Sign in with
Sign up | Sign in
Your question

DNS & Forwarders

Last response: in Windows 2000/NT
Share
Anonymous
February 15, 2005 12:27:01 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi,

I have a W2k server that is DC & running DNS. I want to set Forwarders to
point to new ISP router. I believe I want to delete the "." root so I can
then setup a Forwarder.

Questions is, if I delete the ".", do I need to do any other setup/config
other than add the forwarder? I don't want this to quit working cause I
deleted the "." & didn't know I needed to do something else.

Thanks in advance for any help or suggestions!
Bill

More about : dns forwarders

Anonymous
February 15, 2005 5:38:50 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

"New to DNS" <New to DNS @discussions.microsoft.com> wrote in message
news:E3928628-2211-4E39-BB75-5D52626F4903@microsoft.com...
> Hi,
>
> I have a W2k server that is DC & running DNS. I want to set Forwarders to
> point to new ISP router. I believe I want to delete the "." root so I can
> then setup a Forwarder.
>
> Questions is, if I delete the ".", do I need to do any other setup/config
> other than add the forwarder? I don't want this to quit working cause I
> deleted the "." & didn't know I needed to do something else.

Delete the root. You don't need it. The only people
who need it have multiple TREES of zones and NO
NEED for Internet resolution. (They know who they are.)

Add your forwarders and CONSIDER checking the box
on the forwarders page that says: Do Not user Recursion

You internal DNS will become dependent on the forwarders
but it will NOT try to visit every DNS server on the world
wide Internet (including EvilHackersWillGetYou.com <grin>)



--
Herb Martin


>
> Thanks in advance for any help or suggestions!
> Bill
Anonymous
February 15, 2005 7:27:02 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

Thank you!

I will do as you suggest!

Best Regards
Bill

"Herb Martin" wrote:

> "New to DNS" <New to DNS @discussions.microsoft.com> wrote in message
> news:E3928628-2211-4E39-BB75-5D52626F4903@microsoft.com...
> > Hi,
> >
> > I have a W2k server that is DC & running DNS. I want to set Forwarders to
> > point to new ISP router. I believe I want to delete the "." root so I can
> > then setup a Forwarder.
> >
> > Questions is, if I delete the ".", do I need to do any other setup/config
> > other than add the forwarder? I don't want this to quit working cause I
> > deleted the "." & didn't know I needed to do something else.
>
> Delete the root. You don't need it. The only people
> who need it have multiple TREES of zones and NO
> NEED for Internet resolution. (They know who they are.)
>
> Add your forwarders and CONSIDER checking the box
> on the forwarders page that says: Do Not user Recursion
>
> You internal DNS will become dependent on the forwarders
> but it will NOT try to visit every DNS server on the world
> wide Internet (including EvilHackersWillGetYou.com <grin>)
>
>
>
> --
> Herb Martin
>
>
> >
> > Thanks in advance for any help or suggestions!
> > Bill
>
>
>
Related resources
Anonymous
February 15, 2005 10:46:04 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:ukIgxpzEFHA.3244@TK2MSFTNGP15.phx.gbl,
Herb Martin <news@LearnQuick.com> commented
Then Kevin replied below:
> Delete the root. You don't need it. The only people
> who need it have multiple TREES of zones and NO
> NEED for Internet resolution. (They know who they are.)

Herb, the existence of a root zone won't stop internet resolution, if all
the TLDs are delegated. Deleting the root zone Windows creates will enable
the root hint servers which by default point to the ICANN Root. There are
other internet roots beside the ICANN root, if you want to resolve those
roots you will need to run their copy of their delegated root zone.


--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
February 15, 2005 10:46:05 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi Kevin,

What I am trying to do is enable Internet access via a DSL router. I
currently have the router IP as the Alternate DNS on my workstations which I
have found causes many problems.

What I want to do is set the Forwarder to my Router IP and not have anything
in my workstation DNS except for the DNS running on my W2k server.

So deleting the "." zone & setting up a forwarder to my Router IP is what I
want and need to do at this point? Will I need to do anything with Root
Hints?

