DNS in Small Networks Step-by-Step Guide

Microsoft Corporation
Published: January 2008
Author: Jim Groves
Editor: Jim ec!er
Abstract
"his #uide helps you implement $omain %ame &ystem '$%&( on the )indo*s &erver+ 2008
operatin# system in a small net*or!, )indo*s &erver 2008 uses $%& to translate computer
names to net*or! addresses, An Active $irectory+ domain controller can act as a $%& server
that re#isters the names and addresses of computers in the domain and then provides the
net*or! address of a member computer *hen the domain controller receives a -uery *ith the
name of the computer, "his #uide e.plains ho* to set up $%& on a simple net*or! that consists
of a sin#le domain,
"his document supports a preliminary release of a soft*are product that may be chan#ed
substantially prior to final commercial release/ and is the confidential and proprietary information
of Microsoft Corporation, 0t is disclosed pursuant to a non1disclosure a#reement bet*een the
recipient and Microsoft, "his document is provided for informational purposes only and Microsoft
ma!es no *arranties/ either e.press or implied/ in this document, 0nformation in this document/
includin# 234 and other 0nternet )eb site references/ is sub5ect to chan#e *ithout notice, "he
entire ris! of the use or the results from the use of this document remains *ith the user, 2nless
other*ise noted/ the companies/ or#ani6ations/ products/ domain names/ e1mail addresses/
lo#os/ people/ places/ and events depicted in e.amples herein are fictitious, %o association *ith
any real company/ or#ani6ation/ product/ domain name/ e1mail address/ lo#o/ person/ place/ or
event is intended or should be inferred, Complyin# *ith all applicable copyri#ht la*s is the
responsibility of the user, )ithout limitin# the ri#hts under copyri#ht/ no part of this document may
be reproduced/ stored in or introduced into a retrieval system/ or transmitted in any form or by
any means 'electronic/ mechanical/ photocopyin#/ recordin#/ or other*ise(/ or for any purpose/
*ithout the e.press *ritten permission of Microsoft Corporation,
Microsoft may have patents/ patent applications/ trademar!s/ copyri#hts/ or other intellectual
property ri#hts coverin# sub5ect matter in this document, E.cept as e.pressly provided in any
*ritten license a#reement from Microsoft/ the furnishin# of this document does not #ive you any
license to these patents/ trademar!s/ copyri#hts/ or other intellectual property,
7 2008 Microsoft Corporation, All ri#hts reserved,
Active $irectory/ &harePoint/ )indo*s/ )indo*s &erver/ )indo*s 8ista/ the )indo*s lo#o/ and
the Microsoft lo#o are trademar!s of the Microsoft #roup of companies,
All other trademar!s are property of their respective o*ners,
Contents
$%& in &mall %et*or!s &tep1by1&tep Guide,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 9
Abstract,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 9
Contents,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, :
&tep1by1&tep Guide for $%& in &mall %et*or!s,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, ;
Plannin# $%&,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, <
2nderstandin# the $%& namespace,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, <
$esi#nin# a $%& namespace,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, =
Creatin# an 0nternet $%& domain name,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 8
Creatin# internal $%& domain names,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 8
Creatin# $%& computer names,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 8
0nstallin# and Confi#urin# A$ $& and $%&,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, >
Confi#urin# Client &ettin#s,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 98
Advanced $%& Confi#uration,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 2?
