Infomration on DNS

8/10/2019 Infomration on DNS

1/255

My Collection

This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without

notice. This document does not provide you with any legal rights to any intellectual property in any Microsoft product or product name. You may copy and use

this document for your internal, reference purposes. You may modify this document for your internal, reference purposes. 2013 Microsoft. All rights reserved.

Terms of Use (http://technet.microsoft.com/cc300389.aspx) | Trademarks (http://www.microsoft.com/library/toolbar/3.0/trademarks/en-us.mspx)


2/255

Table Of ContentsChapter 1

DNS Server OverviewAdministering DNS OperationsIntroduction to Administering DNS OperationsManaging DNSDNS Operations Guide
http://technet.microsoft.com/en-us/library/cc786690(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc776929(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc739114(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc740026(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc770392(v=ws.10).aspx


3/255

Chapter 1


4/255

DNS Server Overview

Applies To: Windows Server 2008

By using the Domain Name System (DNS) server role, you can provide a primary name resolution process for users on your network. The name resolution process enables

users to locate computers on the network by querying for a user-friendly computer name instead of an IP address. A computer running the DNS server role can host the

records of a distributed DNS database and use the records to resolve DNS name queries that are sent by DNS client computers. These queries can include requests such

as the names of Web sites or computers in your network or on the Internet.

You can also integrate the DNS server role with Active Directory Domain Services (AD DS) to store and replicate DNS zones. This makes multimaster replication possible,along with more secure transmission of DNS data. In turn, AD DS requires DNS so that clients can locate domain controllers.

In the following sections, learn more about the DNS server role, the required and optional features in the DNS server role, and hardware and software for running it. In

addition, learn how to open the administrative tool for the DNS server role and how to find more information about it.

What is the DNS server role?DNS is a system for naming computers and network services that organizes them into a hierarchy of domains. DNS naming is used on TCP/IP networks, such as the

Internet, to locate computers and services with user-friendly names. When a user enters the DNS name of a computer in an application, DNS clients and servers work

together to look up the name and provide other information that is associated with the computer, such as its IP address or services that it provides for the network. This

process is called name resolution.

The DNS server role makes it possible for a server running Windows Server 2008 to act as a name resolution server for a TCP/IP network. The network can contain

computers running Windows as well as computers running other operating systems. The DNS service in Windows Server 2008 is tightly integrated with Dynamic Host

Configuration Protocol (DHCP) so that Windows-based DHCP clients and Windows-based DHCP servers automatically register host names and IP addresses on the DNS

server for the appropriate domain.

Typically, Windows Server 2008 DNS is integrated with AD DS. In this environment, DNS namespaces mirror the Active Directory forests and domains for an organization.

Network hosts and services are configured with DNS names so that they can be located in the network, and they are also configured with DNS servers that resolve the

names of Active Directory domain controllers.

Windows Server 2008 DNS is also often deployed as a nonAD DS, or "standard," DNS solution. For example, it can be deployed for the purposes of hosting the Internet

presence of an organization.

The Windows Server 2008 DNS server service supports and complies with standards that are specified in the set of DNS Requests for Comments (RFCs). Therefore, it is

fully compatible with any other RFC-compliant DNS server. A DNS client resolver is included as a service in all client and server versions of the Windows operating system.

New features in the DNS server roleThe central feature of the DNS server role is the DNS Server service. This service provides a DNS server that is fully compliant with industry standards, and it supports all

standards-compliant DNS clients. You can administer a Windows Server 2008 DNS server by using a Microsoft Management Console (MMC) snap-in as well as a number

of command-line tools.

Windows Server 2008 supports the new features in the following table.

Feature Description

DNAME

resource

record

support

The DNAME resource record provides nonterminal domain name redirection. That is, unlike the CNAME record, which creates an alias for a single node

only, a single DNAME resource record causes the renaming of a root and all descendents in a domain namespace subtree. This makes it possible for

organizations to rename a portion of their domain namespacefor example, to merge two namespaces as a result of a business acquisition.

Support

for IPv6

addresses

Internet Protocol version 6 (IPv6) specifies addresses that are 128 bits in length, compared to IP version 4 (IPv4) addresses, which are 32 bits long. This

greater length allows for a much greater number of globally unique addresses, which are required to accommodate the explosive growth of the Internet

around the world. IPv6 also provides for better routing and network autoconfiguration. The DNS server in Windows Server 2008 now supports IPv6

addresses as fully as it supports IPv4 addresses.

Read-only

domain

controller

support

Windows Server 2008 introduces a new type of domain controller, the read-only domain controller (RODC). An RODC provides, in effect, a shadow copy of

a domain controller. You can install it in locations where physical security cannot be guaranteed, such as branch offices.

To support RODCs, the DNS server in Windows Server 2008 supports a new type of zone, the primary read-only zone (also sometimes referred to as a

branch office zone). The primary read-only zone is created automatically when a computer running the DNS server role is promoted to be an RODC. The

zone contains a read-only copy of the DNS data that is stored in the read-only AD DS database on the RODC.

The writeable version of the data is stored on a centrally located domain controller, such as a hub site domain controller. The DNS zone data on the RODC

is updated when the DNS data is replicated from the centrally located domain controllers to the RODC according to the configured replication schedule.

The administrator of the RODC can view the contents of the read-only primary zone, but only a domain administrator with permissions on the centrally

located domain controller can change the zone data.

Single-

label

name

resolution

The DNS Server service now supports a special zone called the GlobalNames zone to hold single-label host names. This zone can be replicated across an

entire forest, so that single-label host names (for example, webserver1) can be resolved throughout the forest without the use of the Windows Internet

Naming System (WINS) protocol. Although the GlobalNames zone is not intended to provide peer-to-peer single-label name resolution, you can use it to

simplify the location of servers and intranet Web sites, for example.

Hardware and software considerationsUse performance counters, testing in the lab, data from existing hardware in a production environment, and pilot roll-outs to determine the hardware capacity that is

necessary for your server.

Note


5/255

A limited set of server roles is available for the Server Core installation option of Windows Server 2008 and for Windows Server 2008 for Itanium-Based Systems.

Typical DNS server hardware recommendations include the following:

Single-processor computers with 400-megahertz (MHz) Pentium II CPUs

512 megabytes (MB) of RAM for each processor

At least 4 gigabytes (GB) of available hard disk space

A network adapter

Using faster CPUs, more RAM, and larger hard drives improve the scalability and performance of your DNS servers. DNS servers use approximately 100 bytes of RAM for

each resource record. Using this figure, which you can obtain by looking at each zone in the DNS snap-in, you can calculate how much memory you need.

