Configure Internal Root Hints

Updated: October 7, 2009

Applies To: Windows Server 2008 R2

When the DNS Server service is running on a domain controller, root hints are read from Active Directory first. If the DNS Server service is not running on a domain controller or no root hints exist in Active Directory, root hints are implemented using a file, CACHE.DNS, stored in the systemroot\System32\Dns folder on the server computer. This file normally contains the name server (NS) and address (A, AAAA) resource records for the Internet root servers. If you are using the DNS Server service on a private network, you can edit or replace root hints with similar records that point to your own internal root DNS servers. Use the following guidelines for updating root hints:

  • If you operate internal root DNS servers on a private network that is not connected to the Internet, edit or replace root hints to point to your own internal root DNS servers. Delete root hints from your internal root DNS servers.

  • If you do not use internal root DNS servers and your network is not connected to the Internet, delete root hints from all your DNS servers.

  • If internal DNS servers must resolve Internet names, configure an external DNS server as a forwarder on your internal DNS servers. Delete root hints from your internal DNS servers or use internal root hints.

Membership in the Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To update root hints on the DNS server

  1. Click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.

  2. In the console tree, click the name of the DNS server you wish to configure.

  3. On the Action menu, click Properties.

  4. Click the Root Hints tab.

  5. Modify server root hints as follows:

    • To add a root server to the list, click Add, and then specify the name and IP address of the server to be added to the list.

    • To modify a root server in the list, click Edit, and then specify the name and IP address of the server to be modified in the list.

    • To remove a root server from the list, select it in the list, and then click Remove.

    • To copy root hints from a DNS server, click Copy from server, and then specify the IP address of the DNS server from which you want to copy a list of root servers to use in resolving queries. These root hints will not overwrite any existing root hints.

See Also

Concepts

Checklist: Implementing a Secure DNS Configuration