Addin# resource records,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 2=
Automatically removin# outdated resource records,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,28
"roubleshootin# $%&,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, :0
Step-by-Step Guide for DNS in Small
Networks
$omain %ame &ystem '$%&( is a system for namin# computers and net*or! services that maps
those names to net*or! addresses and or#ani6es them into a hierarchy of domains, $%& namin#
is used on "CP@0P net*or!s/ such as the 0nternet and most corporate net*or!s/ to locate
computers and services by usin# user1friendly names, )hen a user enters the $%& name of a
computer in an application/ $%& can loo! up the name and provide other information that is
associated *ith the computer/ such as its 0P address or services that it provides for the net*or!,
"his process is called name resolution,
%ame systems/ such as $%&/ ma!e it easier to use net*or! resources by providin# users *ith a
*ay to refer to a computer or service by a name that is easy to remember, $%& loo!s up that
name and provides the numeric address that operatin# systems and applications re-uire to
identify the computer on a net*or!, Aor e.ample/ users enter ***,microsoft,com instead of the
numeric 0P address of the server to identify a Microsoft )eb server on the 0nternet, "he name is
resolved *hen the $%& client soft*are on the userBs computer sends a re-uest to a $%& server
that the userBs computer is confi#ured to use, 0f the $%& server has been confi#ured to respond
authoritatively *ith the address of the re-uested host/ it replies to the re-uest directly, Cther*ise/
the $%& server passes the re-uest on to another server that can provide the address or a referral
to another $%& server that can help provide the address, "his is *here the name hierarchy
comes into play: 0f a $%& server does not !no* *hich server is confi#ured *ith the address/ it
can re-uest the server that is responsible for maintainin# addresses of servers at each level in
the hierarchy until it locates the authoritative server, Aor e.ample/ if the $%& server does not
!no* *hich server is responsible for the server named ***,microsoft,com/ the $%& server can
as! the server that is responsible for supplyin# the names of $%& servers in the ,com domain to
provide the address of the server that is responsible for providin# the addresses of $%& servers
in the microsoft,com domain, "he ori#inal $%& server can then -uery that server for the address
of the computer named ***,microsoft,com,
$%& re-uires little on#oin# maintenance for small businesses/ *hich typically have one to four
$%& servers, 'Medium1si6e or#ani6ations usually have ; to 9; $%& servers,( $%& problems/
ho*ever/ can affect server availability for your entire net*or!, Most $%& problems occur because
$%& settin#s are confi#ured incorrectly or obsolete records remain on the $%& servers, y
follo*in# the procedures in this #uide/ you can avoid such problems *hen you deploy $%& in a
simple net*or! that is based on the )indo*s &erver+ 2008 operatin# system,
"his #uide e.plains ho* to install and confi#ure a basic $%& implementation in a net*or! that
consists of a sin#le/ ne* Active $irectory+ $omain &ervices 'A$ $&( domain, "he #uide then
addresses some advanced issues that medium1si6e or#ani6ations may have to consider, Ainally/
it includes some basic $%& troubleshootin# steps that you can ta!e if you suspect that your
environment has problems *ith $%&,
In this guide
;
Plannin# $%&
0nstallin# and Confi#urin# A$ $& and $%&
Confi#urin# Client &ettin#s
Advanced $%& Confi#uration
"roubleshootin# $%&
Planning DNS
$omain %ame &ystem '$%&( is the primary method for name resolution in
)indo*s &erver+ 2008 and for other versions of Microsoft+ )indo*s+ operatin# systems/ such
as )indo*s 2000/ )indo*s DP/ )indo*s &erver 200:/ and )indo*s 8ista, $%& is a
re-uirement for deployin# the Active $irectory $omain &ervices 'A$ $&( server role, 0nte#ratin#
$%& *ith A$ $& ma!es it possible for $%& servers to ta!e advanta#e of the security/
performance/ and fault1tolerance capabilities of A$ $&,
"ypically/ you or#ani6e your $%& namespace 'that is/ the association of domains/ subdomains/
and hosts( in a *ay that supports your plan for usin# A$ $& to or#ani6e the computers on your
net*or!,
nderstanding the DNS namespace
"he follo*in# illustration sho*s ho* the $%& namespace is or#ani6ed,
<
A $%& name consists of t*o or more parts separated by periods/ or EdotsE ',(, "he last 'ri#htmost(
part of the name is called the top1level domain '"4$(, Cther parts of the name are subdomains of
the "4$ or another subdomain, "he names of the "4$s are either functional or #eo#raphical,
&ubdomains usually refer to the or#ani6ation that o*ns the domain name,
Aunctional "4$s su##est the purpose of the or#ani6ation that has re#istered a subdomain in the
"4$, "he follo*in# table sho*s some of the most common functional "4$ names,
!unctional "#D "ypically used by $
,com Commercial entities/ such as corporations/ to
re#ister $%& domain names
,edu Educational institutions/ such as colle#es/ and
public and private schools
,#ov Government entities/ such as federal/ state/ and
local #overnments
,net Cr#ani6ations that provide 0nternet services/
such as 0nternet service providers '0&Ps(
,or# Private/ nonprofit or#ani6ations
?
