infomration on dns
Post on 02-Jun-2018
218 Views
Preview:
TRANSCRIPT
-
8/10/2019 Infomration on DNS
1/255
My Collection
This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without
notice. This document does not provide you with any legal rights to any intellectual property in any Microsoft product or product name. You may copy and use
this document for your internal, reference purposes. You may modify this document for your internal, reference purposes. 2013 Microsoft. All rights reserved.
Terms of Use (http://technet.microsoft.com/cc300389.aspx) | Trademarks (http://www.microsoft.com/library/toolbar/3.0/trademarks/en-us.mspx)
-
8/10/2019 Infomration on DNS
2/255
Table Of ContentsChapter 1
DNS Server OverviewAdministering DNS OperationsIntroduction to Administering DNS OperationsManaging DNSDNS Operations Guide
http://technet.microsoft.com/en-us/library/cc786690(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc776929(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc739114(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc740026(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc770392(v=ws.10).aspx -
8/10/2019 Infomration on DNS
3/255
Chapter 1
-
8/10/2019 Infomration on DNS
4/255
DNS Server Overview
Applies To: Windows Server 2008
By using the Domain Name System (DNS) server role, you can provide a primary name resolution process for users on your network. The name resolution process enables
users to locate computers on the network by querying for a user-friendly computer name instead of an IP address. A computer running the DNS server role can host the
records of a distributed DNS database and use the records to resolve DNS name queries that are sent by DNS client computers. These queries can include requests such
as the names of Web sites or computers in your network or on the Internet.
You can also integrate the DNS server role with Active Directory Domain Services (AD DS) to store and replicate DNS zones. This makes multimaster replication possible,along with more secure transmission of DNS data. In turn, AD DS requires DNS so that clients can locate domain controllers.
In the following sections, learn more about the DNS server role, the required and optional features in the DNS server role, and hardware and software for running it. In
addition, learn how to open the administrative tool for the DNS server role and how to find more information about it.
What is the DNS server role?DNS is a system for naming computers and network services that organizes them into a hierarchy of domains. DNS naming is used on TCP/IP networks, such as the
Internet, to locate computers and services with user-friendly names. When a user enters the DNS name of a computer in an application, DNS clients and servers work
together to look up the name and provide other information that is associated with the computer, such as its IP address or services that it provides for the network. This
process is called name resolution.
The DNS server role makes it possible for a server running Windows Server 2008 to act as a name resolution server for a TCP/IP network. The network can contain
computers running Windows as well as computers running other operating systems. The DNS service in Windows Server 2008 is tightly integrated with Dynamic Host
Configuration Protocol (DHCP) so that Windows-based DHCP clients and Windows-based DHCP servers automatically register host names and IP addresses on the DNS
server for the appropriate domain.
Typically, Windows Server 2008 DNS is integrated with AD DS. In this environment, DNS namespaces mirror the Active Directory forests and domains for an organization.
Network hosts and services are configured with DNS names so that they can be located in the network, and they are also configured with DNS servers that resolve the
names of Active Directory domain controllers.
Windows Server 2008 DNS is also often deployed as a nonAD DS, or "standard," DNS solution. For example, it can be deployed for the purposes of hosting the Internet
presence of an organization.
The Windows Server 2008 DNS server service supports and complies with standards that are specified in the set of DNS Requests for Comments (RFCs). Therefore, it is
fully compatible with any other RFC-compliant DNS server. A DNS client resolver is included as a service in all client and server versions of the Windows operating system.
New features in the DNS server roleThe central feature of the DNS server role is the DNS Server service. This service provides a DNS server that is fully compliant with industry standards, and it supports all
standards-compliant DNS clients. You can administer a Windows Server 2008 DNS server by using a Microsoft Management Console (MMC) snap-in as well as a number
of command-line tools.
Windows Server 2008 supports the new features in the following table.
Feature Description
DNAME
resource
record
support
The DNAME resource record provides nonterminal domain name redirection. That is, unlike the CNAME record, which creates an alias for a single node
only, a single DNAME resource record causes the renaming of a root and all descendents in a domain namespace subtree. This makes it possible for
organizations to rename a portion of their domain namespacefor example, to merge two namespaces as a result of a business acquisition.
Support
for IPv6
addresses
Internet Protocol version 6 (IPv6) specifies addresses that are 128 bits in length, compared to IP version 4 (IPv4) addresses, which are 32 bits long. This
greater length allows for a much greater number of globally unique addresses, which are required to accommodate the explosive growth of the Internet
around the world. IPv6 also provides for better routing and network autoconfiguration. The DNS server in Windows Server 2008 now supports IPv6
addresses as fully as it supports IPv4 addresses.
Read-only
domain
controller
support
Windows Server 2008 introduces a new type of domain controller, the read-only domain controller (RODC). An RODC provides, in effect, a shadow copy of
a domain controller. You can install it in locations where physical security cannot be guaranteed, such as branch offices.
To support RODCs, the DNS server in Windows Server 2008 supports a new type of zone, the primary read-only zone (also sometimes referred to as a
branch office zone). The primary read-only zone is created automatically when a computer running the DNS server role is promoted to be an RODC. The
zone contains a read-only copy of the DNS data that is stored in the read-only AD DS database on the RODC.
The writeable version of the data is stored on a centrally located domain controller, such as a hub site domain controller. The DNS zone data on the RODC
is updated when the DNS data is replicated from the centrally located domain controllers to the RODC according to the configured replication schedule.
The administrator of the RODC can view the contents of the read-only primary zone, but only a domain administrator with permissions on the centrally
located domain controller can change the zone data.
Single-
label
name
resolution
The DNS Server service now supports a special zone called the GlobalNames zone to hold single-label host names. This zone can be replicated across an
entire forest, so that single-label host names (for example, webserver1) can be resolved throughout the forest without the use of the Windows Internet
Naming System (WINS) protocol. Although the GlobalNames zone is not intended to provide peer-to-peer single-label name resolution, you can use it to
simplify the location of servers and intranet Web sites, for example.
Hardware and software considerationsUse performance counters, testing in the lab, data from existing hardware in a production environment, and pilot roll-outs to determine the hardware capacity that is
necessary for your server.
Note
-
8/10/2019 Infomration on DNS
5/255
A limited set of server roles is available for the Server Core installation option of Windows Server 2008 and for Windows Server 2008 for Itanium-Based Systems.
Typical DNS server hardware recommendations include the following:
Single-processor computers with 400-megahertz (MHz) Pentium II CPUs
512 megabytes (MB) of RAM for each processor
At least 4 gigabytes (GB) of available hard disk space
A network adapter
Using faster CPUs, more RAM, and larger hard drives improve the scalability and performance of your DNS servers. DNS servers use approximately 100 bytes of RAM for
each resource record. Using this figure, which you can obtain by looking at each zone in the DNS snap-in, you can calculate how much memory you need.
Installing a DNS serverAfter you finish installing the operating system, a list of initial configuration tasks appears. To install a DNS server, in the list of tasks, click Add roles, and then click DNS
server.
