DNS (Domain Name System) is the internet's address book. It translates human-readable domain names (like www.example.com) into IP addresses (like 192.168.1.100) that computers use to communicate. Without DNS, you'd need to memorize IP addresses for every website and server you want to access.
DNS Fundamentals
DNS operates on a hierarchical system. When you type a URL, your computer queries a DNS server with a question: "What's the IP address for this domain?" The DNS server responds with the answer, and your computer can then connect to that server.
๐ How DNS Resolution Works
- Client Query: Your computer asks local DNS server for www.example.com
- Recursive Query: If local DNS doesn't have answer, it queries root nameserver
- Root Nameserver Response: Points to TLD (Top-Level Domain) server for .com
- TLD Query: DNS server queries TLD server for example.com
- Authoritative Response: TLD server points to authoritative nameserver
- Final Response: Authoritative server returns IP address to local DNS
- Caching and Response: Local DNS caches result and returns to client
DNS Record Types
| Record Type | Purpose | Example |
|---|---|---|
| A | Maps hostname to IPv4 address | www.example.com = 192.168.1.100 |
| AAAA | Maps hostname to IPv6 address | www.example.com = 2001:db8::1 |
| CNAME | Alias one hostname to another | www.example.com โ example.com |
| MX | Specifies mail servers | mail.example.com priority 10 |
| NS | Specifies authoritative nameservers | ns1.example.com, ns2.example.com |
| SOA | Start of Authority - zone configuration | Zone parameters, serial, refresh, retry |
| SRV | Service records (used by AD) | _ldap._tcp.example.com |
| PTR | Reverse DNS (IP to hostname) | 192.168.1.100 = server01.example.com |
| TXT | Text records (SPF, DKIM, DMARC) | v=spf1 include:example.com ~all |
Installing DNS Server on Windows
Step-by-Step DNS Installation
- Open Server Manager
- Click Add Roles and Features
- Select Role-based or feature-based installation
- Select target server
- Check DNS Server in Server Roles
- Accept additional features
- Proceed through configuration pages
- Click Install and wait for completion
- Open DNS Manager from Administrative Tools
- Verify DNS service is running
Creating and Managing DNS Zones
Zone Types:
- Primary Zone: Authoritative copy where you make changes
- Secondary Zone: Read-only copy for redundancy and load balancing
- Stub Zone: Contains only NS, SOA, and glue records
- Forward Lookup Zone: Maps names to IP addresses
- Reverse Lookup Zone: Maps IP addresses back to names
Creating a Primary Forward Lookup Zone
- Open DNS Manager
- Expand your server
- Right-click Forward Lookup Zones
- Select New Zone
- Choose Primary Zone
- Enter zone name (e.g., example.com)
- Choose to create new file or use existing
- Complete the wizard
- Right-click zone and add DNS records
Creating DNS Records
Common Record Creation
A Record (Host):
- Right-click zone โ New Host (A or AAAA)
- Enter hostname and IP address
- Click Add Host
CNAME Record (Alias):
- Right-click zone โ New Alias (CNAME)
- Enter alias name
- Browse to target host
- Click OK
MX Record (Mail Exchange):
- Right-click zone โ New Mail Exchanger (MX)
- Enter mail server hostname
- Set priority (lower = higher priority)
- Click OK
Dynamic DNS (DDNS)
Dynamic DNS allows computers to automatically register and update their DNS records when their IP addresses change. This is essential for domain-joined computers and DHCP clients.
Enabling Dynamic DNS Updates
- Open DNS Manager
- Right-click your zone โ Properties
- Under General tab, set Allow dynamic updates to Secure only (recommended)
- On Domain Controller, run:
ipconfig /registerdns - On DHCP servers, enable DDNS to update non-DHCP clients
- Verify records appear in DNS zone after 30 seconds
DNS Replication and Secondary Zones
Zone Transfer Process:
- Secondary zone queries primary zone for full copy
- SOA record contains Serial number for change tracking
- Secondary zone syncs when Serial increases
- Full zone transfer (AXFR) copies all records
- Incremental transfer (IXFR) copies only changes
DNS Troubleshooting
Problem: DNS Resolution Not Working
Diagnosis:
- Check DNS service running:
Get-Service DNS - Verify zone exists: Open DNS Manager
- Check zone file permissions: Everyone needs read access
- Test with:
nslookup example.com 192.168.1.10 - Check DNS event logs for errors
- Verify forwarders configuration if applicable
Solutions:
- Start DNS service:
Start-Service DNS - Repair zone database: Right-click zone โ All Tasks โ Reload
- Reset forwarders if misconfigured
- Check firewall allows DNS traffic (port 53 UDP/TCP)
- Restart DNS service after major changes
Problem: Clients Cannot Resolve Domain Names
Causes: Incorrect DNS server IP, DNS server unreachable, zone not configured, records missing
Solutions:
- Verify client DNS settings:
ipconfig /all - Ensure DNS server IP is correct
- Ping DNS server to verify connectivity
- Query DNS directly:
nslookup domain.com DNSServerIP - Check zone exists and is Active
- Verify A records exist for requested hosts
- Check for typos in record names
Problem: DNS Name Resolution Slow
Causes: Zone transfer delays, too many recursive queries, forwarders misconfigured, DNS service overloaded
Solutions:
- Review DNS query logs to identify bottlenecks
- Check secondary zone transfer status
- Configure conditional forwarders for specific domains
- Implement DNS caching at multiple levels
- Monitor DNS server CPU and memory usage
- Consider load balancing with multiple DNS servers
DNS Best Practices
- Redundancy: Deploy at least two DNS servers for each zone
- Delegation: Use DNS delegation for subdomains to distribute load
- Scavenging: Enable DNS record scavenging to clean up stale records
- Monitoring: Monitor DNS service health and query response times
- Security: Restrict zone transfers to authorized servers only
- Forwarders: Configure forwarders for external domain resolution
- Documentation: Maintain detailed records of all zones and records
- Testing: Regularly test DNS resolution and failover scenarios
Key Takeaways
- DNS translates names to IP addresses
- Multiple record types serve different purposes (A, CNAME, MX, SRV, etc.)
- Zones are managed collections of DNS records
- Dynamic DNS enables automatic registration
- Secondary zones provide redundancy
- Proper configuration ensures network-wide name resolution