Microsoft KB Archive/816584

= HOW TO: Set Up the Domain Name System for Active Directory in Windows Server 2003 =

PSS ID Number: 816584

Article Last Modified on 3/1/2004

-

The information in this article applies to:


 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard Edition
 * Microsoft Windows Small Business Server 2003, Standard Edition
 * Microsoft Windows Small Business Server 2003, Premium Edition

-





For a Microsoft Windows 2000 version of this article, see 237675.



IN THIS TASK

 * SUMMARY
 * DNS Server Requirements
 * Start with a Stand-Alone Windows Server 2003-Based Computer
 * Configure TCP/IP
 * Install DNS
 * Configure your DNS Server
 * Promote This Server to a Domain Controller (Optional--Recommended)
 * REFERENCES



SUMMARY
This step-by-step article guides describes how to install and configure a Windows Server 2003-based DNS server in a small network. DNS is the Active Directory locator in Windows Server 2003. Active Directory clients and client tools use DNS to locate domain controllers for administration and logon. You must have a DNS server installed and configured for Active Directory and the associated client software to function correctly.

NetBIOS name resolution (WINS server, LMHosts file, or NetBIOS broadcast) is still required for earlier versions of Windows to resolve network resources on an Active Directory domain.

Note You must have a Windows Server 2003 CD-ROM to complete Setup. Installing the operating system from a network share may not work in some scenarios.

Experienced DNS administrators are encouraged to read the steps involved in configuration and to modify them to suit different scenarios. The steps in this article outline a single, simple configuration and do not represent the only possible configuration.

back to the top

DNS Server Requirements
Microsoft recommends that you use the version of DNS that is supplied with Windows Server 2003 as your DNS server. However, this version of DNS is not required. The DNS server that you use must meet the following requirements:
 * It must support the SRV resource record (SRV RR) (RFC 2782).
 * It supports the dynamic update protocol (RFC 2136).

Version 8.1.2 and later of BIND (a popular DNS server implementation) supports both the SRV RR and dynamic update. (Version 8.1.1 does support dynamic updates but it has flaws that were fixed in 8.1.2.) If you use a version of BIND that does not support dynamic updates, you have to manually add records to the DNS server.

Note The version of DNS that is included with Microsoft Windows NT Server 4.0 does not support the SRV RR. Use the version of DNS that is provided with Windows Server 2003.

back to the top

Start with a Stand-Alone Windows Server 2003-Based Computer
The procedure outlined in this article creates a DNS server on a stand-alone Windows Server 2003. You can promote this server to the domain controller role in the future.

back to the top

Configure TCP/IP
In this step, you assign this server a static Internet Protocol (IP) configuration. Microsoft recommends that DNS servers not use dynamically assigned IP addresses because a dynamic change of address may cause clients to lose contact with the DNS server.

To configure TCP/IP, follow these steps:
 * 1) Click Start, point to Control Panel, and then click Network Connections.
 * 2) Right-click Local Area Connection, and then click Properties.
 * 3) Click Internet Protocol (TCP/IP), and then click Properties.
 * 4) Assign this server a static IP address, subnet mask, and gateway address.
 * 5) Click Advanced, and then click the DNS tab.
 * 6) Click Append primary and connection specific DNS suffixes, click to select the Append parent suffixes of the primary DNS suffix check box, and then click to select the Register this connection's addresses in DNS check box.

If this Windows Server 2003-based DNS server is on an intranet, make sure that it only points to its own IP address for DNS; do not enter IP addresses for other DNS servers here. If this server has to resolve names on the Internet, it must have a forwarder configured.
 * 1) Click OK two times, and then click Close.

Note: If you receive a warning message from the DNS Caching Resolver service, click OK to close the message. The caching resolver is trying to contact the DNS server, but you have not finished configuring the server.

back to the top

Install DNS

 * 1) Click Start, point to Control Panel, and then click Add or Remove Programs.
 * 2) Click Add/Remove Windows Components.
 * 3) On the Components list, click Networking services, and then click Details.
 * 4) Click to select the Domain Name System (DNS) check box, click OK, and then click Next.
 * 5) Click Finish when Setup has copied files to your computer.

back to the top

Configure your DNS Server

 * 1) Click Start, point to All Programs, point to Administrative Tools, and then click DNS.
 * 2) Right-click your server, and then click Configure a DNS Server.
 * 3) In the Configure a DNS Server Wizard, click Next.

Note Click DNS Checklist for information about setting up DNS.
 * 1) Click Create a forward lookup zone, and then click Next.
 * 2) Click This server maintains the zone, and then click Next.
 * 3) Type the zone name, and then click Next.

The new zone contains the locator records for this Active Directory domain. The name of the zone must be the same as the name of the Active Directory domain or be a logical DNS container for that name. For example, if the Active Directory domain is named &quot;support.microsoft.com&quot;, valid zone names are &quot;support.microsoft.com&quot;, &quot;microsoft.com&quot;, or &quot;com&quot;.

Note If you name the zone &quot;com&quot;, it will become authoritative for the &quot;com&quot; domain and never forward any requests that it cannot answer out to the real &quot;com&quot; domain servers. The same is true if you name it &quot;microsoft.com&quot;; this would prevent the forwarder from resolving requests for the real &quot;microsoft.com&quot; servers.
 * 1) Click Next to accept the default name for the new zone file.
 * 2) Click Allow only secure dynamic updates, and then click Next.

Note that this option is only available for Active Directory-integrated zones. If this option is not available to you, click Allow secure and nonsecure updates, but keep in mind that there may be significant security risks associated with using this option.
 * 1) Click Yes, it should forward queries to DNS servers with the following IP addresses, type the IP address of the external DNS server where you want queries forwarded to, and then click Next.

To find out the IP address where queries are to be forwarded, contact your ISP.
 * 1) Click Finish.

back to the top

Promote This Server to a Domain Controller (Optional--Recommended)
At this time, you can promote the server to the domain controller role by using the Dcpromo.exe utility. For additional information about promoting a server to the role of domain controller, search Help and Support Center for &quot;installing a domain controller&quot;.

back to the top

