NT DNS Configuration - using BIND 4.9.3 Release

Last modified: Mar 4/96

Setting up an NT Internet Server? The Domain Name Service is a bit of a mystery, which unravels only after spending extensive time and effort. The Microsoft DNS Service is still useless after all this time, but the free port of Unix Bind - version 4.9.3 release is of production quality.

In order to help others along, here is an example of how to set up a working configuration.

For an overall guide to setting up an Internet Server with NT, check out John Neystadt's How to Create Internet Site with Windows NT only. It can be opinionated, but has some good pointers.

This page provided by Telemark Systems Inc, additional comments by Larry Kahn.

Other Information

The distribution comes with bog.wri which is a fairly complete documentation of DNS configuration. You may also want to check out http://www.dns.net/dnsrd/ for a bunch of online resources.

A mailing list dedicated to this Windows NT port of bind 4.9.3 has been created by Larry Kahn... anyone wishing to join should send an email message to

  • listserv@drcoffsite.com
    and in the body of the message put:
  • subscribe bindnt your name
    Your subscription email address will be the one from which the mail was received. The people on this list are quite good about helping people with specific problems.

    Installation

    To get a copy of Bind, email to Larry Kahn at access@drcoffsite.com (one of the programmers) and ask for access to his ftp site. It has also recently been added to Beverly Hills' NT Resource Center.

    Unzip the file (using a 32 bit unzipper - some names are longer than 8.3). Any directory will do. Read the release notes.

    Run install.bat. It will do these things:

  • Create directory \var\named which is where the zone configuration files reside.
  • Copy sample initialization file named.boot or named.ini to \winnt35.
  • Copy executable files to \winnt35\system32.
  • Install the service name "DomainNameService" as the executable named.exe.

    My Configuration Files

    I am serving for 3 domains: telemark.net, canada-stockwatch.com and randallg.com. They all have hosts on the same class C network (204.191.227), so I have one zone file for each domain, plus a single reverse zone file for all hosts on the class C network.

    You should have 2 separate servers for your domains. Mine are randall.telemark.net and www2.canada-stockwatch.com. Read bog.wri for a complete explanation of the contents of these files.

    \winnt35\named.boot

    This may be named.ini depending on which build you have - it doesn't seem to matter which name it has (any comments on this??).

    This file is read by named when it is started. Mine looks like this: 
    directory \\var\\named

cache	.	db.cache

primary 0.0.127.IN-ADDR.ARPA 	local.rev
primary telemark.net 		telemark.dom
primary randallg.com 		randallg.dom
primary 227.191.204.IN-ADDR.ARPA sw2.rev
secondary canada-stockwatch.com 204.191.227.129 sec/canada-stockwatch.com
    This file refers to the other zone configuration files, all of which reside in \var\named. This machine is a primary for telemark.net and randallg.com, and acts as a secondary for canada-stockwatch.com. It reads the config files local.rev, telemark.dom, randallg.dom, sw2.rev at startup. Also, the primary server for canada-stockwatch.com is contacted, and the config is written to the file sec\canada-stockwatch.com.

    \var\named\db.cache

    This file contains pointers to a bunch of root DNS servers in the Internet. It is pretty standard and may be obtained from many sources - including the one delivered with the Bind port, so I won't repeat it here.

    \var\named\local.rev

    This is also pretty standard, for resolving your localhost interface. Mine looks like this: 
    @   IN  SOA randall.telemark.net. postmaster.telemark.net. (
                               1       ; serial number
                               10800   ; refresh [3h]
                               3600    ; retry   [1h]
                               691200  ; expire  [8d]
                               86400 ) ; minimum [1d]
	IN	NS	randall.telemark.net.

1.0.0   IN PTR localhost.
1	IN PTR localhost.

    \var\named\telemark.dom

    OK, here's a real forward mapping zone file, for telemark.net. It defines the nameservers for the domain, the addresses of all hosts and aliases, and where to send the mail: 
    @   IN  SOA     randall.telemark.net.  postmaster.randall.telemark.net. (
                               1995101001       ; serial number
                               10800   ; refresh [3h]
                               3600    ; retry   [1h]
                               691200  ; expire  [8d]
                               86400 ) ; minimum [1d]
	IN	NS	randall.telemark.net.
	IN	NS	www2.canada-stockwatch.com.
	IN	A	204.191.227.65
	IN	MX	10	randall

localhost       IN      A       127.0.0.1

randall		IN	A	204.191.227.65
		IN	MX	10	randall

randallg	IN	A	204.191.227.66
		IN	MX	10	randall

ras		IN	A	204.191.227.130

mail	IN	CNAME	randall
smtp	IN	CNAME	randall
pop	IN	CNAME	randall
www	IN	CNAME	randall.telemark.net.

pam	IN	CNAME	randallg

    \var\named\randallg.dom

    Is very similar to telemark.dom above, so I won't bother including it here.

