Configure BIND DNS on Windows Web Server 2008 – Part 2

In the first part of this series on Installing BIND DNS I walked you through installing the software on Windows Web Server 2008.

The main reason for this of course, is that Windows Web Server 2008 does not allow you to install the Microsoft DNS Role.

In this part of the series I will walk you through an initial configuration of the BIND DNS server. First let’s talk about a few different types of DNS server setups available.

Authoritative Name Servers

Every DNS zone, like www.trainsignaltraining.com, is served by at least one authoritative name server which contains all the DNS records for the zone.

To account for fault tolerance most zones have more than one server that keeps all these records in case of outages.

Because of this you will have two types of Authoritative Name Servers — one that keeps the master copy of the zone and that server is called the primary master, and the other called a slave or secondary server that loads their data from the master server by a means of zone replication.

Caching Name Servers

Also called a recursive name server, this is most commonly the local DNS server that your operating system talks to.

When you make a request on your local PC, more than likely it will go out to your ISP’s DNS Caching server which will make a request to the Authoritative Name Server. One of the features of most caching servers is that it will keep that request cached for a certain amount of time to speed lookups.

Creating an Authoritative Name Server with BIND

Once BIND DNS is installed you will see that it is a pretty bare install and needs to be setup via configuration files.

For some Wintel administrators this may be a little daunting in an age of GUI interfaces, but don’t worry it isn’t too painful, and gives you good practice for some *nix cross training.

In this demo I am going to create a Authoritative Name Server for the domain bindtest.com at the IP of 192.168.11.13, as a note this is only accessible at my internal network so don’t go searching around for it.

To refresh your memory we installed BIND DNS at C:\Windows\System32\dns

1. Start by opening a command prompt with administrative rights by clicking on the Start menu, right click Command Prompt then left click on Run as Administrator

2. Type in the following at the command prompt hitting Enter after each line:

cd c:\windows\system32\dns\bin (or where you installed BIND)
rndc-confgen –a
rndc-confgen > C:\windows\system32\dns\etc\rndc.conf

Close the command prompt

3. Open Explorer and go to C:\windows\system32\dns\etc and create the following directories:

run
zones
log

Create an empty file in the log directory called named.log

4. Download the following file: named.conf and place it in C:\windows\system32\dns\etc (or wherever you installed BIND).

If you did install BIND in a different directory, then in the named.conf go in and change the location in options for the directory to your install location.

5. You also need to modify the named.conf to change the zone to the domain you want to manage.

In our example I am using bindtest.com, but you need to change this to match your domain.

You should also change the file name to replace db.bindtest.com.txt to db.%yourdomain.com%.txt –replacing %yourdomain.com% with your domain name.

6. Open rndc.conf in notepad (in the etc folder) and copy everything below the line that says:

# Use with the following in named.conf

7. Open named.conf and paste the contents of the clipboard at the end of the file.

Remove all the # from each line and delete the first line copied in and the last line copied in so it looks like the picture below. Save and close named.conf

8. Download the following file: db.bindtest.com.txt and place it in C:\windows\system32\dns\etc\zones

9. Rename db.bindtest.com.txt to whatever you used in step 5, so that the file is named db.%yourdomain.com%.txt — replacing %yourdomain.com% with your domain name.

10. Open the db.bindtest.com.txt (or whatever you renamed it) and modify the following then save the file:

Change any reference to bindtest.com to your domain name

Change the serial line to reflect the current date in this format: YYYYMMDDRR
YYYY = YEAR
MM = MONTH
DD = DAY
RR = Revision number (01 if this is the first time)

Change the IPs to the IPs that your servers are using

Now you are configured to be an Authoritative Name Server for bindtest.com (or whatever your domain is named) with no recursive lookup.

Open Server Firewall

If you are using a firewall for your server either software or hardware, you will want to make sure that incoming requests on UDP port 53 are open. This will make sure that your server will accept incoming queries.

Start the BIND DNS Service

Ok, we are finally ready to actually start this service. Let’s go in and start this service.

1. Go to the Start button, then to the Administrative Tools, then left click on Services

2. Scroll down and find ISC Bind and right click on it, then click on Start to start the service.

That’s it! The BIND DNS service is now up and running and ready to accept queries. Let’s test out the service.

Testing BIND DNS

I am going to use a very cool tool that is loaded with BIND DNS that’s called DIG.

You will find it in the bin directory where you installed BIND. The tool will go out and query for a domain name and grab all the DNS records. Let’s take a look:

1. Open a command prompt and navigate to the bin directory

2. Type in the following to get a feel for what you get back and hit Enter:

Dig Yahoo.com any

3. Below you will see a piece of the output:

4. Now that you know what to look for, I am going to use my test domain bindtest.com with the dig tool by typing: Dig @192.168.11.13 bindtest.com any

Note: I use @192.168.11.13 because bindtest.com is not registered with ICANN so it tells dig to use the name server at that address.