Geo#raphical "4$s indicate the country or re#ion *here the or#ani6ation that re#istered the
domain is located, Aor e.ample/ an or#ani6ation that *ants to sho* that it is located in Canada
re#isters its 0nternet domain name in the ,ca "4$/ and an or#ani6ation that *ants to sho* that it
is located in ra6il re#isters its 0nternet domain name in the ,br "4$,
Most or#ani6ations that *ant to have an 0nternet presence for a )eb site or that *ant to send and
receive e1mail messa#es/ for e.ample/ re#ister an 0nternet domain name that is a subdomain of a
"4$, 2sually/ they choose a subdomain name based on their or#ani6ationBs name/ such as
contoso,com or treyresearch,net, Most small or#ani6ations *or! *ith their 0nternet service
provider '0&P( to re#ister their domain name/ althou#h you can also re#ister your domain name
directly *ith a re#istrar that is listed at 0nter%0C 'http:@@***,internic,com@re#ist,html(,
3e#isterin# an 0nternet domain name reserves the name for the e.clusive use of the or#ani6ation
and confi#ures $%& servers on the 0nternet to provide the appropriate 0P address *hen those
servers are -ueried for that name, "hat is/ it creates the e-uivalent of a telephone directory entry
for the 0nternet domain name, ut instead of providin# a telephone number for the name/ it
provides the 0P address that a computer re-uires to access the computers in the re#istered
domain,
"he $%& namespace is not limited to only the publicly re#istered 0nternet domain names,
Cr#ani6ations that have net*or!s *ith their o*n $%& servers can create domains for their
internal use, As the ne.t section e.plains/ these internal $%& namespaces can beFbut are not
re-uired to beFsubdomains of a public 0nternet domain name,
Designing a DNS namespace
Gou can desi#n an e.ternal namespace that is visible to 0nternet users and computers, Gou can
also desi#n an internal namespace that is visible only to users and computers that are in your
internal net*or!,
Cr#ani6ations that re-uire an 0nternet presence and an internal namespace must deploy both an
internal and an e.ternal $%& namespace and mana#e each namespace separately, 0n this case/
*e recommend that you ma!e your internal domain a subdomain of your e.ternal domain, Aor
e.ample/ an or#ani6ation that has an e.ternal domain name of contoso,com mi#ht use the
internal domain name corp,contoso,com, 2sin# an internal domain that is a subdomain of an
e.ternal domain has the follo*in# advanta#es:
3e-uires you to re#ister only one name *ith an 0nternet name authority even if you later
decide to ma!e part of your internal namespace publicly accessible,
Ensures that all of your internal domain names are #lobally uni-ue,
&implifies administration by enablin# you to administer internal and e.ternal domains
separately,
Allo*s you to use a fire*all bet*een the internal and e.ternal domains to secure your $%&
deployment,
0f you *ant to deploy an A$ $& domain for each division in your or#ani6ation/ you can use your
internal domain as a parent for additional child domains that you create to mana#e those
divisions, Child domain names are immediately subordinate to the domain name of the parent,
=
Aor e.ample/ a child domain for a manufacturin# division that you add to the us,corp,contoso,com
namespace mi#ht have the domain name manu,us,corp,contoso,com,
Creating an Internet DNS domain name
An 0nternet $%& domain name has a "4$ name/ such as ,com/ ,or#/ or ,edu/ and a uni-ue
subdomain name that the domain o*ner chooses, Aor e.ample/ a company named Contoso
Corporation *ould probably choose contoso,com as its 0nternet domain name,
efore you re#ister an 0nternet $%& domain/ conduct a preliminary search of the 0nternet to
confirm that the $%& domain name that you *ant to use is not already re#istered to another
or#ani6ation, 0f the domain name that you *ant to use is available/ contact your 0nternet service
provider '0&P( to confirm that the domain name is available and to help you re#ister your domain
name, Gour 0&P mi#ht set up a $%& server on its o*n net*or! to host the $%& 6one for your
domain name or it mi#ht help you set up a $%& server on your net*or! for this purpose,
Creating internal DNS domain names
Aor your internal domains/ create names that are related to your re#istered 0nternet $%& domain
name, Aor e.ample/ if you re#ister the 0nternet $%& domain name contoso,com for your
or#ani6ation/ use a $%& domain name such as corp,contoso,com for the internal/ fully -ualified
$%& domain name and use CC3P as the %et0C& name,
0f you *ant to deploy $%& in a private net*or!/ but you do not plan to create an e.ternal
namespace/ you should still re#ister the $%& domain name that you create for your internal
domain, 0f you do not re#ister the name/ and you later attempt to use it on the 0nternet or you use
it to connect to a net*or! that is connected to the 0nternet/ the name mi#ht be unavailable,
Creating DNS computer names
)hen you create $%& names for the computers on your net*or!/ develop and follo* a lo#ical
$%& computer1namin# convention, "his ma!es it possible for users to remember easily the
names of computers on public and private net*or!s/ *hich facilitates access to net*or!