Thank you!
Bill


"Kevin D. Goodknecht Sr. [MVP]" wrote:

> In news:ukIgxpzEFHA.3244@TK2MSFTNGP15.phx.gbl,
> Herb Martin <news@LearnQuick.com> commented
> Then Kevin replied below:
> > Delete the root. You don't need it. The only people
> > who need it have multiple TREES of zones and NO
> > NEED for Internet resolution. (They know who they are.)
>
> Herb, the existence of a root zone won't stop internet resolution, if all
> the TLDs are delegated. Deleting the root zone Windows creates will enable
> the root hint servers which by default point to the ICANN Root. There are
> other internet roots beside the ICANN root, if you want to resolve those
> roots you will need to run their copy of their delegated root zone.
>
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>
Anonymous
February 15, 2005 1:23:13 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:B34DC5E7-E3BE-4655-BFB1-FEE564859638@microsoft.com,
New to DNS <New to DNS@discussions.microsoft.com> commented
Then Kevin replied below:
> Hi Kevin,
>
> What I am trying to do is enable Internet access via a
> DSL router. I currently have the router IP as the
> Alternate DNS on my workstations which I have found
> causes many problems.
>
> What I want to do is set the Forwarder to my Router IP
> and not have anything in my workstation DNS except for
> the DNS running on my W2k server.
>
> So deleting the "." zone & setting up a forwarder to my
> Router IP is what I want and need to do at this point?
> Will I need to do anything with Root Hints?

Deleting the root zone will get you internet access, you shouldn't need to
do anything to the root hints. MS DNS automatically loads the Root Hints for
the ICANN root if you delete the root zone. You can set the router as a
forwarder, and you should only use the DNS server's IP address for DNS,
only. Especially, if you have Active Directory Domain.



--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
February 15, 2005 1:31:05 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi Kevin,

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> In news:B34DC5E7-E3BE-4655-BFB1-FEE564859638@microsoft.com,
> New to DNS <New to DNS@discussions.microsoft.com> commented
> Then Kevin replied below:
> > Hi Kevin,
> >
> > What I am trying to do is enable Internet access via a
> > DSL router. I currently have the router IP as the
> > Alternate DNS on my workstations which I have found
> > causes many problems.
> >
> > What I want to do is set the Forwarder to my Router IP
> > and not have anything in my workstation DNS except for
> > the DNS running on my W2k server.
> >
> > So deleting the "." zone & setting up a forwarder to my
> > Router IP is what I want and need to do at this point?
> > Will I need to do anything with Root Hints?
>
> Deleting the root zone will get you internet access, you shouldn't need to
> do anything to the root hints. MS DNS automatically loads the Root Hints for
> the ICANN root if you delete the root zone. You can set the router as a
> forwarder, and you should only use the DNS server's IP address for DNS,
> only. Especially, if you have Active Directory Domain.
>
>
I was looking at the settings on the router and have one more question. On
the WAN side DNS is enabled, WAN IP and a DNS IP. On the LAN side I have a
static IP & no DNS.

Which IP would I use for the DNS Forwarder? I'm thinking it would be the
LAN side IP. Should I also enable DNS on the LAN side?

I have read many articles and am getting lots of pieces but it's hard to
make them all fit.

Sorry about the newbie questions.

I do appreciate the advice!

Bill


>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>
Anonymous
February 15, 2005 3:46:04 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

> I was looking at the settings on the router and have one more question.
On
> the WAN side DNS is enabled, WAN IP and a DNS IP. On the LAN side I have
a
> static IP & no DNS.
>
> Which IP would I use for the DNS Forwarder? I'm thinking it would be the
> LAN side IP. Should I also enable DNS on the LAN side?

If you use your Router as the DNS resolving for the
Internet, (many provide that ability, some don't) then
it is the FORWARDER set on internal DNS servers.

You should NOT set internal clients to use this DNS
(nor the ISP) directly as you indicated in an earlier
message.

Rule:
Internal clients must use ONLY the internal DNS server (set).

Generally:
The Internal DNS server(s) forward to either the Router-DNS
or directly to the ISP.

If you use the RouterDNS, then the router uses the ISP as it's
forwarder (usually) to do the real work.