Managing a DNS serverYou can manage server roles with MMC snap-ins. Use the DNS snap-in to manage a DNS server. To open the DNS snap-in, click Start, point to Administrative Tools, and
then click DNS.
For more informationTo learn more about the DNS server role, you can view the Help on your server. To view the Help, open the DNS snap-in as described in the previous section, and then
press F1.
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
6/255
Administering DNS Operations
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
This Domain Name System (DNS) Administering guide provides administering information for DNS in the Microsoft Windows Server 2003 with Service Pack 1 (SP1)
operating system.
n this guide
Introduction to Administering DNS Operations
Managing DNS
Monitoring DNS
Optimizing DNS
Securing DNS
This DNS Administering guide provides detailed procedures for managing DNS servers, clients, and resource records. It also provides procedures for monitoring,
optimizing, and securing your DNS infrastructure. For most procedures, this guide provides both a user interface (UI) and a command-line method of performing each
procedure. In addition, this guide provides sample scripts for the most frequently used, repetitive tasks.
2014 Microsoft. All rights reserved.
http://technet.microsoft.com/en-us/library/cc785404(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc757837(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc786430(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc776929(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc739114(v=ws.10).aspx -
8/10/2019 Infomration on DNS
7/255
Introduction to Administering DNS Operations
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
This guide explains how to administer Microsoft Domain Name System (DNS). These activities are part of the operating phase of the information technology (IT) life cycle. If
you are not familiar with this guide, review the following sections of this introduction.
When to Use This GuideYou should use this guide when:
You want to manage DNS servers.
You want to manage DNS clients.
This guide assumes a basic understanding of what DNS is, how it works, and why your organization uses it for name resolution. You should also have a thorough
understanding of how DNS is deployed and managed in your organization. This includes an understanding of the mechanism that your organization uses to configure and
manage DNS settings.
This guide can be used by organizations that have deployed Windows Server 2003 Service Pack 1 (SP1). It includes information that is relevant to different roles within an IT
organization, including IT operations management and administrators. This guide contains high-level information that is required to plan a DNS operations environment,
along with management-level knowledge of the DNS and IT processes that are required to operate it.
In addition, this guide contains more detailed procedures that are designed for operators who have varied levels of expertise and experience. Although the procedures
provide operator guidance from start to finish, operators must have a basic proficiency with Microsoft Management Console (MMC) and snap-ins and know how to start
administrative programs and access the command line. If operators are not familiar with DNS, it might be necessary for IT planners or managers to review the relevant
operations in this guide and provide the operators with parameters or data that must be entered when the operations are performed.
How to Use This GuideThe operations areas are divided into the following types of content:
Objectives are high-level goals for managing, monitoring, optimizing, and securing DNS. Each objective consists of one or more high-level tasks that describe how
the objective is accomplished. In this guide, Managing Domain Name System Serversis an example of an objective.
Tasks are used to group related procedures and provide general guidance for achieving the goals of an objective. In this guide, Modifying an Existing DNS Serveris
an example of a task.
Procedures provide step-by-step instructions for completing tasks. In this guide, Change the name-checking method of a DNS serveris an example of a procedure.
If you are an IT manager who will be delegating tasks to operators in your organization, you will want to:
Read through the objectives and tasks to determine how to delegate permissions and whether you need to install tools before operators perform the procedures
for each task.
Before assigning tasks to individual operators, ensure that you have all the tools installed where operators can use them.
When necessary, create tear sheets for each task that operators perform in your organization. Cut and paste the task and its related procedures into a separate
document and then either print these documents or store them online, depending on the preference of your organization.
2014 Microsoft. All rights reserved.
http://technet.microsoft.com/en-us/library/cc778087(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc778087(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc781585(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc756953(v=ws.10).aspx -
8/10/2019 Infomration on DNS
8/255
Managing DNS
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
This guide describes processes and procedures for improving the management of Windows Server 2003 Domain Name System (DNS) in your network infrastructure.
Ensuring that DNS is functioning properly helps increase system availability for your users.
The following tasks for managing DNS are described in this objective:
Managing Domain Name System Servers
Managing Domain Name System Clients
Managing Domain Name System Zones
Managing DNS Resource Records
2014 Microsoft. All rights reserved.
http://technet.microsoft.com/en-us/library/cc781268(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc779614(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc737828(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc756953(v=ws.10).aspx -
8/10/2019 Infomration on DNS
9/255
Managing Domain Name System Servers
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The following tasks for managing Domain Name System (DNS) servers are described in this objective:
Adding a Primary DNS Server to an Existing Zone
Adding a Secondary DNS Server
Modifying an Existing DNS Server
Using Forwarders to Manage DNS Servers
Removing a DNS Server from the Network
Using DNS Aging and Scavenging
2014 Microsoft. All rights reserved.
http://technet.microsoft.com/en-us/library/cc757041(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc782669(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc737178(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc781585(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc776953(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc784330(v=ws.10).aspx -
8/10/2019 Infomration on DNS
10/255
Adding a Primary DNS Server to an Existing Zone
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
If you are installing Domain Name System (DNS) with Active Directory, use the Active Directory Installation Wizard option to automatically install and configure a local DNS
server. This option installs the DNS Server service on the computer where you are running the wizard, and it configures the computer's preferred DNS server setting to use
the new local DNS server. Configure any other computers that join this domain to use this DNS server's Internet Protocol (IP) address as their preferred DNS server.
If you are installing DNS on a member server, use the procedures in this task.
It is recommended that you manually configure the computer to use a static IP address. If the DNS server is configured to use Dynamic Host Configuration Protocol
DHCPassigned dynamic addresses, when the DHCP server assigns a new IP address to the DNS server, the DNS clients that are configured to use that DNS server's
previous IP address will be unable to resolve the previous IP address and locate the DNS server.
After you install a DNS server, you can decide how to administer it and its zones. Although you can use a text editor to make changes to server boot and zone files, this
method is not recommended. The DNS console and the DNS command-line tool, Dnscmd, simplify maintenance of these files, and they should be used whenever possible.
After you begin managing these files by using the console or the command line, editing them manually is not recommended.
You can administer DNS zones that are stored in Active Directory by using the DNS console or the Dnscmd command-line tool only. These zones cannot be administered
by using a text editor.
If you uninstall a DNS server that hosts Active Directory-integrated zones, these zones are saved or deleted according to their storage type. For all storage types, the zone
data is stored on other domain controllers or DNS servers. It is not deleted unless the DNS server that you uninstall is the last DNS server hosting that zone.
If you uninstall a DNS server hosting standard DNS zones, the zone files will remain in the systemroot\system32\Dns directory, but they will not be reloaded if the DNS
server is reinstalled. If you create a new zone with the same name as an old zone, the old zone file is replaced with the new zone file.
When they write DNS server boot and zone data to text files, DNS servers use the Berkeley Internet Name Domain (BIND) file format that is recognized by legacy BIND 4
servers, not the more recent BIND 8 format.