resources,
2se the follo*in# #uidelines *hen you create $%& names:
&elect computer names that are easy for users to remember,
0dentify the o*ner of a computer in the computer name,
Aor e.ample/ andre*1di.on indicates that Andre* $i.on uses the computer/ and pubs1server
indicates that the computer is a server that belon#s to the Publications department,
As an alternative/ select names that describe the purpose of the computer,
Aor e.ample/ a file server named past1accounts19 indicates that the file server stores
information related to past accounts,
$o not use capitali6ation to convey the o*ner or purpose of a computer,
$%& is not case sensitive,
Match the A$ $& domain name to the primary $%& suffi. of the computer name,
8
"he primary $%& suffi. is the part of the $%& name that appears after the host name,
2se uni-ue names for all computers in your or#ani6ation,
$o not assi#n the same computer name to different computers in different $%& domains, Aor
e.ample/ do not use such names as server9,acct,contoso,com and server9,hr,contoso,com,
Also/ do not use the same computer name *hen a computer is confi#ured to run different
operatin# systems, Aor e.ample/ if a computer can run )indo*s &erver 2008 or
)indo*s 8ista/ do not use the same computer name for both operatin# systems,
2se A&C00 characters to ensure interoperability *ith computers runnin# versions of )indo*s
earlier than )indo*s 2000,
Aor computer and domain names/ use only the characters A throu#h H/ 0 throu#h >/ and the
hyphen '1(, $o not use the hyphen as the first character in a name,
0n particular/ the follo*in# characters are not allo*ed in $%& names:
comma '/(
tilde 'I(
colon ':(
e.clamation point 'J(
at si#n 'K(
number si#n 'L(
dollar si#n 'M(
percent si#n 'N(
caret 'O(
ampersand 'P(
apostrophe 'B(
period ',(/ e.cept as a separator bet*een names
parentheses ''((
braces 'QR(
underscore 'S(
"he number of characters in a name must be bet*een 2 and 2;,
Avoid nonstandard "4$s such as ,local, 2sin# a nonstandard "4$ *ill prevent you from bein#
able to re#ister your domain name on the 0nternet,
Installing and Configuring AD DS and DNS
)hen you create a ne* Active $irectory $omain &ervices 'A$ $&( domain/ the Active $irectory
$omain &ervices 0nstallation )i6ard installs the $omain %ame &ystem '$%&( server role by
default, "his ensures that $%& and A$ $& are confi#ured properly for inte#ration *ith each other,
>
Important
efore you install A$ $& and $%& on the first domain controller server in a ne* domain/
ensure that the 0P address of the server is staticT that is/ that it is not assi#ned by
$ynamic Uost Confi#uration Protocol '$UCP(, $%& servers and Active $irectory domain
controllers must have static addresses to ensure that clients can locate the servers
reliably,
"o install DNS with AD DS in a new domain
9, Clic! Start/ point to Administrati%e tools/ and then clic! Ser%er &anager,
2, 0n the tree pane/ clic! 'oles,
:, 0n the results pane/ clic! Add 'oles,
;, Cn the (efore )ou (egin pa#e/ clic! Ne*t,
9
<, Cn the &elect &erver 3oles pa#e/ clic! Acti%e Directory Domain Ser%ices/ and then
clic! Ne*t,
99
?, Cn the Acti%e Directory Domain Ser%ices pa#e/ read the information and then clic!