Installing a DNS serverAfter you finish installing the operating system, a list of initial configuration tasks appears. To install a DNS server, in the list of tasks, click Add roles, and then click DNS

server.

Managing a DNS serverYou can manage server roles with MMC snap-ins. Use the DNS snap-in to manage a DNS server. To open the DNS snap-in, click Start, point to Administrative Tools, and

then click DNS.

For more informationTo learn more about the DNS server role, you can view the Help on your server. To view the Help, open the DNS snap-in as described in the previous section, and then

press F1.

2014 Microsoft. All rights reserved.


6/255

Administering DNS Operations

Updated: March 2, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

This Domain Name System (DNS) Administering guide provides administering information for DNS in the Microsoft Windows Server 2003 with Service Pack 1 (SP1)

operating system.

n this guide

Introduction to Administering DNS Operations

Managing DNS

Monitoring DNS

Optimizing DNS

Securing DNS

This DNS Administering guide provides detailed procedures for managing DNS servers, clients, and resource records. It also provides procedures for monitoring,

optimizing, and securing your DNS infrastructure. For most procedures, this guide provides both a user interface (UI) and a command-line method of performing each

procedure. In addition, this guide provides sample scripts for the most frequently used, repetitive tasks.

http://technet.microsoft.com/en-us/library/cc785404(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc757837(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc786430(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc776929(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc739114(v=ws.10).aspx


7/255

Introduction to Administering DNS Operations



This guide explains how to administer Microsoft Domain Name System (DNS). These activities are part of the operating phase of the information technology (IT) life cycle. If

you are not familiar with this guide, review the following sections of this introduction.

When to Use This GuideYou should use this guide when:

You want to manage DNS servers.

You want to manage DNS clients.

This guide assumes a basic understanding of what DNS is, how it works, and why your organization uses it for name resolution. You should also have a thorough

understanding of how DNS is deployed and managed in your organization. This includes an understanding of the mechanism that your organization uses to configure and

manage DNS settings.

This guide can be used by organizations that have deployed Windows Server 2003 Service Pack 1 (SP1). It includes information that is relevant to different roles within an IT

organization, including IT operations management and administrators. This guide contains high-level information that is required to plan a DNS operations environment,

along with management-level knowledge of the DNS and IT processes that are required to operate it.

In addition, this guide contains more detailed procedures that are designed for operators who have varied levels of expertise and experience. Although the procedures

provide operator guidance from start to finish, operators must have a basic proficiency with Microsoft Management Console (MMC) and snap-ins and know how to start

administrative programs and access the command line. If operators are not familiar with DNS, it might be necessary for IT planners or managers to review the relevant

operations in this guide and provide the operators with parameters or data that must be entered when the operations are performed.

How to Use This GuideThe operations areas are divided into the following types of content:

Objectives are high-level goals for managing, monitoring, optimizing, and securing DNS. Each objective consists of one or more high-level tasks that describe how

the objective is accomplished. In this guide, Managing Domain Name System Serversis an example of an objective.

Tasks are used to group related procedures and provide general guidance for achieving the goals of an objective. In this guide, Modifying an Existing DNS Serveris

an example of a task.

Procedures provide step-by-step instructions for completing tasks. In this guide, Change the name-checking method of a DNS serveris an example of a procedure.

If you are an IT manager who will be delegating tasks to operators in your organization, you will want to:

Read through the objectives and tasks to determine how to delegate permissions and whether you need to install tools before operators perform the procedures

for each task.

Before assigning tasks to individual operators, ensure that you have all the tools installed where operators can use them.

When necessary, create tear sheets for each task that operators perform in your organization. Cut and paste the task and its related procedures into a separate

document and then either print these documents or store them online, depending on the preference of your organization.

http://technet.microsoft.com/en-us/library/cc778087(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc778087(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc781585(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc756953(v=ws.10).aspx


8/255

Managing DNS



This guide describes processes and procedures for improving the management of Windows Server 2003 Domain Name System (DNS) in your network infrastructure.

Ensuring that DNS is functioning properly helps increase system availability for your users.

The following tasks for managing DNS are described in this objective:

Managing Domain Name System Servers

Managing Domain Name System Clients

Managing Domain Name System Zones

Managing DNS Resource Records

http://technet.microsoft.com/en-us/library/cc781268(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc779614(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc737828(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc756953(v=ws.10).aspx


9/255

Managing Domain Name System Servers



The following tasks for managing Domain Name System (DNS) servers are described in this objective:

Adding a Primary DNS Server to an Existing Zone

Adding a Secondary DNS Server

Modifying an Existing DNS Server

Using Forwarders to Manage DNS Servers

Removing a DNS Server from the Network

Using DNS Aging and Scavenging

http://technet.microsoft.com/en-us/library/cc757041(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc782669(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc737178(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc781585(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc776953(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc784330(v=ws.10).aspx


10/255

Adding a Primary DNS Server to an Existing Zone



If you are installing Domain Name System (DNS) with Active Directory, use the Active Directory Installation Wizard option to automatically install and configure a local DNS

server. This option installs the DNS Server service on the computer where you are running the wizard, and it configures the computer's preferred DNS server setting to use

the new local DNS server. Configure any other computers that join this domain to use this DNS server's Internet Protocol (IP) address as their preferred DNS server.

If you are installing DNS on a member server, use the procedures in this task.

It is recommended that you manually configure the computer to use a static IP address. If the DNS server is configured to use Dynamic Host Configuration Protocol

DHCPassigned dynamic addresses, when the DHCP server assigns a new IP address to the DNS server, the DNS clients that are configured to use that DNS server's

previous IP address will be unable to resolve the previous IP address and locate the DNS server.

After you install a DNS server, you can decide how to administer it and its zones. Although you can use a text editor to make changes to server boot and zone files, this

method is not recommended. The DNS console and the DNS command-line tool, Dnscmd, simplify maintenance of these files, and they should be used whenever possible.

After you begin managing these files by using the console or the command line, editing them manually is not recommended.

You can administer DNS zones that are stored in Active Directory by using the DNS console or the Dnscmd command-line tool only. These zones cannot be administered

by using a text editor.

