search

How to configure root hints in DNS

1 years ago
Comments: 0
Views: 139

There are two ways to direct DNS queries out of your organization: root hints and DNS forwarders. Root hints are simply pointers to DNS servers that are higher in the DNS hierarchy, sometimes to the most authoritative DNS servers on the Internet. Root hints are used to configure servers that are authoritative for non-root zones such that they can discover authoritative servers that manage domains located at a higher level of the namespace or in other subtrees. The best use of root hints is on internal DNS servers at lower levels of the namespace. Root hints should not be used for querying DNS servers outside your organization; DNS forwarders are better equipped for performing this function.

DNS forwarders are DNS servers on your network that are used to forward DNS queries for a separate DNS namespace from internal DNS clients to DNS servers that can resolve the query. In a manner of speaking, the key difference between root hints and forwarders is that forwarders create a chain of DNS servers that ascend the DNS hierarchy, while root hints shoot right for the top. You designate a DNS server on a network as a forwarder by configuring the other DNS servers in your network to direct those queries that cannot be resolved to that particular server. A DNS forwarder is the sole means for enabling name resolution for host names in external namespaces, notably the Internet. It can also improve the efficiency of name resolution by offloading the processing of queries to other DNS servers, rather than performing some very resource intensive, constant replication of external namespaces. A new DNS feature that was introduced with Windows Server 2003 is Conditional Forwarding, which uses forwarders that can be configured to forward queries according to specific domain names to make name resolution more efficient.

In Windows Server 2003, there is a new method of forwarding queries to an external domain for resolution, Conditional Forwarding. Conditional forwarders can be configured to forward DNS queries based on specific domain names. With conditional forwarders, a DNS server can forward queries to specific DNS servers based on the specific domain names that are being requested within the queries instead of having the DNS servers follow the typical resolution path all the way to the root domain. A conditional forwarder forwards only queries for a specific domain that is specified in the forwarders list. If a conditional forwarder entry does not exist, the query will be sent to the default forwarder. Conditional forwarders improve upon regular forwarding by adding a name-based condition to the forwarding process. For example, Name Resolution University is partnering with Acme DNS Software. Name Resolution University and Acme DNS Software inform each other of the names of their respective DNS

servers to include in each others' DNS. The result is that when users on Name Resolution University's network need to query for resources on Acme DNS Software's network, conditional forwarding routes these queries directly to Acme DNS Software's DNS server. All other queries will go follow the conventional path for resolving names (that is, up to the authoritative DNS server for the root top-level domain, if necessary).

When a DNS client sends a query to a DNS server, the DNS server looks at its own database to see if the query can be resolved using its own zone data. The server will also examine its cache of resolved queries and send the data back to the client that sent the query. If the DNS server is configured to forward for the domain name designated in the query, the query is forwarded to the IP address of the DNS forwarder that is associated with that domain name. If the DNS server has no forwarder listed for the name designated in the query, it attempts to resolve the query using standard recursion.You can use conditional forwarders to enhance and improve upon both internal and external name resolution.

Warning_

Remember that with a stub zone, certain records exist on the DNS server hosting the stub zone, whereas a conditional forwarder is used to forward DNS resolutions to specific DNS servers based on domain name.

In planning your DNS namespace, you will encounter situations in which you might need to use any of the types of forwarders that we discussed. The way you configure your forwarders within your environment will affect how well queries are answered. If your forwarding scheme is poorly designed, it will affect your ability to properly direct and resolve these queries. For this reason, you need to consider some issues prior to implementing forwarders into your environment:

■ Keep it simple Implement only as many forwarders as necessary for optimum resolution performance. If possible, don't overload internal DNS servers with dozens of DNS forwarders. Keep in mind that every time a DNS server attempts to process a query, it first attempts to resolve it locally, and then forwards it sequentially through its list of known DNS forwarders.This creates additional overhead by using system resources to complete the query request.

■ Balance is key One common mistake in using DNS forwarders is pointing multiple internal DNS servers to a single, external DNS forwarder. This practice simply creates a bottleneck within your environment. To keep a DNS forwarder from becoming a bottleneck—and a single point of failure—consider creating more than one DNS forwarder and load-balance your forwarding traffic.

■ No "chains of love" Unless it is completely unavoidable, do not chain your DNS servers together in a forwarding configuration. In other words, if you are configuring your internal DNS servers to forward requests for www.learn-aboutdns.com to server X, do not configure server X to forward requests for

www.learnaboutdns.com to server Y, and so on. Doing so will just create additional overhead and increase the amount of time it takes to resolve a query.

■ Know your forwarders In our discussion of conditional forwarders, we mentioned how they could be used for Internet resolution outside your environment. If you plan to use conditional forwarders in this manner, make sure that you know where these forwarders are and who is managing them. For example, make sure that company XYZ is not using a third-party DNS hosting company (such as www.mydns.com) to host their DNS names.You must also be sure you trust your forwarders to be available and that their IP addresses do not change. These servers can potentially be anywhere in the world and run by any number of people.

■ Remember the big picture Keep your entire infrastructure in mind when you are configuring a forwarding scenario. In our Name Resolution University example, it wouldn't make sense to forward requests from the Vancouver office to the Halifax office, considering that the query would have to cross North America. Since there are other network "hops" between Vancouver and Halifax, this would be inefficient. Examine your network bandwidth prior to implementing DNS forwarders, and even when sufficient bandwidth exists, try to keep your DNS forwarders in the same physical location as your internal DNS servers.

By following these simple guidelines, you will make client query requests much more streamlined and avoid creating administration nightmares for yourself.

Continue reading here: Active Directory Integrated versus Primary Zones

Was this article helpful?