    \var\named\sw2.rev

    This is the reverse mapping file, for translating IP addresses to hostnames. There can only be one hostname for a particular IP address (even if you have multiple hostnames defined for that IP address in your zone files). 
    @   IN  SOA randall.telemark.net. postmaster.randall.telemark.net. (
                               1995101001       ; serial number
                               10800   ; refresh [3h]
                               3600    ; retry   [1h]
                               691200  ; expire  [8d]
                               86400 ) ; minimum [1d]
	IN	NS	randall.telemark.net.

65	IN  PTR randall.telemark.net.
66	IN  PTR randallg.telemark.net.
11	IN  PTR www2.canada-stockwatch.com.
10	IN  PTR www.canada-stockwatch.com.
130	IN  PTR ras.telemark.net.

    Testing the Service

    Start the usual way, using Control Panel -> Services. There will be messages left in the Application Event Log - it is a very good idea to look at them. If you have any problems there will probably be some diagnostics there. When operating properly, there will be nothing that looks like an error or warning. If you have problems with your configuration, fix them and restart the service until it starts with no errors.

    Once you have it starting OK, you can test it with the nslookup.exe that came with the distribution. Run it from the command prompt - it will attempt to attach to your server. If you get a ">" prompt, you can enter your complete local hostnames, and it should return their IP addresses. Then, to check the reverse mapping file, set q=ptr and type in the IP address, you should get the hostname. For instance: 
    C:\users\default>nslookup
Default Server:  randall
Address:  127.0.0.1

> www.telemark.net
Server:  randall
Address:  127.0.0.1

Name:    randall.telemark.net
Address:  204.191.227.65
Aliases:  www.telemark.net

> set q=ptr
> 204.191.227.65
Server:  randall
Address:  127.0.0.1

65.227.191.204.in-addr.arpa     name = randall.telemark.net
227.191.204.IN-ADDR.ARPA        nameserver = randall.telemark.net
randall.telemark.net    internet address = 204.191.227.65
>

    When you have confirmed the operation of all of your defined hostnames, try to run nslookup - <your server's ip address> from a Unix or NT machine somewhere else on the Internet.

    Also, bind comes with two programs useful for testing:

  • ndc.exe - it can do many different things: 
    ndc reload
ndc start
ndc stop
ndc restart
ndc stats
ndc status
ndc dumpdb
ndc trace
ndc notrace
ndc querylog
  • xfer.exe - used for checking your zone transfers, if you are primary for a domain. ie: 
    Usage: xfer
        -z zone_to_transfer
        -f db_file
        -s serial_no
        [-d debug_level]
        [-l debug_log_file]
        [-t trace_file]
        [-p port]
        [-S]
        [-C class]
        servers...

eg: xfer -z drcoffsite.com -f test. -s 0 localhost

    Also the xfer program is not only useful if you are primary, if you're secondary for any domains you can use it to make sure you can transfer the zone files correctly from the specified primary server.

    If primary it is useful to try and transfer your own zones from your server to make sure they transfer ok.

    When all this works, you are ready for operation, and in addition you will satisfy Internic when you apply for more domain names.

    Operational Tips

    When you make a change to your configuration files - stop and restart the service to have it take effect. Or you can use the ndc.exe program: ndc reload.

    Update your serial numbers every time you make a change

  • if you DON'T your secondaries will not know to get a new copy of your zone files, and hence never get the changes... (assuming you are primary)..
  • it lets other DNS servers in the Internet know when the info they have cached is out of date.

    The serial number is part of the SOA record in each zone file (and can be anything you like) - a good choice is YYYYMMDD## where ## goes up by one for each change that day.

    Help and Support

    I need to emphasize this because it is apparently not obvious:

    Telemark Systems is not in the business of providing free phone support!

    In fact, Telemark is not in the business of providing paid phone support either. We have plenty of other things to do from which we earn our livlihood. If you have problems or questions, please join the mailing list mentioned above and post them there, along with copies of your configuration files.

    This page provided by Telemark Systems Inc.