Windows DNS Server 2008: Setup External Internet DNS Server

Hopefully if you’re in the tech field you know that DNS is one of the main pillars of the Internet and what makes having those delightful friendly domain names (like www.TrainSignalTraining.com and www.TrainSignal.com) possible instead of having to memorize a long list of boring IPs (69.16.232.158).

For those of you that might need a refresher, the DNS service is the addressing book of the networking world, allowing the translation of human friendly names to IP addresses at its base level. It also stores other types of records that helps in delivery of different types of information from one end of the Internet to the other.

Why Have An External DNS Server?

This is especially useful if you are running IIS and have a lot of sites and don’t want to use a 3rd party option for DNS. For example, at a client I worked with, they owned over 250 domain names and wanted to keep tight control over their DNS in case of server moves and other email considerations.

An external DNS server will also help limit the exposure of your network to security leaks in case the server is compromised. If you connect the Internet facing server to the rest of your DNS servers you will have your internal network AD information stored on there. Should this external facing server get hacked or compromised they would find quite a bit more information than just some publicly available resource records.

Once you have setup the external DNS servers you have your internal DNS servers with your private information forward requests to the external DNS server for clients needing name resolution to the outside world.

How to Install Windows DNS Server 2008

The first thing we will have to do is setup the DNS Role on the server that we want to use. Let’s walk through that first:

NOTE: This walkthrough is for EXTERNAL DNS servers and will not include information on integrating with Active Directory or installing other components other than what is needed.

1. Open Server Manager and click on Roles in the left pane and then click on Add Roles in the center pane.

2. Depending on whether you checked off to skip the Before You Begin page while installing another service, you will now see warning pages telling you to make sure you have strong security, static IP, and latest patches before adding roles to your server.

If you get this page, then just click Next.

3. Next is the Select Server Roles window, and we are going to go ahead and check DNS Server in the list of possible roles.

Now if you don’t have a Static IP Address assigned to your server you will get the warning:

Either choose to ignore the warning and continue to install or go back and set a Static IP for the server. Either way you come back to the Select Server Roles screen, you can now choose to click Next.

4. Next is the DNS Server information screen giving some links to understanding the DNS integration with AD and other information.

Of course since we are configuring an External DNS server we will click Next to continue.

5. Confirm the Installation Selections by reviewing the list and then clicking Install.

6. After a little while you should now see the Installation Results page, and hopefully see a Installation Succeeded message across from DNS Server, and then click Close.

That’s it! You have now installed the DNS Role on a Windows Server 2008. Let’s go to some configuration tasks now.

Please note that when you install the DNS service the server will automatically open up port 53 TPC/UDP for DNS related traffic.

How to Configure Windows DNS Server 2008

Ok, before we start configuring your server there are a few basics we should cover.

Remember I said basics, because I am not going to go beyond what is needed for an External DNS server and confuse the issue, but there are other options beyond what I am going to review here.

• Forward Lookup Zone – A DNS Zone that does lookups for the domain name to IP address. This is the most common form of zone that people will use.
• Reverse Lookup Zone – This DNS Zone is the exact opposite of the Forward Lookup Zone and allows an IP to be assigned to a domain/hostname.
  Note: Most external Reverse Lookup Zones will not work unless you own your block of IPs. The ISP/WebHost service that you use will more than likely own the reverse IP records, and you will have to request them to make any changes you require.

If you have gone through my earlier IIS articles you know that I have used a test domain called logfiletest.com. Let’s go ahead and create a forward lookup zone for that domain.

1. Open DNS Manager

2. Since I am local to the server it will automatically have itself in the DNS Manager. Expand out the server then right click on Forward Lookup Zones, and then left click on New Zone.

3. Welcome to the New Zone Wizard, should be the next window you see. Go ahead and click Next.

4. Next we are going to pick a zone type. Since this is going to be the primary DNS server for logfiletest.com choose Primary Zone, and then click Next.

5. Now we are going to enter the Zone Name, in this case it is logfiletest.com. After entering the name of your zone go ahead and click Next.