Complete this task after you determine that you need to add a primary DNS server to your environment. For more information about planning a DNS infrastructure, see
Deploying Domain Name System (DNS)on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=45677).
To complete this task, perform one the following procedures:
Install a new DNS server
Configure a DNS server
See AlsoOther ResourcesDeploying Domain Name System (DNS)
2014 Microsoft. All rights reserved.
http://go.microsoft.com/fwlink/?LinkId=45677http://go.microsoft.com/fwlink/?LinkId=45677http://technet.microsoft.com/en-us/library/cc736696(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc779205(v=ws.10).aspxhttp://go.microsoft.com/fwlink/?LinkId=45677 -
8/10/2019 Infomration on DNS
11/255
Install a new DNS server
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can use this procedure to install Domain Name System (DNS) on a member server, which makes that server a DNS server.
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
Installing a new DNS serverTo install a DNS server
1. Open the Windows Components Wizard.
2. In Components, select the Networking Servicescheck box, and then click Details.
3. In Subcomponents of Networking Services, select the Domain Name System (DNS)check box, click OK, and then click Next.
4. If you are prompted to do so, in Copy files from, type the full path to the installation location, and then click OK.
Required files are copied to your hard disk.
Note
To open the Windows Components Wizard, click Start, point to Control Panel, click Add or Remove Programs, and then click Add/Remove Windows Components.
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
12/255
Configure a DNS server
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can use these procedures to configure a new Domain Name System (DNS) server. When you finish configuring the server, you may need to complete additional tasks,
such as enabling dynamic updates for its zones or adding resource records to its zones. See the other tasks in this guide to determine whether they are appropriate for
your environment.
You can perform this procedure by using the DNS snap-in or by using the Dnscmd tool at the command line.
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
Configuring a DNS server
Using the Windows interface
Using a command line
To configure a DNS server using the Windows interface
1. Open the DNS snap-in.
2. If necessary, add the applicable server to the console and connect to it.
3. In the console tree, click the applicable DNS server.
Where?
DNS/Applicable DNS server
4. On the Actionmenu, click Configure a DNS Server.
5. Follow the instructions in the Configure a DNS Server Wizard.
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
To configure a DNS server using the command line
At a command prompt,type the following command, and then press ENTER:
dnscmd ServerName/Config{ZoneName|..AllZones} Property{1|0}
Value Description
dnscmd Specifies the name of the command-line tool.
ServerName Required. Specifies the DNS host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To
specify the DNS server on the local computer, you can also type a period (.).
/Config Specifies the configuration command.
{ZoneName|..AllZones} Specifies the name of the zone to be configured. To apply the configuration for all zones that are hosted by the specified DNS server,
type ..AllZones.
Property Specifies the server property or zone property to be configured. There are different properties available for servers and zones. For a
list of the available properties, at a command prompt type: dnscmd/Config /help.
{1|0} Sets configuration options to either 1(on) or 0(off). Note that some server and zone properties must be reset as part of a more
complex operation.
Note
To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command Prompt.
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
13/255
Adding a Secondary DNS Server
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Domain Name System (DNS) design specifications recommend that at least two DNS servers be used to host each zone. For standard, primary zones, a secondary server
is required to add and configure the zone so that it appears to other DNS servers in the network. For directory-integrated, primary zones, secondary servers are
supported but not required for this purpose. For example, two DNS servers running on domain controllers can be redundant primary servers for a zone. They can provide
the same benefits as adding a secondary server while also providing additional benefits.
Secondary servers can be used to offload DNS query traffic in areas of the network where a zone is heavily queried. In addition, if a primary server is unavailable, a
secondary server can provide some name resolution in the zone until the primary server is available.
If you add a secondary server, try to locate it as close as possible to clients that have a high demand for names that are used in the zone. Also, consider placing secondary
servers across a router, either on other subnets (if you use a routed local area network (LAN)) or across wide area network (WAN) links. This constitutes a good use of a
secondary server as a local backup in scenarios in which an intermediate network link becomes the point of failure between DNS servers and clients that use the zone.
Because a primary server always maintains the master copy of updates and changes to the zone, a secondary server relies on DNS zone transfer mechanisms to obtain its
information and keep the information current. Issues such as zone transfer methods using either full or incremental zone transfers are more applicable when you use
secondary servers.
When you consider the impact of zone transfers that are caused by secondary servers, consider their advantage as a backup source of information, and measure this
against the added cost that they impose on your network infrastructure. A simple rule is that for each secondary server that you add, network usage (because of added
zone replication traffic) increases, and so does the time that is required to synchronize the zone at all secondary servers.
Secondary servers are used most heavily for forward lookup zones. If you are using reverse lookup zones, it is not necessary to add as many secondary servers for thosezones. Typically, a secondary server for a reverse lookup zone is not used outside the network and subnet that correspond to the reverse zone.
To complete this task, perform the following procedure:
Add a secondary server to a zone
2014 Microsoft. All rights reserved.
http://technet.microsoft.com/en-us/library/cc779571(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc779571(v=ws.10).aspx -
8/10/2019 Infomration on DNS
14/255
Add a secondary server to a zone
Published: March 2, 2005
Updated: November 18, 2009
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To add a secondary server to an existing zone, you must have network access to the server that acts as the master server for this server and its use of the zone. The
master server acts as the source for zone data. It is contacted periodically to assist in renewing the zone and to transfer zone updates whenever they are needed.
You can perform this procedure by using the DNS console or by using the Dnscmd command-line tool. This procedure can be performed on the secondary DNS server, or
on a computer with permission to manage the secondary DNS server. To add a secondary server to multiple zones, you must repeat this procedure for each zone.
Important
Before you add a secondary server to a zone, you must allow zone transfers from the primary to the secondary server. For more information, see Modify DNS zone
transfer settings.
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
Adding a secondary server to a zone
Using the Windows interface
Using the command line
To add a secondary server to a zone using the Windows interface
1. Click Start, point to Administrative Tools, and then click DNS.
2. In the console tree, click the applicable Domain Name System (DNS) server.
3. On the Actionmenu, click New Zone.
4. Follow the instructions in the New Zone Wizard. When you add the zone, select Secondary zoneas the zone type.
To add a secondary server to a zone using the command line
At a command prompt, type the following command, and then press ENTER:
Dnscmd ServerName/ZoneAddZoneName/Secondary MasterIPaddress... [/file FileName]
Value Description
ServerName Specifies the DNS host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To specify the DNS
server on the local computer, you can also type a period (.).
ZoneName Specifies the fully qualified domain name (FQDN) of the secondary zone that you are adding. The zone name must be the same as the name of
the primary zone from which the secondary zone is created.
MasterIPaddress Specifies one or more IP addresses for the secondary zone master servers, from which it copies zone data.
FileName Specifies the name of the file to use for creating the secondary zone.
In the following example, zone transfers are first allowed from the primary DNS server primarydns.contoso.comat 10.0.0.2to the secondary server
secondarydns.contoso.comat 11.0.0.2. Next, the secondary DNS server is added to the zone secondtest.contoso.com.