Forwarding to the Router is usually better when that is an option,
since it eliminates the need for internal (and sensitive DCs/DNS
servers) to "visit the Internet", and if you have more than one
internal DNS server it consolidates the Internet name cache so
that all may take advantage of the work (resolutions) it does.

Using a RouterDNS like this it is usually (termed) a "caching only
DNS server" -- which means it has no zones of it's own but just
does resolutions when we ask it to do so.


> Even using the ISP
> I have read many articles and am getting lots of pieces but it's hard to
> make them all fit.

This is actually a fairly advanced question since it entails
several options which CAN work, and has only guidelines
for picking the BEST solution.

But remember these key points:
Internal clients must use the INTERNAL DNS (ONLY)
because otherwise they might 'skip' the internal names
that only these DNS servers know.

You cannot mix them on the client, because the clients
pick semi-randomly and "latch on" to whichever DNS
server works most quickly or is working right now.
(This mixing may SEEM to work but it is unreliable.
Due to the fact that it doesn't fail consistently many
people are under the false impression that it is a
good method.)

Since you cannot mix internal and external (reliably)
you should* have the INTERNAL DNS server Forward
to resolve both their INTERNAL Addresses AND
the EXTERNAL Addresses of the Internet.

*Technically, the internal DNS servers could do their
own external resolution by physically recursing from the
root of THE Internet, but this would mean opening the
firewall to them (at least for DNS) AND that they would
potentially visit ANYWHERE on the Internet, including
places like EvilHackers.Com

> Sorry about the newbie questions.

They are good questions. Sometimes we have to
restructure them so that they don't hide (incorrect)
assumptions.

> I do appreciate the advice!
Anonymous
February 15, 2005 5:21:46 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:7CB8A21A-8BA8-4798-903A-11F9BCF6DCBC@microsoft.com,
New to DNS <New to DNS@discussions.microsoft.com> commented
Then Kevin replied below:
> Which IP would I use for the DNS Forwarder?

Use the private IP of the router for the DNS forwarder (it is the same
address as the gateway you assign clients)

I'm thinking
> it would be the LAN side IP. Should I also enable DNS on
> the LAN side?

A I think you may be looking at the DHCP server on the router. If you are
leave it disabled, or put your DNS server's IP in. You really should leave
DHCP disabled on the router and configure DHCP on the Windows server with
option 003 (Router), 006 DNS (Use the DNS server's IP) 015 Domain Name (Use
the DNS name of your AD domain) This are the minimum options to use.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
February 15, 2005 11:21:06 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Kevin, thanks for all your help!

Problem solved!!!

(see below)




"Kevin D. Goodknecht Sr. [MVP]" wrote:

> In news:7CB8A21A-8BA8-4798-903A-11F9BCF6DCBC@microsoft.com,
> New to DNS <New to DNS@discussions.microsoft.com> commented
> Then Kevin replied below:
> > Which IP would I use for the DNS Forwarder?
>
> Use the private IP of the router for the DNS forwarder (it is the same
> address as the gateway you assign clients)
>
> I'm thinking
> > it would be the LAN side IP. Should I also enable DNS on
> > the LAN side?
>
> A I think you may be looking at the DHCP server on the router. If you are
> leave it disabled, or put your DNS server's IP in. You really should leave
> DHCP disabled on the router and configure DHCP on the Windows server with
> option 003 (Router), 006 DNS (Use the DNS server's IP) 015 Domain Name (Use
> the DNS name of your AD domain) This are the minimum options to use.
>

Deleting the "." and adding the Forwarder to the ISP Router did the trick!
Things are working very well now.

It's amazing how a simple question can get so complex in a hurry. I
appreciate the time to answer my questions & explain why it needs to be done
a certain way. I'm just being cautious before changing something & bringing
the whole network to its knees.

I've read several articles related to this issue and found several pieces
but not everything needed to finish the puzzle. I appreciate your help!

I inherited this system and am trying to correct some problems. I would
like to also do some performance tuning when I get the time. One of my next
projects will be to turn-on DHCP on the server. Everything now is static.
Something to keep things interesting I guess!

Thanks Again!
Bill




> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>
>
Anonymous
February 15, 2005 11:27:02 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

Hi Herb,

Thanks for all your advice!