6. The next window is about the zone file.

Non-Active Directory zones are kept in a flat text file in %SystemRoot%\system32\dns on the server. You have the option of creating a new one or using one that was copied over from a different server. In our case we will use the default naming and create a new one, by clicking Next.

7. Dynamic Updates allow client computers to create and update their own resource records. For external servers this would be bad, so we will go with the Do not allow dynamic updates radio button and then click Next.

8. Completing the New Zone Wizard will be the next window and it has a review of the settings you specified during the wizard.

Go ahead and click on Finish to complete the setup of the Forward Lookup Zone for logfiletest.com.

9. At the completion you will now return back to the DNS Manager, and you can see logfiletest.com is now listed under the Forward Lookup Zone folder.

Congratulations on your setup! Though the domain is setup it currently has no resource records in it to resolve! Let’s fix that and give this server a purpose.

There are different types of resource records, in this case we are going to create a Host (A) record, which maps a name to an IP address.

How to Create a Host (A) Record on Server 2008 DNS

The most basic and simple host record is going to be for a website, so let’s go ahead and map the www of the domain name to the IP that the website uses.

For our example, the IP of logfiletest.com is 192.168.11.5.

1. Open DNS Manager

2. Choose the Forward Lookup Zone you want to work with, in this case it is logfiletest.com and right click on it. Select New Host (A or AAAA) and left click on it.

Note: Don’t be confused by the AAAA, as that is used for IPv6 records.

3. The new host window will now popup allowing you to enter the name (if blank it will use the parents domain name), which we will type in www, and fill in the IP address we want logfiletest.com to resolve to, which is 192.168.11.5.

If we choose to we can associate a PTR record with this, which would create the reverse lookup. Not necessary in this case since we don’t control the IPs.

Click Add Host when done.

4. You will get a message that confirms the creation of the Host Record, so click OK.

5. Now in the DNS Manager you will see your A resource record for www mapped to the correct IP.

6. Now let’s do a quick test with NSLookup and you will see that the name resolves correctly.

Summary for Creating External DNS Server

So we have walked through the following:

• Installing DNS Role on a Windows Server 2008
• Created a Forward Lookup Zone
• Created a Host (A) Resource Record

Again this is just the basics for getting you started in running your own External DNS Server.

In the future we will discuss the different types of resource records and how they are used, how to make use of features such as round robin DNS and setup redundancies to keep your sites resolving correctly.

Sumber: http://www.trainsignal.com/blog/windows-server-2008-dns-server

Windows Server 2008 as a LAN Router Running RIP

If you’re designing a virtual test or evaluation network and want to get into complicated network scenarios you will eventually need to segment out your virtual network.

To do that you need something functioning as a router, since this may be virtual machines, you can’t just plug-in a hardware solution. This will allow you to mimic a much larger network and teach you how things might be done in a mid to enterprise sized environment.

For this walkthrough I will show you how to turn a Server 2008 box with two network interfaces into a router.

How to Install Routing on Windows Server 2008

I am going to be running this demo on a cleanly installed Windows Server 2008 virtual machine that is configured with two network interfaces both set to "Local Only" in Virtual PC 2007.

It currently holds no role information and will only function as a router. We will also configure RIP routing protocol so it can talk to other routers on the network.

1. Start Server Manager.

2. Click on Roles, and then click on Add Roles.

3. Since this is a clean install we get a Before You Begin warning page telling us that if we’re going to install a role on a server to make sure it is secure. If you get this page, just click Next.

4. On the Select Server Roles page go ahead and place a check next to Network Policy and Access Services. Click Next after you’re done.

5. The next page gives you an overview of the Network Policy and Access Services and everything that you can do with it. Read through the various options and click Next.

6. The Select Role Services page now comes up and we are going to go ahead and place a check next to Routing & Remote Access Services.

Note that you cannot just click on Routing because it is dependent on the Remote Access Service also being installed; then click Next.

7. You are now asked to confirm your installation selections, review everything and then click on Install.

8. After a few minutes you should see an Installation Results page and the outcome hopefully is Installation Succeeded, review any messages and then click Close.

