Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Use of Root Hints servers

0 views
Skip to first unread message

gjb

unread,
Jun 4, 2004, 6:12:47 AM6/4/04
to
Hi,

Our AD DNS servers are set to forward requests to another internal UNIX DNS
server which in turn forwards external name requests to our ISP.
On the DNS settings the roots hints tab has a no of entries.
I have to admit to some (a lot?) of confusion as to how forwarding vs root
hints works.
Does enabling forwarding effectively disable root hints or should I delete
the root hint entries?
Any help greatly appreciated.

Regards,

Gerry


Martin H.T. Ngo

unread,
Jun 4, 2004, 7:53:43 AM6/4/04
to
I just did a lot of reading on Windows Server 2003 DNS
last month in preparation for my company's AD rollout.
Here is what I found about the root hints. They should
answer your questions.
1) If you do not set up any DNS forwarders on your DNS
server, it will use the default root hints (%SystemRoot%
\System32\DNS\Cache.dns file) to resolve Internet hosts.
2) From http://support.microsoft.com/default.aspx?
scid=kb;en-us;323380: Windows can use root hints. The Root
Hints resource records can be stored in either Active
Directory or in a text file (%SystemRoot%\System32
\DNS\Cache.dns). Windows uses the standard Internic root
server. Also, when a server running Windows Server 2003
queries a root server, it updates itself with the most
recent list of root servers.
3) You can set your DNS server as a slave to your ISP's or
your internal UNIX DNS. You do this by setting those DNS
servers as forwarders for "All other DNS domains" and
checking the option "Do not use recursion for this
domain." In this case, if those DNS servers are
inaccessible, your DNS server will not try to resolve any
names outside of its authoritative zones or not in its
cache, hence preventing your DNS server from trying to
communicate directly with other DNS servers using the root
hints. If you want to test this, put in an invalid
forwarder for "All other DNS domains" and check the
option "Do not use recursion for this domain." Once you do
this, any new queries will fail (make sure you try to
resolve a completely new name, otherwise you could have
the name in your cache or the DNS server's cache.

Cheers,
Martin

Sharad Naik

unread,
Jun 5, 2004, 4:55:03 AM6/5/04
to
Don't delete root hints.
When you are using forwarders, and the forwarder is un-available for any
reason, your DNS will use root hints.

Further you mention that the AD DNS is set to forward to internal UNIX DNS.
Now if there are some internal records on UNIX DNS, which your client will
need, then
If you use Roots hins, those queries will fail.

Sharad

"gjb" <flea...@tiscali.co.uk> wrote in message
news:%23LbOXyh...@TK2MSFTNGP10.phx.gbl...

Jonathan de Boyne Pollard

unread,
Jun 5, 2004, 1:37:11 PM6/5/04
to
g> I have to admit to some (a lot?) of confusion as to how
g> forwarding vs root hints works.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/bind-big-picture.html>

g> Does enabling forwarding effectively disable root hints

Not necessarily. One can choose either to have one's server perform
forwarding _first_, and try resolving if forwarding fails; or to have
one's server perform forwarding _only_.

In ISC's BIND, the option that controls this has the settings "first"
and "only". In Microsoft's DNS server, the option that controls this
is egregiously mis-named "do not use recursion". (Saying not to "use
recursion" does not, in fact, stop the server from using recursion.
Recursion is where a server sends back-end queries to another server.
So forwarding is recursion. The option merely stops _one particular
kind_ of recursion from being used.)

g> should I delete the root hint entries?

No.

0 new messages