Dnscmdprimarydns.contoso.com/zoneresetsecondaries secondtest.contoso.com/securelist 11.0.0.2
Dnscmd secondarydns.contoso.com/zoneadd secondtest.contoso.com/secondary 10.0.0.2
For more information about using dnscmd, see Dnscmd Syntax.
2014 Microsoft. All rights reserved.
http://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc756116(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspx -
8/10/2019 Infomration on DNS
15/255
Modifying an Existing DNS Server
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You mayneed to modify or update the configuration of your Domain Name System (DNS) servers for various reasons. For example, you may need to change the name-
checkingmethod of a DNS server to allow the DNS server to resolve nonRequest for Comments RFCcompliant names. In addition, you may need to modify or update a
DNS server in the process of troubleshooting or optimizing it.
Task requirements
To begin this task, perform the following requirements:
Install Dnscmd.
To complete this task, perform one of the following procedures:
Start, stop, pause, or restart a DNS server
Manually update DNS server data files
Clear the DNS server names cache
Change the boot method of a DNS server
Change the name-checking method of a DNS server
Restore DNS server default preferences
See AlsoOther ResourcesDeploying Domain Name System (DNS)
2014 Microsoft. All rights reserved.
http://technet.microsoft.com/en-us/library/cc779173(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc785651(v=ws.10).aspxhttp://go.microsoft.com/fwlink/?LinkId=45677http://go.microsoft.com/fwlink/?LinkId=45677http://technet.microsoft.com/en-us/library/cc737835(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc778087(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc785651(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc779173(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc781498(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc776431(v=ws.10).aspx -
8/10/2019 Infomration on DNS
16/255
Start, stop, pause, or restart a DNS server
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can use the following procedure to start, stop, pause, or restart Domain Name System (DNS).
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
To start, stop, pause, or restart a DNS server
1. Open the DNS snap-in.
2. In the console tree, click the applicable DNS server.
3. On the Actionmenu, point to All Tasks, and then click one of the following:
To start the DNS service on this server, click Start.
To stop the DNS service on this server, click Stop.
To interrupt the DNS service on this server, click Pause.
To stop and then automatically restart the DNS service on this server, click Restart.
Note
To open the DNS management console, click Start, point to Administrative Tools, and then click DNS.
Note
If you want to resume the service after you pause or stop it, on the Actionmenu, point to All Tasks, and then click Resumeto immediately resume the service.
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
17/255
Manually update DNS server data files
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can perform this procedure by using the DNS snap-in or by using the Dnscmd command-line tool. Use the DNS snap-in for standard Domain Name System (DNS)
zones and the Dnscmd command-line tool for Active Directoryintegrated zones.
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
Manually updating DNS server data files
Using the Windows interface
Using the command line
To manually update DNS server data files using the Windows interface
1. Open the DNS snap-in.
2. In the console tree, click the applicable DNS server.
3. On the Actionmenu, click Update Server Data Files.
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
To manually update DNS server data files using the command line
At a command prompt, type the following command, and then press ENTER:
dnscmd ServerName/ZoneUpdateFromDsZoneName
Value Description
ServerName Specifies the DNS host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To specify the DNS server
on the local computer, you can also type a period (.)
ZoneName Specifies the name of the zone to which you want to set aging and scavenging.
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
18/255
Clear the DNS server names cache
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can perform this procedure by using the DNS snap-in or by using the Dnscmd command-line tool.
Clearing the DNS server names cache
Using the Windows interface
Using the command line
To clear the DNS server names cache using the Windows interface
1. Open the DNS snap-in.
2. In the console tree, click the applicable Domain Name System (DNS) server.
3. On the Actionmenu, click Clear Cache.
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
To clear the DNS server names cache using the command line
At a command prompt, type the following, and then press ENTER:
dnscmd ServerName/clearcache
Value Description
ServerName Specifies the DNS host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To specify the DNS server
on the local computer, you can also type a period (.)
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
19/255
Change the boot method of a DNS server
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
By default, Domain Name System (DNS) servers use information that is stored in the registry to initialize the service and load any zone data for use at the server. In
addition, you can configure the DNS server to boot from a file. Or, in Active Directory environments, you can supplement local registry data with zone data that is retrieved
for directory-integrated zones that are stored in the Active Directory database. If you use the file method, the file must be a text file named Boot, which is located on the
computer in the %Systemroot%\Windows\System32\Dns folder.
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
To change the boot method of a DNS server
1. Open the DNS snap-in.
2. In the console tree, right-click the applicable DNS server, and then click Properties.
3. Click the Advancedtab.
4. In the Load zone data on startuplist, select one of the following:
From registry
From file
From Active Directory and registry
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
20/255
Change the name-checking method of a DNS server
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The DNS Server service supports three different possible methods for checking the names that it receives and processes during normal operations:
Strict RFC ANSI
: This method strictly enforces Request for Comments RFC
compliant naming rules for all Domain Name System DNS
names that the server
processes. Names that are not RFC compliant are treated as erred data by the DNS server.
Non RFC (ANSI): This method allows names that are not RFC compliant, such as names that use American Standard Code for Information Interchange (ASCII)
characters but are not compliant with RFC host naming requirements, to be used with the DNS server.
Multibyte (UTF8): This method allows names that use the Unicode 8-bit translation encoding scheme, which is a proposed RFC draft, to be used with the DNS server.
By default, the DNS server uses the Multibyte (UTF8) method to check names.
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
To change the name-checking method of a DNS server
1. Open the DNS snap-in.
2. In the console tree, right-click the applicable DNS server, and then click Properties.
3. Click the Advancedtab.
4. In the Name checkinglist, click Strict RFC (ANSI), Non RFC (ANSI), Multibyte (UTF8), or All names.
All namesenables all three name-checking methods.
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
21/255
Restore DNS server default preferences
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can use the following procedure to configure the Domain Name System (DNS) server with the initial configuration settings that it had following installation. These initial
configuration settings are listed in the following table.
Property Settings
Disable recursion Off
BIND secondaries On
Fail on load if bad zone data Off
Enable round robin On
Enable netmask ordering On
Secure cache against pollution On
Name checking Multibyte (UTF8)
Load zone data on startup From Active Directory and registry
Enable automatic scavenging of stale records Off
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
To restore DNS server default preferences
1. Open the DNS snap-in.
2. In the console tree, right-click the applicable DNS server, then click Properties.
3. Click the Advancedtab.
4. Click Reset to Default, and then click OK.
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
22/255
Using Forwarders to Manage DNS Servers
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
If you want to use forwarders to manage the Domain Name System (DNS) traffic between your network and the Internet, configure your network firewall to allow only one
DNS server to communicate with the Internet. When you have configured the other DNS servers in your network to forward queries that they cannot resolve locally to that
DNS server, it will act as your forwarder.
