DNS Tools and Settings

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

DNS Tools and Settings

In this section

  • DNS Tools

  • DNS Registry Entries

  • DNS Group Policy Settings

  • DNS WMI Classes

  • Related Information

DNS Tools

The following tools are associated with the Domain Name System (DNS).

Dnscmd.exe: Dnscmd

Category

This tool is included in the Microsoft Windows Server 2003 Support Tools.

Version compatibility

This tool runs on the Microsoft Windows 2000 Server and Windows Server 2003 operating systems.

Dnscmd is used to view the properties of DNS servers, zones, and resource records. In addition, Dnscmd is used to modify all aspects of the DNS Server service, including creating and deleting zones and resource records. Dnscmd can also be useful for developing scripts for configuring a DNS server.

Dnslint.exe: DNSLint

Category

This tool is a free download from Microsoft.

Version compatibility

This tool runs on Microsoft Windows XP, and the Windows 2000 Server and Windows Server 2003 operating systems.

DNSLint is a Microsoft Windows utility that can be used to help diagnose common DNS name resolution issues. It can be targeted to look for specific DNS record sets and ensure that they are consistent across multiple DNS servers. It can also be used to verify that DNS records used specifically for Active Directory directory service replication are correct.

Dnsmgmt.msc: DNS Console

Category

This tool is included in the Windows 2000 Server and Windows Server 2003 operating systems, and is installed when the DNS Server service is installed. This tool is also installed with either the Windows 2000 Server or Windows Server 2003 Administration Tools Pack (Adminpak.msi).

Version compatibility

This tool runs on the Windows 2000 Server and Windows Server 2003 operating systems. When installed from one of the administration tools packs, this tool can also run on Microsoft Windows 2000 Professional and Windows XP.

The DNS console is used to administer the DNS Server service. It can be used to modify all aspects of the DNS Server service, including creating and deleting zones and resource records, and forcing replication events between DNS server physical memory and DNS databases. The DNS console can also be used to perform diagnostics on the DNS infrastructure of a network.

Eventvwr.exe: Event Viewer

Category

This tool is included in all Windows server and client operating systems.

Version compatibility

This tool runs on Windows XP, and the Windows 2000 Server and Windows Server 2003 operating systems.

You can use Event Viewer to monitor events recorded in event logs. Typically, a computer stores the Application, Security, and System logs. It could also contain other logs, depending on the computer’s role and the applications that are installed on it. For example, DNS servers write DNS-related events, such as any errors that occur while attempting to start the DNS Server service, to log files which can be read using Event Viewer.

Ipconfig.exe: Ipconfig

Category

This tool is included in all Windows server and client operating systems.

Version compatibility

This tool runs on all Windows server and client operating systems.

Ipconfig displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and DNS settings. Used without parameters, Ipconfig displays IPv6 addresses or the IPv4 address, subnet mask, and default gateway for all adapters.

Netmon.exe: Network Monitor

Category

This tool is installed along with Windows Server 2003 and the Windows Server 2003 Administration Tools Pack.

Version compatibility

This tool runs on all Windows operating systems.

Network Monitor captures data about the packets on a network and logs them for subsequent analysis. The monitored data can be filtered many different ways including protocol, ports, physical addresses, and logical addresses. Network Monitor can be useful in many situations, such as when you are troubleshooting an environment that has a firewall between a DNS server and a client, or between two DNS servers.

Network Monitor comes in two versions: the Network Monitor that is provided as part of the Windows Server 2003 operating system, and the Network Monitor that is part of Microsoft Systems Management Server (SMS). The version of Network Monitor that is included with the Windows Server 2003 operating system only captures data about network packets being sent to or from the server on which you run Network Monitor; it also captures data about network broadcasts that are received. The Network Monitor that is included with SMS enables you to monitor all network packets on a network segment.

Nslookup.exe: Nslookup

Category

This tool is included in all Microsoft Windows server and client operating systems.

Version compatibility

This tool runs on all Windows server and client operating systems.

Nslookup is used to query DNS servers and to obtain detailed responses. The information obtained using Nslookup can be used to diagnose and solve name resolution problems, verify that resource records are added or updated correctly in a zone, and debug other server-related problems.

DNS Registry Entries

The following registry entries are associated with DNS.