Deleting the "." and adding the Forwarder to the ISP Router did the trick!
Things are working very well now.

Bill



"Herb Martin" wrote:

> > I was looking at the settings on the router and have one more question.
> On
> > the WAN side DNS is enabled, WAN IP and a DNS IP. On the LAN side I have
> a
> > static IP & no DNS.
> >
> > Which IP would I use for the DNS Forwarder? I'm thinking it would be the
> > LAN side IP. Should I also enable DNS on the LAN side?
>
> If you use your Router as the DNS resolving for the
> Internet, (many provide that ability, some don't) then
> it is the FORWARDER set on internal DNS servers.
>
> You should NOT set internal clients to use this DNS
> (nor the ISP) directly as you indicated in an earlier
> message.
>
> Rule:
> Internal clients must use ONLY the internal DNS server (set).
>
> Generally:
> The Internal DNS server(s) forward to either the Router-DNS
> or directly to the ISP.
>
> If you use the RouterDNS, then the router uses the ISP as it's
> forwarder (usually) to do the real work.
>
> Forwarding to the Router is usually better when that is an option,
> since it eliminates the need for internal (and sensitive DCs/DNS
> servers) to "visit the Internet", and if you have more than one
> internal DNS server it consolidates the Internet name cache so
> that all may take advantage of the work (resolutions) it does.
>
> Using a RouterDNS like this it is usually (termed) a "caching only
> DNS server" -- which means it has no zones of it's own but just
> does resolutions when we ask it to do so.
>
>
> > Even using the ISP
> > I have read many articles and am getting lots of pieces but it's hard to
> > make them all fit.
>
> This is actually a fairly advanced question since it entails
> several options which CAN work, and has only guidelines
> for picking the BEST solution.
>
> But remember these key points:
> Internal clients must use the INTERNAL DNS (ONLY)
> because otherwise they might 'skip' the internal names
> that only these DNS servers know.
>
> You cannot mix them on the client, because the clients
> pick semi-randomly and "latch on" to whichever DNS
> server works most quickly or is working right now.
> (This mixing may SEEM to work but it is unreliable.
> Due to the fact that it doesn't fail consistently many
> people are under the false impression that it is a
> good method.)
>
> Since you cannot mix internal and external (reliably)
> you should* have the INTERNAL DNS server Forward
> to resolve both their INTERNAL Addresses AND
> the EXTERNAL Addresses of the Internet.
>
> *Technically, the internal DNS servers could do their
> own external resolution by physically recursing from the
> root of THE Internet, but this would mean opening the
> firewall to them (at least for DNS) AND that they would
> potentially visit ANYWHERE on the Internet, including
> places like EvilHackers.Com
>
> > Sorry about the newbie questions.
>
> They are good questions. Sometimes we have to
> restructure them so that they don't hide (incorrect)
> assumptions.
>
> > I do appreciate the advice!
>
>
>
Anonymous
February 16, 2005 4:27:49 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

"New to DNS" <New to DNS@discussions.microsoft.com> wrote in message
news:FF1C73C4-2319-4EFE-BA68-3874E0ABF547@microsoft.com...
> Hi Herb,
>
> Thanks for all your advice!
>
> Deleting the "." and adding the Forwarder to the ISP Router did the trick!
> Things are working very well now.
>
> Bill

Ok.

And remember, internal DNS clients must use ONLY
internal DNS servers.


Here's the outline for checking DNS for AD:

1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:D C-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]