9. Now in Server Manager you can see in roles that Network Policy and Access Services is now installed, but it is in a down state because no devices are associated to the service.

Go ahead and close out Server Manager as that now concludes the install of the Router service on the Windows Server 2008.

How to Configure Routing on Windows Server 2008

Ok let’s go ahead and get routing enabled and configured by associating some of our network adapters with the service.

1. Click on Start, Administrative Tools, Routing and Remote Access

2. When the Routing and Remote Access MMC starts you will notice that the server has a red down arrow showing that it is currently offline.

Right click on the server and select configure and Enable Routing and Remote access.

3. The Routing and Remote Access Server Setup Wizard will now come up, go ahead and click Next to get started.

4. There are quite a few default options for this service that include:

• Remote Access
• Network Address Translation (NAT)
• Virtual Private Network (VPN) & NAT
• Secure Connection Between Two Private Networks
• Custom Configuration

We are going to choose Custom Configuration and click Next.

5. In the Custom Configuration screen you can choose several services, but for this demo go ahead and place a check next to LAN routing and then click Next.

6. Again you will see a summary of your selections and you can go ahead and click on Finish.

7. Next a pop-up window will tell you that Routing & Remote Access service is now ready to use, and you can click on Start service to start it.

8. After a few seconds the service will start and the wizard will close. You can see in the Routing and Remote Access MMC that the server now has a green up arrow which shows that it is in a enabled state and functioning.

If you expand out the IPv4 folder and left click on General you will see the network interfaces listed in the right pane. Now right click on General and select New Routing Protocol.

9. The New Routing Protocol window will contain 4 available protocols:

DHCP Relay Agent
IGMP Router and Proxy
NAT
RIP Version 2 for Internet Protocol

For this demo we are going to choose RIP Version 2 for Internet Protocol, though if you wanted the router to pass DHCP information you would also want to enable DHCP Relay Agent, but for this demo it is not necessary.

Make your selections and click OK.

10. You should now see the RIP protocol under the IPv4 folder in your Routing and Remote Access MMC.

If you select it, you will find no information on it, because we need to enable the network interfaces we want this to work on. Go ahead and right click on RIP, then select New Interface.

11. You can now add either interface, but not both as you can only approve one interface at a time. For this demo we are going to be working on Local Area Connection, select it and then click Ok.

12. The RIP properties window now comes up to be configured.

There are many different options you can configure in this window, but unless you are using other types of routers in your network with RIP you can just leave the defaults in place. Go ahead and click Ok.

13. Go ahead and repeat steps 11 and 12 for Local Area Connection 2, and then you should see both interfaces under RIP in the Routing and Remote Interface MMC.

You have now configured the Windows Server 2008 virtual machine to function as a router between its two network cards. As I mentioned this can help you setup a segmented network that will allow you to emulate a corporate environment for testing and learning.

While this article focused on setting it up for a virtual environment, it would also work the same way if you configured this on a physical server.

 Sumber: http://www.trainsignal.com/blog/windows-server-2008-as-a-lan-router-running-rip

Memfungsikan Windows Server 2008 sebagai Router

Router adalah sebuah perangkat atau program aplikasi yang berfungsi menghubungkan antara dua atau lebih jaringan yang bebeda untuk meneruskan data dari satu jaringan ke jaringan yang lain. Router biasa di gunakan untuk menghubungkan antara jaringan di dalam LAN (local Area Netwrk), jaringan LAN dengan WAN (Wide Arena Network), Jaringan WAN dengan WAN atau juga untuk menghubngkan LAN dengan sebuah layanan telekomunikasi untuk dapat mengakses jaringan public (Internet). Mungkin sebagian orang menganggap Router adalah sebuah jembatan (bridge), tetapi lebih dari itu sebuah router dapat menyaring lalu lintas data, membagi jaringan ke dalam beberapa sub-sub jaringan dan melakukan routing untuk mendapatkan jalur yang terpendek atau juga memberikan alternatif link lain jika link yang utama putus atau sedang sibuk.