Ne*t,
=, Cn the Confirm Installation Selections pa#e/ read the information and then clic!
Install,
8, After A$ $& installation has completed/ on the Installation 'esults pa#e/ clic! Close
this wi+ard and launch the Acti%e Directory Domain Ser%ices Installation ,i+ard
-dcpromo.e*e/.
9
>, Cn the ,elcome to the Acti%e Directory Domain Ser%ices Installation ,i+ard pa#e/
clic! Ne*t,
90, Cn the Choose a Deployment Configuration pa#e/ clic! Create a new domain in a
new forest/ and then clic! Ne*t,
9
99, Cn the Name the !orest 'oot Domain pa#e/ type the full $%& name 'such as
corp,contoso,com( for the ne* domain/ and then clic! Ne*t,
9
92, Cn the Set !orest !unctional #e%el pa#e/ select ,indows Ser%er 0112/ and then clic!
Ne*t,
9:, Cn the Additional Domain Controller 3ptions pa#e/ ma!e sure that DNS ser%er is
selected/ and then clic! Ne*t,
9
Note
A messa#e bo. informs you that a dele#ation for this $%& server cannot be
created, "his is normal and e.pected for the first domain controller in a ne*
forest, Clic! )es to proceed,
9
9;, Cn the #ocation for Database4 #og !iles4 and S)S53# pa#e/ type the location in
*hich you *ant to install the database/ lo#/ and system volume '&G&8C4( folders/ or
clic! (rowse to choose a location/ and then clic! Ne*t,
Note
Gou can safely accept the default locations unless you !no* that you have a
reason to chan#e them,
9<, Cn the Directory Ser%ices 'estore &ode Administrator Password pa#e/ type a
pass*ord to use to lo# on to the server in $irectory &ervices 3estore Mode/ confirm the
pass*ord/ and then clic! Ne*t,
9
9?, 3evie* the Summary pa#e/ and then clic! Ne*t to be#in the installation,
9=, After the A$ $& installation completes/ clic! 36 to restart the computer,
Configuring Client Settings
y default/ $omain %ame &ystem '$%&( clients are confi#ured to allo* $ynamic Uost
Confi#uration Protocol '$UCP( to automatically assi#n the clientsB 0P addresses/ $%& server
addresses/ and other settin#s, "he "CP@0P confi#uration steps in this section are re-uired only if
a $UCP server is not available,
Confi#ure the follo*in# settin#s for each $%& client:
"CP@0P settin#s for $%&
Uost name and domain membership
"he follo*in# procedures re-uire you to lo# on *ith an account that belon#s to the Administrators
#roup on the client computer,
9
"o configure client settings on a computer running ,indows 7P
9, Cn the computer that you *ant to confi#ure to use $%&/ clic! Start/ point to Control
Panel/ and then clic! Network Connections,
2, 3i#ht1clic! the net*or! connection that you *ant to confi#ure/ and then clic! Properties,
:, Cn the General tab/ clic! Internet Protocol -"CP8IP// and then clic! Properties,
;, Clic! se the following IP address,
<, 0n IP address/ type the address of the client computer,
?, 0n Subnet mask/ type the subnet mas! of the domain controller,
=, 0n Default gateway/ type the address of the default #ate*ay of the domain controller,
8, Clic! se the following DNS ser%er addresses.
