IISUnderground - A help website for setting up Microsoft IIS

Installing Windows DNS Server

This tutorial will guide you through setting up Windows DNS Server and adding your first domain so that you can host your own domains name servers.

Time to complete: ~20 minutes + up to 48 hours waiting time

Requirements: 

– Windows Server 2008/2008 R2

– 2 STATIC internet IP addresses routed to your server (1 will work but it is not recommended, however it MUST be STATIC).

– A domain that allows it’s name servers to be changed (most registrars support this).

– Port 53 unblocked on your firewall (and port forwarded on your router if applicable), both TCP and UDP (DNS service).

– A reliable internet connection is a must. If your connection goes down, so do your domains!

– Patience.

Optionals:

– Basic knowledge of how DNS records function is helpful but not necessary for this tutorial.

– A test domain you can use without risk to your main domain (I recommend you use this one instead of your main domain when setting up for the first time).

 

1. Install Windows DNS Server

– Navigate to Start\Control Panel\Administrative Tools and open Server Manager.

– In the tree menu on the left, select Roles.

– In the main window, find the sub-section Roles Summary (it should be at the top) and click Add Roles.

– On the pop-up window, read the security warnings and then select Next.

– Select DNS Server from the list of check box options.

Installing the DNS Server Role on Windows Server 2008

– If you get a warning box about not having a static IP, you will need remember to set a static IP later. Select Install DNS Server anyway.

– Click Next. Read the notes then select Next again.

– Click Install to begin the installation.

– Once installed, click the Close button.

 

2. Adding your first domain

– Navigate to Start\Control Panel\Administrative Tools and open DNS, the tool for managing your DNS records.

Opening the DNS Manager on Windows Server 2008

– You’re now presented with the base (blank) DNS Server configuration.

– Your server name will be listed on the left. Select “+” to make it expand the tree.

– Select Forward Lookup Zones and then right click and select New Zone.

Creating a new DNS Zone

– On the pop up box, select Next.

– Now select Primary Zone (default) and click Next.

– In the Zone name box, enter your domain name without http:// or www.

– Select Next and on the next screen select Create a new file with this file name, then Next.

– On the next screen select Do not allow dynamic updates and select Next.

– On the final screen, click Finish.

Your domain is now created, we just need to configure it.

 

3. Configuring your first domain

– You will see your domain inside Forward Lookup Zones.

– Select your domain and then double click on the Start of Authority (SOA) record.

– In the pop up box we need to enter the following information:

Serial Number: Enter in the following format YYYYMMDDNN

(YYYY = Current year in 4 digits, MM = Current month in 2 digits, DD = Current day of the month in 2 digits, NN = Increment, so 01 to begin with)

Primary Server: ns1.yourdomain.com (replace yourdomain.com with your own domain name)

Responsible Person: hostmaster.yourdomain.com (replace yourdomain.com with your own domain name)

SOA DNS record editing

– Now select the Name Servers tab and remove the existing entry.

– Now select Add and enter ns1.yourdomain.com in the top box.

– Where it has <Click here to add an IP Address>, click it and enter the static IP of your server and click OK. This must be the external IP, not a local network IP.

– Repeat the last two steps but use ns2.yourdomain.com and your 2nd static IP. Skip this 2nd addition if you only have 1 IP.

– Finally click Apply and then OK to close the window.

– We have now set up the domain.

DNS Name server editing

 

– On the main window, select where the records are in the white space then press F5 on your keyboard. This will refresh the records and 2 more should appear.

– Now right click and select New Host (A or AAAA).

Leave name blank and enter the IP you will use to host websites on in IIS into the IP Address box.

– Click Add Host. You should get a confirmation message. Click OK then Done.

– Your domain is now set up to be accessed as “yourdomain.com” (without www.)

– Now do the same again but in the Name box, enter www. This sets up the domain so it can be accessed with www. in the URL.

– Repeat the same again for any other records such as ftp, pop, smtp, mail, imap, etc so they can be accessed as {name}.yourdomain.com.

 

Now, if you’re going to want mail to be delivered via your domain, you will need an MX Record.

– In the DNS Manager window for your domain, Right click and select New Mail Exchanger (MX).

