Setting up a DNS server on Windows Server 2016

So far, we have a server running Windows Server 2016 that also acts as a DHCP server. Eventually, we'll want to set up Active Directory Domain Services so that we can provide authentication services and manage client computers with Group Policy, but before we can do that, we'll need a DNS server running on our virtual network. In this tutorial, I will be installing the DNS server role on the virtualized server.

First, open the Add Roles and Features wizard. (Please see previous posts for information on how to do this.) Then, check the box for "DNS Server."

When you click this box, a window will pop up to inform you that an additional feature, the "DNS Server Tools" under the Remote Server Administration Tools category, must also be installed. Click the "Add Features" button.

The wizard next gives an explanation of what DNS is and does, and notes that the AD Domain Services requires a DNS server to be running in order to add that role. Click "Next."

The standard installation confirmation dialog appears. Make sure that everything is as you wish, then click "Install."

After installation is complete, there is a new tab on the left-hand column of the Server Manager window, labelled "DNS." Click on it.

On the DNS page of Server Manager, right-click on the server, then click "DNS Manager."

The DNS Manager window will open. As you can see, the DNS server is working, but there are no forward or reverse lookup zones, so nothing will actually be resolved. Right-click on the server, then click "Configure a DNS Server..."

The Configure a DNS Server Wizard appears. Click "Next."

This wizard is very handy because it allows us to set up both forward (URL > IP) and reverse (IP > URL) lookup zones. The wizard says that small networks can get by with forward lookup zones only, but for the sake of experimentation and fun, I'll be configuring both. Select the middle option, then click "Next."

Confirm that you want to create a forward lookup zone, then click "Next."

We can create three types of DNS zones: 

• Primary zones, which exist on this server
• Secondary zones, which exist on another server, which we can copy to this server as a load balancing/fault tolerance measure
• Stub zones, which are like Secondary zones, but only contain information about DNS servers for that zone. This is used as a form of request forwarding that does not require manual updating of DNS server IP addresses, etc. It could be used to allow two different organizations' networks to forward DNS traffic to each other without exposing all of their DNS records (as sharing a Secondary zone would) or manual IP updating with direct forwarding.

In this case, we want a Primary zone. Select the top option, then click "Next."

The zone needs a name to determine for what names the zone will be authoritative. As the dialog mentions, if you already have a domain name for your organization, you could use that, or some permutation thereof. In this case, as I do not have a domain name, I will just use "westbrook.local." Enter your zone name, then click "Next."

If you already have a DNS zone file that you would like to use for this zone, you can choose it, or you can create a new file with a given name. Choose the option you need, then click "Next."

DNS zones can be updated automatically, either securely (recommended) or non-securely (which the wizard explicitly recommends against.) However, to use secure updates, the zone must be integrated with Active Directory, which we don't have set up yet, so in the meantime choose "Do not allow dynamic updates" and click "Next."

The new forward lookup zone is now created. We'll follow a similar process to set up an associated reverse lookup zone. Click "Next."

We'll be creating a Primary reverse lookup zone. Select that option, then click "Next."

Right now, we'll set up an IPv4 reverse lookup zone. Select that, then click "Next."

Reverse lookup zones translate IP addresses into URLs, so we need to specify the network segment for which this zone is authoritative. Our network is a simple local one, so I'll enter 192.168.1. Enter your network ID, then click "Next."

If you want to use a prebuilt record file for this zone, you may. Choose the appropriate option, then click "Next."

Choose the type of dynamic updating you want to use, if any, then click "Next."

If we wish, we can now set up DNS forwarding. This allows us to spread out the workload of domain name resolution across many different servers - one server could serve "westbrook.local", while another might serve "westbrook.com", etc. I've chosen to forward DNS requests to Google's DNS servers, 8.8.8.8 and 8.8.4.4. Enter your forwarding servers, if any, then click "Next."

With that, the DNS server configuration wizard is complete. Click "Finish."

As you can see in this screenshot, the new DNS zones we have created are in the "Running" state, and should resolve any "westbrook.local" requests made by clients connected to the virtual network.