>, 0n Preferred DNS ser%er/ type the 0P address of the $%& server that you installed in
0nstallin# and Confi#urin# A$ $& and $%&,
Important
$o not use the 0P address of a $%& server that is provided by your 0nternet
service provider '0&P( as a primary or alternate $%& server,
90, Clic! 36/ and then clic! Close,
9
Note
0t is not necessary to restart the computer at this time if you intend to chan#e the
computerBs name or domain membership in the follo*in# steps,
99, 0n Control Panel/ double1clic! System,
92, Cn the Computer Name tab/ clic! Change,
9:, 0n Computer name/ type the name of the computer 'the host name(,
9;, Clic! Domain/ and then type the name of the domain that you *ant the computer to 5oin,
9<, 0f a second Computer Name Changes dialo# bo. appears/ in ser Name/ type the
domain name and user name of an account that has permission to 5oin computers to the
domain,
9?, 0n Password/ type the pass*ord of the account,
&eparate the domain name and user name *ith a bac!slash/ for e.ample/
domainVuser_name,
2
9=, Clic! 36 to close all dialo# bo.es,
2
"o configure client settings on a computer running ,indows 5ista
9, Cn the computer that you *ant to confi#ure to use $%&/ clic! Start/ and then clic!
Control Panel,
2, 0n Control Panel/ clic! Network and Internet,
:, Clic! Network and Sharing Center, 0n the "asks pane/ clic! &anage network
connections,
;, 3i#ht1clic! the net*or! connection that you *ant to confi#ure/ and then clic! Properties,
<, Cn the Networking tab/ clic! Internet Protocol 5ersion 9 -"CP8IP%9// and then clic!
Properties,
2
?, Clic! se the following IP address,
=, 0n IP address/ type the address of the client computer,
8, 0n Subnet mask/ type the subnet mas! of the domain controller,
>, 0n Default gateway/ type the address of the default #ate*ay of the domain controller,
90, Clic! se the following DNS ser%er addresses/ and in Preferred DNS ser%er/ type the
0P address of the domain controller that you installed in 0nstallin# and Confi#urin# A$ $&
and $%&,
Important
$o not use the 0P address of a $%& server that is provided by your 0&P as a
primary or alternate $%& server,
99, Clic! 36 to e.it,
92, 0f Internet Protocol 5ersion : -"CP8IP%:/ is selected/ clic! it/ and then clic! Properties,
Perform the same steps as for "CP@0Pv;/ and then clic! 36 and Close,
Note
0t is not necessary to restart the computer at this time if you intend to chan#e the
2
computerBs name or domain membership in the follo*in# steps,
9:, 0n Control Panel/ clic! System and &aintenance/ and then clic! System,
9;, 2nder Computer name4 domain4 and workgroup settings/ clic! Change settings,
2
9<, Cn the Computer Name tab/ clic! Change,
9?, 0n Computer name/ type the name of the computer 'the host name(,
2
9=, Clic! Domain/ and then type the name of the domain that you created in 0nstallin# and
Confi#urin# A$ $& and $%&,
98, 0f the Computer Name Changes dialo# bo. appears:
0n ser Name/ type the domain name and user name of an account that has
permission to 5oin computers to the domain,
0n Password/ type the pass*ord of the account, &eparate the domain name and
user name *ith a bac!slash/ for e.ample/ domainVuser_name,
9>, Clic! 36 to close all dialo# bo.es,
Ad%anced DNS Configuration
0n most cases/ deployin# Active $irectory $omain &ervices 'A$ $&(Winte#rated $omain %ame
&ystem '$%&( on a small/ )indo*s1based net*or! re-uires little confi#uration beyond the initial
setup, Cccasionally/ ho*ever/ you may have to perform additional confi#uration tas!s/ such as
addin# resource records to handle unusual situations or confi#urin# automatic removal of
outdated resource records,
2
Adding resource records
3esource records store information about specific net*or! computers/ such as the names/ 0P
addresses/ and services that the computers provide, 0n most cases/ )indo*s1based computers
use dynamic update to update their resource records on $%& servers, "his dynamic update
process eliminates the need for an administrator to mana#e the resource records, Uo*ever/ if
your net*or! contains computers that are not )indo*s1based or if it contains computers that you
*ant to desi#nate to handle e1mail/ you may have to add host 'A( resource records to the 6one
on your $%& server,
Important
)hen the Active $irectory $omain &ervices 0nstallation )i6ard installs and confi#ures