--
Herb Martin


> "Herb Martin" wrote:
>
> > > I was looking at the settings on the router and have one more
question.
> > On
> > > the WAN side DNS is enabled, WAN IP and a DNS IP. On the LAN side I
have
> > a
> > > static IP & no DNS.
> > >
> > > Which IP would I use for the DNS Forwarder? I'm thinking it would be
the
> > > LAN side IP. Should I also enable DNS on the LAN side?
> >
> > If you use your Router as the DNS resolving for the
> > Internet, (many provide that ability, some don't) then
> > it is the FORWARDER set on internal DNS servers.
> >
> > You should NOT set internal clients to use this DNS
> > (nor the ISP) directly as you indicated in an earlier
> > message.
> >
> > Rule:
> > Internal clients must use ONLY the internal DNS server (set).
> >
> > Generally:
> > The Internal DNS server(s) forward to either the Router-DNS
> > or directly to the ISP.
> >
> > If you use the RouterDNS, then the router uses the ISP as it's
> > forwarder (usually) to do the real work.
> >
> > Forwarding to the Router is usually better when that is an option,
> > since it eliminates the need for internal (and sensitive DCs/DNS
> > servers) to "visit the Internet", and if you have more than one
> > internal DNS server it consolidates the Internet name cache so
> > that all may take advantage of the work (resolutions) it does.
> >
> > Using a RouterDNS like this it is usually (termed) a "caching only
> > DNS server" -- which means it has no zones of it's own but just
> > does resolutions when we ask it to do so.
> >
> >
> > > Even using the ISP
> > > I have read many articles and am getting lots of pieces but it's hard
to
> > > make them all fit.
> >
> > This is actually a fairly advanced question since it entails
> > several options which CAN work, and has only guidelines
> > for picking the BEST solution.
> >
> > But remember these key points:
> > Internal clients must use the INTERNAL DNS (ONLY)
> > because otherwise they might 'skip' the internal names
> > that only these DNS servers know.
> >
> > You cannot mix them on the client, because the clients
> > pick semi-randomly and "latch on" to whichever DNS
> > server works most quickly or is working right now.
> > (This mixing may SEEM to work but it is unreliable.
> > Due to the fact that it doesn't fail consistently many
> > people are under the false impression that it is a
> > good method.)
> >
> > Since you cannot mix internal and external (reliably)
> > you should* have the INTERNAL DNS server Forward
> > to resolve both their INTERNAL Addresses AND
> > the EXTERNAL Addresses of the Internet.
> >
> > *Technically, the internal DNS servers could do their
> > own external resolution by physically recursing from the
> > root of THE Internet, but this would mean opening the
> > firewall to them (at least for DNS) AND that they would
> > potentially visit ANYWHERE on the Internet, including
> > places like EvilHackers.Com
> >
> > > Sorry about the newbie questions.
> >
> > They are good questions. Sometimes we have to
> > restructure them so that they don't hide (incorrect)
> > assumptions.
> >
> > > I do appreciate the advice!
> >
> >
> >
Anonymous
February 17, 2005 2:28:08 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

On Tue, 15 Feb 2005 10:23:13 -0600, Kevin D. Goodknecht Sr. [MVP] wrote:
[]
> Deleting the root zone will get you internet access, you shouldn't need to
> do anything to the root hints. MS DNS automatically loads the Root Hints for
> the ICANN root if you delete the root zone.

Hi, Kevin. "Automatically loads"? Can you elaborate on that?

--
Regards,
Mike H
Anonymous
February 17, 2005 5:03:08 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

In news:%23MOtLbSFFHA.464@TK2MSFTNGP09.phx.gbl,
Mike H <mkREMOVEhuskeyALL@THIShotmail.invalid> commented
Then Kevin replied below:
> On Tue, 15 Feb 2005 10:23:13 -0600, Kevin D. Goodknecht
> Sr. [MVP] wrote: []
>> Deleting the root zone will get you internet access, you
>> shouldn't need to do anything to the root hints. MS DNS
>> automatically loads the Root Hints for the ICANN root if
>> you delete the root zone.
>
> Hi, Kevin. "Automatically loads"? Can you elaborate on
> that?

When you delete the root zone the ICANN Root server information is loaded
into the DNS server. The cache.dns file in the dns\backup directory is the
file used to load these root hints.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
February 17, 2005 8:01:40 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

> When you delete the root zone the ICANN Root server information is loaded
> into the DNS server. The cache.dns file in the dns\backup directory is the
> file used to load these root hints.
>

Kevin is right.

And if for some crazy reason it doesn't reload you can
pick most any DNS server (that is working at your ISP
for instance) and ask it for the "." zone DNS servers
directly (just like any other zone).

Once you have that list put in a few and then hit the
button that auto-repopulates the whole list (it asks one
of them for the list of others.)

nslookup -type=NS . dns1.yourisp.com.