Consider the following tips for efficient forwarder configuration and use:
Keep forwarder configuration uncomplicated.For every DNS server that is configured with a forwarder, queries can be sent to a number of different places. Each
forwarder and each conditional forwarder must be administered for the benefit of DNS client queries, and this process can be time consuming. Use forwarders
strategically where they are needed the most for example, for resolving offsite queries or for sharing information between namespaces.
Avoid chaining your forwarders.If you have configured a DNS server named server1 to forward queries for wingtiptoys.corp.com to DNS server server2, do not
configure server2 to forward queries for wingtiptoys.corp.com to DNS server server3. This is an inefficient resolution process, and it can result in errors if server3 is
accidentally configured to forward queries for wingtiptoys.corp.com to server1.
Do not concentrate too great a load on forwarders.The recursive queries that forwarders send to the Internet can require a significant amount of time to answer
because of the nature of the Internet. When large numbers of internal DNS servers use these forwarders for Internet queries, the server can experience a substantial
concentration of network traffic. If network load is an issue, use more than one forwarder and distribute the load between them.
Do not create inefficient resolution by using forwarders. The DNS server attempts to forward domain names according to the order in which the domain names
are configured in the DNS console. For example, a DNS server in Seattle may be incorrectly configured to forward a query to a server in London, instead of another
server in Seattle, because the server in London is higher up in the forwarders list. This decreases the efficiency of name resolution on the network. Evaluate yournetwork's forwarding configurations periodically to see if there are similar, inefficient configurations.
To complete this task, perform the following procedure:
Configure forwarders for a DNS server
2014 Microsoft. All rights reserved.
http://technet.microsoft.com/en-us/library/cc755608(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc755608(v=ws.10).aspx -
8/10/2019 Infomration on DNS
23/255
Configure forwarders for a DNS server
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
If you use this procedure to configure a conditional forwarder, note that you cannot use a domain name in a conditional forwarder if the DNS server hosts a primary zone,
secondary zone, or stub zone for that domain name. For example, if a DNS server is authoritative for the domain name wingtiptoys.corp.com (that is, it hosts the primary
zone for that domain name), you cannot configure that DNS server with a conditional forwarder for wingtiptoys.corp.com.
You can perform this procedure by using the DNS snap-in or by using the Dnscmd command-line tool.
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
Configuring forwarders for a DNS server
Using the Windows interface
Using the command line
To configure forwarders for a DNS server using the Windows graphical user interface
1. Open the DNS snap-in.
2. In the console tree, click the applicable DNS server.
3. On the Actionmenu, click Properties.
4. On the Forwarderstab, under DNS domain, click a domain name.
Note
To create a new domain name, click New, and then, under DNS domain, type the domain name.
5. Under Selected domain's forwarder IP address list, type the Internet Protocol (IP) address of a forwarder, and then click Add.
Note
When you specify a conditional forwarder, select a DNS domain name before you enter an IP address.
6. By default, the DNS server waits five seconds for a response from one forwarder IP address before trying another forwarder IP address. In Number of seconds
before forward queries time out, you can change the number of seconds that the DNS server waits. If the overall recursion timeout (by default, 15 seconds) is
exceeded before all forwarders are exhausted, the DNS server fails the query. If the overall recursion timeout has not been exceeded and the server exhausts all
forwarders, it attempts standard recursion.
7. If you want the DNS server to only use forwarders and not attempt any further recursion if the forwarders fail, select the Do not use recursion for this domain
check box.
Note
You can disable recursion for the DNS server so that it does not perform recursion on any query. If you disable recursion on the DNS server, you will not be able
to use forwarders on the same server.
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
To configure forwarders for a DNS server using the command line
At a command prompt, type the following command, and then press ENTER:
dnscmd ServerName/ZoneAddZoneName/Forwarder MasterIPaddress [/TimeOut Time][/Slave]
Value Description
ServerName Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local
computer, you can also type a period (.).
ZoneName Specifies the fully qualified domain name (FQDN) of the zone.
MasterIPaddress Specifies a space-separated list of one or more IP addresses of the DNS servers where queries for ZoneName are forwarded. You can specify
-
8/10/2019 Infomration on DNS
24/255
a list of space-separated IP addresses.
Time Specifies the value for the/TimeOut parameter. The value is in seconds. The default timeout is five seconds.
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
25/255
Removing a DNS Server from the Network
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To remove a DNS server from the network, perform the following procedures to make changes in zones where the server is configured as an authoritative server for the
zone:
1. Use the Delete a resource recordprocedure to remove the address (A) resource record for the server.
2. Use the Modify an existing resource recordprocedure to update the name server (NS) records, in zones where the server is configured as authoritative, to no
longer include the server by name (as it appeared in the A record that was deleted in procedure 1).
3. If the server is the primary server for a standard zone, use the Modify the SOA record for a zoneprocedure to revise the owner field of the start of authority (SOA)
resource record for the zone to point to the new primary DNS server for the zone. (If the zone is a directory-integrated zone, this procedure is not necessary.)
4. Use the Verify a zone delegationprocedure to check the parent zone to ensure that any records (NS or A resource records) that are used for delegation to the
zone are revised and that they no longer point to the removed server.
2014 Microsoft. All rights reserved.
http://technet.microsoft.com/en-us/library/cc783657(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc785160(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc759022(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/dd256931(v=ws.10).aspx -
8/10/2019 Infomration on DNS
26/255
Delete a resource record
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can use the following procedure to delete a resource record from a zone. Pointer (PTR) resource records are deleted automatically if the corresponding address (A)
resource record is deleted.
You can perform this procedure by using the DNS snap-in or by using the Dnscmd command-line tool.
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
Deleting a resource record
Using the Windows interface
Using the command line
To delete a resource record using the Windows interface
1. Open the DNS snap-in.
2. In the console tree, click the applicable zone.
3. In the details pane, right-click the resource record that you want to delete, and then click Delete.
4. When you are asked to confirm that you want to delete the selected resource record, click OK.
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
To delete a resource record using the command line
At a command prompt, type the following command, and then press ENTER:
dnscmd ServerName/RecordDeleteZoneName NodeName RRType RRData[/f]
Value Description
ServerName Required. Specifies the Domain Name System (DNS) host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS
server. To specify the DNS server on the local computer, you can also type a period (.).
/RecordDelete Required. Deletes a resource record.
ZoneName Required. Specifies the fully qualified domain name (FQDN) of the zone.
NodeName Required. Specifies the FQDN of the node in the DNS namespace. You can also type the node name relative to the ZoneNameor @, which specifies
the zone's root node.
RRTypeRRData
Required. Specifies the type of resource record to add, followed by the data to be contained in the resource record.
Resource record type Resource record data
A IPAddress
NS,CNAME,MB,MD,PTR,MF,MG,MR HostName|DomainName
MX,RT,AFSDB PreferenceServerName
SRV Priority Weight Port HostName
SOA PrimSvr Admin Serial#\ Refresh Retry Expire MinTTL
AAAA Ipv6Address
-
8/10/2019 Infomration on DNS
27/255
TXT,X25,HINFO,ISDN String [String]
MINFO,RP MailboxName ErrMailboxName
WKS Protocol IPAddress Service...