The DNS root hints servers are at the top of the resolving process for DNS names. In order for a DNS server to resolve a DNS name without the help of other DNS servers, e.g. forwarding the request to another DNS server, a root hint server needs to be contacted. There are a lot of root hints servers located around the globe for this task. This video looks at how to configure the root hints servers for DNS in Windows Server.

Demonstration
This demonstration uses “Remote Server Administration Tools” (RSAT) for Windows 8. You can perform the same steps using Windows servers by running the DNS management tools from there.

1) In order to open DNS Manager, open charms by moving the mouse to the top right and select search. In the search dialog enter in “dnsmgmt.msc”.

2) When DNS Manager loads up, if a DNS server has not already been added to DNS Manager it will prompt you to add one. If you want to add an additional DNS server to DNS manager and thus manage multiple DNS servers at the same time, this can be done by right clicking DNS at the top and selecting the option connect to DNS server.

3) To configure the root hints on a DNS server, Right click the name of the DNS server in DNS manager and select the option properties.

4) In the properties of the DNS server, on the forwarders tab there is a tick box called “Use root hints if no forwarders are available”. This option will be grayed out if no forwarders have been configured. If the forwarders cannot be contacted the DNS server will attempt to contact a root hint server. If your DNS server is behind a firewall and should not be connecting to the internet directly, then this option should be cleared. Remember this option forms a backup method if the forwarders are down and thus un-ticking the option will prevent DNS names from being resolved in this situation. You should only untick this option if you don’t want the DNS server contacting the internet directly and you have reliable DNS forwarders and are prepared to accept that if the DNS forwarders are down then no DNS resolving will be possible.

5) On the advanced tab, there is an option called “Disable recursion (also disables forwarders)”. If you tick this option the server will not use forwarders or root hints. If your DNS servers do not require one of these you should tick this option. Ticking this option helps secure the server from a potential denial of service attack.

6) On the root hints tab, this will show all the root hint servers that are currently configured. By default there will always be entries in here. The information shown here is found in “c:\Windows\System32\dns\CACHE.txt”.

7) If you want to update the root hints from another server you can press the button copy from server. The defaults should work fine and you should not do this. Doing this can give your DNS server access to other DNS root hints servers which have recently been added to the internet. You need to then enter in a DNS server to copy it from. You can use any DNS server that you wish. Your ISP DNS server is a good choice or a public DNS server like google’s which are 4.4.4.4 and 8.8.8.8.

References
“Root name server” http://en.wikipedia.org/wiki/Root_name_server

Credits

Q&A How to

Related Posts

Why is my pc beeping continuously
Why is my pc beeping continuously

What is meant by stakeholders in healthcare?
What is meant by stakeholders in healthcare?

Why does a ray of light bend towards the normal when it enters from air into a glass slab and bends away from the normal when it emerges out into air?
Why does a ray of light bend towards the normal when it enters from air into a glass slab and bends away from the normal when it emerges out into air?

What was the outcome of the peace Treaty at Versailles?
What was the outcome of the peace Treaty at Versailles?

When f/x )= x 4 )- 2x 3 )+ 3x 2 )- AX is divided by X 1 and X 1 we get remainders as 19 and 5 respectively find the remainder if f/x is divided by x 3?
When f/x )= x 4 )- 2x 3 )+ 3x 2 )- AX is divided by X 1 and X 1 we get remainders as 19 and 5 respectively find the remainder if f/x is divided by x 3?

What happens to the ionic radius when cation is formed?
What happens to the ionic radius when cation is formed?

What is the relationship between the amount of force applied to an object and its change in momentum?
What is the relationship between the amount of force applied to an object and its change in momentum?

What is the perfect cube of 1331?
What is the perfect cube of 1331?

What is the probability that a number selected randomly from whole numbers 1 to 20 is a multiple of 5?
What is the probability that a number selected randomly from whole numbers 1 to 20 is a multiple of 5?

What is direct evidence and examples?
What is direct evidence and examples?

What brand of castor oil is best for hair?
What brand of castor oil is best for hair?

What are control charts based on?
What are control charts based on?

Vscode No server install found in WSL, needs x64
Vscode No server install found in WSL, needs x64

How do you get to Motion settings on iPhone?
How do you get to Motion settings on iPhone?

How long is a furlong in horse?
How long is a furlong in horse?

Replace the underlined word with the correct form
Replace the underlined word with the correct form

How many spinach plants per person
How many spinach plants per person

Bread clip in wallet when traveling
Bread clip in wallet when traveling

What aisle is heavy cream on?
What aisle is heavy cream on?

How do you play Roblox on a Chromebook without downloading it
How do you play Roblox on a Chromebook without downloading it

Advertising

LATEST NEWS

How fast does hair grow per day
1 years ago . by TranquilBabbling
Which of the following allows different operating systems to coexist on the same physical computer?
1 years ago . by UnmarkedDuchess
What is being defined as the degree to which something is related or useful to what is happening or being talked about?
1 years ago . by ComingCarcass
Which of the following is NOT a pathway in the oxidation of glucose
1 years ago . by ScarredAccreditation
Juan is the person employees go to when knowledge of a topic was needed. juan holds ________ power.
1 years ago . by AmbitiousExamination
Which of the following is not a standard mounting dimension for an electric motor? select one:
1 years ago . by MiserableSweepstakes
Which set of characteristics will produce the smallest value for the estimated standard error?
1 years ago . by GenerousIntercourse
Is a program that assesses and reports information about various computer resources and devices.
1 years ago . by SeriousBondage
How much energy is needed to move one electron through a potential difference of 1.0 102 volts
1 years ago . by CrackedKnocking
Includes procedures and techniques that are designed to protect a computer from intentional theft
1 years ago . by UneasyInvasion

Advertising

Populer

Advertising

About

Legal

Help

Social

Copyright © 2024 SignalDuo Inc.