5. You can see that the BIND Name Server is responding with the correct information:

We have now configured an Authoritative Name Server for the test server bindtest.com that responds correctly to DNS requests.

A quick note, when you make changes you will have to restart the ISC BIND Service or run the command c:\windows\system32\dns\bin\rndc reload from a command prompt or batch file.

Related Posts:

• Install BIND DNS on Windows Web Server 2008 – Part 1
• Configure DHCP on Windows Server 2008
• How To Install, Configure & Use SNMP on Sever 2008
• Role Playing with Windows 2008 Server Core
• How to Backup and Restore Active Directory on Server 2008

12 Responses to “Configure BIND DNS on Windows Web Server 2008 – Part 2”

• Mark Andrews Says:

  November 11th, 2008 at 6:01 pm

  It’s “rndc-confgen -a” or “rndc-confgen > C:\windows\system32\dns\etc\rndc.conf”.
  You don’t need both.

  Also there is a &gt in the example of what to type in.

• gp Says:

  November 21st, 2008 at 2:55 pm

  Mark Andrews is correct: Running rndc-confgen multiple times will produce multiple keys, which can in turn lead to multiple confusions.

  Other than that, thank you for your nicely-written article!

  gp

• bramster Says:

  November 24th, 2008 at 4:20 pm

  well i did quit everything as told in the tutorial but when i start the service i get an error 1076
  can u guys help with solving the error.

• David Lawlor Says:

  November 24th, 2008 at 4:25 pm

  Bramster-

  Can you check the application log on the server and see what exactly is being generated and post it here or send it to Kasia through the contact form. I will take a look at it and get back to you.

  Dave

• bramster Says:

  November 24th, 2008 at 4:37 pm

  oké i found it stupid me
  i forgot to delete the end of named.conf line

• David Lawlor Says:

  November 24th, 2008 at 6:11 pm

  bramster -

  No problem! Just glad you got it working.

  Dave

• Jim Carlock Says:

  February 3rd, 2009 at 12:24 pm

  Are there any articles around here that build upon this and explain how to write MX records, how to configure as an authoritative server for multiple domains, each with their own mail.example.com configuration?

  Thank you for the article. It’s written pretty nicely.

  One more thing, you can stop and start BIND inside the cmd.exe prompt so there’s no need to close the cmd.exe prompt.

  net start “ISC BIND”
  net stop “ISC BIND”

  And two easy ways to create the named.log file from inside the cmd.exe prompt include:

  copy con C:\WINDOWS\system32\dns\etc\log\named.log
  CTRL+Z [ENTER]

  or

  notepad C:\WINDOWS\system32\dns\etc\log\named.log

  then answer YES when asked if you want to create the file.

  Thank you. And I think this information would work better if the document above gets edited and this gets placed into HTML rather than sitting at the bottom. You do not need to add my name, this here gets placed into the public domain.

• Dave Says:

  February 18th, 2009 at 1:57 pm

  Hi All

  Can anyone please advise what to do if rndc-confgen is no working ? On running either of the below commands

  rndc-confgen –a
  rndc-confgen > C:\windows\system32\dns\etc\rndc.conf

  I get the windows popup “rndc-confgen has stopped working, with options to search online for a solution, or close the program ?

  The end result is that the conf and/or key files are not created.

  I have 2 windows 2008 web servers, and am having this issue with both!

  Any advice / help greatly appreciated.

• Dave Says:

  February 18th, 2009 at 2:24 pm

  ok, discovered that this only occurs with 9.6.0

  I uninstalled and installed 9.5.1 and the rndc-confgen file works perfectly.

  thanks.
  Dave

• Abhijeet Says:

  March 6th, 2009 at 10:04 am

  Hi,

  Really helpful article.

  But I have a few basic queries:
  1] Is Windows 2008 Web Server a requirement? Can I try this on Windows 2008 Enterprise Server instead?
  2] I tried these steps on a 64-bit Windows 2008 Enterprise Server and was not able to start the bind service (named.exe).
  I got a 1067 error.

• Rakesh Lad Says:

  March 19th, 2009 at 10:41 am

  Hi

  I follow above instruction and it work perfect for me except if db.%domainname%.txt file in c:\windows\system32\dns\etc\zones then in named.conf directory you have to give path c:\windows\system32\dns\etc\zones. i try first on windows server 2003 and i found its work perfect in server 2003 but since server 2008 webserver is more secure and has more option i install on server 2008.

  i was getting error message 1067 after i change directory path to c:\windows\system32\dns\etc\zones (i have db.%domainname%.txt file in zones directory) ISC BIND service start with out error message.

  I replace Sun Solaris 8 name server with Windows base name server.

• Padraic Says:

  September 21st, 2009 at 10:02 am

  While this is a great article, could someone possibly point to an article that describes how to integrate a Fedora DNS server with Windows AD??

Leave A Comment:

Name (required) Mail (will not be published) (required) Website