Create and configure a DNS server, as well as delegate subdomains on Windows Server 2012 / 2012 R2
- Windows Server
- DNS
- 15 April 2018 at 12:45 UTC
-
- 5/6
5.4. DNS zone properties
To see the properties of your DNS zone, right-click on your forward lookup zone and click Properties.
Then, in the "General" tab, you will be able to :
- enable or disable this zone
- choose whether your server should act as the primary or secondary server for this zone. This can be useful if the main server goes down. Because the secondary server can take over.
- to know the name of the zone file (present in the "C:\Windows\system32\dns" folder of your server)
- enable or disable dynamic updates for this zone
In the "Start of Authority (SOA)" tab, you will find :
- the serial number that is incremented with each change to indicate to the secondary server (if applicable) that the DNS zone has been updated
- the name of the primary server. The server where this DNS zone is managed.
- the person responsible for this DNS zone.
In the "Name Servers" tab, you will see the list of DNS servers that have this DNS zone.
Or more precisely :
- the authoritative primary DNS server for this DNS zone
- the secondary DNS server(s) allowed to maintain a copy of this DNS zone
In our case, this DNS zone is managed on a single DNS server (which is therefore the authoritative primary DNS server for this DNS zone).
In the "WINS" tab, you can enable WINS forward lookup to allow your DNS server to search for the name in the NETBIOS system if the desired name has not been found in the DNS zone.
However, this requires first installing a WINS server.
In the "Zone Transfers" tab, you can enable the transfer of the zone to a secondary DNS server if you wish.
Note that it isn't recommended to allow the transfer of the zone to any DNS server. In particular, to protect the keys created when signing your zone via DNSSEC (if applicable).
5.5. Zones files
As mentioned before, the zone files are stored in the "%SystemRoot%\system32\dns" (C:\Windows\system32\dns) folder of your server.
In this file, we find :
- the file of our forward lookup zone : informatiweb.lan.dns
- the file of our reverse lookup zone : 0.0.10.in-addr.arpa.dns
Note : if you have already managed a DNS server in Linux (BIND), you will see that the format of these files is identical.
If you open the "informatiweb.lan.dns" file with the notepad, you will see that this file contains :
- the serial number of the DNS zone
- the delay after which the zone will have to be updated on the secondary server
- the delay after which the update will have to be re-performed if the 1st attempt failed
- the delay after which this zone will no longer be valid and must therefore be updated (if the primary server still exists)
- the default duration for which the DNS records listed are valid.
- the list of DNS records present in the DNS zone.
If you open the "0.0.10.in-addr.arpa.dns" file with Notepad, you will see that this file contains :
- the same global information at the top of the file
- the list of name servers (DNS servers) where this zone is located
- the list of pointers corresponding to the A or AAAA records of the forward lookup zone
Share this tutorial
To see also
-
Articles 5/1/2018
Why deploy DNSSEC on your DNS server ?
-
Windows Server 1/15/2013
WS 2008 - Create a DNS server
-
Windows Server 4/25/2018
WS 2012 / 2012 R2 - Create a secondary DNS server
-
Windows Server 5/11/2018
WS 2012 / 2012 R2 - Sign your DNS zones with DNSSEC
No comment