IIS Answers - DNS Basics for IIS Administrators

One important aspect to configuring a new IIS server is the configuration of DNS (Domain Name System). The process of configuring DNS involves a few pieces: configuring your DNS server, registering your DNS name, and in some cases, configuring IIS to respond to the requests.

Getting Started with DNS

Before we get too far, let’s take a look at DNS and how it works. DNS uses a hierarchical structure called a domain namespace. Figure 1 depicts an example for iisanswers.com. A DNS namespace contains subdivisions, or subdomains. Starting at the top of the namespace is the root. The root simply points to the appropriate first-level domain, in this case com. The com domain then points to the iisanswers subdomain. The iisanswers subdomain contains host records to resolve a name to an IP address. The root and all first-level domains are managed by Internet name registration authorities.

The root points to many other domains besides com, such as edu, mil, gov, net, org, and tv. In addition to these, you may also see a geographical two-character country / region codes. An example of this would be www.state.ca.us. The us represents the United States. The ca refers to California. There is a third type of domain that the root points to – in-addr.arpa. This serves a special purpose for reverse lookups. Reverse lookups are just as they sound – turning an IP address into the host name.

The actual name resolution process goes through several steps. Let’s say you are sitting at home and decide to pull up the iisanswers.com web site. When you enter www.iisanswers.com into your web browser, your computer needs to turn the friendly name into an IP address. The first step to make this happen is for your computer to check with the DNS server listed in your TCP/IP properties. This is typically your ISP (Internet Service Provider). If you are not sure what DNS server your system is configured to use, from a Command Prompt, type IPCONFIG /ALL. (If you are running Windows 9x, click Start, Run, then type WINIPCFG /ALL.) The first query (your client asking your ISP’s DNS server) is a recursive query. In a recursive query, if the DNS server has no record of www.iisanswers.com, it will perform additional queries of Internet DNS servers. These additional queries are referred to as iterative queries.

An iterative query is where the DNS server being queried must return the best answer that it can, without assistance from any other server. Your ISP’s DNS server will perform several iterative queries before it gets the IP address of the www host.

So the process works as follows: if your ISP’s DNS server does know the IP address for iisanswers, it will query a root server. (Currently, there are approximately 13 root servers from which to choose. The user does not have to make this choice, it is all handled transparently.) The query from your ISP’s DNS server to a root DNS server is an iterative query. The root server is queried for the IP address of the DNS server that has information on com addresses. Once your ISP’s DNS server receives the IP address for a com server, which holds information about all .com domains, it then contacts the com server for the IP address of the authoritative DNS server for iisanswers. Then the iisanswers DNS server is contacted, with the question “what is the IP address for www”. The iisanswers DNS server looks up the record in its database and the IP address for www is returned to the ISP’s DNS server. Once your ISP’s DNS server receives the IP address, it adds it to its cache for future queries and gives the IP address to your computer. Your computer can now communicate with the server www.iisanswers.com. Figure 2 shows this process.

Although this initially seems like a lot of work to find a single IP address, this configuration lends itself to growth and expandability.

You may hear the term zone when working with DNS. A zone is simply a contiguous section of the DNS namespace. Records for a zone are stored and managed together. Often, subdomains are split into several zones to make manageability easier. For example, support.microsoft.com and msdn.microsoft.com are separate zones, where support and msdn are subdomains within the Microsoft.com domain. DNS servers can contain primary and secondary zones. A primary zone is a copy of a zone where updates can be made, while a secondary zone is a copy of a primary zone. For fault tolerance purposes and load balancing, a domain may have several DNS servers that respond to requests for the same information.

The entries within a zone give the DNS server the information it needs to satisfy requests from other computers or DNS servers. There are many types of records that DNS can manage. One of the most common record types is the address (A) resource record. This type of record is used to resolve a name into an IP address. The name is typically an FQDN (Fully Qualified Domain Name). An FQDN consists of both the host name (ie: www) and domain name (ie: iisanswers.com). The following table lists additional types of records commonly found in a zone.

SOA	Start Of Authority
NS	Name Server
A	Address
PTR	Pointer
CNAME	Canonical Name
MX	Mail Exchange

Each zone will have one SOA record. This records contains many miscellaneous settings for the zone, such as who is responsible for the zone, refresh interval settings, TTL (Time To Live) settings, and a serial number (incremented with every update). The NS records are used to point to additional DNS servers. The PTR record is used for reverse lookups (IP to name). CNAME records are used to give a host multiple names. MX records are used when configuring a domain for email.

For additional details on DNS, please refer to RFC’s 1034, 1035, 1123, 1886, 1995, 1996, 2136, 2181, and 2308. These can be found at www.faqs.org/rfcs.

Next, we’re going to walk through the steps necessary to configure a Windows 2000 DNS server with a primary zone for the iisanswers.com domain.

First, we need a Windows 2000 Server. Windows 2000 Advanced Server and Datacenter Server will also work. If the DNS service has not already been loaded, you will need to loaded it via the Add / Remove Programs applet in the Control Panel. Once the DNS service has been installed, you should see the DNS option under Administrative Tools. Locate Forward Lookup Zones, right-click, and choose New Zone. A wizard will walk you through the necessary steps to create a new zone for a domain. The first question asks which type of zone you would like to create.