Note between the =NS and the DNS server there is a
long DOT "." which is the official 'name' of the root zone.

dns1.yourisp.com = an IP address for this one (if your
DNS can't resolve while you are doing this.)


--
Herb Martin


"Kevin D. Goodknecht Sr. [MVP]" <admin@nospam.WFTX.US> wrote in message
news:uCRs0uSFFHA.2052@TK2MSFTNGP09.phx.gbl...
> In news:%23MOtLbSFFHA.464@TK2MSFTNGP09.phx.gbl,
> Mike H <mkREMOVEhuskeyALL@THIShotmail.invalid> commented
> Then Kevin replied below:
> > On Tue, 15 Feb 2005 10:23:13 -0600, Kevin D. Goodknecht
> > Sr. [MVP] wrote: []
> >> Deleting the root zone will get you internet access, you
> >> shouldn't need to do anything to the root hints. MS DNS
> >> automatically loads the Root Hints for the ICANN root if
> >> you delete the root zone.
> >
> > Hi, Kevin. "Automatically loads"? Can you elaborate on
> > that?
>
> When you delete the root zone the ICANN Root server information is loaded
> into the DNS server. The cache.dns file in the dns\backup directory is the
> file used to load these root hints.
>
> --
> Best regards,
> Kevin D4 Dad Goodknecht Sr. [MVP]
> Hope This Helps
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
Anonymous
February 18, 2005 12:41:46 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

On Thu, 17 Feb 2005 14:03:08 -0600, Kevin D. Goodknecht Sr. [MVP] wrote:

> In news:%23MOtLbSFFHA.464@TK2MSFTNGP09.phx.gbl,
> Mike H <mkREMOVEhuskeyALL@THIShotmail.invalid> commented
> Then Kevin replied below:
>> On Tue, 15 Feb 2005 10:23:13 -0600, Kevin D. Goodknecht
>> Sr. [MVP] wrote: []

>>> Deleting the root zone will get you internet access, you
>>> shouldn't need to do anything to the root hints. MS DNS
>>> automatically loads the Root Hints for the ICANN root if
>>> you delete the root zone.

>> Hi, Kevin. "Automatically loads"? Can you elaborate on
>> that?

> When you delete the root zone the ICANN Root server information is loaded
> into the DNS server. The cache.dns file in the dns\backup directory is the
> file used to load these root hints.

hmm, okay, in that directory I have root.dns and <domainname>.local.dns,
both modified 12.16.04. That looks like the date DNS server was
installed on this machine. One level up I have cache.dns dated
7.7.03-looks like it's unchanged from what I loaded off the cds or some
service pack.

Now, I'm using Active Directory and my zones are AD integrated.
Cache.dns seems to be supurfluous. I am thinking right there? Ohhhh,
never mind. Okay, when I deleted the root zone, the root hints were
populated as you say. That happens once, right? After that, one would
manually edit the hints in DNS server if necessary (like
b.root-servers.net, for instance). You're not saying that cache.dns
itself gets updated, right?

Now let me look at what Herb's saying and see what I can apply out of
that.

Thank you for taking the time to reply, Kevin :)  Providing what I
restated is correct, I learned something tonight.

--
Regards,
Mike H
Anonymous
February 18, 2005 12:50:36 AM

Archived from groups: microsoft.public.win2000.dns (More info?)

On Thu, 17 Feb 2005 17:01:40 -0600, Herb Martin wrote:

>> When you delete the root zone the ICANN Root server information is loaded
>> into the DNS server. The cache.dns file in the dns\backup directory is the
>> file used to load these root hints.

> Kevin is right.

I think so. See my reply to him.

> And if for some crazy reason it doesn't reload you can
> pick most any DNS server (that is working at your ISP
> for instance) and ask it for the "." zone DNS servers
> directly (just like any other zone).
>
> Once you have that list put in a few and then hit the
> button that auto-repopulates the whole list (it asks one
> of them for the list of others.)

The button?

> nslookup -type=NS . dns1.yourisp.com.
>
> Note between the =NS and the DNS server there is a
> long DOT "." which is the official 'name' of the root zone.
>
> dns1.yourisp.com = an IP address for this one (if your
> DNS can't resolve while you are doing this.)

