Lab2 ‐ DNS - tmansfield42/Tech-Journal GitHub Wiki

Lab Summary

In this lab we set up the DNS Server for our environment. The main objective of this lab is to understand how DNS works and why it's important. We also set up Active Directory in our environment!

Process

  1. TAKE A SNAPSHOT Make sure your ad01 virtual machine is connected to your LAN. Refer to Lab 1 for guidance on this. Once this is done, start the virtual machine and choose a strong Administrator password. This local password will end up being the Domain Administrator password.
  1. Change the network configuration settings with the following configurations: (refer to Lab 1 for guidance on this).

IP Address: 10.0.5.5

Netmask: 255.255.255.0

Gateway 10.0.5.2 (Make sure fw01 is running).

DNS 10.0.5.2

  1. Change the computer name to ad01-yourfirstname, after rebooting your Local Server Settings should look like this:

  1. Just to check, ping 8.8.8.8 (google's DNS) to make sure you have external internet access. If you don't, it likely means that either your machine isn't on the LAN, ad01 isnt connected to the default gateway/firewall/fw01 properly (check with step 2), or your fw01 machine wasn't properly setup in steps 1-3 in Lab 1
  1. Open Server Manager. From the Manage menu, Select Add Roles and Features

The following screenshots will show only those screens where non-default configuration is required.

Select Active Directory Domain Services->Add Features. Pick Active Directory Domain Services:

Choose the restart destination server option, and select yes on the confirmation dialog.

After installation, we need to configure our server to be the primary domain controller for our domain (yourname.local). Select the link to Promote this server to a domain controller. Make absolutely sure you have set the hostname before moving forward with promoting this system.

  1. We are going to create a new forest. Name this forest yourname.local, where yourname is your first name. Enter a DSRM password. This password is used to recover the directory in case of error. You would use it in production if things went terribly wrong.

  1. After rebooting the system you can now login as your Domain Administrator with credentials in your Active Directory compared to your Local Administrator account where the credentials are stored on only that computer.

After installation and a lengthy reboot, you will find that your ad01 server's network configuration has changed somewhat. Your DNS server now points to 127.0.0.1 (which is the local loopback adapter for ad01, i.e. it’s pointing back to itself), and DNS queries not handled locally are forwarded to fw01 which will in turn forward to its DNS Server.

  1. Currently, you cant ping fw01 using its name (i.e. you cant type "ping fw01-firstname", it'll only work if you use fw01-firstname's IP address). This means we have to make a DNS record for our server to look back on. Doing this will allow us to write "ping fw01-firstname" where our server will check it's records, find that fw01-firstname's record has an associated IP address of 10.0.5.2 and therefore ping this IP address. These records translate names such as google.com, amazon.com, etc. into IP addresses.

Find and invoke DNS Manager from the Server Manager/DNS/AD01 context menu

Find and expand the forward lookup zone for your new domain

You should have an entry for ad01.yourname. This allows you to ping ad01 by hostname and/or domain name. We are going to add an entry for fw01

From the DNS Manager, select New Host (A or AAAA name):

Add a reference to fw01, go ahead and check "Create associated (PTR) record"

  1. When your host is added, the capability to resolve a host by its hostname is enabled. The reverse is not true. We cannot get a hostname by IP address until we create a reverse lookup zone.

Add a new zone:

Create a new PTR record from the A record of fw01-yourname and ad01-yourname by unchecking, applying checking the update PTR record check box, and re-applying fw01's properties from step 8

  1. **Go to AD DS on the left menu, right click AD01-FIRSTNAME and click Active Directory Users and Computers. Under yourname.local > Users, right click and click New > User

Create the User and make sure that password never expires

In Users, right click your new user and add click Add to group. Add them to "Domain Admins" group. This will make this user have elevated privileges.

  1. In your workstation, change the network configuration settings' DNS to 10.0.5.5 (your ad01 IP address). This makes it so your workstation can resolve the names within your environment (in other words when you change this setting you'll be able to write "ping fw01-firstname" from your workstation). We're going to add the workstation to yourname.local domain. MAKE SURE THERES A PTR RECORD FOR YOUR WORKSTATION IN AD01