Terdapat 2 macam router, yaitu Router device dan Router software. Router device adalah sebuah alat atau hardware yang berfungsi sebagai router seperti Cisco Router, Maipu, 3Com, Mikrotik dan lain lian. Router Software adalah sebuah program aplikasi yang di install pada sebuah sistem operasi yang berfungsi sebagai sebuah router misalnya RRAS(Routing and Remote Access), WinRoute, WinGate, SpyGate dan WinProxy.

Pada artikel kali ini penulis ingin berbagi pengetahuan bagaimana memfungsikan Windows server 2008 sebagai sebuah Router. Untuk dapat memfungsikan Windows Server 2008 sebagai sebuah router anda harus menginstall (menambahkan role) RRAS terlebih dahulu. RRAS (Routing and Remote Access) adalah sebuah layanan jaringan yang dapat berfungsi sebagai :

- Dialup remote access server.

- VPN (Virtual Privite Network) Server.

- Router

- NAT (Network Address Translation).

- Dial up and VPN Demand-dial Router.

RRAS terdapat pada Windows versi 2000, 2003, 2008 dan 2008. Sebagai contoh sederhana saya akan membuat sebuah Router untuk menghubungkan 2 network yang berbeda seperti terlihat pada gambar di bawah.

Berikut langkah-langkah untuk membuat router Windows :

1. Untuk melakukan latihan ini, sebelumnya Windows server 2008 harus sudah terintal dan mempunyai 2 NIC (Network adapter).

2. Selanjutnya buka Server manager, klik icon Server Manager yang terdapat pada taskbar.

3. Kemudian pada menu sebelah kiri klik menu Roles lalu pilih Add Roles.

4. Fitur RRAS terdapat pada Roles Network Policy and Access Services, klik opsi Network Policy and Access Services kemudian klik Next.

5. Muncul jendela Introduction Network Policy and Access Services klik tombol Next.

6. Karena kita hanya ingin memfungsikan sebagai Router saja maka pilih opsi Routing and Remote Access services, jika anda ingin juga memfungsikan sebuah Radius server anda bisa memilih opsi Network Policy Server. Centang pada opsi Routing and Remote Access services (seperti pada gambar di bawah) kemudian klik tombol Next.

7. Muncul jendela Confirmation kemudian klik tombol Install sampai selesai.

8. Selanjutnya ntuk memanggil Routing and Remote Accesss dari menu Start – Administrative Tools pilih Routing and Remote Accesss.

9. Setelah jendela Routing and Remote Accesss terbuka langah selanjutnya adalah mengkonfigurasi Routing and Remote Accesss sebagai sebuah Router, klik pada Routing and Remote Accesss – Server Status kemduian klik kanan pada nama server pilih Configure and Enable Routing and Remote Access.

10. Muncul jendela Welcome klik tombol Next.

11. Kemudian akan muncul sebuah jendela Configuration, di sini terdapat berbagai opsi konfigurasi seperti VPN, NAT, VPN dan NAT, Secure connection between two private networks. Karena kita hanya ingin memfungiskan sebagai sebuah router pilih opsi Custom configuration kemudian klim tombol Next.

12. Kemudian pilih opsi LAN routing lalu klik tombol Next.

13. Muncul jendela summary klik tombil Finish.

14. Otomatis akan muncul jendala popup Start the Service klik tombil Start Services.

15. Sampai di sini proses instalasi RRAS sudah selesai

16. Selanjutnya anda dapat mengalamati Windows server (RRAS), dan komputer yang akan di jadikan percobaan seperti pada gambar di atas.

ISI-Client10

Windows router (RRAS)

Chels

17. Setelah itu coba lakukan ping untuk melakukan test :

Ping dari ISI-Client10 ke Chels

Ping dari Chels ke ISI-Client10

18. Hasil ping telah berhasil baik dari ISI-Client10 ke Chels begitu juga sebaliknya.

19. Untuk melihat table routing adan dapat mengetikan route print

Selanjutnya anda dapat menambah beberapa router lagi untuk membuat konfigurasi jaringan yang lebih kompleks, selamat belajar

Sumber:http://wss-id.org/blogs/andec/archive/2011/04/13/memfungsikan-windows-server-2008-sebagai-router.aspx