D 5: Configuring an Authoritative DNS Server on Windows (10 pts.)

What You Need for This Project

• A Windows DNS server, which you prepared in previous projects.

Purpose

Start Your DNS Server

Configuring a Hostname and DNS Suffix

Click System.

In the Settings box, scroll to the bottom, and click "Advanced system settings".

In the "System Properties" box, click the "Computer Name" tab.

Click the Change... button.

Enter a Computer Name of ns1, as shown below.

Click the More... button.

In the "Primary DNS suffix of this computer" box, type

YOURNAME.local

Click OK, OK, OK, Close.

Click "Restart Now".

When your server restarts, log in again.

Assigning an External DNS Resolver Address

Windos won't be able to resolve external domain names like google.com anymore, unless you change the operating system's DNS server from 127.0.0.1 to an external recursive resolver like 8.8.8.8.

From your Windows Server desktop, click Start. Type NETWORK

Click "Ethernet settings".

Click "Change adapter options".

Right-click Ethernet0 and click Properties.

Double-click "Internet Protocol Version 4 (TCP/IPv4)".

Set the DNS Server field to 8.8.8.8 as shown below, and click OK.

In the "Ethernet0 Properties" box, click OK.

Disabling Recursion

If it doesn't know where a server in its domain is, it should just reply "Not found". It can't go ask some other server--the authoritative server has the final word on the matter.

Click Start. Type DNS.

In the search results, click DNS.

In "DNS Manager", on the left side, left-click your server to highlight it. Then right-click your server and click Properties, as shown below.

In the Properties box, click the Advanced tab.

Check the "Disable recursion (also disables forwarders)" box, as shown below.

Click OK.

Disabling Root Hints

To prevent this we need to create a forward lookup zone with the name "."

In DNS Manager, in the left pane, click the arrow to the left of NS1 to expand the tree.

Then right-click "Forward Lookup Zones" and select "New Zone...", as shown below.

In the "Welcome to the New Zone Wizard" box, click Next.

In the "Zone Type" page, accept the default selection of "Primary zone" and click Next.

In the "Zone Name" page, enter a name of

.

Click Next.

In the "Zone File" page, accept the default selection to create a new file named "root.dns" and click Next.

In the "Dynamic Update" page, accept the default selection of "Do not allow dynamic updates" and click Next.

Click Finish.

Now a root zone has been created, as shown below.

This server will return a NXDOMAIN (non existing domain) answer whenever a recursive query is made.

Creating an Authoritative Zone for YOURNAME.local

In the "Welcome to the New Zone Wizard" box, click Next.

In the "Zone Type" page, accept the default selection of "Primary zone" and click Next.

In the "Zone Name" page, enter a name of

YOURNAME.local

Click Next.

In the "Zone File" page, accept the default selection to create a new file named "YOURNAME.local.dns" and click Next.

In the "Dynamic Update" page, accept the default selection of "Do not allow dynamic updates" and click Next.

Click Finish.

Testing DNS Resolutions

nslookup ns1.YOURNAME.local 127.0.0.1
nslookup yahoo.com 127.0.0.1

The second query fails, because your DNS server does not allow recursion.

Flag D 5: Trust Points (10 pts) In "DNS Manager", on the left side, click "Trust Points". The flag appears, covered by a green rectangle in the image below.