Understanding and Using DNS for Web Sites
Windows Server 2003 moved from the NetBIOS naming convention for naming machines in the domain to the dot notation that is also the DNS naming convention (for example, jerry.autosrus.com). Therefore, DNS for a Windows Server 2003 domain can be used not only for web sites, but also for the domain itself—locating objects in the domain such as other machines, printers, users, or just about any object using the dot name reference.
Active Directory is the backbone of DNS. Any time you set up a new machine on the domain, it registers itself in AD as an object, and DNS automatically gets this information from AD. All these details are somewhat beyond the scope of this article, but you need to understand that you can create AD domains for web sites (although there isn't much use for this technique unless you're using objects and domain-based logins and permissions).
While you can create different types of zones with DNS, we're really concerned with just one type of zone for Internet-based domains: the forward lookup zone. This folder contains all the hostname-to-IP address mappings. For our purposes, the hostname is the domain name that you want to add for resolution by your name server. Once you create a forward lookup zone for a domain, you can add resource records to this zone, such as for an email service. You can even create different types of forward lookup zones; for example, we'll create a standard primary forward lookup zone for all domains we want our DNS server to manage. We'll get to that in a minute, but first we must register the domain with a domain registrant.
Registering a Domain and Using Your Name Servers
Now that you have a domain that you want your name server to resolve and manage, you need to register this domain with a domain registrant such as NameSecure or Network Solutions. By default, the registrant will use their name servers as the name servers for resolving and managing this new domain. This setup doesn't do you much good, however, so you must change the setup to use your own name servers. The registrant will have a tool for this purpose. You'll need to change at least the primary name server to your name server's fully qualified domain name. Let's say I registered a new domain called mydomain.com with NameSecure. NameSecure automatically defaults their name servers (ns1.namesecure.com and ns2.namesecure.com) as the name servers for this domain. To change this arrangement, I use the Modify Name Servers form and add my name server, farside.farside.ifusionsoft.com, as the primary name server, replacing ns1.namesecure.com. After I make this change, my name server will have control over this domain in 96 hours or less.
Creating the Forward Lookup Zone and Resource Records
Now we're ready to create a forward lookup zone for the domain on the name server. Right-click the Forward Lookup Zones folder in the left-hand pane of the DNS management console (refer to Figure 1) and select the New Zone option to display the first screen of the New Zone Wizard (see Figure 3).
Figure 3 The New Zone Wizard.
The wizard lists the various major zone types. Leave Primary Zone selected and click Next. The next screen asks how you want your zone replicated. The default option is to have the zone replicated to all other domain controllers in the domain. The other options deal more with local area networks and wide area networks for the domain or domain forest; we're not concerned with either of those options. Click Next to accept the default setting.
Now you need to name the zone file. Use the name of your domain name (yourdomain.com). It's also a good idea to put www in front of the domain; you'll see how important this convention is with IIS when using host header names. (I'll get to that shortly.) You can also create another zone without www at the beginning so users can access the site without using www before the domain when accessing the zone over the Internet.
The final screen of the wizard asks whether you want this zone to use dynamic updates for updating resource records automatically if AD changes. You can leave this option selected; it really has nothing to do with Internet domain names. Alternatively, you can choose to update resource records manually.
The zone for this domain has now been created and listed in the left pane of the DNS management console. In the right pane, two resource records have already been created:
- The NS (Name Server) record tells DNS what name server this zone will use.
- The SOA (Start of Authority) has a serial number for the zone and some refresh intervals settings.
You can view the property sheets for either record by double-clicking the record.
We need to add a Host (A) record. Right-click anywhere in the white space of the right pane, where the zone's resource files are listed, and select New Host (A) from the context menu to display the New Host dialog box (see Figure 4).
Figure 4 Creating a Host (A) record.
Leave the Name field blank. We're going to use the parent domain (the domain of our name server) as this domain's name server. It's already specified in the zone's NS record. Specify the IP address to which this domain will resolve. If you're doing e-Commerce web hosting, you'll likely have several network cards (each with its own unique IP address) on your web server for handling domains. This is because each domain using Secure Sockets Layer (SSL) needs its own IP address. If you're not hosting any web sites with SSL, you only need one IP to handle them all; as I mentioned earlier, this is called multi-homing.
Click the Add Host button and then the Done button, and your new resource record appears in the resource record list in the right pane. This record simply converts the domain name to the associated IP address that you assign to it. This IP address can be anywhere on your network that your DNS server is able to resolve.
This is all we need to do to get the domain name working with DNS. We could add other records for services such as mail, but such tasks are beyond the scope of this article.
Now that the domain is ready and working with DNS, it's time to get IIS to respond to it.