Creating a New Zone

Now it's time to create the movie.edu zone. Select the name server on the left where you want to create the zone. (There's only one server now, terminator, but the DNS console could know about multiple servers.) Choose Action New Zone. You'll see the New Zone Wizard, as in Figure 4-6.

To continue, click Next. In the next window (Figure 4-7), you have three choices for the type of zone: Active Directory integrated, Standard primary and Standard secondary. For now, choose Standard primary and click Next. We'll talk more about Active Directory integration of zones in Chapter 11.

Figure 4-7. New Zone Wizard, second window

Now you need to choose the whether this is a forward- or reverse-mapping zone, as shown in Figure 4-8. movie.edu is, of course, a forward-mapping zone, so make that selection and click Next.

Figure 4-8. New Zone Wizard, third window

Getting tired of all these windows yet? In the next one, shown in Figure 4-9, type the domain name of the zone, which is movie.edu. Click Next.

Figure 4-9. New Zone Wizard, fourth window

Now you need to specify the file that will hold all the zone information, as shown in Figure 4-10.

Figure 4-10. New Zone Wizard, fifth window

The zone file, also called a zone data file, is the zone's permanent storage location. It's the file on the name server's disk where all the information about the zone is stored: it contains all the zone's resource records. Other name servers require you to edit the zone data file to make changes to the zone, but the DNS console allows you to avoid any hand-editing. As a result, you probably won't see the zone data files very much. We'll talk about their format later in this chapter.

Even if you won't be looking at it often, you need to specify a zone data filename when you create a zone. The server expects these files to be in

%SystemRoot%\System32\DNS. Microsoft's suggested naming convention uses the domain name of the zone followed by the .dns extension. (Notice that the DNS console has filled in the filename based on the zone name.) You can name the zone file whatever you want, but as long as the DNS console fills in the field for you, we

recommend sticking with its suggestion. You may be familiar with other naming

conventions, such as db. followed by the zone's domain name (e.g., db.movie.edu). In fact, that's the recommendation in our sister book, DNS and BIND.

When you've entered a filename (or left the automatically chosen name alone), click Next, and you'll see the confirmation window shown in Figure 4-11.

Figure 4-11. New Zone Wizard confirmation window

Click Finish to create the zone. If we double-click on terminator in the left pane, then double-click on Forward Lookup Zones and select the movie.edu zone, we see a window like the one pictured in Figure 4-12. The DNS console has created the zone and a few resource records. Let's talk about them one by one.

4.3.2.1 The SOA record

The first record displayed is the start of authority, or SOA,16 resource record for the movie.edu zone. It's a little tricky to see that the name of this record is really

movie.edu, since the DNS console displays (same as parent folder) in the Name column. You need to look at the domain name selected in the left pane to know the domain name of this resource record.

The SOA record indicates that this name server is the best source of information for the data within this zone. Our name server is authoritative for the movie.edu zone because of the SOA record. An SOA record is required in each zone, and there can be one, and only one, SOA record in a zone.

Double-click the SOA record to view its details. You'll see a window like the one in Figure 4-13.

Figure 4-13. The movie.edu SOA record

Let's skip that first field, Serial number, for now—don't worry, we'll cover it later in the chapter—and go on to the next field. The second field is the name of the primary master name server for this zone. (You may hear it called the MNAME field, which is its official name.) The third field contains the email address of the person in charge of the zone (if you replace the first dot with an at sign, @). The DNS console defaults to a username of administrator, but in other zones you'll often see root, postmaster, or hostmaster as the email address. Name servers won't use these names—they are meant for human consumption. If you notice a problem in someone's zone, you can send an email message to the listed email address.

16

Here's where a difference between normal (i.e., nonadvanced) and advanced mode comes in. Figure 4-12 shows the record type as Start of Authority because the DNS console is in basic mode. In advanced mode, the record type would show up as simply SOA.

Most of the remaining fields are for use by slave name servers and are discussed when we introduce slave name servers later in this chapter. For now, assume these are reasonable values.

4.3.2.2 The NS record

The next record is an NS (name server) resource record. There should be one NS record for each name server authoritative for the zone. Like the SOA record, NS records are attached to the zone's domain name. In our example, the NS records are attached to movie.edu. Right now there's only one name server (the primary master), but as we configure slave name servers, we'll add NS records. The DNS console created an NS record for terminator because it's a name server—the primary master name server—for movie.edu.

4.3.2.3 The missing A record

Unfortunately, we're missing a required record: the address (A) record for

terminator.movie.edu, the host running the name server. Address records fulfill the main purpose of DNS: they provide name-to-address mapping. Each A record maps a domain name, like terminator.movie.edu, to an IP address, like 192.249.249.3. Every NS record needs a corresponding A record in some zone. Think about it: an NS record says, "To find out information about this zone, go to this name server." To use the NS record, you need the IP address of the name server it specifies. In this case, the name of the name server, terminator.movie.edu, is contained in the movie.edu zone we just created, so we need an A record for terminator.movie.edu in our zone that will specify its IP address. We're bringing this up now because those of you familiar with Windows NT 4.0 might remember that DNS Manager (the former incarnation of the DNS console) would have automatically created an A record for terminator.movie.edu when the movie.edu zone was created.We will have to manually add this A record, but not just yet: it's best to create the reverse-mapping (in-addr.arpa) zones first.