Robert's Virtual Networkingeast82.com

BIND DNS UbuntuAdd Windows secondary DNS server

Some preconfiguration actions

What we want to do is to restrict transfers from our primary DNS server to the newly christened secondary server. So, I open up the named.conf.local file on kasparov, IP 192.168.11.3 and restrict transfers by adding the allow-transfer directive.

zone "lopez.loc" {
type master;
file "/etc/bind/db.lopez.loc";
allow-transfer { 192.168.11.4; };
};

zone "11.168.192.in-addr.arpa" {
type master;
file "/etc/bind/rev.11.168.192.in-addr.arpa";
allow-transfer { 192.168.11.4; };
};

Installing DNS on the Windows 2003 server

This is pretty simple ...here we go. Navigate to Start >> Administrative Tools >> Manage Your Server. On the dialog click Add or remove a role. Click Next and then select DNS Server. On the Select Configuration Action select the top radio button (Create forward lookup zone (recommended for small networks)). Click Next then select the This server maintains the zone radio button. Click Next. Zone name is lopez.loc. Next. Select the Do not allow dynamic updates radio button. Next. Select Yes it should forward queries ... and enter your ISP's DNS servers. Finish.

Here's what we just accomplished; we created an Active Directory integrated primary DNS server. Not what we want, but we'll adjust. Also, we are not accepting dynamic updates, which means that clients will not be able to write to the DNS database. We want this for security.

 Let's make this a secondary DNS server. Go to Start >> Administrative Tools >> DNS. On the lopez.loc zone, right-click and select Properties. on the General tab select Change next to Active Directory-Integrated. On the next dialog change to Secondary zone.
Make Windows 2003 Server secondary DNS server 

Select Yes to the Active Directory warning. You'll be left at the properties dialog. Now add the primary DNS server IP and click OK.
Add primary dns server ip address 

You may get an error initially. Wait a second and refresh. The zone transfers.
DNS zone transfer\

Post-installation actions

Now that all is configured we are going to ensure all our machines look to our DNS servers and no others. Names they cannot resolve will be sent to the forwarders and cached.

First open up pfSense, fischer, in a browser and navigate to System >> General Setup. Under DNS servers enter our two DNS servers, 192.168.11.3 and 192.168.11.4. Save. Now, go to Services >> DNS forwarder and turn that off.
DHCP DNS option

Finally, change the DNS servers on your servers, that is, those computers with static IP addresses. Connection Properties in Windows and the /etc/resolv.conf on Ubuntu. You should be familiar with this.

./Robert