If you uninstall a DNS server that hosts Active Directory-integrated zones, these zones are saved or deleted according to their storage type. For all storage types, the zone

data is stored on other domain controllers or DNS servers. It is not deleted unless the DNS server that you uninstall is the last DNS server hosting that zone.

If you uninstall a DNS server hosting standard DNS zones, the zone files will remain in the systemroot\system32\Dns directory, but they will not be reloaded if the DNS

server is reinstalled. If you create a new zone with the same name as an old zone, the old zone file is replaced with the new zone file.

When they write DNS server boot and zone data to text files, DNS servers use the Berkeley Internet Name Domain (BIND) file format that is recognized by legacy BIND 4

servers, not the more recent BIND 8 format.

Complete this task after you determine that you need to add a primary DNS server to your environment. For more information about planning a DNS infrastructure, see

Deploying Domain Name System (DNS)on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=45677).

To complete this task, perform one the following procedures:

Install a new DNS server

Configure a DNS server

See AlsoOther ResourcesDeploying Domain Name System (DNS)

http://go.microsoft.com/fwlink/?LinkId=45677http://go.microsoft.com/fwlink/?LinkId=45677http://technet.microsoft.com/en-us/library/cc736696(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc779205(v=ws.10).aspxhttp://go.microsoft.com/fwlink/?LinkId=45677


11/255

Install a new DNS server



You can use this procedure to install Domain Name System (DNS) on a member server, which makes that server a DNS server.

Administrative credentials

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the

computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as

command to perform this procedure.

Installing a new DNS serverTo install a DNS server

1. Open the Windows Components Wizard.

2. In Components, select the Networking Servicescheck box, and then click Details.

3. In Subcomponents of Networking Services, select the Domain Name System (DNS)check box, click OK, and then click Next.

4. If you are prompted to do so, in Copy files from, type the full path to the installation location, and then click OK.

Required files are copied to your hard disk.

Note

To open the Windows Components Wizard, click Start, point to Control Panel, click Add or Remove Programs, and then click Add/Remove Windows Components.



12/255

Configure a DNS server



You can use these procedures to configure a new Domain Name System (DNS) server. When you finish configuring the server, you may need to complete additional tasks,

such as enabling dynamic updates for its zones or adding resource records to its zones. See the other tasks in this guide to determine whether they are appropriate for

your environment.

You can perform this procedure by using the DNS snap-in or by using the Dnscmd tool at the command line.





Configuring a DNS server

Using the Windows interface

Using a command line

To configure a DNS server using the Windows interface

1. Open the DNS snap-in.

2. If necessary, add the applicable server to the console and connect to it.

3. In the console tree, click the applicable DNS server.

Where?

DNS/Applicable DNS server

4. On the Actionmenu, click Configure a DNS Server.

5. Follow the instructions in the Configure a DNS Server Wizard.

Note

To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.

To configure a DNS server using the command line

At a command prompt,type the following command, and then press ENTER:

dnscmd ServerName/Config{ZoneName|..AllZones} Property{1|0}

Value Description

dnscmd Specifies the name of the command-line tool.

ServerName Required. Specifies the DNS host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To

specify the DNS server on the local computer, you can also type a period (.).

/Config Specifies the configuration command.

{ZoneName|..AllZones} Specifies the name of the zone to be configured. To apply the configuration for all zones that are hosted by the specified DNS server,

type ..AllZones.

Property Specifies the server property or zone property to be configured. There are different properties available for servers and zones. For a

list of the available properties, at a command prompt type: dnscmd/Config /help.

{1|0} Sets configuration options to either 1(on) or 0(off). Note that some server and zone properties must be reset as part of a more

complex operation.

Note

To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command Prompt.



13/255

Adding a Secondary DNS Server



Domain Name System (DNS) design specifications recommend that at least two DNS servers be used to host each zone. For standard, primary zones, a secondary server

is required to add and configure the zone so that it appears to other DNS servers in the network. For directory-integrated, primary zones, secondary servers are

supported but not required for this purpose. For example, two DNS servers running on domain controllers can be redundant primary servers for a zone. They can provide

the same benefits as adding a secondary server while also providing additional benefits.

Secondary servers can be used to offload DNS query traffic in areas of the network where a zone is heavily queried. In addition, if a primary server is unavailable, a

secondary server can provide some name resolution in the zone until the primary server is available.

If you add a secondary server, try to locate it as close as possible to clients that have a high demand for names that are used in the zone. Also, consider placing secondary

servers across a router, either on other subnets (if you use a routed local area network (LAN)) or across wide area network (WAN) links. This constitutes a good use of a

secondary server as a local backup in scenarios in which an intermediate network link becomes the point of failure between DNS servers and clients that use the zone.

Because a primary server always maintains the master copy of updates and changes to the zone, a secondary server relies on DNS zone transfer mechanisms to obtain its

information and keep the information current. Issues such as zone transfer methods using either full or incremental zone transfers are more applicable when you use

secondary servers.

When you consider the impact of zone transfers that are caused by secondary servers, consider their advantage as a backup source of information, and measure this

against the added cost that they impose on your network infrastructure. A simple rule is that for each secondary server that you add, network usage (because of added

zone replication traffic) increases, and so does the time that is required to synchronize the zone at all secondary servers.

Secondary servers are used most heavily for forward lookup zones. If you are using reverse lookup zones, it is not necessary to add as many secondary servers for thosezones. Typically, a secondary server for a reverse lookup zone is not used outside the network and subnet that correspond to the reverse zone.

To complete this task, perform the following procedure:

Add a secondary server to a zone

http://technet.microsoft.com/en-us/library/cc779571(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc779571(v=ws.10).aspx


14/255

Add a secondary server to a zone

Published: March 2, 2005

Updated: November 18, 2009


To add a secondary server to an existing zone, you must have network access to the server that acts as the master server for this server and its use of the zone. The

master server acts as the source for zone data. It is contacted periodically to assist in renewing the zone and to transfer zone updates whenever they are needed.

You can perform this procedure by using the DNS console or by using the Dnscmd command-line tool. This procedure can be performed on the secondary DNS server, or

on a computer with permission to manage the secondary DNS server. To add a secondary server to multiple zones, you must repeat this procedure for each zone.

Important

Before you add a secondary server to a zone, you must allow zone transfers from the primary to the secondary server. For more information, see Modify DNS zone

transfer settings.





Adding a secondary server to a zone


Using the command line

To add a secondary server to a zone using the Windows interface

1. Click Start, point to Administrative Tools, and then click DNS.

2. In the console tree, click the applicable Domain Name System (DNS) server.

3. On the Actionmenu, click New Zone.

4. Follow the instructions in the New Zone Wizard. When you add the zone, select Secondary zoneas the zone type.

To add a secondary server to a zone using the command line

At a command prompt, type the following command, and then press ENTER:

Dnscmd ServerName/ZoneAddZoneName/Secondary MasterIPaddress... [/file FileName]

Value Description

ServerName Specifies the DNS host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To specify the DNS

server on the local computer, you can also type a period (.).

ZoneName Specifies the fully qualified domain name (FQDN) of the secondary zone that you are adding. The zone name must be the same as the name of

the primary zone from which the secondary zone is created.

MasterIPaddress Specifies one or more IP addresses for the secondary zone master servers, from which it copies zone data.

FileName Specifies the name of the file to use for creating the secondary zone.

In the following example, zone transfers are first allowed from the primary DNS server primarydns.contoso.comat 10.0.0.2to the secondary server

secondarydns.contoso.comat 11.0.0.2. Next, the secondary DNS server is added to the zone secondtest.contoso.com.

Dnscmdprimarydns.contoso.com/zoneresetsecondaries secondtest.contoso.com/securelist 11.0.0.2

Dnscmd secondarydns.contoso.com/zoneadd secondtest.contoso.com/secondary 10.0.0.2

For more information about using dnscmd, see Dnscmd Syntax.

http://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc756116(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspx


15/255

Modifying an Existing DNS Server



You mayneed to modify or update the configuration of your Domain Name System (DNS) servers for various reasons. For example, you may need to change the name-

checkingmethod of a DNS server to allow the DNS server to resolve nonRequest for Comments RFCcompliant names. In addition, you may need to modify or update a

DNS server in the process of troubleshooting or optimizing it.

Task requirements

To begin this task, perform the following requirements:

Install Dnscmd.

To complete this task, perform one of the following procedures:

Start, stop, pause, or restart a DNS server

Manually update DNS server data files

Clear the DNS server names cache

Change the boot method of a DNS server

Change the name-checking method of a DNS server

Restore DNS server default preferences

See AlsoOther ResourcesDeploying Domain Name System (DNS)

http://technet.microsoft.com/en-us/library/cc779173(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc785651(v=ws.10).aspxhttp://go.microsoft.com/fwlink/?LinkId=45677http://go.microsoft.com/fwlink/?LinkId=45677http://technet.microsoft.com/en-us/library/cc737835(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc778087(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc785651(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc779173(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc781498(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc776431(v=ws.10).aspx


16/255

Start, stop, pause, or restart a DNS server



You can use the following procedure to start, stop, pause, or restart Domain Name System (DNS).





To start, stop, pause, or restart a DNS server



3. On the Actionmenu, point to All Tasks, and then click one of the following:

To start the DNS service on this server, click Start.

To stop the DNS service on this server, click Stop.

To interrupt the DNS service on this server, click Pause.

To stop and then automatically restart the DNS service on this server, click Restart.

Note

To open the DNS management console, click Start, point to Administrative Tools, and then click DNS.

Note

If you want to resume the service after you pause or stop it, on the Actionmenu, point to All Tasks, and then click Resumeto immediately resume the service.



17/255

Manually update DNS server data files



You can perform this procedure by using the DNS snap-in or by using the Dnscmd command-line tool. Use the DNS snap-in for standard Domain Name System (DNS)

zones and the Dnscmd command-line tool for Active Directoryintegrated zones.





Manually updating DNS server data files



To manually update DNS server data files using the Windows interface



3. On the Actionmenu, click Update Server Data Files.

Note


To manually update DNS server data files using the command line


dnscmd ServerName/ZoneUpdateFromDsZoneName

Value Description

ServerName Specifies the DNS host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To specify the DNS server

on the local computer, you can also type a period (.)

ZoneName Specifies the name of the zone to which you want to set aging and scavenging.



18/255

Clear the DNS server names cache



You can perform this procedure by using the DNS snap-in or by using the Dnscmd command-line tool.

Clearing the DNS server names cache



To clear the DNS server names cache using the Windows interface


2. In the console tree, click the applicable Domain Name System (DNS) server.

3. On the Actionmenu, click Clear Cache.

Note


To clear the DNS server names cache using the command line

At a command prompt, type the following, and then press ENTER:

dnscmd ServerName/clearcache

Value Description





19/255

Change the boot method of a DNS server



By default, Domain Name System (DNS) servers use information that is stored in the registry to initialize the service and load any zone data for use at the server. In

addition, you can configure the DNS server to boot from a file. Or, in Active Directory environments, you can supplement local registry data with zone data that is retrieved

for directory-integrated zones that are stored in the Active Directory database. If you use the file method, the file must be a text file named Boot, which is located on the

computer in the %Systemroot%\Windows\System32\Dns folder.





To change the boot method of a DNS server


2. In the console tree, right-click the applicable DNS server, and then click Properties.

3. Click the Advancedtab.

4. In the Load zone data on startuplist, select one of the following:

From registry

From file

From Active Directory and registry

Note




20/255

Change the name-checking method of a DNS server



The DNS Server service supports three different possible methods for checking the names that it receives and processes during normal operations:

Strict RFC ANSI

: This method strictly enforces Request for Comments RFC

compliant naming rules for all Domain Name System DNS

names that the server

processes. Names that are not RFC compliant are treated as erred data by the DNS server.

Non RFC (ANSI): This method allows names that are not RFC compliant, such as names that use American Standard Code for Information Interchange (ASCII)

characters but are not compliant with RFC host naming requirements, to be used with the DNS server.

Multibyte (UTF8): This method allows names that use the Unicode 8-bit translation encoding scheme, which is a proposed RFC draft, to be used with the DNS server.

By default, the DNS server uses the Multibyte (UTF8) method to check names.





To change the name-checking method of a DNS server


2. In the console tree, right-click the applicable DNS server, and then click Properties.


4. In the Name checkinglist, click Strict RFC (ANSI), Non RFC (ANSI), Multibyte (UTF8), or All names.

All namesenables all three name-checking methods.

Note




21/255

Restore DNS server default preferences



You can use the following procedure to configure the Domain Name System (DNS) server with the initial configuration settings that it had following installation. These initial

configuration settings are listed in the following table.