That is NICE! I've been using ftp at ICANN every so often to download
the new list (if there is one) and check it against what I have.
Frequently, I'm unable to make that connection, and in that way and
others it's a bit of a hastle. What you just provided is very slick!

Now, if I could just automate that procedure somehow or force periodic
updates without intervention I'd have it made. Hence, my hopefulness
that "the button" means more than the return key at the end of that
command line ;) 

Good of you to jump in and provide some nice supplementary info, Herb.
I'm grateful.

--
Mike H
February 18, 2005 12:22:42 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

> Now, if I could just automate that procedure somehow or force periodic
> updates without intervention I'd have it made. Hence, my hopefulness
> that "the button" means more than the return key at the end of that
> command line ;) 

Oh well ... just keep using "ftp" but automate it :-) to to that you'll
need a copy of wget for win32, you can find the latest complete
package here

ftp://ftp.sunsite.dk/projects/wget/windows/wget-complet...

just download the zip above and extract it into whatever folder you
like, next, create the following script into the same folder

@echo off
:
if not exist cache.old copy %SYSTEMROOT%\SYSTEM32\DNS\cache.dns cache.old
>NUL
if not exist cache.new copy %SYSTEMROOT%\SYSTEM32\DNS\cache.dns cache.new
>NUL
:
wget -N -nd -nv -O cache.new ftp://ftp.internic.net/domain/named.root >NUL
fc /C /L cache.old cache.new >NUL
if errorlevel 1 goto COPY
goto QUIT
:
:COPY
net stop dns
copy /Y cache.new %SYSTEMROOT%\SYSTEM32\DNS\cache.dns >NUL
net start dns
copy cache.new cache.old >NUL
:
:QUIT
exit

at this point just schedule the above script say once a month to check if
there are updated root-hints and to automatically download/update them
keep in mind though that root hints (root nameserver) don't change so
often, so I'm not sure the above will be really useful

Regards

--

* ObiWan

Microsoft MVP: Windows Server - Networking
http://www.microsoft.com/communities/MVP/MVP.mspx
http://mvp.support.microsoft.com

DNS "fail-safe" for Windows clients.
http://ntcanuck.com

Support and discussions forum
news://news.ntcanuck.com

408+ XP/2000 tweaks and tips
http://ntcanuck.com/tq/Tip_Quarry.htm
Anonymous
February 18, 2005 2:06:30 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

On Fri, 18 Feb 2005 09:22:42 +0100, ObiWan wrote:

>> Now, if I could just automate that procedure somehow or force periodic
>> updates without intervention I'd have it made. Hence, my hopefulness
>> that "the button" means more than the return key at the end of that
>> command line ;) 

> Oh well ... just keep using "ftp" but automate it :-)

[snip link to utility program and the script to use it]

> at this point just schedule the above script say once a month to check if
> there are updated root-hints and to automatically download/update them
> keep in mind though that root hints (root nameserver) don't change so
> often, so I'm not sure the above will be really useful

hehe, "useful"? Sure it will be :)  I find that the better DNS Server
runs the more I tend to forget about it. Besides, although I wouldn't
want to, and wouldn't recommend it, I can see a late-night installation
of DNS Server that for one reason or other still used the cache.dns that
mis-listed b.root-servers.net and I will have been to "rummy" to fix
that little detail. Besides, I see that even though I updated the AD
root hints (is it correct to say that?), I forgot to change cache.dns
itself. Presumably, if I ever stopped DNS server it would load up the
old hints again.

So, see? At least for me it's worth doing :)  My thanks to the OP, "New
to DNS" for bringing the subject up, as well as Herb, Kevin, and ObiWan
for provoking thoughts that allowed me to catch an error in my DNS
configuration.

Good to see you in these parts again, Obi :) 

--
Mike H
Anonymous
February 18, 2005 3:48:42 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

"Mike H" <mkREMOVEhuskeyALL@THIShotmail.invalid> wrote in message
news:o vsWE3XFFHA.2832@TK2MSFTNGP14.phx.gbl...
> > Once you have that list put in a few and then hit the
> > button that auto-repopulates the whole list (it asks one
> > of them for the list of others.)
>
> The button?