WINS MapFlag LookupTimeout CacheTimeout IPAddress...
WINSR MapFlag LookupTimeout CacheTimeout RstDomainName
Value Description
IPAddress Specifies a standard IP address, for example, 255.255.255.255.
ipv6Address Specifies a standard IPv6 address, for example, 1:2:3:4:5:6:7:8.
Protocol Specifies the transmission protocol: UDP or TCP.
Service Specifies a standard service, for example, domain, smtp.
HostName|DomainName Specifies the FQDN of a resource record that is located in the DNS namespace.
/f Specifies that the command is executed without asking for confirmation. If you omit this parameter, you are prompted to confirm the deletion
of the resource record.
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
28/255
Modify an existing resource record
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can use the following procedure to modify an existing resource record in a zone. You can perform this procedure by using the DNS snap-in or by using the Dnscmd
command-line tool.
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
Modifying an existing resource record
Using the Windows interface
Using the command line
To modify an existing resource record using the Windows interface
1. Open the DNS snap-in.
2. In the console tree, click the applicable zone.
3. In the details pane, right-click the resource record that you want to modify, and then click Properties.
4. In Properties, edit the properties that can be modified.
If necessary, you can view and modify advanced resource record properties with the DNS snap-in. To display advanced properties, on the Viewmenu, click
Advanced.
5. When you have finished modifying the record, click OK.
Note
When advanced view options are enabled, you can modify additional settings for an existing resource record, such as its record-specific Time to Live (TTL).
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
To modify an existing resource record using the command line
At a command prompt, type the following command, and then press ENTER:
dnscmd ServerName/RecordAddZoneNameNodeName[/Aging] [/OpenAcl] [Ttl] RRTypeRRData
Value Description
ServerName Required. Specifies the Domain Name System (DNS) host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS
server. To specify the DNS server on the local computer, you can also type a period (.).
/RecordAdd Required. Adds a new resource record.
ZoneName Required. Specifies the fully qualified domain name (FQDN) of the zone.
NodeName Required. Specifies the FQDN of the node in the DNS namespace. You can also type the node name relative to the ZoneNameor @, which
specifies the zone's root node.
RRType
RRData
Required. Specifies the type of resource record to add, followed by the data to be contained in the resource record.
Resource record type Resource record data
A IPAddress
NS,CNAME,MB,MD,PTR,MF,MG,MR HostName|DomainName
MX,RT,AFSDB Preference ServerName
SRV Priority Weight Port HostName
-
8/10/2019 Infomration on DNS
29/255
SOA PrimSvr Admin Serial#\ Refresh Retry Expire MinTTL
AAAA Ipv6Address
TXT,X25,HINFO,ISDN String [String]
MINFO,RP MailboxName ErrMailboxName
WKS Protocol IPAddress Service...
WINS MapFlag LookupTimeout CacheTimeout IPAddress...
WINSR MapFlag LookupTimeout CacheTimeout RstDomainName
Value Description
IPAddress Specifies a standard IP address, for example, 255.255.255.255.
ipv6Address Specifies a standard IPv6 address, for example, 1:2:3:4:5:6:7:8.
Protocol Specifies the transmission protocol: UDP or TCP.
Service Specifies a standard service, for example, domain, smtp.
HostName|DomainName Specifies the FQDN of a resource record that is located in the DNS namespace.
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
30/255
Modify the SOA record for a zone
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can use this procedure to change settings for the start of authority (SOA) resource record for a zone. The settings that are applied for the SOA record affect how zone
transfers are made between servers.
You can perform this procedure by using the DNS snap-in or by using the Dnscmd command-line tool.
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
Modifying the SOA record for a zone
Using the Windows interface
Using a command line
To modify the SOA record for a zone using the Windows interface
1. Open the DNS snap-in.
2. In the console tree, right-click the applicable zone, and then click Properties.
3. Click the Start of Authority (SOA)tab.
4. Modify the properties for the SOA record as needed.
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
To modify the SOA record for a zone using the command line
At a command prompt, type the following command, and then press ENTER:
dnscmd ServerName/RecordAddZoneName NodeName[/Aging] [Ttl] SOAPrimSvrAdmin Serial#\ Refresh Retry Expire MinTTL
Value Description
ServerName Required. Specifies the Domain Name System (DNS) host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS
server. To specify the DNS server on the local computer, you can also type a period (.)
/RecordAdd Required. Adds or modifies a resource record.
ZoneName Required. Specifies the fully qualified domain name (FQDN) of the zone.
NodeName Required. Specifies the FQDN of the node in the DNS namespace for which the SOA record is added. You can also type the node name relative to
theZoneName, or you can type @, which specifies the zone's root node.
/Aging Specifies that this resource record is able to be aged and scavenged. If this parameter is not used, the resource record remains in the DNS
database unless it is manually updated or removed.
Ttl Specifies the Time to Live (TTL) setting for the resource record. The default TTL is defined in SOA resource record.
SOA Required. Specifies the type of resource record that you are modifying.
/OpenAcl Specifies that new records are open to modification by any user. Without this parameter, only administrators may modify the new record.
PrimSvr Required. Specifies the FQDN name of the server that is the primary source for information about the zone, for example,
nameserver.place.sales.wingtiptoys.com..
Admin Required. Specifies the name of the DNS administrator for the zone, for example, postmaster.nameserver.place.sales.wingtiptoys.com..
Serial#\ Required. Specifies the version information for the zone.
Refresh Required. Specifies the refresh interval for the zone. The standard setting is 3600 seconds (one hour).
Retry Required. Specifies the retry interval for the zone. The standard setting is 600 seconds (10 minutes).
Expire Required. Specifies the expire interval for the zone. The standard setting is 86400 seconds (one day).
-
8/10/2019 Infomration on DNS
31/255
MinTTL Required. Specifies the minimum TTL value. This is the length of time that is used by other DNS servers to determine how long to cache
information for a record in the zone before expiring and discarding it. The standard setting is 3600 seconds (one hour).
Note
To modify any specific SOA record's values using Dnscmd, you must specify all the SOA values (PrimSvr Admin Serial#\ Refresh Retry Expire MinTTL).
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
32/255
Verify a zone delegation
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Administrative credentials
You do not need administrative credentials to perform this task. Therefore, as a security best practice, consider performing this task as a user without administrative
credentials.
To verify a zone delegation
1. At a command prompt, type the following command, and then press ENTER:
nslookup RootServerIpAddress
2. Type the following command, and then press ENTER:
nslookup
3. At the next prompt, type the following command, and then press ENTER:
set norecurse
4. At the next prompt, type the following command, and then press ENTER:
set q=NS
5. Type the fully qualified domain name (FQDN) for the failed name.
Use the trailing period (.) when you type the name. If zone delegations are set correctly, a list of name server (NS) resource records for delegated servers is
returned in the response.
