Join Ed Liberman for an in-depth discussion in this video Installing DNS, part of Windows Server 2016: DNS.
- [Instructor] When it comes to installing DNS, we pretty much have two options available to us. Option one is, because DNS is a server role, in Windows Server 2016, it can be installed, like any other role, and, then, configured manually. Or, we have option two, which is the preferred option, which is to have DNS installed as a part of the domain controller promotion process, within Active Directory Domain Services. And, the reason is, because, not only is DNS installed, but, it is also configured, as part of that process.
So, let's take a look at that version first, all right? So, in order to do this, I'm going to jump onto a computer I have here, called DC2, which, yes, stands for this second domain controller, in my environment. But, what I want to show you, is that I haven't actually completed the promotion process, yet. So, let's jump over there, now. So here, in the Server Manager, I would like you to know that I've already gone through the Add Role wizard, to go through and add the Active Directory Domain Services role. And that's why I have a little indicator, in the upper right hand corner, here, right, a little warning notification.
If I click on it, and it says here that configuration is required for Active Directory Domain Services, and, then, there's a link, to promote this server, to a domain controller. So, I will click on that link. Now, I already have DC1 completely set up and configured, so, the LANDONHOTEL domain already exists. So, I'm going to add a domain controller, to the existing domain. The domain is landonhotel.local. And, I will go ahead and use the LANDONHOTEL administrator, as my credentials, that's who I'm currently logged in as. So, we'll go ahead and click on Next.
And you'll see here, right away, we have domain controller options, and, one of them is, do I want to become a Domain Name System, or DNS server. And I do, so I'm going to leave that box checked. I do need to enter a password, for Directory Services Restore Mode, so, I will go ahead, and enter that now. I have to actually enter it twice, there we go. And, I'll click on Next. This is a typical warning, I'm not going to go into great detail, because you can watch an Active Directory course, if you want to see all the details of this installation. But, at this point, I'm going to disregard the warning, and click Next.
And, then, I'll click Next, to replicate from any domain controller, Next for all the default locations, Next for finalizing what we're going to do. And, it's going to go through, and check the prerequisites. And, even though we have warnings, it says they've all been met, so, I will click Install. And, at this point, it's going to go through and install DNS, along with promoting this computer to an Active Directory Domain Services domain controller. All right, so, this will take a few moments. It will involve a rebooting of the computer.
So, if you are following along, this would be a good point where you can go ahead, and pause the recording, and, then, pick back up, once it's all completed, because, as you can see, mine is finishing the process, and so, in just a moment we'll be back up, and running, and I'll be right back with you. All right, so the installation process has completed, it's rebooted, I've logged back in. And, the one thing I do want to point out, just because you'll see it, on your end, if you're following along, is, very often you'll get this red box with, it looks like something really bad is happening. These are just delayed services.
That is typical within Windows Server 2016. If you refresh periodically, you'll see, within a matter of moments, it will go away. So, we'll just ignore that, for right now. I want to point out that you can see, over here, on the left, that DNS has been installed, as a role, you can also see it, down here, as one of our roles. And, if I come up to the Tools menu, you'll see, here, that I have a selection for DNS, which will take me into the DNS Manager. Here, in the DNS Manager, I'd like to show you that if I expand DC2, and, then, expand my Forward Lookup Zones, you can see that I already have both a zone for the Landon Hotel.local domain, OK? So, we're already going to be doing IP address and name resolution.
And, then, the _msdcs that we see, here, that has to do with what's called SRV Resource Records, so that clients can locate this computer, as a domain controller, OK? And it's not just this computer, it can locate any domain controllers, or, any other significant services necessary within Active Directory Domain Services. All right, so I just want to show you how that's already configured, and installed, as a part of Active Directory Domain Services domain controller promotion. This is the preferred way to do it.
But, what if you want to install DNS on a computer, that is not a domain controller? Or, maybe, you want to install a DNS server that's going to have a slightly different configuration. Well, let's go take a look at how we do that. And, actually, real quick, before I go, I do want to mention that I'm not going to click through here, and show you everything, but, I want to tell you, that these zones have all been set up, in the most secure method possible. And, that's one other reason why I wanted to mention that this is the preferred way to do it. All right, let's go ahead, and take a look at another computer, and install DNS manually.
So, for this part of the demonstration, I'm going to jump over to a computer I have, called Member 1. And, this computer is simply a member server, within the Landon Hotel.local domain. Here, in the Server Manager, as I mentioned before, DNS server is a role, so, I'm going to click on Add roles and features. Here, in the wizard, you get the Before you begin screen, which is just talking about why you want to make sure all your security settings are in place, before installing a role. We know they are, so, I will click Next. It is a role based installation, so, I will click Next, again.
We are installing on Member 1, so, I will click Next. And, at this point, I can select the role, that I want to install. And, right here, you'll see we have DNS Server, so, I'm going to check the box. And, when I do, you'll see, here, that I get additional features that are required, so, I'll click the box saying OK, add those features, and, I will click Next. Here, I have the opportunity to add any other features, that I may be trying to install, as part of this. I don't need to, so, I will click Next. Here's a review of what DNS is, so, I will click Next.
And, then, I will click Install. And, at this point, it's going to go through and install the DNS Server role, which is pretty much the same thing that it did, when we were installing DNS via the Active Directory Domain Services domain controller promotion. The difference, here, is that it's not configuring anything. It's only installing the role, OK? So, again, if you are following along, your system may take longer than mine. As you can see, mine has already succeeded. So, feel free to go ahead, and pause the video, and, then, resume, once this installation is completed, on your end.
So, on my end, it has succeeded. So, I'm going to close this window. And, you can see that DNS is installed, over here, on the left, again, you can see it down here, at the bottom. And, if I go to the Tools menu, I now have DNS, as a selection. And, if I click on it, of course, it takes me into the DNS Manager. Notice, it's very different looking, than it was on DC2. Here, I can see the DNS Server, Member 1. But, when I click on it, and expand my Forward Lookup Zones, nothing, right? It's just blank, I can't do anything with it.
It says Add a New Zone, OK? So, we have DNS installed, and, believe it or not, this server is already capable of providing certain DNS services, because you don't have to have a zone, to provide all DNS services. In other videos, I will talk to you about the idea of being a caching only DNS server, and things like that, and, that's pretty much what we are, right now. But, I just wanted to show you the difference, that, right now, DNS has been installed, but, you have to do all the configuration manually.
And that, again, is why it is recommended that you, when possible, install DNS as a part of your domain controller promotion process, and have DNS running on your domain controllers, so that they can be secure, they can be efficient, and, well, all the configuration's done for you, which means, it leaves less room for error. All right, so, now that we have DNS installed, now we have to figure out, well, how we go and configure it. So, there's a whole series of videos that I'll have, here, on showing you how we can do different things, with DNS servers.
- DNS installation
- Creating DNS zones
- Configuring DNS zone replication
- DNS name resolution
- Securing DNS