3.1 Setting up DNS in Active Directory and Linux
Basics
You can use Windows Active Directory to establish a domain controller to process authentication requests from users who connect to your domain and are seeking information from devices on your network. You can also configure DNS on a domain controller which will store the contents of a DNS database in Active Directory which can then be replicated to all other domain controllers that may be in your domain.
Terms to Know
You should know the following terms:
- Windows Active Directory
- Forward lookup zones
- Reverse lookup zones
Information
Once you have completed configuring DNS in Active Directory, you should verify the DNS records have been captured correctly. Service Location (SRV) locator resource records are used to identify domain controllers for Active Directory. Review the article, How to verify that SRV DNS records have been created for a domain controller from Microsoft to verify you have configured your DNS correctly.
If you are using a Linux-based server. BIND is a nameserver service responsible for performing domain-name-to-IP conversion on Linux-based DNS servers. RedHat shares step-by-step directions for setting up DNS on a Linux-based server in the article How to use the Linux BIND command to install and configure DNS.
Forward and Reverse Lookup Zones
Your DNS server will have two main categories of lookup zones. Forward lookup zones will translate a host name to an IP address. Reverse lookup zones do the opposite, converting an IP address to a host name.
Your forward and reverse records will be stored in separate files. A file used for a forward lookup can’t perform the operation backwards. Reverse lookups can be used for helping monitor email by verifying the identity of a sending server to protect against spam or bot attacks.
The forward lookup records have a one-to-many relationship. That means that multiple host names can be mapped to a single IP address so a user can find the correct IP address by any of the names in the file. On the contrary, the reverse lookup file has a one-to-one relationship. IP addresses in a reverse lookup file are mapped to a single host name.
DNS Forwarders
If your DNS server cannot map a request back to a host, that request can be forwarded on to other servers. According to DNS Made Easy, “The DNS forwarder should be thought of as the designated server to which a particular subset of queries (either for external addresses or specific internal addresses) are forwarded by other DNS servers within the network. It then sends (forwards) those requests for resolution to other DNS servers.”
Without DNS forwarding, all DNS servers on your network will respond to external DNS queries, which can slow down network performance and put your network at risk. If a DNS server cannot resolve an internal request, it should not send that request out beyond your internal network. That could put your network and the devices on it at risk. Having a single forwarder will consolidate those requests and that server can build up a cache of addresses to improve the response to subsequent queries in the future and conserve network resources.
Additional Resources
Here are additional resources you may find useful:
- An Introduction to DNS Terminology, Components, and Concepts by Justin Ellingwood for DigitalOcean.
- As can be seen in this article by Rackspace, Configure Active Directory with integrated DNS and How do I configure Active Directory integrated DNS by John Savill for ITPro, the steps to install the Active Directory Domain Services and DNS Server roles on your server are fairly straightforward.
- DNS and AD DS from Microsoft. Similar guidance. Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012
- How do I configure Active Directory integrated DNS? From ITProToday
- How to Run Your Own DNS Server on Your Local Network provides detailed directors for setting up an internal DNS server using Linux with Dnsmasq.
- DNS Configuration: Everything You need to Know from Hivelocity (Windows Server 2003 | Windows Server 2012) Includes a full explanation of important vocabulary as well as DNS examples. Followed by step-by-step directions on how to install and configure DNS.
- Avoid School Communications Issues with Proper DNS Setup by Eric Fulkert for Campus Suite
- Understanding Forward and Reverse Lookup Zones in DNS from MustBeGeek contains a good explanation of these zones and how they operate.
- Forward vs Reverse DNS Lookup Zones: Do you need both? provides further explanation of DNS.
- How To: Add DNS Forwarders in Windows Server DNS from TechnoGeek
- Understanding DNS Forwarders and Root Hints in Windows DNS Server from MustBeGeek
Task/Self-Assessment
Complete the following task or self-assessment:
Depending on your role, you may or may not have access to configure Active Directory. If not, collaborate with someone who does.
- Verify that DNS records are being captured correctly.
- Look for or ask for help to view the forward and reverse lookup zone files and review the information in them.