How to Install and Configure Microsoft DNS Server

System TipThis article applies to a different version of Windows than the one you are using. Content in this article may not be relevant to you.Visit the Windows 7 Solution Center
This article was previously published under Q172953
Expand all | Collapse all

Collapse imageOn This Page

Collapse imageSUMMARY

This article is designed as an introduction to the Microsoft Domain Name Service (DNS) included with Microsoft Windows NT Server 4.0. This guide will take you through the steps needed to install and configure DNS on your Windows NT Server.

For additional information on Domain Name Service, please see the following white paper available on the Microsoft anonymous ftp server:

File Name: Dnswp.exe
Location :
Title : “DNS and Microsoft Windows NT 4.0”


Installing Microsoft DNS

Use the following steps to install DNS on your Windows NT 4.0 Server:

  1. Click the Start button, point to Settings, and then click Control Panel. Double-click the Network icon, and then click the Services tab.
  2. Click Add, select Microsoft DNS Server from the Select Network Service dialog box, and then click OK.
  3. Type the location of your Windows NT source files, click OK, and then click Close.

    NOTE: If you have any service packs installed, you will need to re-apply your service pack before restarting your computer.

  4. Restart your computer.

Configuring Microsoft DNS

Gathering Information:

Before you actually begin configuring the DNS server, there is some basic information you will need. Some of this information must be approved by Internic for use on the Internet, but if you are configuring this server for internal use only, you can then decide what names and IP addresses to use. You will need:

  • Your domain name (must be approved by Internic)
  • The IP address of each server for which you wish to provide name resolution
  • The host names of each of the servers in step above

NOTE: The servers in the step above may be your mail servers, any public access servers, FTP servers, WWW servers, and so on.

For example, use the following information (substitute your actual information where appropriate):

   Domain Name: <>
   Servers:   <>
       <> (notice the same IP

Creating Your DNS Server:

Using the information above, configure your Microsoft DNS server by doing the following:

  1. Click the Start button, point to Programs, point to Administrative Tools, and then click DNS Manager.
  2. From the DNS menu, click New Server.
  3. Type the IP address of your DNS server in the Add DNS Server dialog box ( in the example information), and then click OK.

NOTE: It is not necessary to restart the DNS server for changes to your zones to take effect. All that is required is for the server data files to be updated using the following step:

  • In DNS Manager, right-click your DNS server, and click Update Server Data Files.

Creating Your Reverse Lookup Zone:

Some applications use a reverse query to a DNS server to find the host name of a host when it has the IP address of the computer. You must configure a reverse lookup zone to provide this capability.

NOTE: Reverse lookup zones may not be necessary in your network, but it is recommended that one be present. NSLOOKUP run on the DNS server will fail if no reverse lookup zone is configured.

To create a reverse lookup zone, perform the following steps:

  1. In DNS Manager, right-click your DNS server, and then click New Zone.
  2. Click Primary from the “Creating New Zone for” dialog box, and then click Next.
  3. The Zone Name is derived from your IP network address. In the example information, the Zone Name is Type your reverse zone name (the least significant part of the IP address, and work toward the most significant part of the address). For example:
       If your network ID is:         Then your reverse zone is:

    NOTE: The syntax of the reverse lookup zone is imperative to its operation.

  4. After you type the reverse lookup zone name, press Tab and the reverse lookup zone file name will automatically fill in using the zone name in step 3 appended by “.dns” (without the quotes).
  5. Click Next, and then click Finish.

Creating Your Forward Lookup Zone:

  1. In DNS Manager, right-click your server, and then click New Zone.
  2. Click Primary Zone, and then click Next.
  3. Type the Zone Name for your DNS domain. This is the domain name that is registered with Internic (<> in the example).
  4. Press Tab, click Next, and then click Finish.

When you have created the forward lookup zone, you should see three records automatically created in that zone: the NS record, the SOA record, and an A record. If you do not have all three of these, you may want to verify that your DNS settings in your TCP/IP properties are configured correctly (click the Start button, point to Settings, click Control Panel, and then double-click the Network icon).

NOTE: The A record will only be created if the zone name matches the domain name.

Adding Host Records to Your Forward Lookup Zone:

The A record for your DNS server should have been automatically created. However, DNS Manager does not automatically create the PTR record in the reverse zone for the DNS server. The simplest way to correct this is to use the following steps:

  1. Right-click the A record for your DNS server, and then click Delete Record.
  2. Click Yes in the confirmation dialog box.
  3. Right-click your forward zone, <>, and then click New Host.
  4. Type the host name of your DNS server and the IP address.
  5. Click Create Associated PTR Record to enable it and click Add Host.
  6. Click Done.

NOTE: Repeat steps 3-5 above for all of the servers that you want to add to your DNS domain.

To verify the PTR records are created successfully, right-click the reverse lookup zone, and then click Refresh.

Configuring Other Record Types

A DNS server can be responsible for several different record types. Some of them include, but are not limited to the following: A, CNAME, HINFO, MX, NS, and SOA. For details on these and other record types, please refer to the DNS white paper mentioned earlier in this article.

Creating A CNAME Record:

A CNAME record allows you to use multiple names for the same IP address. This way, you can have users access the same server for separate functions, such as and Before you can create the CNAME record, you must first have an A record, as described earlier.

To create a CNAME record, perform the following steps:

  1. Right-click your forward zone, <>, and click New Record.
  2. Select CNAME Record from the Record Type list box in the New Resource Record dialog box.
  3. Type an alternate name for access to this computer. For example, in the sample information earlier in this article, WWW is an alternate name for
  4. Type the original host name in “For Host DNS Name.” For example, <>.

    NOTE: It is important to use the fully-qualified domain name (FQDN) for the originating host DNS name.

  5. Click OK.

Now when your users make a query for either of these host names, your DNS server will return the same IP address.

Creating an MX Record:

An MX Record is a Mail Exchange record that points mail programs to your mail servers. To create an MX record, perform the following steps:

  1. Right-click your forward lookup zone, <> and then click New Record.
  2. Select MX Record from the Record Type list box in the New Resource Record dialog box.
  3. The Host Name (Optional) field is used for the host name of the mail server. However, if you want users to be able to send mail to your domain using the format, then leave the Host Name field blank. NOTE: If the MX record contains the hostname, sending mail to may not work. There are three ways to resolve this. First, remove the hostname from the MX record as described in step 3. Second, after the MX record is created with the hostname, create an “A” record for the domain that has no hostname. Third, delete the existing MX record and re-create as described in steps one through six in the Creating an MX record section of this article.
  4. Type the FQDN of the mail server in the Mail Exchange Server DNS Name, for example,

    NOTE: There is a trailing dot, “.”, after the Mail Exchange Server DNS Name. The FQDN that is used for the Mail Exchange Server must have a corresponding A record for that domain. If the Mail Exchange Server is a different computer than the DNS Server, the DNS Server must know where to redirect the mail traffic.

  5. The Preference Number is any number from 0 to 65535. In the case of multiple mail servers, this number identifies which mail server is to be used first. The lower the preference number, the higher the priority.
  6. Click OK.

For additional information, please see the following article in the Microsoft Knowledge Base:

174419 How to Configure a Subnetted Reverse Lookup Zone on Windows NT

Dev Environment: Install and configure BIND DNS Server in Windows 7

Power up your Web Developer environment installing Bind 9 DNS Server. Specially it will delight you if you are using VirtualBox or Vagrant to run your Back-end stack, but your browser still is in the Host OS, in this case Windows (More about this in the next blog post)

These are the main benefits you will get:

  • You want to have a domain *.dev or *.l being resolved to your localhost or IP of your Virtual Machine.
  • It allows you to run complex forwarding rules, including port forwarding. Forget the limitations of the Windows hosts file.
  • Bind acts also as local DNS Cache: maximum performance when browsing. (*)
  • With the Bind installation you will get all those yummy linux network tools: dig, nslook, nsupdate, etc in your Windows Command shell.

The caveat it’s that Bind it’s not that easy to configure. That’s the reason I created this tutorial:
Let’s go:

1. Download BIND (latest release now is 9.9.1-P3)

2. Let’s start with the Installation:

BIND Installation window

In the installer window, leave the default name “named” and password.

3. In System Properties => Environment Variables, find the variable PATH and append the string ;%SYSTEMROOT%\SysWOW64\dns\bin; (in case of Windows 64 bits) or ;%SYSTEMROOT%\system32\dns\bin; for Windows 32 bits.

4. Search for the DOS prompt cmd.exe and important!, right click and “Start as administrator”. Now browse to:
or in Windows 32 bits:

5.. By default the dns\etc folder is empty. Not for long. Execute the command:

rndc-confgen -a

This will create a file rndc.key.

In some tutorials you will see a extra step to create a rndc.conf file. That is not needed. If you do it. you will end up probably with messages like this when trying to “rndc reload”:
WARNING: key file (rndc.key) exists, but using default configuration file (rndc.conf) (See)

Also you don’t need to create a resolv.conf file, since Bind will look in the registry for the required nameserver information.

7. BIND Configuration files:

Let’s configure Bind. It’s better to run notepad commands directly from the already opened “Admin” shell, so you won’t have Access denied problems later when saving the file.

notepad named.conf

Copy/paste this configuration:

options {        
  directory "c:\windows\SysWOW64\dns\etc";
  allow-transfer { none; };

  channel my_log{
    file "named.log" versions 3 size 2m;
    severity info;
    print-time yes;
    print-severity yes;
    print-category yes;
  category default{

At the beginning, is useful a verbose log with severity: info. Later when you get the DNS server working, change it to severity: warning.
All the options for the logging are explained here.

