DNS Root Hints in Windows 2003
Root Hints are a vital cog in configuring your DNS Server. If your server receives a query for an unknown domain, then the root hints give a clue as to where to search for the answer. Maybe you were lucky and the root hints magically configured themselves correctly. Perhaps it was a triumph for planning that you examined the root hints as soon as you ran DCPROMO. However, in my opinion you cannot be a successful DNS troubleshooter without understanding root hints.
Topics for DNS Root Hints
- Finding Root Hints
- Root Hint Choices
- Configuration if legitimately connected to the Internet
- Alternative ‘.’ Root Configuration
- Reversing your Root Hint Actions
- Summary of Root Hints
Root hints are pointers to top level DNS servers on the internet. Every Windows server comes pre-configured with a physical file called cache.dns. Inside cache.dns are the IP addresses of a dozen ‘well-known’ servers which hold information about the .com, .net, .org and other top level domains (TLD). You can inspect this file in the %systemroot%\windows32\dns\samples folder.
Here is what the cache.dns file looks like in notepad.
; formerly NS.INTERNIC.NET
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 22.214.171.124
I know it’s obvious but you have to be connected to the internet to take advantage of root hints. The point is that if your DNS server is not connected to the internet then you these root hints are a liability as they will not work and only introduce time delays while queries try and contact unreachable IP addresses.
Another problem is that you are connected to the internet but there is a conflict between the DNS name you are using internally and the same domain name that is registered on the internet. Confusion may be caused by your web server or your Exchange server registering the same domain name but with a different IP address. For instance your ISP or InterNic may have legitimately assigned a different IP address for your domain name.
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
Perhaps the NPM’s best feature is the way it suggests solutions to network problems. Its second best feature is the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you give this Network Performance Monitor a try.
I use legitimate to mean a valid, conflict free IP address and domain name. In this instance go with the default. Check the DNS Server, Properties, Root Hints tab. (Note, start at the Server Icon, not the Zone Folder.)
Test your forward and reverse lookups by clicking on the Monitoring Tab visible from your server properties. You may also be able to see the Monitoring Tab on the above diagram.
Where your server is not connected to the internet you need to take action and create a ‘.’ domain on your DNS Server. You also need this configuration if there is a conflict between your local domain name and domain name on the internet.
The solution is simple and elegant, create a local ‘.‘ root domain.
All that you need to do is expand your DNS server and right-click Forward Lookup Zone, choose New Zone, and name it ‘.‘ (some call this character a dot others a period).
The result of your configuration is that when you return to examine the root hints, there are no servers listed, the Fully Qualified Domain Name box should be ‘greyed out’.
When managing your DNS Server there are many instances when restarting the DNS Server produces the desired effect of a refresh. The easiest way to restart DNS, is right-click the Server Icon and select All Tasks.
Sometimes when troubleshooting, in desperation you start ripping out configurations that the server needs. If you made a mistake, or circumstances dictate that you need to recreate those original root hint pointers, then simply delete the ‘.‘ domain.
If deleting the root domain on your serve did not work then try Copy from the server and type the IP address of another of your DNS Servers (Other Domain Controller?)., or copy from the %systemroot%\system32\dns\sample folder.
Root Hints provide a link between your DNS Server and top level DNS Servers on the internet. As these IP addresses remain constant, Microsoft automatically load them into your DNS Server’s root hints. All is well unless your server is not allowed to connect to the internet, in which case you need to configure your own ‘.‘ local Root domain.
If you like this page then please share it with your friends
Related DNS Server topics
- New Features for DNS in Windows Server 2003
- DNS – Names & Namespace
- Types of DNS Zone
- Conditional Forwarding
- Installing DNS Server
- DNS Queries
- Root Hints
- Resource Records
- DNS Naming Rules
- Basic DNS Server Troubleshooting
- Advanced DNS Troubleshooting
- Debug Logging for DNS in Windows Server 2003
- DNSLint – Utility