2. Installing and Configuring DNS on the First Domain Controller
- Check TCP/IP configuration
- Install Active Directory
dcpromoto install Active Directory onto the first server in a domain. With Server 2008 you can also use the Server manager to add the Active Directory Domain Services role; make sure you select
[Use advanced mode installation]when the
Active Directory Domain Services Installation Wizard (dcpromo)starts up.
- When prompted about DNS (2000, 2003) or on the
Additional Domain Controller Optionspage (2008), make sure that DNS will be installed and configured automatically as part of the Active Directory installation. On 2008 Server Core, use
InstallDNS=Yesin an answer file, or
/InstallDNS:Yesas a command-line switch to
- Check DNS Zone Configuration
- Once Active Directory and the DNS service are both installed, open
the DNS management program (
[Administrative Tools]). Open the
Forward Lookup Zonesfolder and check that the correct zones have been created. You should see one entry with the same name as your Active Directory domain, and if this is the first domain in a forest (the forest root) you should also see a zone called _msdcs.YourADDomainName. (The latter is not created in Windows 2000-only domains.)
- If by any chance the zones have not been created for you, you need
to create them as follows.
- In the
Forward Lookup Zonesfolder create two Active Directory-integrated zones allowing secure dynamic updates. One should have the same name as the Active Directory domain. The other is only needed if this is the first domain in a forest (the forest root) but this is normally the case. It should be called _msdcs.ForestRootDomainName.This process is explained in more detail in the Appendix: How to Create and Configure a Zone.
- Again, only do this in the forest root domain. Select the
zone that has the same name as your Active Directory domain,
right-click on it and choose
[New Delegation...], then enter
_msdcsas the name of the delegation.
- Finally, again only in the forest root domain, select the
right-click and choose
[Properties]. On the
[General]tab, change replication for the zone to the first option (
[To all DNS servers in the Active Directory forest]).
- In the
- Once Active Directory and the DNS service are both installed, open the DNS management program (
- Update TCP/IP configuration
- Register and check records
- Reboot the server, or restart the NetLogon service, or wait a few hours to trigger the registration of records in the DNS.
- Take a look in the file
C:\Windows\System32\Config\netlogon.dnsand compare the entries with the entries in the DNS management tool. You may need to refresh or even restart the latter before you can see them.
- Configure forwarders
- Configure your DNS servers to send all requests for information
that they do not hold themselves to the
DNS Caching Resolvers. This is recommended for security
reasons and also speeds up queries for information in the ox.ac.uk
domain. Configure this via the
Forwarderstab in the
[Properties]of the server object in the DNS management tool. Make sure there is an entry for
All other DNS domainsand add the addresses for each of the DNS Caching Resolvers to the forwarders list for this entry.
- Configure your DNS servers to send all requests for information that they do not hold themselves to the DNS Caching Resolvers. This is recommended for security reasons and also speeds up queries for information in the ox.ac.uk domain. Configure this via the
- Run tests to check for errors
- Configure Firewalls and Clients
Up: Contents Previous: 1. Before you Begin Next: 3. Configuring the Second and Subsequent Domain Controllers