address 192.168.1.1, as shown below.

Such DNS queries are a large problem for the Internet. 192.168.1.1 is a reserved name for private use, and cannot be assigned to any public server, so such queries are just junk.

It's better to tell our recursive server not to ask other servers about such useless queries.

Creating an Authoritative Reverse Lookup Zone for 192.168.0.0

Reverse DNS queries for private IP addresses are useless, and DNS servers should block them by providing authoritative replies locally. The steps below configure reverse lookup zones to do that.

In DNS Manager, in the left pane, right-click "Reverse Lookup Zones" and select "New Zone...".

In the "Welcome to the New Zone Wizard" box, click Next.

In the "Zone Type" page, accept the default selection of "Primary zone" and click Next.

In the "Reverse Lookup Zone Name" page, accept the default selection of "IPv4 Reverse Lookup Zone" and click Next.

In the "Reverse Lookup Zone Name" page, enter a Network ID of

192.168

as shown below.

Click Next.

In the "Zone File" page, accept the default selection to create a new file named "168.192.in-1ddr.arpa.dns" and click Next.

In the "Dynamic Update" page, accept the default selection of "Do not allow dynamic updates" and click Next.

Click Finish.

You now have a reverse lookup zone for 168.192.in-addr.arpa, as shown below.

Configuring the Other Private Address Reverse Lookup Zones

Repeat the process for these network IDs:

172.16 172.17
10

You should see the newly created zones, as shown below:

NOTE: To properly block the whole RFC 1918 space, you should configure zones for "172.18" through "172.31", and also for "169.254". I omitted them here to make the project shorter.

Restarting the Wireshark Capture

In Wireshark, from the menu bar, click Capture, Restart.

Click "Continue without Saving".

Wireshark is listening for new DNS traffic, as shown below.

Performing Reverse DNS Lookups

In the Command Prompt window, execute this command:

NSLOOKUP 192.168.1.1

Your DNS server quickly replies that there is no such domain, as shown below.

Wireshark doesn't show any of those junk requests to resolve the IP address this time.

Flag D 2.2: Event Logging (5 pts)
In "DNS Manager", on the left side, right-click your server and click Properties.
In the Properties sheet, click the "Event Logging" tab.
The flag appears, covered by a green rectangle in the image below.

Posted 5-30-22