The information here is provided as a reference for use in troubleshooting or verifying that the required settings are applied. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, modify settings though the use of policy settings or through dedicated management tools, such as the DNS snap-in for the Microsoft Management Console (MMC), to accomplish tasks, rather than editing the registry directly. If you must edit the registry, use extreme caution.

Note

  • In Windows Server 2003, the location in the registry of the settings relating to DNS zones is different from the location used in Windows 2000 Server.

  • In Windows 2000 Server, the location is:

  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Zones

  • In Windows Server 2003, the location is:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\DNS Server\Zones

DNS\Parameters

The following registry entries are located under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters.

EDNSCacheTimeout

Registry path

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters

Version

Windows Server 2003

By default, the DNS server includes option (OPT) resource records indicating its User Datagram Protocol (UDP) maximum in responses to queries containing OPT resource records. The value of the registry key EDNSCacheTimeout determines how long the DNS server will keep information about the Extension Mechanisms for DNS (EDNS) versions supported by other DNS servers that have responded to a query with a OPT resource record. The value for the registry key is specified in seconds between 3,600 (1 hour) and 15,724,800 (182 days).

EnableDirectoryPartitions

Registry path

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters

Version

Windows Server 2003

If you do not want the default DNS application directory partitions to be created automatically, you must disable the EnableDirectoryPartitions registry key. The values for this key are 0x0 (disable) and 0x1 (enable).

For more information about this registry entry, see the “Registry Reference” in the “Tools and Settings Collection.”

EnableEDNSProbes

Registry path

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters

Version

Windows Server 2003

The registry entry EnableEDNSProbes enables or disables the EDNS0 response for the DNS Server service. To configure the DNS server to include an OPT resource record only in response to EDNS0 requests containing OPT resource records, set the registry entry to a value of 0x1 (DWORD). In Microsoft Windows Server 2003 this setting is enabled by default. Setting the value to 0x0 (DWORD) will disable the feature.

MaximumUdpPacketSize

Registry path

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters

Version

Windows Server 2003

The registry entry MaximumUdpPacketSize specifies the maximum UDP packet size advertised by the DNS server. The default value is 1,280 bytes. The value must be between 512 and 16,384 in decimal format (200 and 4,000 in hexadecimal format). UDP packets must travel through devices other than UDP hosts, such as routers, and some of these devices might not support UDP packets larger than 512 bytes. The maximum UDP packet length that is supported by all network devices should be determined, along with the path’s Maximum Transmission Unit (MTU), before configuring this registry setting.

RoundRobin

Registry path

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters

Version

Windows Server 2003

By default, DNS will perform round-robin rotation for all resource record types. The default setting for round-robin rotation is contained in the registry entry RoundRobin (REG_DWORD). By default, this entry’s value is 1, rotating all RR types except those listed in the DoNotRoundRobinTypes registry entry. If the value of RoundRobin is set to 0, then no resource record types will be round-robin rotated.

DoNotRoundRobinTypes

Registry path

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters

Version

Windows Server 2003

By default, DNS will perform round-robin rotation for all resource record types. You can specify that certain resource record types are not to be round-robin rotated in the registry. The registry entry DoNotRoundRobinTypes (REG_SZ) allows a string value to be entered containing a list of resource record types. By modifying this entry, you turn off round-robin rotation for specific resource record types. For example, to prevent round-robin rotation for A, PTR, SRV, and NS record types, you would enter the following value for the registry entry: a ptr srv ns.

DNSCache\Parameters

The following registry entries are located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters.

AlternateComputerNames

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

Version

Windows Server 2003

The AlternateComputerNames registry entry specifies a list of alternate Fully Qualified Domain Names (FQDNs) for the computer. When the DNS Client service registers the host address (A) and pointer (PTR) resource records for the computer, it will also register the FQDNs specified in this key. This key is used by the Netdom.exe utility and is not typically modified by administrators.

RegistrationRefreshInterval

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

Version

Windows Server 2003

The RegistrationRefreshInterval registry entry specifies how often the DNS Client service will register the A DNS resource records for its host computer. The value for this registry key is specified in seconds.

UpdateTopLevelDomainZones

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

Version

Windows Server 2003

Windows XP and Windows 2000 with Service Pack 4 (SP4) and Windows Server 2003-based computers never try to dynamically update the root,“ ”., zone.

The domain members and domain controllers in a domain with a single-label DNS name usually need to dynamically register DNS records in a single-label DNS zone that matches the DNS name of the domain. If an Active Directory forest root has a single-label DNS name, all domain controllers in the forest usually need to dynamically register DNS records in a single-label DNS zone that matches the DNS name of the forest root.

By default, Windows XP and Windows 2000 Service Pack 4 (SP4) and Windows Server 2003-based DNS clients do not attempt dynamic updates of any single-label DNS zone (.com, .net, .org, corp, for example). To enable such clients to attempt dynamic updates of a single-label DNS zones, set the UpdateTopLevelDomainZones (REG_DWORD) registry value to 0x1.

These configuration changes should be applied to all domain controllers and members of an Active Directory domain with single-label DNS names. If a domain with a single-level domain name is a forest root, these configuration changes should be applied to all of the domain controllers in the forest, unless the separate zones _msdcs.forest name, _sites.forest name, _tcp.forest name and _udp.forest name are delegated from the forest name zone. You must restart the computer for the UpdateTopLevelDomainZones registry edit to take effect.

Tcpip\Parameters

The following registry entries are located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.

RegistrationEnabled (This registry entry is a global setting.)

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Version

Windows Server 2003

The RegistrationEnabled registry entry specifies that the DNS Client service should register all of the network connections of a computer in DNS. This is a global setting that is applied to all interfaces on a computer. If the need exists to apply this setting to an individual interface, see the registry entry for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters \interfaces\[interfaceGUID}.

SearchList

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Version

Windows Server 2003

The SearchList registry entry specifies the DNS suffix search list for the network connection used by the computer. For DNS clients, the DNS suffix search list extends or revises their DNS search capabilities. By adding additional suffixes to the list, the DNS client searches for short, unqualified computer names in more than one specified DNS domain. Then, if a DNS query fails, the DNS Client service can use this list to append other name suffix endings to the original name query and then repeat DNS queries to the DNS server for these alternate FQDNs. When the suffix search list is empty or unspecified, the primary DNS suffix of the computer is appended to short unqualified names, and a DNS query is used to resolve the resultant FQDN. If this query fails, the computer can try additional queries for alternate FQDNs by appending any connection-specific DNS suffix configured for network connections.

Interfaces\{interfaceGUID}

The following registry entries are located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{interfaceGUID}.

NameServer

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{interfaceGUID}

Version

Windows Server 2003

The NameServer registry entry specifies the IP address of the DNS server that is used by the network connection of the computer.

RegistrationEnabled (This is an interface-specific registry setting.)

Registry path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{interfaceGUID}

Version

Windows Server 2003

The RegistrationEnabled registry entry specifies that the DNS Client service should register the computer’s network connection in DNS. This entry is interface specific and can be set on any interfaces on a computer. The {interfaceGUID} portion of the registry path determines which interface the setting is applied to.

There is a global version of this setting that gets applied to all interfaces. Information about this setting can be found under the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\RegistrationEnabled.

For more information about this registry entry, see the “Registry Reference” in the Tools and Settings Collection.

DNS Group Policy Settings

The following table lists and describes the Group Policy settings that are associated with the DNS Client service.

Group Policy Settings Associated With DNS Client Service

Group Policy Name Purpose

Primary DNS Suffix

Specifies the primary DNS suffix.

Dynamic Update

Specifies whether or not the DNS client should perform dynamic updates.

DNS Suffix Search List

Specifies the DNS server search list.

Primary DNS Suffix Devolution

Specifies whether DNS name devolution should be used in resolving names.

Register PTR Records

Specifies whether reverse lookup name registrations should be performed.

Registration Refresh Interval

Specifies the default refresh interval.

Replace Addresses In Conflicts

Specifies whether addresses in conflict should be replaced.

Register DNS records With Connection-specific DNS Suffix

Specifies whether DNS registration should be attempted for each network adapter.

TTL Set in the A and PTR Records

Specifies Time to Live (TTL) for dynamic registrations.

Update Security Level

Specifies the security level for updates.

Update Top Level Domain Zones

Specifies whether the computer sends dynamic updates to top level domain zones.

For more information about Group Policy settings, see the “Group Policy Settings Reference” in the “Tools and Settings Collection.”

DNS WMI Classes

The following table lists and describes the WMI classes that are associated with the DNS Server service.