$%& on the ne* domain controller/ it creates resource records that are necessary for the
correct operation of the $%& server on the domain controller, $o not remove or chan#e
these resource records, Chan#e or remove only those resource records that you add
yourself,
Uost 'A( resource records associate the $%& domain name of a computer 'or host( to its 0P
address, Gou do not need to have a host 'A( resource record for all computers/ but you must have
one for any computer that shares resources on a net*or! and that must be identified by its $%&
domain name,
)indo*s 2000/ )indo*s DP/ and )indo*s &erver 200: clients and servers use the $ynamic
Uost Confi#uration Protocol '$UCP( Client service to dynamically re#ister and update their
host 'A( resource records in $%& *hen an 0P confi#uration chan#e occurs,
)indo*s 8ista and )indo*s &erver 2008 clients use the $%& Client service to dynamically
re#ister and update their host 'A( resource records in $%& *hen an 0P confi#uration chan#e
occurs,
Gou can manually create a host 'A( resource record for a static "CP@0P client computer 'or for
a computer runnin# non1)indo*s operatin# systems( by usin# the $%& Mana#er
administrative tool,
"o add a host -A/ resource record to a DNS +one
9, Cn the $%& server/ clic! Start/ point to Administrati%e "ools/ and then clic! DNS,
2, 0n the console tree/ ri#ht1clic! the applicable $%& 6one/ and then clic! New ;ost -A/,
:, 0n Name -uses parent domain if blank// type the name of the computer 'host( for *hich
you are creatin# a host 'A( resource record,
;, 0n IP address/ type the address of the computer for *hich you *ant to create a host 'A(
resource record,
Important
Ma!e sure that you type the address correctly and that you assi#n it as a static
address 'not one that is assi#ned by $UCP(, 0f the address is incorrect or
chan#es/ client computers cannot use $%& to locate the host,
2
Automatically remo%ing outdated resource
records
"he ability of $UCP to re#ister host 'A( and pointer 'P"3( resource records automatically
*henever you add a ne* device to the net*or! simplifies net*or! administration, Uo*ever/ it has
one dra*bac!: unless you remove those resource records/ they remain in the $%& 6one
database indefinitely, Althou#h this is not a problem *ith static net*or!s/ it ne#atively affects
net*or!s that chan#e fre-uently 'for e.ample/ a net*or! to *hich you add or remove portable
computers( because the accumulation of resource records can prevent host names from bein#
reused,
Aortunately/ $UCP services and the )indo*s &erver 2008 $%& server cooperate to help prevent
this problem from happenin#, Gou can confi#ure the $%& server to trac! the a#e of each
dynamically1assi#ned record and to periodically remove records that are older than the number of
days that you specify, "his process is !no*n as scavenging,
"he a#e of a resource record is based on *hen it *as created or last updated, y default/
computers runnin# )indo*s send a re-uest to the $%& server to update their records every
2; hours,
Note
"o prevent unnecessary replication/ you can confi#ure the )indo*s &erver 2008 $%&
server to i#nore update re-uests for a period of time that you specify,
0n this manner/ )indo*s1based computers notify the $%& server that they are still on the net*or!
and that their records are not sub5ect to scaven#in#,
ecause scaven#in# can cause problems on a net*or! if it is not confi#ured correctly/ )indo*s
&erver 2008 disables scaven#in# by default, )e recommend that you enable scaven#in# *ith
default settin#s if you fre-uently add computers to or remove computers from your net*or!,
"o enable sca%enging on a DNS ser%er
9, Cn the $%& server on *hich you *ant to enable scaven#in#/ clic! Start/ point to
Administrati%e "ools/ and then clic! DNS,
2, 0n the console tree/ clic! the applicable $%& server,
:, Cn the Action menu/ clic! Properties,
;, Clic! the Ad%anced tab/ select <nable automatic sca%enging of stale records/ and
then clic! 36,
2
<, Cn the Action menu/ clic! Set Aging8Sca%enging for All =ones,
?, Clic! the Sca%enge stale resource records chec! bo./ and then clic! 36,
2
=, 0n the Ser%er Aging8Sca%enging Confirmation dialo# bo./ select Apply these settings
to the e*isting Acti%e Directory-integrated +ones/ and then clic! 36,
"roubleshooting DNS
Most often/ $omain %ame &ystem '$%&( confi#uration problems are e.posed *hen one or more