There is no controls statement, so the default configuration will be Bind running on port 953.
If you are curious, the full list of statements that can be used (with default values in bold).

Use that IP in your DNS configuration of your Internet Connection, and you will start using Bind to resolve DNS lookups.

8. Search for “Services” in the Windows Start Menu and find in the list ISC BIND and start it.

If for some reason it’s not working and you are trying different BIND configurations, check the named.log file for hints.

Each time you change the configuration you will need to follow these 2 steps, in this order:

ipconfig /flushdns
rndc reload

Or you can reload the BIND Service from the GUI too. See the screenshot:

That’s all.
You should be able to surf the web normally and you could disable the Windows built-in DNS Cache Client (in the Services).

The purpose of this first part is to have a minimalistic configuration to get BIND running with logging so it’s easier to debug if you run into problems.

But with this configuration, you are letting Bind to resolve the DNS using its built-in list of root name servers, a quite slow process. DNS Lookups can take as much as 3 seconds.

You can tell to Bind to forward the requests to a faster DNS services, like Google’s

Change the options of your named.conf to add the “forwarders” line:

options {        
  directory "c:\windows\SysWOW64\dns\etc";  
  forwarders {;;};
  allow-transfer { none; };

Restart the ISC BIND Service. Now the DNS lookups are taking in my case about 22ms-40ms

If you want to optimize your DNS configuration, run some Benchmark with any of these tools: GRC DNS Benchmarking or NameBench. Here are some screenshots from Helsinki, a Welho Cable connection:

Let’s explore more advanced configuration and options in the next blog post. I will post it in Twitter or by RSS.

Extra: Tips for debugging DNS issues and more

Hint: Almost every DNS problem I had configuring BIND and testing were because a DNS Cache in my way:

Query logs

This useful command will make that all DNS lookups are logged in the named.log file. If you reload the service, it will stop.

rndc querylog

About the internal Windows DNS Cache

You can locate this Service by the name “DNS Client”. Related commands:

    • To inspect the Windows DNS Cache: ipconfig /displaydns.
    • To clear the Windows DNS Cache: ipconfig /flushdns.

Tip: Create a shortcut in the Desktop with the value "C:\Windows\System32\ipconfig.exe /flushdns"

What’s the benefit of Bind as your DNS Cache, instead of Windows DNS Local Cache?
I don’t think there are any performance benefits, and both caches are non-persistent, in the way that rebooting the computer will clear the DNS Caches.
But one adventage of using Bind, it’s that you can disable then the Windows DNS Cache and protect against some DNS Poisioning attacks due of malicious software manipulating the Windows DNS cache.

Talking about security, preparing this post I’ve seen multiple articles article about blacklisting DNS domains using some huge hosts files. (Those can be converted to Bind zone files). I don’t use them, but it’s nice to know that exists.

Dig and nslookup own DNS Cache

The dig and nslookup commands are quite independent from Windows. These commands use their own DNS Cache, and they bypass the Windows DNS Cache.
For example. If Windows DNS Cache has already cached (see with command ipconfig /displaydns), and you stop the DNS Cache Service, then dig will not work. In the other hand, ping will work, because ping will consult the Windows DNS Cache before hitting the DNS Server.

About your browser DNS Cache

When debugging issues about DNS, remember that your browser also stores internally the DNS lookups.
Normally a CTRL + F5 should be enough to clear.
This (one year old) chart shows you specific times:


About Fiddler

If you use fantastic tool Fiddler, be aware that has its own DNS Cache that will interfere with your tests. Look my Stackoverflow question, where Eric answered. After following that advice, it’s the most reliable tool I’ve found to inspect DNS lookups.

About Firebug

I wouldn’t rely on the DNS Lookup Time of the Network tab. Always is 0 ms, even when it takes several seconds for the DNS request.

About Navigation Timing API

Todo: Test accuracy of Navigation Timing API. I will update soon.

Extra: Resources.

The single best guide for BIND I found is the book Pro DNS and BIND, available for free, who has also installation guides for every OS, including Windows 7.


The most widely used Name Server Software

BIND is open source software that implements the Domain Name System (DNS) protocols for the Internet. It is a reference implementation of those protocols, but it is also production-grade software, suitable for use in high-volume and high-reliability applications.

BIND is by far the most widely used DNS software on the Internet, providing a robust and stable platform on top of which organizations can build distributed computing systems with the knowledge that those systems are fully compliant with published DNS standards.


One thought on “How to Install and Configure Microsoft DNS Server

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s