Property Settings

Disable recursion Off

BIND secondaries On

Fail on load if bad zone data Off

Enable round robin On

Enable netmask ordering On

Secure cache against pollution On

Name checking Multibyte (UTF8)

Load zone data on startup From Active Directory and registry

Enable automatic scavenging of stale records Off





To restore DNS server default preferences


2. In the console tree, right-click the applicable DNS server, then click Properties.


4. Click Reset to Default, and then click OK.

Note




22/255

Using Forwarders to Manage DNS Servers



If you want to use forwarders to manage the Domain Name System (DNS) traffic between your network and the Internet, configure your network firewall to allow only one

DNS server to communicate with the Internet. When you have configured the other DNS servers in your network to forward queries that they cannot resolve locally to that

DNS server, it will act as your forwarder.

Consider the following tips for efficient forwarder configuration and use:

Keep forwarder configuration uncomplicated.For every DNS server that is configured with a forwarder, queries can be sent to a number of different places. Each

forwarder and each conditional forwarder must be administered for the benefit of DNS client queries, and this process can be time consuming. Use forwarders

strategically where they are needed the most for example, for resolving offsite queries or for sharing information between namespaces.

Avoid chaining your forwarders.If you have configured a DNS server named server1 to forward queries for wingtiptoys.corp.com to DNS server server2, do not

configure server2 to forward queries for wingtiptoys.corp.com to DNS server server3. This is an inefficient resolution process, and it can result in errors if server3 is

accidentally configured to forward queries for wingtiptoys.corp.com to server1.

Do not concentrate too great a load on forwarders.The recursive queries that forwarders send to the Internet can require a significant amount of time to answer

because of the nature of the Internet. When large numbers of internal DNS servers use these forwarders for Internet queries, the server can experience a substantial

concentration of network traffic. If network load is an issue, use more than one forwarder and distribute the load between them.

Do not create inefficient resolution by using forwarders. The DNS server attempts to forward domain names according to the order in which the domain names

are configured in the DNS console. For example, a DNS server in Seattle may be incorrectly configured to forward a query to a server in London, instead of another

server in Seattle, because the server in London is higher up in the forwarders list. This decreases the efficiency of name resolution on the network. Evaluate yournetwork's forwarding configurations periodically to see if there are similar, inefficient configurations.

To complete this task, perform the following procedure:

Configure forwarders for a DNS server



23/255

Configure forwarders for a DNS server



If you use this procedure to configure a conditional forwarder, note that you cannot use a domain name in a conditional forwarder if the DNS server hosts a primary zone,

secondary zone, or stub zone for that domain name. For example, if a DNS server is authoritative for the domain name wingtiptoys.corp.com (that is, it hosts the primary

zone for that domain name), you cannot configure that DNS server with a conditional forwarder for wingtiptoys.corp.com.






Configuring forwarders for a DNS server



To configure forwarders for a DNS server using the Windows graphical user interface



3. On the Actionmenu, click Properties.

4. On the Forwarderstab, under DNS domain, click a domain name.

Note

To create a new domain name, click New, and then, under DNS domain, type the domain name.

5. Under Selected domain's forwarder IP address list, type the Internet Protocol (IP) address of a forwarder, and then click Add.

Note

When you specify a conditional forwarder, select a DNS domain name before you enter an IP address.

6. By default, the DNS server waits five seconds for a response from one forwarder IP address before trying another forwarder IP address. In Number of seconds

before forward queries time out, you can change the number of seconds that the DNS server waits. If the overall recursion timeout (by default, 15 seconds) is

exceeded before all forwarders are exhausted, the DNS server fails the query. If the overall recursion timeout has not been exceeded and the server exhausts all

forwarders, it attempts standard recursion.

7. If you want the DNS server to only use forwarders and not attempt any further recursion if the forwarders fail, select the Do not use recursion for this domain

check box.

Note

You can disable recursion for the DNS server so that it does not perform recursion on any query. If you disable recursion on the DNS server, you will not be able

to use forwarders on the same server.

Note


To configure forwarders for a DNS server using the command line


dnscmd ServerName/ZoneAddZoneName/Forwarder MasterIPaddress [/TimeOut Time][/Slave]

Value Description

ServerName Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local

computer, you can also type a period (.).

ZoneName Specifies the fully qualified domain name (FQDN) of the zone.

MasterIPaddress Specifies a space-separated list of one or more IP addresses of the DNS servers where queries for ZoneName are forwarded. You can specify


24/255

a list of space-separated IP addresses.

Time Specifies the value for the/TimeOut parameter. The value is in seconds. The default timeout is five seconds.



25/255

Removing a DNS Server from the Network



To remove a DNS server from the network, perform the following procedures to make changes in zones where the server is configured as an authoritative server for the

zone:

1. Use the Delete a resource recordprocedure to remove the address (A) resource record for the server.

2. Use the Modify an existing resource recordprocedure to update the name server (NS) records, in zones where the server is configured as authoritative, to no

longer include the server by name (as it appeared in the A record that was deleted in procedure 1).

3. If the server is the primary server for a standard zone, use the Modify the SOA record for a zoneprocedure to revise the owner field of the start of authority (SOA)

resource record for the zone to point to the new primary DNS server for the zone. (If the zone is a directory-integrated zone, this procedure is not necessary.)

4. Use the Verify a zone delegationprocedure to check the parent zone to ensure that any records (NS or A resource records) that are used for delegation to the

zone are revised and that they no longer point to the removed server.

http://technet.microsoft.com/en-us/library/cc783657(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc785160(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc759022(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/dd256931(v=ws.10).aspx


26/255

Delete a resource record


You can use the following procedure to delete a resource record from a zone. Pointer (PTR) resource records are deleted automatically if the corresponding address (A)

resource record is deleted.






Deleting a resource record



To delete a resource record using the Windows interface


2. In the console tree, click the applicable zone.

3. In the details pane, right-click the resource record that you want to delete, and then click Delete.

4. When you are asked to confirm that you want to delete the selected resource record, click OK.

Note


To delete a resource record using the command line


dnscmd ServerName/RecordDeleteZoneName NodeName RRType RRData[/f]

Value Description

ServerName Required. Specifies the Domain Name System (DNS) host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS

server. To specify the DNS server on the local computer, you can also type a period (.).

/RecordDelete Required. Deletes a resource record.

ZoneName Required. Specifies the fully qualified domain name (FQDN) of the zone.