$%& client computers cannot resolve host names,
:
"o troubleshoot $%& problems/ you must determine the scope of the problem, "o do this/ you use
the ping command on multiple clients to resolve the names of hosts on the intranet and the
0nternet/ and to test overall net*or! connectivity, 3un the follo*in# commands on several $%&
client computers and *ith several tar#et computers/ and then note the results:
ping DNS_server_ip_address
ping internal_host_ip_address/ *here internal_host_ip_address is the 0P address of a
computer that e.ists in the clientBs domain
ping internal_host_name/ *here internal_host_name is the fully -ualified domain name
'AX$%( of the computer
ping Internet_host_name/ *here Internet_host_name is the name of a computer that e.ists
on the 0nternet,
Note
0t is not important *hether an 0nternet computer responds to the ping command, )hat is
important is that $%& can resolve the name that you specify to an 0P address,
"he results of these tests su##est the nature of the problem, "he follo*in# table sho*s possible
results/ causes/ and solutions,
pin# command result Possible cause Possible solution
Multiple clients cannot
resolve any intranet or
0nternet names
"his result su##ests that the
clients cannot access the
assi#ned $%& server, "his
mi#ht be the result of #eneral
net*or! problems/ particularly
if the ping command usin# 0P
addresses fails, Cther*ise/ if
you have confi#ured the
clients to obtain $%& server
addresses automatically/ you
mi#ht not have confi#ured the
$ynamic Uost Confi#uration
Protocol '$UCP( servers on
the net*or! properly,
3evie* the confi#uration of the
$UCP servers on the net*or!,
Multiple clients cannot
resolve intranet names/ but
they can resolve 0nternet
names
"his result su##ests that host
'A( resource records/ or
records such as service
locator '&38( resource
records/ do not e.ist in the
$%& 6one database, Also see
ECne client only cannot
resolve intranet names/ only
0nternet names,E
Ensure that the appropriate
resource records e.ist and that
you have confi#ured the $%&
server properly to receive
automatic updates, 0f the tar#et
host names are located in a
particular child 6one/ ensure that
you have confi#ured dele#ation of
that 6one properly, "o test
:
pin# command result Possible cause Possible solution
re#istration of records for a
domain controller/ use the
dcdiag 8test>dns 8%
8s>domain_controller command,
Cne client only cannot
resolve any intranet or
0nternet names
0f the ping command usin# 0P
addresses fails/ this result
indicates that the client
computer cannot connect to
the net*or!, 0f the ping
command usin# 0P addresses
succeeds/ but the ping
command cannot resolve $%&
domain names/ the "CP@0P
settin#s of the client may be
incorrect,
Ensure that the client computer is
physically connected to the
net*or! and that the net*or!
adapter for the computer functions
properly/ or correct the "CP@0P
settin#s/ as necessary,
"o correct the settin#s/ see
Confi#urin# Client &ettin#s,
Cne client only cannot
resolve intranet names/ only
0nternet names
0f you previously confi#ured
the client computer to connect
directly to the 0nternet/ its
"CP@0P properties mi#ht be
confi#ured to use an e.ternal
$%& server/ such as a $%&
server from an 0nternet service
provider '0&P(, 0n most cases/
the client should not use a
$%& server from an 0&P as
either the preferred or
alternate $%& server because
the $%& server at the 0&P is
not able to resolve internal
names, 2sin# a $%& server
from an 0&P in the "CP@0P
confi#uration of a client can
also cause problems *ith
conflictin# internal and
e.ternal namespaces,
"o correct the settin#s/ see
Confi#urin# Client &ettin#s,
0f you have ruled out all of these potential problems for a particular client and still cannot resolve
$%& names/ use the procedures in Confi#urin# Client &ettin#s to verify the $%& client settin#s,
"hen/ at a command prompt/ type ipconfig 8all to vie* the current "CP@0P confi#uration,
0f the client does not have a valid "CP@0P confi#uration/ you can perform one of the follo*in#
tas!s:
:
Aor dynamically confi#ured clients/ use the ipconfig 8renew command to manually force the
client to rene* its 0P address confi#uration *ith the $UCP server,
Aor statically confi#ured clients/ modify the client "CP@0P properties to use valid confi#uration
settin#s or to complete its $%& confi#uration for the net*or!,
: