Subscribe to the TST RSS Feed

Train Signal RSS Feed

Subscribe to the TST RSS Feed to get Real-Time Updates

Train Signal RSS by Email

Or recieve our RSS Feed via Email

Install BIND DNS on Windows Web Server 2008 – Part 1

Posted on October 28th, 2008 by Dave Lawlor

Dave LawlorSince Windows Server 2003 there has been a low cost entry in the server SKUs and that has been the Windows Web Server edition.

The 2003 version of this edition was severely limited by licensing to what you could install and do on it, and was really only a solution for the most basic of web sites.

The 2008 version has had most of those limits removed and is now a much more viable alternative for hosts and companies looking for a economical Windows based web server running IIS7.

One of the most glaring oversights for this edition of Windows Web Server is the exclusion of the DNS role. I understand the argument from Microsoft that if you are running this edition of server more than likely your hosting company will have a DNS infrastructure in place and most users can and will use that.

I counter that with the fact that I like to control my own DNS name servers and records and do not like having to deal with a hosting company infrastructure that may or may not be streamlined for DNS requests.

I have read in various forums that the Server team is looking into this and it may change in the future, but for now we will have to find another solution for this problem.

This low cost (free) solution is going to be — installing BIND DNS on the server and configuring it to handle DNS queries.

Today I’ll focus on the installation part and in Part 2 I’ll show you how to configure BIND DNS on Windows Web Server 2008.


BIND DNS Server

BIND (Berkeley Internet Name Domain) is an open source implementation of Domain Name System (DNS) protocols distributed for free under the BSD License.

It is currently maintained on the Internet Systems Consortium and is used by the majority of the DNS servers on the Internet.

The current version we are going to be using in this article is BIND 9.5.0-P2-W2 (Windows-specific fixes). You can download the current version at:

http://www.isc.org/index.pl?/sw/bind/index.php

Creating a User Account for Bind

BIND requires a local user with only "Log on as a service" privilege. The installer will actually check for this, and if the user has more rights it will ask if you really want to use that ID.

The default user for the BIND installer is named, but you can do any other name you want.



1. Open the Computer Management console

2. Select Local Users and Groups and then right click on Users, select New User…



Install BIND DNS on Windows Web Server 2008 – 1

3. Fill in the new user information, I am going to use the following and then click Create before closing the New User window:

User name: named
Description: BIND DNS Account
Password: %password%
Confirm Password: %password%
Unselect: User must change password at next logon
Select: User cannot change password
Select: Password never expires



Install BIND DNS on Windows Web Server 2008 – 2

4. Now open the Local Security Policy MMC from the Administrative Tools Menu.



Install BIND DNS on Windows Web Server 2008 – 3

5. Expand Local Policies then select User Rights Assignment in the policy pane; scroll down and right click on Log on as a service, then left click Properties.



Install BIND DNS on Windows Web Server 2008 – 4

6. Click on Add User or Group…



Install BIND DNS on Windows Web Server 2008 – 5

7. Type in the user account you created, in our case the default named, then click Check Names to make sure you typed it correctly, then click Ok.



Install BIND DNS on Windows Web Server 2008 – 6

8. Click Ok to exit the properties box, and you should see the account listed now next to the Log on as a service policy.



Install BIND DNS on Windows Web Server 2008 – 7

That’s it for the user account for now. Later you will have to give the account you created read/write rights to the directory you install BIND into, but that will be covered in a bit.


Install BIND DNS on Windows Web Server 2008

This is where we will walk through the install and initial configuration of BIND DNS. Let’s get started!



1. Unzip the download and then click on BindInstall.exe to start the installation.

2. The installer will ask for the following information:

Target Directory: Your choice
Service Account Name: The account we created earlier
Service Account Password: Password used
Confirm Service Account Password: Password used

For options I am leaving the default , when you are done click Install



Install BIND DNS on Windows Web Server 2008 – 8

3. When you click on Install you might get a message saying the account has too many privileges, just click on No to continue. You can go in and strip out more of the accounts rights, but as a average user, the attack profile will be low.



Install BIND DNS on Windows Web Server 2008 – 9

4. After a few seconds you should see a message that states Bind installation completed successfully. Click Ok, and then click Exit on the installer.



Install BIND DNS on Windows Web Server 2008 – 10

5. We now want to go in and give the user account you have been using full read/write rights to the directory you installed BIND to.



Install BIND DNS on Windows Web Server 2008 – 11

You have now installed BIND on the server and set it up to run as a service. It is important to note that the installer does not copy over the help html files, so if you are going to need those you can move them to a convenient location yourself.


Summary

In this article we have installed BIND DNS on a Windows Web Server and set it up to run as a service under a local user.

Now since BIND DNS comes from the *NIX side of the house there is quite a bit more we have to do to configure this before it runs.

In the next article we will go through configuring BIND DNS with some demo configurations.


Did you find this article helpful?
Then grab our RSS Feed to receive all future articles directly!

Tags: , , , , , ,

5 Responses to “Install BIND DNS on Windows Web Server 2008 – Part 1”

  • Danny Mayer Says:

    November 11th, 2008 at 8:54 pm

    Why are you telling people to set up a named account? That is not necessary. The BINDInstall installer was designed to create an account directly with only the privileges required. You are telling people to create accounts quite unnecessarily. In addition your script adds it to the users group which it shouldn’t since it’s not a user. Users have far too many privileges. I went to a lot of trouble to minimize what it can do outside of what it’s supposed to do. The named account should be removed from the Users group. The only group it should be in is the None group.

    Please feel free to contact me directly if you have questions about this.

    Danny

  • thul Says:

    November 12th, 2008 at 6:16 am

    Good

  • Gravy S. Says:

    November 14th, 2008 at 11:30 pm

    There is no point in setting up a user account as BIND already does it for you

  • David Lawlor Says:

    November 17th, 2008 at 10:19 am

    I did mention that BIND will set it up for you, but I also walked people through who might not want to have a 3rd party install program create a user account blindly, or might want to use a different user name. Users can do either one, on top of that when I was running through it, there is no mention in the documentation that this build was tested on Server 2008, and I would rather be safer than sorry that I set something up and know what I did, then let an installer do it.

    I do appreciate the feedback though, and users will can definitely do either option that they feel comfortable with.

  • Charles Says:

    January 2nd, 2009 at 4:35 am

    Good article (other than as someone said about the user being created by the install…)

    Any tips for managing? I’ve used Webmin on Linux but seems the Webmin port for Windows is not functional (BIND managment that is…)

    Notepad for now but wouldn’t mind a bit of a GUI… I mean we’re talking WINDOWS here! :)

    Thanks!
    Charles

Leave A Comment: