DNS is the internetโs phonebook. It translates domain names (e.g., example.com) into IP addresses (e.g., 93.184.216.34) so browsers can load websites.
www.example.com in browser.com, .org, etc.)| Record | Purpose | Example |
|---|---|---|
| A | Maps domain to IPv4 address | example.com โ 192.0.2.1 |
| AAAA | Maps domain to IPv6 address | example.com โ ::1 |
| CNAME | Alias for another domain | www โ example.com |
| MX | Mail exchange server | Handles @example.com emails |
| TXT | Text data (SPF, DKIM, etc.) | Domain verification |
| NS | Points to name servers | ns1.examplehost.com |
| SOA | Start of authority (zone control) | Primary info for the domain |
.com, .net, etc.nslookup example.com
ipconfig /displaydns
dig example.com
host example.com
| Provider | Primary DNS | Secondary DNS |
|---|---|---|
8.8.8.8 |
8.8.4.4 |
|
| Cloudflare | 1.1.1.1 |
1.0.0.1 |
| OpenDNS | 208.67.222.222 |
208.67.220.220 |
After installation, DNS Manager will be available.
dnsmgmt.msc
In DNS Manager, expand your server
Right-click Forward Lookup Zones โ New Zone
Choose Primary Zone
Select Store in AD (if using AD)
Enter zone name (e.g., example.local)
Choose dynamic update type (recommended: Secure only)
Finish the wizard
โ This creates a DNS zone for resolving domain names โ IPs
Right-click your new zone โ New Host (A or AAAA)
Name: e.g., pc1
IP Address: e.g., 192.168.1.10
โ Check "Create associated PTR record"
Click Add Host
Other record types:
MX: For email servers
CNAME: Alias for another name
NS: Delegate subzones
Right-click Reverse Lookup Zones โ New Zone
Choose Primary Zone
Network ID: e.g., 192.168.1
Choose dynamic update settings
Complete wizard
Add PTR records manually or check option when adding A records.
Go to Network and Sharing Center
Open Adapter Settings > Right-click > Properties
Select IPv4 > Properties
Set Preferred DNS to 127.0.0.1 or server's own IP
On client PC (joined to domain or same network):
nslookup pc1.example.local
Should return the correct IP.
# View DNS zones
Get-DnsServerZone
# Add a new A record
Add-DnsServerResourceRecordA -Name "web" -ZoneName "example.local" -IPv4Address "192.168.1.50"
# View all records
Get-DnsServerResourceRecord -ZoneName "example.local"
Forward Zone: Domain โ IP
Reverse Zone: IP โ Domain
SOA: Start of Authority
NS Record: Points to nameserver
PTR Record: Reverse lookup entry
sudo apt update
sudo apt install bind9 bind9utils bind9-doc dnsutils
sudo yum install bind bind-utils
sudo nano /etc/bind/named.conf.local
Add:
zone "example.local" {
type master;
file "/etc/bind/zones/db.example.local";
};
Create the zone file:
sudo mkdir -p /etc/bind/zones
sudo cp /etc/bind/db.local /etc/bind/zones/db.example.local
sudo nano /etc/bind/zones/db.example.local
Example content:
$TTL 604800
@ IN SOA ns1.example.local. admin.example.local. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS ns1.example.local.
ns1 IN A 192.168.1.10
www IN A 192.168.1.20
In named.conf.local:
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.192";
};
Create file:
sudo cp /etc/bind/db.127 /etc/bind/zones/db.192
sudo nano /etc/bind/zones/db.192
Example:
$TTL 604800
@ IN SOA ns1.example.local. admin.example.local. (
2 604800 86400 2419200 604800 )
@ IN NS ns1.example.local.
10 IN PTR ns1.example.local.
20 IN PTR www.example.local.
Edit:
sudo nano /etc/bind/named.conf.options
Set:
options {
directory "/var/cache/bind";
recursion yes;
allow-query { any; };
forwarders {
8.8.8.8;
1.1.1.1;
};
dnssec-validation auto;
auth-nxdomain no;
};
sudo systemctl restart bind9
sudo systemctl enable bind9
From the same or client machine:
dig @192.168.1.10 www.example.local
host www.example.local 192.168.1.10
๐ฅ Check logs:
sudo journalctl -xe
sudo tail -f /var/log/syslog
๐ง Test configuration:
sudo named-checkconf
sudo named-checkzone example.local /etc/bind/zones/db.example.local
โ Always use named-checkzone to validate zone files
๐ Restrict allow-query and recursion in production
๐ Backup /etc/bind before making major changes
๐ฆ Use systemd-resolved cautiously if enabled
๐ Use Secure Dynamic Updates for AD-integrated zones
๐งช Enable DNS logging for monitoring
โป๏ธ Set appropriate TTL for records
โ Use reverse zones for better diagnostics
Forward Lookup Zone: Name โ IP
Reverse Lookup Zone: IP โ Name
Root Hints: Default DNS roots
Conditional Forwarder: Forwards queries for specific domains
DNS responses are cached by:
Browser
OS
Resolver (ISP/router)
Cached entries reduce lookup time
To flush cache:
# Windows
ipconfig /flushdns
# Linux (systemd-resolved)
sudo systemd-resolve --flush-caches
โ "DNS server not responding" โ resolver unreachable
โ Wrong IP resolution โ DNS poisoning/spoofing
๐ Use DNS over HTTPS (DoH) or DNSSEC for security
๐งญ FQDN: Fully Qualified Domain Name (e.g., www.secretwiki.mywire.org)
๐ Zone File: Contains all DNS records for a domain
๐ TTL (Time To Live): How long DNS info is cached
๐ Reverse DNS (rDNS): IP โ domain lookup