FIGURE 9–7 Configure name servers for the domain through the domain’s Properties dialog box.

4. Tap or click Add. This displays the New Name Server Record dialog box.

5. In the Server Fully Qualified Domain Name text box, enter the name of a DNS server for the child domain, such as corpserver01.cpandl.com and then tap or click Resolve. The server then performs a lookup query and adds the resolved IP address to the IP Address list.

6. Repeat step 5 to specify additional name servers. The order of the entries determines which IP address is used first. Change the order as necessary by using the Up and Down buttons. When you are ready to continue, tap or click OK to close the New Name Server Record dialog box.

7. Tap or click OK to save your changes.

To view or update DNS records, follow these steps:

1. Double-tap or double-click the zone with which you want to work. Records for the zone should be displayed in the right pane.

2. Double-tap or double-click the DNS record you want to view or update. This opens the record’s Properties dialog box. Make the necessary changes, and then tap or click OK.

Each zone has separate properties you can configure. These properties set general zone parameters by using the SOA record, change notification, and WINS integration. In the DNS Manager console, you set zone properties by doing one of the following:

■ Press and hold or right-click the zone you want to update, and then tap or click Properties.

■ Select the zone, and then tap or click Properties on the Action menu.

The Properties dialog boxes for forward and reverse lookup zones are identical except for the WINS and WINS-R tabs. In forward lookup zones, you use the WINS tab to configure lookups for NetBIOS computer names. In reverse lookup zones, you use the WINS-R tab to configure reverse lookups for NetBIOS computer names.

An SOA record designates the authoritative name server for a zone and sets general zone properties, such as retry and refresh intervals. You can modify this information by following these steps:

1. In the DNS Manager console, press and hold or right-click the zone you want to update, and then tap or click Properties.

2. Tap or click the Start Of Authority (SOA) tab, and then update the text boxes shown in Figure 9–8.

FIGURE 9–8 In the zone’s Properties dialog box, set general properties for the zone and update the SOA record.

You use the text boxes on the Start Of Authority (SOA) tab as follows:

■ Serial Number A serial number that indicates the version of the DNS database files. The number is updated automatically whenever you make changes to zone files. You can also update the number manually. Secondary servers use this number to determine whether the zone’s DNS records have changed. If the primary server’s serial number is larger than the secondary server’s serial number, the records have changed, and the secondary server can request the DNS records for the zone. You can also configure DNS to notify secondary servers of changes (which might speed up the update process).

■ Primary Server The FQDN for the name server followed by a period. The period is used to terminate the name and ensure that the domain information isn’t appended to the entry.

■ Responsible Person The email address of the person in charge of the domain. The default entry is hostmaster followed by a period followed by your domain name, meaning hostmaster@your_domain.com. If you change this entry, substitute a period in place of the @ symbol in the email address and terminate the address with a period.

■ Refresh Interval The interval at which a secondary server checks for zone updates. The default value is 15 minutes. You reduce network traffic by increasing this value. However, keep in mind that if the interval is set to 60 minutes, NS record changes might not be propagated to a secondary server for up to an hour.

■ Retry Interval The time the secondary server waits after a failure to download the zone database. If the interval is set to 10 minutes and a zone database transfer fails, the secondary server waits 10 minutes before requesting the zone database once more.

■ Expires After The period of time for which zone information is valid on the secondary server. If the secondary server can’t download data from a primary server within this period, the secondary server lets the data in its cache expire and stops responding to DNS queries. Setting Expires After to seven days enables the data on a secondary server to be valid for seven days.

■ Minimum (Default) TTL The minimum time-to-live (TTL) value for cached records on a secondary server. The value can be set in days, hours, minutes, or seconds. When this value is reached, the secondary server causes the associated record to expire and discards it. The next request for the record needs to be sent to the primary server for resolution. Set the minimum TTL to a relatively high value, such as 24 hours, to reduce traffic on the network and increase efficiency. Keep in mind that a higher value slows down the propagation of updates through the Internet.

■ TTL For This Record The TTL value for this particular SOA record. The value is set in the format Days: Hours: Minutes: Seconds and generally should be the same as the minimum TTL for all records.

Zone transfers send a copy of zone information to other DNS servers. These servers can be in the same domain or in other domains. For security reasons, Windows Server 2012 R2 disables zone transfers. To enable zone transfers for secondaries you’ve configured internally or with ISPs, you need to permit zone transfers and then specify the types of servers to which zone transfers can be made.

Although you can allow zone transfers with any server, this opens the server to possible security problems. Instead of opening the floodgates, you should restrict access to zone information so that only servers you’ve identified can request updates from the zone’s primary server. This enables you to funnel requests through a select group of secondary servers, such as your ISP’s secondary name servers, and to hide the details of your internal network from the outside world.

To allow zone transfers and restrict access to the primary zone database, follow these steps:

1. In the DNS Manager console, press and hold or right-click the domain or subnet you want to update, and then tap or click Properties.

2. Tap or click the Zone Transfers tab, as shown in Figure 9–9.

FIGURE 9–9 Use the Zone Transfers tab to allow zone transfers to any server or to designated servers.

3. To restrict transfers to name servers listed on the Name Servers tab, select the Allow Zone Transfers check box, and then choose Only To Servers Listed On The Name Servers Tab.