If you are running Windows 2000 with Active Directory, you have the option of Active Directory-integrated. There are many benefits to Active Directory-integrated zones, such as higher levels of security and use of the Active Directory for storage of DNS information. Standard primary will create a text file to store the DNS records. If you have Active Directory, I recommend utilizing the Active Directory-integrated zone. Since not all Windows 2000 servers are running Active Directory, I will use the Standard option for this step. Standard secondary would be used when you configure the second DNS server for a zone. The next step will ask for the name of the new zone. I will use iisanswers.com.

Choose Finish and the zone will be created. Not too bad, huh? The next step is to add the appropriate records to the zone, for example, www for your web server, or maybe ftp for your ftp server.

Let’s take a look at creating common record types. Refer to table 1 for a list of some common record types. If you have created a zone, you have already created the SOA record. Windows 2000 takes care of creating the SOA record for you.

In order to create records of other types, secondary-click the zone name on the left and choose the appropriate option (ie: New Mail Exchanger, New Alias). Each type of record will ask for the appropriate information. For example, take a look at the following MX record creation:

This is specifying to create an MX record. This MX record will inform the Internet community that email addressed to anyone@iisanswers.com will be sent to mail.iisanswers.com. The server mail.iisanswers.com will then have to accept or forward the email to the appropriate recipient. The priority is used if more than one MX record exists in a domain. The lower the number, the higher the priority. Often, companies will configure a secondary (backup) mail server and create an MX record will a value higher than 10.

The CNAME record gives multiple names to a single server. In this case, www.iisanswers.com is really win2kasvm.iisanswers.com.

In many environments, it is nice to purchase a single server that can host several different web sites. This is easily accomplished using DNS and IIS. When you are configuring your DNS server, the first step is to create all the necessary zones. The second step depends on how many public IP addresses you have. If you have at least on IP address for each web site, simple create the appropriate A records for the web server name. For example, create an A record for the www host in iisanswers.com to point to 207.29.192.128. You could then create additional A records in other zones, using different IP address. For example, maybe 207.29.192.129 is www.someothersite.com. If you find that you do not have at least one IP address for each web site, you can also use host headers in IIS. In this case, register all the A records using the same IP address. This may seem crazy, but IIS is intelligent enough to handle the requests to the different names even though they are using the same IP address. (We will discuss the configuration of host headers in a little bit.)

Ok. You’ve installed DNS, created your zones, and created all the necessary host records. Are you done? Almost. Now, you just need to let the Internet community know that you have a DNS server and where to look for DNS server. This is accomplished by registering your domain name.

In order to register your domain name and make it publicly known, you must notify an Internet Corporation for Assigned Names and Numbers (ICANN) -accredited registrar. There a dozens of registrars from which to choose. Here are a few examples: America Online, Network Solutions, Register.com, and TUCOWS.com. For a complete listing, check out http://rs.internic.net/alpha.html. Each registrar may have a slightly different process, but they will typically want to know some of the following information:

· Name of the contacts (billing, technical, and administration) for the domain name to be registered.

· Length of registration (1 year, 2 years, etc.). Typically, the longer you commit to, the better price per year that you will receive.

· IP addresses of the authoritative DNS servers to host your domain name. This DNS server is the one that contains the Start of Authority record (SOA) and is contacted by other DNS servers for the IP address of your web server. You should have a minimum of two, but some registrars let you get away with just one. The reason for two is fault tolerance. What if your only DNS server goes down?

Once you finish completing the information on the registrar’s web site, you typically will receive an email confirmation. One or two days later, your domain name will be up and running.

While you are waiting the day or two it takes to update the servers on the Internet, you can verify your IIS configuration. Let’s take a look at that next.

If you are running multiple virtual web servers on a single physical server, you will need to verify the configuration of each web site. If you recall, there are three methods to create multiple web sites on a single server. One option, which is not appropriate for Internet web sites, is using different TCP port numbers. The second option is to use a different IP address for each web site. This is the best option; however, it is often difficult, if not impossible, to get all the IP addresses you need from your Internet Service Provider. If you are limited to a number of IP addresses that is fewer than the number of web sites, you will have to use the third method – host headers. Host headers is where IIS reads the header of the request to determine what URL was requested. For example, www.iisanswers.com versus www.someothersite.com. Based on the header information, IIS can locate the correct files and send the content to the client. Opening the properties for a web site brings up the following:

From here, you can review your configuration. You can see that in this example, www.iisanswers.com will use all unassigned IP addresses and port 80. It also has a host header configured – www.iisanswers.com. This means that this web site will be used to send content to the user only if they requested www.iisanswers.com. If they requested the IP address of www.iisanswers.com instead, they would not receive the same information. If the information is incorrect on this page, you can edit the information.

Once you finish updating this web site, verify all other web sites that are running on your IIS server.

Now it’s time to build a wonderful web site, but I’ll leave that part up to you.

We have seen what DNS is, how to install it on Windows 2000, and how to configure many of the settings. We have also seen the process for registering a DNS name on the Internet. Finally, we took a look at verifying your IIS web site configuration settings.

Although it may seem like a lot to do, there is actually more to learn than to do. Once you know the steps, it only takes a few minutes to setup a DNS server of a new domain, register the domain, and setup the website on IIS. After you walk through this process a couple of times, you will think it is a piece of cake.