DNS Root Hints in Windows 2003

Root Hints are a vital cog in configuring your DNS Server. If your server receives a query for an unknown domain, then the root hints give a clue as to where to search for the answer. Maybe you were lucky and the root hints magically configured themselves correctly. Perhaps it was a triumph for planning that you examined the root hints as soon as you ran DCPROMO. However, in my opinion you cannot be a successful DNS troubleshooter without understanding root hints.

Topics for DNS Root Hints

  1. Finding Root Hints
  2. Root Hint Choices
  3. Configuration if legitimately connected to the Internet
  4. Alternative '.' Root Configuration
  5. Reversing your Root Hint Actions
  6. Summary of Root Hints

Finding Root Hints

Root hints are pointers to top level DNS servers on the internet. Every Windows server comes pre-configured with a physical file called cache.dns. Inside cache.dns are the IP addresses of a dozen 'well known' servers which hold information about the .com, .net, .org and other top level domains (TLD). You can inspect this file in the %systemroot%\windows32\dns\samples folder.

Here is what the cache.dns file looks like in notepad.

  ; formerly NS.INTERNIC.NET

Root Hint Choices

I know it's obvious but you have to be connected to the internet to take advantage of root hints. The point is that if your DNS server is not connected to the internet then you these root hints are a liability as they will not work and only introduce time delays while queries try and contact unreachable IP addresses.

Another problem is that you are connected to the internet but there is a conflict between the DNS name you are using internally and the same domain name that is registered on the internet. Confusion may be caused by your web server or your Exchange server registering the same domain name but with a different IP address. For instance your ISP or InterNic may have legitimately assigned a different IP address for your domain name.

Configuration if legitimately connected to the Internet

I use legitimate to mean a valid, conflict free IP address and domain name. In this instance go with the default. Check the DNS Server, Properties, Root Hints tab. (Note, start at the Server Icon, not the Zone Folder.)

Test your forward and reverse lookups by clicking on the Monitoring Tab visible from your server properties. You may also be able to see the Monitoring Tab on the above diagram.

Alternative '.' Root Configuration

Where your server is not connected to the internet you need to take action and create a '.' domain on your DNS Server. You also need this configuration if there is a conflict between your local domain name and domain name on the internet.

The solution is simple and elegant, create a local '.' root domain.

All that you need to do is expand your DNS server and right click Forward Lookup Zone, choose New Zone, and name it '.' (some call this character a dot others a period).

The result of your configuration is that when you return to examine the root hints, there are no servers listed, the Fully Qualified Domain Name box should be 'greyed out'.

When managing your DNS Server there are many instances when restarting the DNS Server produces the desired effect of a refresh. The easiest way to restart DNS, is right click the Server Icon and select All Tasks.

Reversing your Root Hint Actions

Sometimes when troubleshooting, in desperation you start ripping out configurations that the server needs. If you made a mistake, or circumstances dictate that you need to recreate those original root hint pointers, then simply delete the '.' domain.

If deleting the root domain on your serve did not work then try Copy from the server and type the IP address of another of your DNS Servers (Other Domain Controller?)., or copy from the %systemroot%\system32\dns\sample folder.