Skip to content
MicrosoftLab.ch
Blog

DNS Configuration

DNS Servers

Section titled “DNS Servers”
ServerIPRole
srv-dc-zrh-0110.30.30.10Primary (Forest Root)
srv-dcc-zrh-0110.30.30.15Primary (Child Domain)

Forward Lookup Zones

Section titled “Forward Lookup Zones”
ZoneReplicationPrimary Server
microsoftlab.chForestsrv-dc-zrh-01
corp.microsoftlab.chForestsrv-dcc-zrh-01

Reverse Lookup Zones

Section titled “Reverse Lookup Zones”
Terminal window
# On srv-dc-zrh-01 (replicates to all DCs)


# VLAN 10 - MGMT
Add-DnsServerPrimaryZone -NetworkID "10.10.10.0/24" -ReplicationScope "Forest"


# VLAN 30 - Servers
Add-DnsServerPrimaryZone -NetworkID "10.30.30.0/24" -ReplicationScope "Forest"


# VLAN 40 - Clients (/22)
Add-DnsServerPrimaryZone -NetworkID "10.40.40.0/22" -ReplicationScope "Forest"


# VLAN 50 - DMZ
Add-DnsServerPrimaryZone -NetworkID "10.50.50.0/28" -ReplicationScope "Forest"


# VLAN 60 - VPN
Add-DnsServerPrimaryZone -NetworkID "10.60.60.0/24" -ReplicationScope "Forest"

DNS Records

Section titled “DNS Records”

Infrastructure Records (corp.microsoftlab.ch)

Section titled “Infrastructure Records (corp.microsoftlab.ch)”
Terminal window
# Switches
Add-DnsServerResourceRecordA -ZoneName "corp.microsoftlab.ch" -Name "sw-core-zrh-01" -IPv4Address "10.10.10.2"
Add-DnsServerResourceRecordA -ZoneName "corp.microsoftlab.ch" -Name "sw-dist-zrh-01" -IPv4Address "10.10.10.3"


# Proxmox Hosts
Add-DnsServerResourceRecordA -ZoneName "corp.microsoftlab.ch" -Name "srv-pve-zrh-01" -IPv4Address "10.10.10.11"
Add-DnsServerResourceRecordA -ZoneName "corp.microsoftlab.ch" -Name "srv-pve-zrh-02" -IPv4Address "10.10.10.12"


# Raspberry Pi
Add-DnsServerResourceRecordA -ZoneName "corp.microsoftlab.ch" -Name "srv-rpi-zrh-01" -IPv4Address "10.10.10.20"

PKI Round Robin (microsoftlab.ch)

Section titled “PKI Round Robin (microsoftlab.ch)”
Terminal window
# On Forest Root DC
Add-DnsServerResourceRecordA -ZoneName "microsoftlab.ch" -Name "pki" -IPv4Address "10.30.30.22"
Add-DnsServerResourceRecordA -ZoneName "microsoftlab.ch" -Name "pki" -IPv4Address "10.30.30.23"

PTR Records

Section titled “PTR Records”
Terminal window
# VLAN 10
Add-DnsServerResourceRecordPtr -ZoneName "10.10.10.in-addr.arpa" -Name "11" -PtrDomainName "srv-pve-zrh-01.corp.microsoftlab.ch"
Add-DnsServerResourceRecordPtr -ZoneName "10.10.10.in-addr.arpa" -Name "12" -PtrDomainName "srv-pve-zrh-02.corp.microsoftlab.ch"

DNS Best Practices Applied

Section titled “DNS Best Practices Applied”

DC DNS Settings

Section titled “DC DNS Settings”
DCNIC DNSWhy
srv-dc-zrh-01127.0.0.1Query self first
srv-dcc-zrh-01127.0.0.1Query self first

Forwarders (Forest Root only)

Section titled “Forwarders (Forest Root only)”
Terminal window
# On srv-dc-zrh-01 only
Add-DnsServerForwarder -IPAddress 1.1.1.1
Add-DnsServerForwarder -IPAddress 8.8.8.8
Set-DnsServerForwarder -UseRootHint $false

Child domain DC does NOT have external forwarders - it forwards to parent domain.