WMI Classes Associated With DNS Server Service

Microsoft DNS WMI Class Description

MicrosoftDNS_Server

Describes a DNS server. Every instance of this class might be associated with one instance of class MicrosoftDNS_Cache, one instance of class MicrosoftDNS_RootHints, and multiple instances of class MicrosoftDNS_Zone.

MicrosoftDNS_Domain

Represents a domain in a DNS hierarchy tree.

MicrosoftDNS_Zone

Describes a DNS zone. Every instance of the class MicrosoftDNS_Zone must be assigned to exactly one DNS Server. Zones might be associated with multiple instances of the classes MicrosoftDNS_Domain and MicrosoftDNS_ResourceRecord.

MicrosoftDNS_Cache

Describes a cache existing on a DNS server (do not confuse this with a cache file that contains root hints). This class simplifies visualizing the containment of DNS objects, rather than representing a real object. The class, MicrosoftDNS_Cache, is a container for the resource records cached by the DNS server.

Every instance of the class MicrosoftDNS_Cache must be assigned to exactly one DNS server. It might be associated with multiple instances of MicrosoftDNS_Domain and MicrosoftDNS_ResourceRecord.

MicrosoftDNS_RootHints

Describes the RootHints stored in a cache file on a DNS server. This class simplifies visualizing the containment of DNS objects, rather than representing a real object. Class MicrosoftDNS_RootHints is a container for the resource records stored by the DNS server in a cache file.

Every instance of the class MicrosoftDNS_RootHints must be assigned to exactly one DNS server. It might be associated with multiple instances of the MicrosoftDNS_ResourceRecord class.

MicrosoftDNS_Statistic

Represents a single DNS server statistic.

MicrosoftDNS_ServerDomainContainment

Every instance of the class MicrosoftDNS_ServerDomainContainment might contain multiple instances of the class MicrosoftDNS_Domain.

MicrosoftDNS_DomainDomainContainment

Every instance of the MicrosoftDNS_DomainDomainContainment class might contain multiple other instances of MicrosoftDNS_Domain.

MicrosoftDNS_DomainResourceRecordContainment

Every instance of the class MicrosoftDNS_DomainResourceRecordComtainment might contain multiple instances of the MicrosoftDNS_ResourceRecord class.

MicrosoftDNS_ResourceRecord

Represents the general properties of a DNS RR.

MicrosoftDNS_AAAAType

Represents an IPv6 Address (AAAA), often pronounced quad-A, RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_AFSDBType

Represents an Andrew File System Database Server (AFSDB) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_ATMAType

Represents an ATM Address-to-Name (ATMA) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_AType

Represents an Address (A) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_CNAMEType

Represents a Canonical Name (CNAME) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_HINFOType

Represents a Host Information (HINFO) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_ISDNType

Represents an ISDN RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_KEYType

Represents a KEY RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_MBType

Represents a Mailbox (MB) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_MDType

Represents a Mail Agent for Domain (MD) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_MFType

Represents a Mail Forwarding Agent for Domain (MF) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_MGType

Represents an MG RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_MINFOType

Represents an Mail Information (MINFO) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_MRType

Represents a Mailbox Rename (MR) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_MXType

Represents a Mail Exchanger (MX) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_NSType

Represents a Name Server (NS) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_NXTType

Represents a Next (NXT) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_PTRType

Represents a Pointer (PTR) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_RPType

Represents a Responsible Person (RP) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_RTType

Represents a Route Through (RT) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_SIGType

Represents a Signature (SIG) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_SOAType

Represents a Start Of Authority (SOA) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_SRVType

Represents a Service (SRV) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_TXTType

Represents a Text (TXT) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_WINSRType

Represents a WINS-Reverse (WINSR) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_WINSType

Represents a WINS RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_WKSType

Represents a Well-Known Service (WKS) RR. Subclass of MicrosoftDNS_ResourceRecord.

MicrosoftDNS_X25Type

Represents an X.25 (X25) RR. Subclass of MicrosoftDNS_ResourceRecord.

For more information about many WMI classes, see the WMI SDK documentation on MSDN.

The following resources contain additional information that is relevant to this section.

  • Microsoft Platform SDK on MSDN for more information about WMI classes that are associated with the DNS Server service.

  • “Group Policy Settings Reference” in the “Tools and Settings Collection” for information about Group Policy settings that are associated with the DNS Client service.

  • “Registry Reference” in the “Tools and Settings Collection” for information about registry entries that are associated with DNS.