NodeName Required. Specifies the FQDN of the node in the DNS namespace. You can also type the node name relative to the ZoneNameor @, which specifies

the zone's root node.

RRTypeRRData

Required. Specifies the type of resource record to add, followed by the data to be contained in the resource record.

Resource record type Resource record data

A IPAddress

NS,CNAME,MB,MD,PTR,MF,MG,MR HostName|DomainName

MX,RT,AFSDB PreferenceServerName

SRV Priority Weight Port HostName

SOA PrimSvr Admin Serial#\ Refresh Retry Expire MinTTL

AAAA Ipv6Address


27/255

TXT,X25,HINFO,ISDN String [String]

MINFO,RP MailboxName ErrMailboxName

WKS Protocol IPAddress Service...

WINS MapFlag LookupTimeout CacheTimeout IPAddress...

WINSR MapFlag LookupTimeout CacheTimeout RstDomainName

Value Description

IPAddress Specifies a standard IP address, for example, 255.255.255.255.

ipv6Address Specifies a standard IPv6 address, for example, 1:2:3:4:5:6:7:8.

Protocol Specifies the transmission protocol: UDP or TCP.

Service Specifies a standard service, for example, domain, smtp.

HostName|DomainName Specifies the FQDN of a resource record that is located in the DNS namespace.

/f Specifies that the command is executed without asking for confirmation. If you omit this parameter, you are prompted to confirm the deletion

of the resource record.



28/255

Modify an existing resource record


You can use the following procedure to modify an existing resource record in a zone. You can perform this procedure by using the DNS snap-in or by using the Dnscmd

command-line tool.





Modifying an existing resource record



To modify an existing resource record using the Windows interface



3. In the details pane, right-click the resource record that you want to modify, and then click Properties.

4. In Properties, edit the properties that can be modified.

If necessary, you can view and modify advanced resource record properties with the DNS snap-in. To display advanced properties, on the Viewmenu, click

Advanced.

5. When you have finished modifying the record, click OK.

Note

When advanced view options are enabled, you can modify additional settings for an existing resource record, such as its record-specific Time to Live (TTL).

Note


To modify an existing resource record using the command line


dnscmd ServerName/RecordAddZoneNameNodeName[/Aging] [/OpenAcl] [Ttl] RRTypeRRData

Value Description


server. To specify the DNS server on the local computer, you can also type a period (.).

/RecordAdd Required. Adds a new resource record.


NodeName Required. Specifies the FQDN of the node in the DNS namespace. You can also type the node name relative to the ZoneNameor @, which

specifies the zone's root node.

RRType

RRData

Required. Specifies the type of resource record to add, followed by the data to be contained in the resource record.

Resource record type Resource record data

A IPAddress

NS,CNAME,MB,MD,PTR,MF,MG,MR HostName|DomainName

MX,RT,AFSDB Preference ServerName

SRV Priority Weight Port HostName


29/255

SOA PrimSvr Admin Serial#\ Refresh Retry Expire MinTTL

AAAA Ipv6Address

TXT,X25,HINFO,ISDN String [String]

MINFO,RP MailboxName ErrMailboxName

WKS Protocol IPAddress Service...

WINS MapFlag LookupTimeout CacheTimeout IPAddress...

WINSR MapFlag LookupTimeout CacheTimeout RstDomainName

Value Description

IPAddress Specifies a standard IP address, for example, 255.255.255.255.

ipv6Address Specifies a standard IPv6 address, for example, 1:2:3:4:5:6:7:8.

Protocol Specifies the transmission protocol: UDP or TCP.

Service Specifies a standard service, for example, domain, smtp.

HostName|DomainName Specifies the FQDN of a resource record that is located in the DNS namespace.



30/255

Modify the SOA record for a zone


You can use this procedure to change settings for the start of authority (SOA) resource record for a zone. The settings that are applied for the SOA record affect how zone

transfers are made between servers.






Modifying the SOA record for a zone


Using a command line

To modify the SOA record for a zone using the Windows interface


2. In the console tree, right-click the applicable zone, and then click Properties.

3. Click the Start of Authority (SOA)tab.

4. Modify the properties for the SOA record as needed.

Note


To modify the SOA record for a zone using the command line


dnscmd ServerName/RecordAddZoneName NodeName[/Aging] [Ttl] SOAPrimSvrAdmin Serial#\ Refresh Retry Expire MinTTL

Value Description


server. To specify the DNS server on the local computer, you can also type a period (.)

/RecordAdd Required. Adds or modifies a resource record.


NodeName Required. Specifies the FQDN of the node in the DNS namespace for which the SOA record is added. You can also type the node name relative to

theZoneName, or you can type @, which specifies the zone's root node.

/Aging Specifies that this resource record is able to be aged and scavenged. If this parameter is not used, the resource record remains in the DNS

database unless it is manually updated or removed.

Ttl Specifies the Time to Live (TTL) setting for the resource record. The default TTL is defined in SOA resource record.

SOA Required. Specifies the type of resource record that you are modifying.

/OpenAcl Specifies that new records are open to modification by any user. Without this parameter, only administrators may modify the new record.

PrimSvr Required. Specifies the FQDN name of the server that is the primary source for information about the zone, for example,

nameserver.place.sales.wingtiptoys.com..

Admin Required. Specifies the name of the DNS administrator for the zone, for example, postmaster.nameserver.place.sales.wingtiptoys.com..

Serial#\ Required. Specifies the version information for the zone.

Refresh Required. Specifies the refresh interval for the zone. The standard setting is 3600 seconds (one hour).

Retry Required. Specifies the retry interval for the zone. The standard setting is 600 seconds (10 minutes).

Expire Required. Specifies the expire interval for the zone. The standard setting is 86400 seconds (one day).


31/255

MinTTL Required. Specifies the minimum TTL value. This is the length of time that is used by other DNS servers to determine how long to cache

information for a record in the zone before expiring and discarding it. The standard setting is 3600 seconds (one hour).

Note

To modify any specific SOA record's values using Dnscmd, you must specify all the SOA values (PrimSvr Admin Serial#\ Refresh Retry Expire MinTTL).



32/255

Verify a zone delegation



You do not need administrative credentials to perform this task. Therefore, as a security best practice, consider performing this task as a user without administrative

credentials.