6. If the NS query response contains no names or Internet Protocol (IP) addresses for delegated servers, type q=ns, and then query again using the FQDN for the
parent zone of the failed name.
For example, if the failed name that you used in the previous step was sales.wingtiptoys.com, query for wingtiptoys.com.
7. If the response contains NS resource records, but no host address (A) resource records, type set recurse, and then query individually for any of the A resource
records of the servers that are listed in the NS resource records.
If, for each NS resource record that you encounter in a zone, you do not find at least one valid IP address in an A resource record, you have a broken delegation.
8. Either fix the broken delegation or retry the delegation test that is described in the previous step and use a different IP address.
If more than one A resource record or IP address is found, use it to repeat the delegation test described in the previous step. To fix a delegation, add or update an
A resource record in the parent zone with a valid IP address for a correct DNS server for the delegated zone.
Value Description
RootServerIpAddress The IP address of a valid root server for your network.
set norecursion Instructs the root server to not perform recursion on your query.
set q=NS Sends the query for NS resource records to the root server.
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
33/255
Using DNS Aging and Scavenging
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Aging and scavenging of stale resource records are features of Domain Name System (DNS) that are available when you deploy your server with primary zones.
Where aging and scavenging are available, you can use the DNS snap-in to perform the following related tasks for your DNS servers and any directory-integrated zones
that they load:
Enable or disable the use of scavenging at a DNS server
Enable or disable the use of scavenging for selected zones at the DNS server
Modify the no-refresh interval, either as a server default or by specifying an overriding value at selected zones
Modify the refresh interval, either as a server default or by specifying an overriding value at selected zones
Specify whether periodic scavenging occurs automatically at the DNS server for any of its eligible zones and how often these operations are repeated
Manually initiate a single scavenging operation for all eligible zones at the DNS server
View other related properties, such as the time stamp for individual resource records or the start-scavenging time for a specified zone
Enabling Scavenging of Stale Resource RecordsBy default, aging and scavenging features are disabled on all DNS servers and any of their zones. Before using these features, you should configure the following settings
for the applicable server and its directory-integrated zones:
Server aging and scavenging properties for determining the use of these features on a server-wide basis. These settings are used to determine the affect of
zone-level properties for any directory-integrated zones that are loaded at the server. For more information, see Set aging and scavenging properties for a DNS
server.
Zone aging and scavenging properties for determining the use of these features on a per zone basis. When zone-specific properties are set for a selected
zone, these settings apply only to the applicable zone and its resource records. Unless these zone-level properties are otherwise configured, they inherit their
defaults from comparable settings that are maintained in server aging and scavenging properties. For more information, see Set aging and scavenging properties
for a zone.
Caution Enabling aging and scavenging for use with standard primary zones modifies the format of zone files. This change does not affect zone replication to
secondary servers, but the modified zone files cannot be loaded by other versions of DNS servers.
Modifying No-refresh IntervalsWhen the no-refresh interval is in effect for a specific resource record, attempts to dynamically refresh its time stamp are suppressed by the DNS server. This aspect of the
aging and scavenging mechanism prevents unnecessary refreshes from being processed by the server for aged resource records. These early refresh attempts, if not
handled in this way, might otherwise increase Active Directory replication traffic related to processing DNS zone changes.
To ensure that records do not refresh prematurely, keep the no-refresh interval comparable in length to the current refresh interval for each resource record. For example,
if you increase the refresh interval to a higher value, you can similarly increase the no-refresh interval.
In most instances, the default interval of seven days is sufficient and does not need to be changed.
Modifying Refresh IntervalsWhen the refresh interval is in effect for a resource record, attempts to dynamically refresh its time stamp are accepted and processed by the DNS server. When you set
this interval, it is important that the length of time used be greater than the maximum possible refresh period for any resource records that are contained in the zone. This
period is equal to the maximum amount of time that it might take the record to be refreshed under normal network conditions, based on the specific source generatingthe record refresh.
For example, the following table shows default refresh periods for various services that are known to register and refresh records dynamically in DNS.
Service Default refresh period
Net
logon
24 hours
Clustering 24 hours
DHCP
client
24 hours
The DHCP Client service sends dynamic updates for the DNS records. This includes both computers that obtain a leased Internet Protocol (IP) address byusing Dynamic Host Configuration Protocol (DHCP) and computers that are configured statically for TCP/IP.
DHCP
server
Four days (half of the lease interval, which is eight days by default).
Refresh attempts are made only by DHCP servers that are configured to perform DNS dynamic updates on behalf of their clients, for example,
Windows 2000 Server DHCP servers and Windows Server 2003 DHCP servers. The period is based on the frequency in which DHCP clients renew their IP
address leases with the server. Typically, this occurs when 50 percent of the scope lease time has elapsed. If the DNS default scope lease duration of eight
http://technet.microsoft.com/en-us/library/cc779811(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc775663(v=ws.10).aspx -
8/10/2019 Infomration on DNS
34/255
days is used, the maximum refresh period for records that are updated by DHCP servers on behalf of clients is four days.
By default, the refresh interval is seven days. In most instances, this value is sufficient and does not need to be changed, unless any resource records in the zone are
refreshed less often than once every seven days.
Automated and Manually Initiated ScavengingAlthough scavenging start time and other factors determine when zones and records are actually eligible for scavenging, you can initiate scavenging by using either of two
methods:
Automatic scavenging.Automatic scavenging specifies that aging and scavenging of stale records is to be performed automatically by the server for any eligible
zones at a recurring interval that is specified as the scavenging period. When you use automatic scavenging, the default scavenging period is one day, and the
minimum allowed value that you can use for the scavenging period is one hour. For more information, see Configure automatic scavenging of stale resource
records.
Manual scavenging.Manual scavenging specifies that aging and scavenging of stale records is to be performed as a nonrecurring operation for any eligible zones
at the server. For more information, see Start scavenging of stale resource records.
Modifying Time-Stamp ValuesFor resource records that are not added dynamically to DNS zone data, a record time-stamp value of zero is applied, which prevents these records from aging or removal
during scavenging.
You can, however, reset record properties manually to enable any statically entered records to qualify for the aging and scavenging process. If you do this, the record will
be deleted based on the modified time-stamp value, at which point you might need to re-create a record if it is still needed.
For more information, see Reset aging and scavenging properties for a specific resource record.
To complete this task, perform the following procedures:
1. Set aging and scavenging properties for a DNS server
2. Set aging and scavenging properties for a zone
3. Configure automatic scavenging of stale resource records
4. Start scavenging of stale resource records
5. Reset aging and scavenging properties for a specific resource record
2014 Microsoft. All rights reserved.
http://technet.microsoft.com/en-us/library/cc756721(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc784992(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc784992(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc784992(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc756721(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc785397(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc779811(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc775663(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc784992(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc756721(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc785397(v=ws.10).aspx -
8/10/2019 Infomration on DNS
35/255
Set aging and scavenging properties for a DNS server
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The settings for server aging and scavenging properties determine the effect of zone-level properties for any directory-integrated zones that are loaded at the server.
