Sharing my experience: Windows DNS server to control Bind server(s)

-

ok, using internal windows dns server control bind dns servers (on *nix) host public domain names..

quickly setting several domains

i had 30+ domains setup , of them share several common entries (soa, ns, , zone records (a, mx , ptr)). however, windows dns server resides in intranet. default internal name ('macron.intranet.lan') not usable official internet zone. no worries!

start setting 1 of zones (primary & forward lookup) using dnsmgmt.msc , setup commonly required records while making sure know name of file dns server using. sure setup domain only public nameservers. , sure allow zone transfers "only servers listed on name servers tab." (much safer!).

when you're done go %systemroot%\system32\dns , find file created; copy somewhere accessible (desktop example) while leaving file explorer open.

now; edit copied file (don't worry; text file) , copy everything after first header clipboard (the line starts "@  in soa ....").

then create few new domains , use default settings.

open file browser again , find several new .dns files. edit them; , replace header clipboard contents.

go dns manager, click on first "zone directory" created make active , right click on it. select option "reload". wham, new zone primed default data needed.

saves having manually configure each , every zone on again!

controlling bind dns servers

my goal here simple: windows dns server should in control don't want publically available on internet (this why suggested use public dns servers above). setup because created several primary zones yet without current server mentioned anywhere. knows should inform several others future updates.

now easy part...   setup bind dns server , prime domains slave. in likes of:

zone "intranet.lan" {
   type slave;
   masters { <public ip of windows server here>; };
   file { "<directory>/intranet.lan"; };
};

...assuming "intranet.lan" public domain here.

when start dns server it'll try contact windows server , request zone transfer load domain data. should allowed considering put server onto 'name servers' tab of every zone.

and because "slave server" can copy configuration onto other bind dns server(s) , start using it. same configuration applies public servers.

the other part although public dns servers slaves doesn't matter way serve clients. while windows server totally invisble client still "calling shots".

btw: windows dns server needs reachable internet. in case setup nat on router. still, security sake suggest restricting (dns) access in windows firewall like: "<your lan ip>/<lan submask>,<ip of 1st dns server>,<ip of 2nd dns server>, etc.".

this make sure internet dns servers can contact windows server while others cannot.

and so, in end, you'll end 2 (or more) bind dns servers while don't have worry difficult zone updates. no more logging on, finding zonefiles , using text editor apply changes. use comfortable windows dns server that.

personally think best of both worlds, such couldn't sharing hoping may helpfull of you.

 

kind regards, peter

hi peter,

 

thanks sharing solution here. benefit other community members have similar requires.

 

tiger li

please remember click “mark answer” on post helps you, , click “unmark answer” if marked post not answer question. can beneficial other community members reading thread.


Windows Server  >  Windows Server General Forum



Comments

Post a Comment

Popular posts from this blog

Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect)

-
i seeing odd error on 1 of our domain controllers. have dealt event id 1058 errors whereby policy (or policies) not replicating, receiving error along error code 1326 on server, , apparently happening default domain policy: log name:      system source:        microsoft-windows-grouppolicy date:          8/10/2015 3:09:54 pm event id:      1058 task category: none level:         error keywords:      user:          s-1-5-21-1484152634-2550175353-3916092219-3287 computer:      <dc name>.<domainname> description: processing of group policy failed. windows attempted read file http://schemas.microsoft.com/win/2004/08/events/event ">   <system>     <provi...
Read more

Suspicious event log Event ID: 4905

-
hi thr, could please me understand causing such event logs generate ? as  i understand, vssvc.exe pertains volume shadow copy used backup purpose.  we have third party application used taking backup of servers. the event longs generated following messages: 1) attempt made unregister security event source. 2) attempt made register security event source. these events not regular generated on random days. standard fields: date:               2013/10/19 time:               02:32:19 importance:         critical rule name:          security event monitored machine:  <domain controller> log format:         windows log name:           security event id:           4905 in work hours:      yes dynamic fields: internal timestamp: 2013/10/19 ...
Read more

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more