Since my test server is behind a NAT device I’m using private IP addresses.DNS As I mentioned earlier we’re configuring an authoritative server so leaving recursion to its default (which is enabled) will create a vulnerability for DNS Do S attacks.
While creating records for the domain always remember to use only public IP addresses.
First we’ll be editing the NS and SOA records that were automatically created with this zone.
Open the properties of the NS record and edit the name server entry in it.
If your server has a directly assigned public IP then editing the FQDN alone if enough, set it to something like dns1.
When you save this setting you’ll be asked whether you want to remove the private IP address, press “Yes” At this point DNS manager will automatically create an A record pointing “dns1.yourdomain.com” to .
Next modify the SOA record, change the Primary server to the NS record just edited and enter your email address under “Responsible Person” replacing @ with a dot ([email protected] entered as user.example.com).
Open an online DNS lookup tool which gives a lot of detail like
First query the default DNS server and have a look at the results.
Therefore, all clients should use CIT's DNS server for their name resolutions.
CIT will not delegate out the whole Active Directory domain since all hosts need to be registered in DNSDB (aka Network Registry).
This Active Directory DNS server should be configured as the authoritative server for the domain and the Windows Domain Controllers will use this for dynamic updates of the SRV records.