You can perform this procedure by using the DNS snap-in or by using the Dnscmd command-line tool.
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
Setting aging and scavenging properties for a DNS server
Using the Windows interface
Using the command line
To set aging and scavenging properties for a DNS server using the Windows interface
1. Open the DNS snap-in.
2. In the console tree, right-click the applicable Domain Name System (DNS) server, and then click Set Aging/Scavenging for All Zones.
3. Select the Scavenge stale resource recordscheck box.
4. Modify other aging and scavenging properties as needed
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
To set aging and scavenging properties for a DNS server using the command line
At a command prompt, type the following command, and then press ENTER:
dnscmd ServerName/Config{/ScavengingInterval Value|/DefaultAgingState Value|/DefaultNoRefreshInterval Value|/DefaultRefreshInterval Value}
Value Description
ServerName Specifies the DNS host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To specify the DNS server
on the local computer, you can also type a period (.)
Value For/ScavengingInterval, type a value in hours. The default is 168 hours (one week). For /DefaultAgingState, type 1to enable aging for new
zones when they are created. Type 0 to disable aging for new zones. For/DefaultNoRefreshInterval, type a value in hours. The default is
168 hours (one week). For/DefaultRefreshInterval , type a value in hours. The default is 168 hours (one week).
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
36/255
Set aging and scavenging properties for a zone
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The settings for zone aging and scavenging properties determine the use of these features on a per-zone basis. When you set zone-specific properties for a selected
zone, these settings apply only to the applicable zone and its resource records. Unless these zone-level properties are otherwise configured, they inherit their defaults
from comparable settings that are maintained in server aging and scavenging properties.
You can perform this procedure by using the DNS snap-in or by using the Dnscmd command-line tool.
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
Setting aging and scavenging properties for a zone
Using the Windows interface
Using the command line
To set aging and scavenging properties for a zone using the Windows interface
1. Open the DNS snap-in.
2. Inthe console tree, right-click the applicable zone, and then click Properties.
3. On the Generaltab, click Aging.
4. Select the Scavenge stale resource recordscheck box.
5. Modify other aging and scavenging properties as needed.
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
To set aging and scavenging properties for a zone using the command line
At a command prompt, type the following command, and then press ENTER:
dnscmd ServerName/Config{ZoneName|..AllZones} {/Aging Value|/RefreshInterval Value|/NoRefreshInterval Value}
Value Description
ServerName Specifies the Domain Name System (DNS) host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS
server. To specify the DNS server on the local computer, you can also type a period (.)
ZoneName|..AllZones Specifies the name of the zone to which you want to set aging and scavenging. To apply the operation to all zones, use ..AllZones.
Value For/Aging, type 1to enable aging. Type 0to disable aging. For/RefreshInterval, type a value in hours. The default setting is 168 hours
(one week). For/NoRefreshInterval, type a value in seconds. The standard setting is 3600 seconds (one hour).
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
37/255
Configure automatic scavenging of stale resource records
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
To configure automatic scavenging of stale resource records
1. Open the DNS snap-in.
2. In the console tree, right-click the applicable Domain Name System (DNS) server, and then click Properties.
3. Click the Advancedtab.
4. Select the Enable automatic scavenging of stale recordscheck box.
5. To adjust the scavenging period, in Scavenging period, select an interval in the drop-down list (either hours or days), and then type a number in the text box.
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
38/255
Start scavenging of stale resource records
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can perform this procedure by using the DNS snap-in or by using the Dnscmd command-line tool.
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
Starting scavenging of stale resource records
Using the Windows interface
Using the command line
To start scavenging of stale resource records using the Windows interface
1. Open the DNS snap-in.
2. In the console tree, right-click the applicable Domain Name System (DNS) server, and then click Scavenge Stale Resource Records.
3. When you are prompted to confirm that you want to scavenge all stale resource records on the server, click OK.
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
To start scavenging of stale resource records using the command line
At a command prompt, type the following command, and then press ENTER:
dnscmd ServerName/StartScavenging
Value Description
ServerName Specifies the DNS host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To specify the DNS server
on the local computer, you can also type a period (.)
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
39/255
Reset aging and scavenging properties for a specific resourcerecord
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
This procedure is used only for resource records that are registered dynamically. For records that you add to a zone manually, a time-stamp value of zero always applies
to the record, which excludes it from the scavenging process.
Note
Scavenging and aging properties for name server (NS) and start of authority (SOA) resource records are reset in the properties of the zone, not in the properties of the
resource record.
You can perform this procedure by using the DNS snap-in or by using the Dnscmd command-line tool.
Administrative credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the
computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as
command to perform this procedure.
Resetting aging and scavenging properties for a specific resource recordUsing the Windows interface
Using the command line
To reset aging and scavenging properties for a specific resource record using the Windows interface
1. Open the DNS snap-in.
2. In the console tree, click the applicable zone.
3. In the details pane, double-click the resource record for which you want to reset scavenging and aging properties.
4. Depending on the how the resource record was originally added to the zone, do one of the following:
If the record was added dynamically using dynamic update, clear the Delete this record when it becomes stalecheck box to prevent the record's aging or
potential removal during the scavenging process. If dynamic updates to this record continue to occur, the Domain Name System (DNS) server will alwaysreset this check box so that the dynamically updated record can be deleted.
If you added the record manually, select the Delete this record when it becomes stalecheck box to permit the record's aging or potential removal during
the scavenging process.
Note
To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.
To reset aging and scavenging properties for a specific resource record using the command line
At a command prompt, type the following command, and then press ENTER:
dnscmd ServerName/Config{ZoneName|..AllZones}/ScavengingInterval Value
Value Description
ServerName Specifies the DNS host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To specify the
DNS server on the local computer, you can also type a period (.)
ZoneName|..AllZones Specifies the fully qualified domain name (FQDN) of the zone. To configure all zones that are hosted on the specified DNS server to
allow dynamic updates, type ..AllZones.
Value The new value for the scavenging interval, specified in hours. The default is 168 hours (one week).
2014 Microsoft. All rights reserved.
-
8/10/2019 Infomration on DNS
40/255
Managing Domain Name System Clients
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The following tasks are described in this objective:
Configuring DNS Client Settings for DNS Operations
Managing the DNS Client Resolver Cache
Renewing DNS Client Registration
2014 Microsoft. All rights reserved.
http://technet.microsoft.com/en-us/library/cc739658(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc758003(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc779857(v=ws.10).aspx -
8/10/2019 Infomration on DNS
41/255
Configuring DNS Client Settings for DNS Operations
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Domain Name System (DNS) configuration involves the following tasks when TCP/IP properties are configured for each computer:
Setting a DNS computer name or host name for each computer. For example, in the fully qualified domain name (FQDN) wkstn1.sales.wingtiptoys.com., the DNS
computer name is wkstn1.
Setting a primary DNS suffix for the computer, which is placed after the computer n
top related