Understanding Microsoft Windows DNS Server (2019/2022)
- Avijit Dutta
- 6 days ago
- 4 min read
Article :: KB00027
🌐 What is a DNS Server and Why Do We Use It?
The Domain Name System (DNS) is the Internet’s equivalent of a phonebook. It translates human-friendly domain names (like www.microsoft.com) into IP addresses (like 20.190.128.18) that computers use to identify each other on the network.
A DNS Server:
Resolves domain names to IP addresses (forward lookup)
Resolves IP addresses to domain names (reverse lookup)
Supports load balancing and fault tolerance using DNS records
Plays a critical role in Active Directory-based networks for domain controller location and replication
DNS is essential because:
It eliminates the need to memorise complex IP addresses
Ensures efficient routing of internet and intranet traffic
Enables the smooth functioning of services like email and directory lookups
🔌 Ports Used by DNS Server and Clients
Role | Protocol | Port Number | Description |
DNS Client | UDP | 53 | For standard DNS queries |
DNS Server | TCP/UDP | 53 | TCP is used for zone transfers; UDP is used for queries |
Zone Transfer | TCP | 53 | DNS servers replicate zone data |
Dynamic Updates | UDP/TCP | 53 | Clients register/update records |
Note: Ensure that firewalls and security appliances allow these ports for DNS to function properly.
🔁 DNS Resolution Process Flow
Here’s a simplified view of the DNS process:
This entire flow usually takes milliseconds thanks to caching and efficient resolver algorithms.
🧾 What is a DNS Query?
A DNS query is a request made by a client (like your browser or computer) to a DNS server to resolve a hostname (e.g., www.example.com) into its corresponding IP address (e.g., 93.184.216.34). This process allows users to access websites using readable names instead of memorising IPs.
🔍 Types of DNS Queries
Query Type | Description |
Recursive Query | The DNS client demands a complete answer. If the server doesn’t have it, it does the work of contacting other DNS servers until it finds the answer. |
Iterative Query | The DNS server returns the best information it has. If it doesn’t know the answer, it refers the client to another server. |
Inverse Query | This query maps an IP address back to a domain name. Used mostly for network troubleshooting or logging. |
The image will showcase how these queries travel from a client to various DNS servers: the local resolver, the root server, TLD server, and eventually the authoritative DNS server.
🚀 DNS Forwarders: What & Why?
Forwarders are DNS servers designated to handle queries that your DNS server can’t resolve locally. Instead of going through the root DNS hierarchy, your DNS server forwards those requests to a forwarder, streamlining resolution and improving performance.
Types of Forwarders
Type | Description |
Standard Forwarder | All unresolved queries are forwarded to another DNS server. |
Conditional Forwarder | Only queries for specific domains (e.g., contoso.com) are forwarded to a defined DNS server. Useful for internal networks and partner domains. |
Forwarders are especially useful in:
Reducing external DNS traffic
Speeding up name resolution via caching
Enforcing security and content filtering policies
🧹 What is DNS Scavenging?
Over time, DNS zones accumulate stale records—entries for devices that no longer exist or have changed IPs. DNS scavenging is the automated cleanup process that removes these outdated records.
Why It's Important:
Keeps DNS zones tidy and efficient
Prevents resolution errors due to stale data
Reduces administrative overhead
How It Works:
Scavenging relies on timestamped records (only dynamically created records are eligible)
It’s configured on both the server and zone levels
You define the ageing/scavenging interval to suit your environment (e.g., 7 days, 14 days)
⚠️ Be cautious with scavenging settings—incorrect configurations can lead to the unintended deletion of active records.
🛠️ DNS in an Active Directory Environment
In AD-integrated environments, DNS serves a dual purpose:
Facilitates locating domain controllers and services using SRV records (e.g., ldap.tcp.dc._msdcs.)
Stores AD zone data in Active Directory, allowing:
Secure and automatic replication across domain controllers
DNS record security via AD permissions
Dynamic DNS updates from domain-joined clients
✅ Best practice: Always install and configure DNS on at least two domain controllers for redundancy and load distribution.
🧾 Key Things to Remember Before and After Installing DNS
📌 Before Installation
Ensure the server has a static IP address
Plan DNS naming convention (e.g., internal zones should end in .local or company-specific domains)
Decide between a primary zone, a secondary zone, or an AD-integrated zone
Disable any unnecessary third-party firewall rules that block port 53
✅ After Installation
Configure forwarders to upstream DNS servers (like Google DNS 8.8.8.8 or your ISP)
Set up reverse lookup zones for proper IP-to-hostname resolution
Create the necessary host (A) and alias (CNAME) records
Validate installation using tools like nslookup, ping, and the DNS Manager console
Regularly monitor event logs and configure ageing/scavenging to prevent stale records
Hope you liked the article.
If you liked this article, do share the same. You can also Buy me a Coffee using Paypal at "paypal.me/duttaavijit", This is purely a volunteer effort. THANK YOU !!!