Logo

Configuring Root Hints on Windows

The DNS root hints servers are at the top of the resolving process for DNS names. In order for a DNS server to resolve a DNS name without the help of other DNS servers, e.g. forwarding the request to another DNS server, a root hint server needs to be contacted. There are a lot of root hints servers located around the globe for this task. This video looks at how to configure the root hints servers for DNS in Windows Server.

Show lesson content
Demonstration
This demonstration uses “Remote Server Administration Tools” (RSAT) for Windows 8. You can perform the same steps using Windows servers by running the DNS management tools from there.

1) In order to open DNS Manager, open charms by moving the mouse to the top right and select search. In the search dialog enter in “dnsmgmt.msc”.

2) When DNS Manager loads up, if a DNS server has not already been added to DNS Manager it will prompt you to add one. If you want to add an additional DNS server to DNS manager and thus manage multiple DNS servers at the same time, this can be done by right clicking DNS at the top and selecting the option connect to DNS server.

3) To configure the root hints on a DNS server, Right click the name of the DNS server in DNS manager and select the option properties.

4) In the properties of the DNS server, on the forwarders tab there is a tick box called “Use root hints if no forwarders are available”. This option will be grayed out if no forwarders have been configured. If the forwarders cannot be contacted the DNS server will attempt to contact a root hint server. If your DNS server is behind a firewall and should not be connecting to the internet directly, then this option should be cleared. Remember this option forms a backup method if the forwarders are down and thus un-ticking the option will prevent DNS names from being resolved in this situation. You should only untick this option if you don’t want the DNS server contacting the internet directly and you have reliable DNS forwarders and are prepared to accept that if the DNS forwarders are down then no DNS resolving will be possible.

5) On the advanced tab, there is an option called “Disable recursion (also disables forwarders)”. If you tick this option the server will not use forwarders or root hints. If your DNS servers do not require one of these you should tick this option. Ticking this option helps secure the server from a potential denial of service attack.

6) On the root hints tab, this will show all the root hint servers that are currently configured. By default there will always be entries in here. The information shown here is found in “c:\Windows\System32\dns\CACHE.txt”.

7) If you want to update the root hints from another server you can press the button copy from server. The defaults should work fine and you should not do this. Doing this can give your DNS server access to other DNS root hints servers which have recently been added to the internet. You need to then enter in a DNS server to copy it from. You can use any DNS server that you wish. Your ISP DNS server is a good choice or a public DNS server like google’s which are 4.4.4.4 and 8.8.8.8.

References
“Root name server” http://en.wikipedia.org/wiki/Root_name_server

Credits

Lesson tags: 70-640-active-directory
Back to: 70-640 Introduction to Active Directory > DNS

Active Directory is a system which offers centralized control of your computers.

Modules

Active Directory Infrastructure

Lessons

Group Policy

Lessons