How to Configure DNS Server on Windows Server

How to Configure DNS Server on Windows Server

The DNS Server role in Windows Server provides name resolution services for your network. Whether you are supporting an Active Directory environment or hosting your own DNS zones, configuring DNS properly on your Kazepute Breeze is critical for reliable network operations.

Prerequisites

• A Kazepute Breeze running Windows Server 2019 or 2022
• A static IP address configured on the server
• Administrator access

Install the DNS Server Role

# Install DNS Server
Install-WindowsFeature -Name DNS -IncludeManagementTools

# Verify installation
Get-WindowsFeature DNS

# Check the DNS service
Get-Service DNS

Create a Forward Lookup Zone

A forward lookup zone resolves hostnames to IP addresses:

# Create a primary forward lookup zone
Add-DnsServerPrimaryZone -Name "example.com" -ZoneFile "example.com.dns" -DynamicUpdate None

# For Active Directory-integrated zone
Add-DnsServerPrimaryZone -Name "example.com" -ReplicationScope Domain -DynamicUpdate Secure

# List all zones
Get-DnsServerZone | Format-Table ZoneName, ZoneType, IsAutoCreated

Create a Reverse Lookup Zone

Reverse lookup zones resolve IP addresses to hostnames:

# Create a reverse lookup zone for the 10.0.0.x subnet
Add-DnsServerPrimaryZone -NetworkID "10.0.0.0/24" -ZoneFile "0.0.10.in-addr.arpa.dns"

# Verify the zone
Get-DnsServerZone -Name "0.0.10.in-addr.arpa"

Add DNS Records

# Add an A record (hostname to IP)
Add-DnsServerResourceRecordA -ZoneName "example.com" -Name "web" -IPv4Address "10.0.0.10"

# Add a CNAME record (alias)
Add-DnsServerResourceRecordCName -ZoneName "example.com" -Name "www" -HostNameAlias "web.example.com"

# Add an MX record (mail server)
Add-DnsServerResourceRecordMX -ZoneName "example.com" -Name "." -MailExchange "mail.example.com" -Preference 10

# Add a TXT record
Add-DnsServerResourceRecord -ZoneName "example.com" -Name "." -Txt -DescriptiveText "v=spf1 mx -all"

# Add a PTR record (reverse DNS)
Add-DnsServerResourceRecordPtr -ZoneName "0.0.10.in-addr.arpa" -Name "10" -PtrDomainName "web.example.com"

# List all records in a zone
Get-DnsServerResourceRecord -ZoneName "example.com" | Format-Table HostName, RecordType, RecordData

Configure DNS Forwarders

Set up forwarders so your DNS server can resolve names for zones it does not host:

# Add DNS forwarders
Add-DnsServerForwarder -IPAddress 8.8.8.8
Add-DnsServerForwarder -IPAddress 1.1.1.1

# View current forwarders
Get-DnsServerForwarder

# Remove a forwarder
Remove-DnsServerForwarder -IPAddress 8.8.8.8

Configure Conditional Forwarders

Route DNS queries for specific domains to designated servers:

# Forward queries for partner.com to their DNS servers
Add-DnsServerConditionalForwarderZone -Name "partner.com" -MasterServers 192.168.1.10, 192.168.1.11

# List conditional forwarders
Get-DnsServerZone | Where-Object ZoneType -eq "Forwarder"

DNS Server Settings

# View DNS server settings
Get-DnsServerSetting

# Configure DNS scavenging (clean up stale records)
Set-DnsServerScavenging -ScavengingState $true -RefreshInterval 7.00:00:00 -NoRefreshInterval 7.00:00:00

# Enable DNS logging for troubleshooting
Set-DnsServerDiagnostics -All $true

# Test DNS resolution
Resolve-DnsName -Name "web.example.com" -Server localhost
nslookup web.example.com localhost

Managing DNS Records

# Modify an existing A record
$oldRecord = Get-DnsServerResourceRecord -ZoneName "example.com" -Name "web" -RRType A
$newRecord = $oldRecord.Clone()
$newRecord.RecordData.IPv4Address = [System.Net.IPAddress]::Parse("10.0.0.20")
Set-DnsServerResourceRecord -ZoneName "example.com" -OldInputObject $oldRecord -NewInputObject $newRecord

# Remove a DNS record
Remove-DnsServerResourceRecord -ZoneName "example.com" -Name "old-server" -RRType A -Force

Best Practices

• Always configure at least two DNS servers for redundancy.
• Use DNS forwarders to improve resolution speed for external domains.
• Enable DNS scavenging to automatically remove stale records.
• Monitor DNS query logs for unusual patterns that might indicate security issues.
• Secure zone transfers to prevent unauthorized access to your DNS data.
• Keep the DNS server software updated with the latest security patches.