DNS, better known as the Domain Name System, is an integral part of every network these days. Once trapped to the confines of a text file called HOSTS, this service has grown to fuel the Internet, and now is an important part of Windows 2000 networks. DNS, although simple in explanation, has confused many people. This tip is part one of two. Part one will explain the fundamentals of DNS and how to configure it on a simple LAN connected to the Internet. Part two will discuss a more advanced setup and management system.
This tip came about because my Search Networking.com forum, the
Managing the Domain Name System on a small-to-intermediate-sized network is not complex, but when you get it wrong and nothing works, you may feel that the theory of DNS is much simpler than its actual setup, configuration and management. In simple terms, the Domain Name System takes difficult-to-remember, number-based addresses and allows a simple conversion to easy-to-remember, friendly names. The example I like to use with my students is the scenario when a company is advertising on the radio. You hear them rattle of the URL for the company, saying "Come visit us at 220.127.116.11 on the Internet," instead of saying, "Come to myverycoolstore.com." That, of course, would raise some eyebrows. The DNS service does the same thing, translating that IP address into an easier domain name. The problem is that when the service is unavailable, so is the ability to translate those names.
A major problem I see people having does not have to do with the simple concept of DNS, but with understanding how big DNS is and how far it stretches out. Take, for instance, the problems that were brought up in the forum -- many technicians setting up simple LANs forgot the fundamentals I know they learned once before. No name resolution, no Internet functionality.
Here is a typical situation: A tech is setting up a LAN consisting of four machines, one switch, a router and some type of Internet connection. Notice I did not mention a proxy server, because this is different and will be discussed in a moment. For argument's sake, we will say the Internet connection is some kind of cable service provided by the local ISP. You want all four machines to access the Internet. Let's say they are all in separate rooms in your house. Most people start off on the right foot, but lose track along the way. Here is the correct sequence of steps:
- Purchase the following: NIC cards (many users still have old PCs with only modems, so you'll need to have a NIC card in each PC), CAT5 cables, a switch (or a hub) and a router.
- Unpack and check everything.
- Have the ISP install the line to the house.
- Connect the ISP-based line to the WAN or outside port of the router you are using. Be careful to check that it is a static IP or using DHCP. It really doesn't matter if you only need Internet access, you can use either.
- Configure the inside or LAN port of the router with a new set of numbers. This is where many folks choke up. You can set the inside port for DHCP if applicable, but if you don't have that service, then you have to hard code it. I would suggest using a private block of numbers. The Internet is fueled on publicly known addresses assigned to you by an ISP. You can, however, make up the ones on the inside, and the IANA organization has set aside many addresses for you to choose from. I recommend using a 10 network. The network address will be 10.0.0.0, and the subnet mask at this point really doesn't matter. We'll make it 24 bits to keep it simple.
- Assign what will be known as the "default" gateway to the inside router port. Make this address 10.0.0.1 with a subnet mask of 255.255.255.0
- You can now address the other four machines as 10.0.0.2, 10.0.0.3, 10.0.0.4 and 10.0.0.5. Use the same subnet mask.
- Next, make sure you configure the default gateway on each client to point to the router. This is done by assigning the default gateway option on the client to 10.0.0.1
- Next, install the switch, plug the four hosts in, then the router, and turn it up. Now you have total connectivity. You'll need to test at this point. Ping the default gateway from all four hosts. If you have success, then your basic TCP/IP settings are good, your drivers and protocol stack are bound correctly and your switch is operating properly.
- Now, this step is where people drop like flies. They will open browsers and e-mail clients and expect them to work on the Internet. But first we must discuss DNS. DNS is needed to resolve that http://www.msn.com you just put into your browser. You want to browse a friendly name, but what is resolving it? Nothing, yet. You need to configure DNS on your systems.
- Open each client machine's network properties. You should have some paperwork on what the DNS server addresses are. If not, then you may want to call the ISP's technical support line to get this information. Once you have these IP addresses, you need to put them into the client's network properties. Each version of Windows is a little different in the layout of where this setting is, but they all have a place in network properties to put DNS IP addresses in. Put them in and restart the machines if needed.
- Now you should be up and functional. You may run into an instance where you suddenly don't have access anymore. That could be because the router lost its lease on DHCP. Simply power the router off and back on to let it go through its DORA stage and pull another lease or IP address. This will not affect the internal LAN.
That is the general setup. Let's explain a few things about what we just covered. The default gateway needs to be assigned on the client, because the client will ARP out and look for each client it needs to communicate with on its local segment. If it can't find what it is looking for, then it will send to the default gateway. The router is the default gateway.
On the inside network, you can use other protocols like netbeui or IPX/SPX compatible. It really doesn't matter, but you need to make sure that the router has an inside port that can accept those packets. Most likely, you will be using TCP/IP. You can, however, bind multiple protocols to one NIC and use them all. This is not recommended in large networks, but for your little LAN at home or a small business it can work.
Workgroups, domains and NDS trees can be configured on the inside network. This is not recommended when not needed, and if not needed, then don't worry about it. The point here is that you don't need to have this setup to get out to your ISP with Internet access, and I think that sometimes people set this up with that belief. Usually a workgroup name is configured for file and print sharing capabilities, but using file and print sharing on a connection to the Internet is NOT recommended without a firewall or some kind of protection. The router will typically protect you from broadcasts, but when you have a one-machine connection to the Internet, then file and print sharing or the server service is not recommended.
Another strategy is to use a proxy server. The difference with a proxy server is that all the clients wanting Internet access will get their DNS resolved by the proxy server. Remember, the proxy server "act on behalf" of the client, so it also does you the favor of resoling the client's DNS. Make sure the proxy server has DNS configured correctly.
Don't feel bad about not having DNS completely nailed down. While I was in the dentist chair getting my tooth drilled a few months ago, my dentist asked me how to set up the same thing. DNS is the lifeblood of the Internet, and hopefully after this article you understand it a little better. If you want to get into DNS deeper with even more understanding, check out some of the links I've provided. Enjoy, and don't stress the simple stuff? especially the concept of DNS. Next time, we will discuss management of corporate-sized DNS solutions.
This was first published in March 2002