– Leave Host or child domain blank and enter your domain name into the Fully qualified domain name box as yourdomain.com

– Leave the Mail server priority as 10.

– Click OK and the record will be added.

DNS records after editing

 

4. Setting your domain to point to your server for it’s DNS records

Your domain will still be using the registrar DNS servers in most cases, so now we need to switch it to your own.

Note: This will result in your domain temporarily going offline in some cases. This will only normally happen if your DNS Server is not accessible from the outside, and this downtime could be longer than anticipated while you fix it. If in doubt, use another domain as a test bed. In fact I strongly recommend you do use a test domain.

Each registrar differs, but you will be looking for one of the following names in the control panel: Glue Records or Name Servers.

Unfortunately due to the number of registrars and control panels in existence it’s impossible to explain how to do it for them all, so I will give you generic instructions but show my registrars control panel. You may have to research your registrars control panel to find the relevant options.

 

– Once you find the right page, you should have several boxes. One will have Name Server and the other IP Address.

– We need to specify your name servers and the IP address to use.

– Often they will look like this (IP’s are examples):

ns1.your-registrar.com 12.34.56.78

ns2.your-registrar.com 12.34.56.79

Edit DNS Name Servers

– We need to modify them to be nsX.yourdomain.com (where X is 1 or 2) and each of your STATIC IP’s.

– They should look like this (IP’s are examples):

ns1.yourdomain.com 87.65.43.21

ns2.yourdomain.com 87.65.43.22

– When you have entered them, you need to Save/Apply the changes.

 

Now we need to wait. The propagation of DNS name servers takes up to 48 hours to change world-wide. In most cases however it’s much quicker, sometimes fairly instant. It all depends on the DNS lookup caching used by your ISP.

We have some tools we can use to check the state of the records and to see if your DNS Server is open to the Internet.

 

5. Checking your DNS name servers and records

I use a tool called Network-Tools which is available at http://network-tools.com/.

– Load up Network Tools.

– Enter your domain in the URL box and make sure Express is selected.

– Click Go!

– Wait while their service runs and returns the results.

– When the page finishes loading, find “Retrieving DNS records for…”.

– Just underneath it should show the DNS servers you entered in your domain control panel. It should be ns1.yourdomain.com and one of your static IP’s. The 2nd one should also show up if used.

DNS records from network-tools.com

– If they show up, proceed, otherwise try again in a few hours. If after 48 hours they haven’t appeared to change then you should consult your domain control panel again to see why it’s not changed.

– Further down we should have the DNS records we entered into the DNS Manager. If they exist, congratulations. If not, then your DNS Server isn’t being seen to the Internet and you should investigate why (Incorrect firewall and/or port forwarding rules settings are the most common causes).

 

6. Setting up some DNS Server Security

By default Windows Server 2008 R2 DNS has an “open relay”, which means that anyone can use your server to make DNS lookups. This is dangerous because it allows something called a “DNS Amplification Attack”. This is a process where your open relay is used to send bogus data to another server, aiding the hackers process to take it offline. You don’t want this to happen as not only is it illegal, it can use a lot of bandwidth and is likely to be noticed by your service provider. They may cut you off and your connection may simply stall because of the bandwidth being used.

To prevent this, we need to disable “recursion”. To do this:

– Open the DNS Manager again.

Right click on your server name in the tree and select Properties“.

dns_manager

– Select the “Advanced” tab.

Check the “Disable recursion (also disables forwarders)” checkbox.

dns_recursion

– Click “Apply”.

Note: There are some instances where recursion is necessary and you may need to leave this enabled. If you have problems, re-enable recursion. This may happen in an Active Directory environment.

 

That’s it, your domain should now be fully functional! You should ask someone to check it for you that hasn’t accessed it recently. You could also try sites such as http://www.downforeveryoneorjustme.com/ which will tell you if your website is working or not. Keep checking it for the next couple of days to make sure it carries on working.

Once confirmed working you can continue to add more domains and/or records in the same fashion as explained on this tutorial. Just remember that should your server go down, your domains do too. For most people this won’t matter too much as sites tend to be hosted on the same server, but just remember this should you off-load your sites elsewhere but continue to host your name servers. You can investigate clustered DNS but we won’t go into that here.

Finished