Since Windows Server 2003 there has been a low cost entry in the server SKUs and that has been the Windows Web Server edition.
The 2003 version of this edition was severely limited by licensing to what you could install and do on it, and was really only a solution for the most basic of web sites. The 2008 version has had most of those limits removed and is now a much more viable alternative for hosts and companies looking for an economical Windows based web server running IIS7.
One of the most glaring oversights for this edition of Windows Web Server is the exclusion of the DNS role. I understand the argument from Microsoft that if you are running this edition of server more than likely your hosting company will have a DNS infrastructure in place and most users can and will use that.
I counter that with the fact that I like to control my own DNS name servers and records and do not like having to deal with a hosting company infrastructure that may or may not be streamlined for DNS requests.
I have read in various forums that the Server team is looking into this and it may change in the future, but for now we will have to find another solution for this problem. This low cost (free) solution is going to be — installing BIND DNS on the server and configuring it to handle DNS queries.
Today I’ll focus on the installation part and in Part 2 I’ll show you how to configure BIND DNS on Windows Web Server 2008.
BIND DNS Server
BIND (Berkeley Internet Name Domain) is an open source implementation of Domain Name System (DNS) protocols distributed for free under the BSD License. It is currently maintained on the Internet Systems Consortium and is used by the majority of the DNS servers on the Internet.
The current version we are going to be using in this article is BIND 9.5.0-P2-W2 (Windows-specific fixes). You can download the current version at:
Creating a User Account for BIND
BIND requires a local user with only "Log on as a service" privilege. The installer will actually check for this, and if the user has more rights it will ask if you really want to use that ID. The default user for the BIND installer is named, but you can do any other name you want.
1. Open the Computer Management console
2. Select Local Users and Groups and then right click on Users, select New User…
3. Fill in the new user information, I am going to use the following and then clickCreate before closing the New User window:
User name: named
Description: BIND DNS Account
Password: %password%
Confirm Password: %password%
Unselect: User must change password at next logon
Select: User cannot change password
Select: Password never expires
4. Now open the Local Security Policy MMC from the Administrative Tools Menu.
5. Expand Local Policies then select User Rights Assignment in the policy pane; scroll down and right click on Log on as a service, then left clickProperties.
6. Click on Add User or Group…
7. Type in the user account you created, in our case the default named, then clickCheck Names to make sure you typed it correctly, then click Ok.
8. Click Ok to exit the properties box, and you should see the account listed now next to the Log on as a service policy.
That’s it for the user account for now. Later you will have to give the account you created read/write rights to the directory you install BIND into, but that will be covered in a bit.
Install BIND DNS on Windows Web Server 2008
This is where we will walk through the install and initial configuration of BIND DNS. Let’s get started!
1. Unzip the download and then click on BindInstall.exe to start the installation.
2. The installer will ask for the following information:
Target Directory: Your choice
Service Account Name: The account we created earlier
Service Account Password: Password used
Confirm Service Account Password: Password used
For options I am leaving the default , when you are done click Install
3. When you click on Install you might get a message saying the account has too many privileges, just click on No to continue. You can go in and strip out more of the accounts rights, but as a average user, the attack profile will be low.
4. After a few seconds you should see a message that states Bind installation completed successfully. Click Ok, and then click Exit on the installer.
5. We now want to go in and give the user account you have been using full read/write rights to the directory you installed BIND to.
You have now installed BIND on the server and set it up to run as a service. It is important to note that the installer does not copy over the help html files, so if you are going to need those you can move them to a convenient location yourself.
Summary
In this article we have installed BIND DNS on a Windows Web Server and set it up to run as a service under a local user. Now since BIND DNS comes from the *NIX side of the house there is quite a bit more we have to do to configure this before it runs.
In the next article we will go through configuring BIND DNS with some demo configurations.