Today lets go through a bit long step on how to configure DNS Zone transfer.
Before i start with the step by step, let go through some information about DNS Zone Transfer.
DNS zone transfers determine how the DNS infrastructure moves DNS zone information from one server to another. Without zone transfers, the various name servers in your organization maintain disparate copies of zone data.
** You also should consider that the zone contains sensitive data, and securing zone transfers is important.
A zone transfer occurs when you replicate the DNS zone that is on one server to another DNS server.
Zone transfers synchronize primary and secondary DNS server zones. This is how DNS builds its resilience on the Internet.
DNS zones must remain updated on primary and secondary servers. Discrepancies in primary and secondary zones can cause service outages and host names that resolve incorrectly.
Orait, that just a small information about DNS Zone Transfer, more information please refer to http://technet.microsoft.com/en-us/library/hh831667.aspx
Reminder : Please practice this step in your isolated network & in your own VM.
Let start with my 1st Server which is OSI-ADDS01.
1 – Before we start with the DNS Zone transfer, lets add some information in DNS, for this demo, i will add New Host in my DNS.
— right click domain name (osi.local), and then click New Host (A or AAAA)…
2 – Next, on the New Host box, i enter OSI-Exchange01 under the Name (this server is my demo Exchange Server), and then key in the server IP address…
— It should prompt the host record was successfully created.
3 – Next, right click domain name again to create New mail Exchange (MX) record…
4 – On the New Resource Record box, enter FQDN name for the my mail server (Exchange Server) and click OK…
— It should appear in your DNS source list…
5 – Next, still on the OSI-ADDS01 Server, in the DNS console, right click Reverse Lookup Zone and click New Zone…
– FYI, reverse lookup zone resolves an IP address to a domain name, and hosts start of authority (SOA), name server (NS), and pointer (PTR) resource records.
6 – On the New Zone Wizard, click Next…
7 – On the Zone Type, click Primary Zone and click Next to continue…
8 – On the Active Directory Zone Replication Scope, click button no.2 (refer to pic)…
9 – Next on the Reverse Lookup Zone Name box, click IPv4 Reverse Lookup Zoneand click Next to continue…
10 – Next on the Reverse Lookup Zone Name, type 712.16 and click Next…
11 – On the Dynamic Update box, click Allow only secure dynamic updates (recommended for Active Directory), then click Next…
12 – Next, click Finish…
13 – Now, let continue installing DNS Services on the OSI-Svr01 (domain member server) which is this server will replicate all the DNS information.
— On the OSI-Svr01 server, in the Select server roles list click DNS Server and click Next to proceed…
— Then on the Select features page, click Next to proceed..
— Then on the DNS Server page, click Next to proceed…
— Next, click Install…
— Once the DNS installation is completed, click Close…
14 – next, please double confirm your IP address on the OSI-Svr01 server…
15 – Next, lets create secondary zone by using Windows PowerShell..
type : Add-DnsServerSecondaryZone -Name “osi.local” -ZoneFile “osi.local.dns” -MasterServers 172.16.0.101
16 – Next, return to domain server (OSI-ADDS01), and open PowerShell, type this cmdlet to enable zone transfer…
Set-DnsServerPrimaryZone -Name “osi.local” –Notify Notifyservers –notifyservers “172.16.0.103” -SecondaryServers “172.16.0.103” –SecureSecondaries TransferToSecureServers
17 – Next, still on the OSI-ADDS01 domain server, open DNS console to refresh the information then right click domain name (osi.local) then click properties…
18 – on the osi.local properties box, click Zone Transfer tab and then verify the IP address and server FQDN… then click notify…
19 – Next, on the Notify box, verify that Svr01 IP Address has been validated and click cancel…
20 – Next, let configure Aging/Scavenging for All our existing Zones, right click Server Name (ADDS01) and click Set Aging/Scavenging for All Zones…
21 – On the Server Aging/Scavenging Properties, click Scavenge stale resource records box and click OK to proceed…
22 – Next, in the Server Aging/Scavenging Confirmation box, click Apply these settings to the existing Active Directory–integrated zones and then click OK…
23 – Our final step, lets verify that our both Domain Server & member server should replicate the DNS resource record.
No comments:
Post a Comment