To verify a zone delegation

1. At a command prompt, type the following command, and then press ENTER:

nslookup RootServerIpAddress

2. Type the following command, and then press ENTER:

nslookup

3. At the next prompt, type the following command, and then press ENTER:

set norecurse

4. At the next prompt, type the following command, and then press ENTER:

set q=NS

5. Type the fully qualified domain name (FQDN) for the failed name.

Use the trailing period (.) when you type the name. If zone delegations are set correctly, a list of name server (NS) resource records for delegated servers is

returned in the response.

6. If the NS query response contains no names or Internet Protocol (IP) addresses for delegated servers, type q=ns, and then query again using the FQDN for the

parent zone of the failed name.

For example, if the failed name that you used in the previous step was sales.wingtiptoys.com, query for wingtiptoys.com.

7. If the response contains NS resource records, but no host address (A) resource records, type set recurse, and then query individually for any of the A resource

records of the servers that are listed in the NS resource records.

If, for each NS resource record that you encounter in a zone, you do not find at least one valid IP address in an A resource record, you have a broken delegation.

8. Either fix the broken delegation or retry the delegation test that is described in the previous step and use a different IP address.

If more than one A resource record or IP address is found, use it to repeat the delegation test described in the previous step. To fix a delegation, add or update an

A resource record in the parent zone with a valid IP address for a correct DNS server for the delegated zone.

Value Description

RootServerIpAddress The IP address of a valid root server for your network.

set norecursion Instructs the root server to not perform recursion on your query.

set q=NS Sends the query for NS resource records to the root server.



33/255

Using DNS Aging and Scavenging



Aging and scavenging of stale resource records are features of Domain Name System (DNS) that are available when you deploy your server with primary zones.

Where aging and scavenging are available, you can use the DNS snap-in to perform the following related tasks for your DNS servers and any directory-integrated zones

that they load:

Enable or disable the use of scavenging at a DNS server

Enable or disable the use of scavenging for selected zones at the DNS server

Modify the no-refresh interval, either as a server default or by specifying an overriding value at selected zones

Modify the refresh interval, either as a server default or by specifying an overriding value at selected zones

Specify whether periodic scavenging occurs automatically at the DNS server for any of its eligible zones and how often these operations are repeated

Manually initiate a single scavenging operation for all eligible zones at the DNS server

View other related properties, such as the time stamp for individual resource records or the start-scavenging time for a specified zone

Enabling Scavenging of Stale Resource RecordsBy default, aging and scavenging features are disabled on all DNS servers and any of their zones. Before using these features, you should configure the following settings

for the applicable server and its directory-integrated zones:

Server aging and scavenging properties for determining the use of these features on a server-wide basis. These settings are used to determine the affect of

zone-level properties for any directory-integrated zones that are loaded at the server. For more information, see Set aging and scavenging properties for a DNS

server.

Zone aging and scavenging properties for determining the use of these features on a per zone basis. When zone-specific properties are set for a selected

zone, these settings apply only to the applicable zone and its resource records. Unless these zone-level properties are otherwise configured, they inherit their

defaults from comparable settings that are maintained in server aging and scavenging properties. For more information, see Set aging and scavenging properties

for a zone.

Caution Enabling aging and scavenging for use with standard primary zones modifies the format of zone files. This change does not affect zone replication to

secondary servers, but the modified zone files cannot be loaded by other versions of DNS servers.

Modifying No-refresh IntervalsWhen the no-refresh interval is in effect for a specific resource record, attempts to dynamically refresh its time stamp are suppressed by the DNS server. This aspect of the

aging and scavenging mechanism prevents unnecessary refreshes from being processed by the server for aged resource records. These early refresh attempts, if not

handled in this way, might otherwise increase Active Directory replication traffic related to processing DNS zone changes.

To ensure that records do not refresh prematurely, keep the no-refresh interval comparable in length to the current refresh interval for each resource record. For example,

if you increase the refresh interval to a higher value, you can similarly increase the no-refresh interval.

In most instances, the default interval of seven days is sufficient and does not need to be changed.

Modifying Refresh IntervalsWhen the refresh interval is in effect for a resource record, attempts to dynamically refresh its time stamp are accepted and processed by the DNS server. When you set

this interval, it is important that the length of time used be greater than the maximum possible refresh period for any resource records that are contained in the zone. This

period is equal to the maximum amount of time that it might take the record to be refreshed under normal network conditions, based on the specific source generatingthe record refresh.

For example, the following table shows default refresh periods for various services that are known to register and refresh records dynamically in DNS.

Service Default refresh period

Net

logon

24 hours

Clustering 24 hours

DHCP

client

24 hours

The DHCP Client service sends dynamic updates for the DNS records. This includes both computers that obtain a leased Internet Protocol (IP) address byusing Dynamic Host Configuration Protocol (DHCP) and computers that are configured statically for TCP/IP.

DHCP

server

Four days (half of the lease interval, which is eight days by default).

Refresh attempts are made only by DHCP servers that are configured to perform DNS dynamic updates on behalf of their clients, for example,

Windows 2000 Server DHCP servers and Windows Server 2003 DHCP servers. The period is based on the frequency in which DHCP clients renew their IP

address leases with the server. Typically, this occurs when 50 percent of the scope lease time has elapsed. If the DNS default scope lease duration of eight


34/255

days is used, the maximum refresh period for records that are updated by DHCP servers on behalf of clients is four days.

By default, the refresh interval is seven days. In most instances, this value is sufficient and does not need to be changed, unless any resource records in the zone are

refreshed less often than once every seven days.

Automated and Manually Initiated ScavengingAlthough scavenging start time and other factors determine when zones and records are actually eligible for scavenging, you can initiate scavenging by using either of two

methods:

Automatic scavenging.Automatic scavenging specifies that aging and scavenging of stale records is to be performed automatically by the server for any eligible

zones at a recurring interval that is specified as the scavenging period. When you use automatic scavenging, the default scavenging period is one day, and the

minimum allowed value that you can use for the scavenging period is one hour. For more information, see Configure automatic scavenging of stale resource

records.

Manual scavenging.Manual scavenging specifies that aging and scavenging of stale records is to be performed as a nonrecurring operation for any eligible zones

at the server. For more information, see Start scavenging of stale resource records.

Modifying Time-Stamp ValuesFor resource records that are not added dynamically to DNS zone data, a record time-stamp value of zero is applied, which prevents these records from aging or removal

during scavenging.

You can, however, reset record properties manually to enable any statically entered records to qualify for the aging and scavenging process. If you do this, the record will

be deleted based on the modified time-stamp value, at which point you might need to re-create a record if it is still needed.