(Sorry), I could remember "the button" name and it only
appears in the Win2003 version of the MMC (if you
run only Win2000 DNS servers, you can install the
Win2003 MMC on an XP workstation).

It is on the Root Hints tab and called Copy from Server
(pick any of the working ones, or perhaps another of your
own working DNS servers):

"Copy from Server" and type in that working DNS
which has the correct list.

Generally the root hints list will work if even one of these
servers is reached by the (local) DNS server.

Since these are not actually the root servers (anymore) but
the servers which PUBLISH the root servers it is very
resilient to changes.

MS (and BIND) use a root HINTS file (the name change
is actually meaningful) to FIND the root servers at startup.
Anonymous
February 18, 2005 3:48:43 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

On Fri, 18 Feb 2005 12:48:42 -0600, Herb Martin wrote:

> "Mike H" <mkREMOVEhuskeyALL@THIShotmail.invalid> wrote in message
> news:o vsWE3XFFHA.2832@TK2MSFTNGP14.phx.gbl...
>>> Once you have that list put in a few and then hit the
>>> button that auto-repopulates the whole list (it asks one
>>> of them for the list of others.)

>> The button?

> (Sorry), I could remember "the button" name and it only
> appears in the Win2003 version of the MMC (if you
> run only Win2000 DNS servers, you can install the
> Win2003 MMC on an XP workstation).

ah, that explains that. I haven't even seen 2003 yet, although I will
have by early next week. Thanks for clearing that up, Herb.

> It is on the Root Hints tab and called Copy from Server
> (pick any of the working ones, or perhaps another of your
> own working DNS servers):
>
> "Copy from Server" and type in that working DNS
> which has the correct list.

Well, that will be fun to try. I think it goes without saying that if
only for that reason alone (which, of course, it's not. The hints are
important to me) I'll find my way to that tab on this upcoming 2003
installation.

[snip additional notes on root servers]

> MS (and BIND) use a root HINTS file (the name change
> is actually meaningful) to FIND the root servers at startup.

Now, I didn't know that. You've got me off searching since what you have
in parenthesis I've taken to heart :) 

Thanks for your reply, Herb.

--
Regards,
Mike H
Anonymous
February 18, 2005 4:40:13 PM

Archived from groups: microsoft.public.win2000.dns (More info?)

"Mike H" <mkREMOVEhuskeyALL@THIShotmail.invalid> wrote in message
news:eVoFkAfFFHA.1924@TK2MSFTNGP14.phx.gbl...
> On Fri, 18 Feb 2005 12:48:42 -0600, Herb Martin wrote:
>
> > "Mike H" <mkREMOVEhuskeyALL@THIShotmail.invalid> wrote in message
> > news:o vsWE3XFFHA.2832@TK2MSFTNGP14.phx.gbl...
> >>> Once you have that list put in a few and then hit the
> >>> button that auto-repopulates the whole list (it asks one
> >>> of them for the list of others.)
>
> >> The button?
>
> > (Sorry), I could remember "the button" name and it only
> > appears in the Win2003 version of the MMC (if you
> > run only Win2000 DNS servers, you can install the
> > Win2003 MMC on an XP workstation).
>
> ah, that explains that. I haven't even seen 2003 yet, although I will
> have by early next week. Thanks for clearing that up, Herb.

It works from a Win2003 MMC to the Win2000 servers
though so with your new (next week) Win2003 (or probably
with XP) you can do it even now.

> > It is on the Root Hints tab and called Copy from Server
> > (pick any of the working ones, or perhaps another of your
> > own working DNS servers):
> >
> > "Copy from Server" and type in that working DNS
> > which has the correct list.
>
> Well, that will be fun to try. I think it goes without saying that if
> only for that reason alone (which, of course, it's not. The hints are
> important to me) I'll find my way to that tab on this upcoming 2003
> installation.

Same tab -- updated MMC.

> [snip additional notes on root servers]
>
> > MS (and BIND) use a root HINTS file (the name change
> > is actually meaningful) to FIND the root servers at startup.
>
> Now, I didn't know that. You've got me off searching since what you have
> in parenthesis I've taken to heart :) 
>
> Thanks for your reply, Herb.

You are welcome and please let us all know if you find
something of interest....
!