For more information, see Reset aging and scavenging properties for a specific resource record.

To complete this task, perform the following procedures:

1. Set aging and scavenging properties for a DNS server

2. Set aging and scavenging properties for a zone

3. Configure automatic scavenging of stale resource records

4. Start scavenging of stale resource records

5. Reset aging and scavenging properties for a specific resource record

http://technet.microsoft.com/en-us/library/cc756721(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc784992(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc784992(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc784992(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc756721(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc785397(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc779811(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc775663(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc784992(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc756721(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc785397(v=ws.10).aspx


35/255

Set aging and scavenging properties for a DNS server



The settings for server aging and scavenging properties determine the effect of zone-level properties for any directory-integrated zones that are loaded at the server.






Setting aging and scavenging properties for a DNS server



To set aging and scavenging properties for a DNS server using the Windows interface


2. In the console tree, right-click the applicable Domain Name System (DNS) server, and then click Set Aging/Scavenging for All Zones.

3. Select the Scavenge stale resource recordscheck box.

4. Modify other aging and scavenging properties as needed

Note


To set aging and scavenging properties for a DNS server using the command line


dnscmd ServerName/Config{/ScavengingInterval Value|/DefaultAgingState Value|/DefaultNoRefreshInterval Value|/DefaultRefreshInterval Value}

Value Description



Value For/ScavengingInterval, type a value in hours. The default is 168 hours (one week). For /DefaultAgingState, type 1to enable aging for new

zones when they are created. Type 0 to disable aging for new zones. For/DefaultNoRefreshInterval, type a value in hours. The default is

168 hours (one week). For/DefaultRefreshInterval , type a value in hours. The default is 168 hours (one week).



36/255

Set aging and scavenging properties for a zone



The settings for zone aging and scavenging properties determine the use of these features on a per-zone basis. When you set zone-specific properties for a selected

zone, these settings apply only to the applicable zone and its resource records. Unless these zone-level properties are otherwise configured, they inherit their defaults

from comparable settings that are maintained in server aging and scavenging properties.






Setting aging and scavenging properties for a zone



To set aging and scavenging properties for a zone using the Windows interface


2. Inthe console tree, right-click the applicable zone, and then click Properties.

3. On the Generaltab, click Aging.

4. Select the Scavenge stale resource recordscheck box.

5. Modify other aging and scavenging properties as needed.

Note


To set aging and scavenging properties for a zone using the command line


dnscmd ServerName/Config{ZoneName|..AllZones} {/Aging Value|/RefreshInterval Value|/NoRefreshInterval Value}

Value Description

ServerName Specifies the Domain Name System (DNS) host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS

server. To specify the DNS server on the local computer, you can also type a period (.)

ZoneName|..AllZones Specifies the name of the zone to which you want to set aging and scavenging. To apply the operation to all zones, use ..AllZones.

Value For/Aging, type 1to enable aging. Type 0to disable aging. For/RefreshInterval, type a value in hours. The default setting is 168 hours

(one week). For/NoRefreshInterval, type a value in seconds. The standard setting is 3600 seconds (one hour).



37/255

Configure automatic scavenging of stale resource records







To configure automatic scavenging of stale resource records


2. In the console tree, right-click the applicable Domain Name System (DNS) server, and then click Properties.


4. Select the Enable automatic scavenging of stale recordscheck box.

5. To adjust the scavenging period, in Scavenging period, select an interval in the drop-down list (either hours or days), and then type a number in the text box.

Note




38/255

Start scavenging of stale resource records








Starting scavenging of stale resource records



To start scavenging of stale resource records using the Windows interface


2. In the console tree, right-click the applicable Domain Name System (DNS) server, and then click Scavenge Stale Resource Records.

3. When you are prompted to confirm that you want to scavenge all stale resource records on the server, click OK.

Note


To start scavenging of stale resource records using the command line


dnscmd ServerName/StartScavenging

Value Description





39/255

Reset aging and scavenging properties for a specific resourcerecord



This procedure is used only for resource records that are registered dynamically. For records that you add to a zone manually, a time-stamp value of zero always applies

to the record, which excludes it from the scavenging process.

Note

Scavenging and aging properties for name server (NS) and start of authority (SOA) resource records are reset in the properties of the zone, not in the properties of the

resource record.






Resetting aging and scavenging properties for a specific resource recordUsing the Windows interface


To reset aging and scavenging properties for a specific resource record using the Windows interface



3. In the details pane, double-click the resource record for which you want to reset scavenging and aging properties.

4. Depending on the how the resource record was originally added to the zone, do one of the following:

If the record was added dynamically using dynamic update, clear the Delete this record when it becomes stalecheck box to prevent the record's aging or

potential removal during the scavenging process. If dynamic updates to this record continue to occur, the Domain Name System (DNS) server will alwaysreset this check box so that the dynamically updated record can be deleted.

If you added the record manually, select the Delete this record when it becomes stalecheck box to permit the record's aging or potential removal during

the scavenging process.

Note


To reset aging and scavenging properties for a specific resource record using the command line


dnscmd ServerName/Config{ZoneName|..AllZones}/ScavengingInterval Value

Value Description

ServerName Specifies the DNS host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To specify the

DNS server on the local computer, you can also type a period (.)

ZoneName|..AllZones Specifies the fully qualified domain name (FQDN) of the zone. To configure all zones that are hosted on the specified DNS server to

allow dynamic updates, type ..AllZones.

Value The new value for the scavenging interval, specified in hours. The default is 168 hours (one week).



40/255

Managing Domain Name System Clients



The following tasks are described in this objective:

Configuring DNS Client Settings for DNS Operations

Managing the DNS Client Resolver Cache

Renewing DNS Client Registration

http://technet.microsoft.com/en-us/library/cc739658(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc758003(v=ws.10).aspxhttp://technet.microsoft.com/en-us/library/cc779857(v=ws.10).aspx


41/255

Configuring DNS Client Settings for DNS Operations



Domain Name System (DNS) configuration involves the following tasks when TCP/IP properties are configured for each computer:

Setting a DNS computer name or host name for each computer. For example, in the fully qualified domain name (FQDN) wkstn1.sales.wingtiptoys.com., the DNS

computer name is wkstn1.

Setting a primary DNS suffix for the computer, which is placed after the computer n

Infomration on DNS

Documents

Transcript of Infomration on DNS