Verify DNS Server Recursive Name Resolution on the First Forest Root Domain Controller

Applies To: Windows Server 2008, Windows Server 2008 R2

If you install both the Domain Name System (DNS) server role and the Active Directory Domain Services (AD DS) role when you install AD DS, AD DS configures DNS server recursive name resolution automatically. However, if your DNS design specifies a different configuration, you can use the DNS snap-in, Dnscmd.exe, to modify the default configuration settings.

If your environment has no existing DNS infrastructure, you do not have to do additional configuration when you install AD DS and the two server roles. However, if you want to configure an internal DNS server to resolve queries for external names, then you must configure this server to forward unresolved queries to an external server, such as one in your perimeter network or one that is hosted by an Internet service provider (ISP). (A perimeter network is also known as a demilitarized zone and a screened subnet.)

To verify recursive name resolution by using forwarders

1. Log on to the server that hosts the AD DS and DNS server roles.

2. To open DNS Manager, click Start, click Administrative Tools, and then click DNS.

3. In the console tree, right-click the domain controller name, and then click Properties.

4. On the Forwarders tab, verify that the IP addresses match those specified by your design.

For more information about DNS server forwarders, see Using Forwarders to Manage DNS Servers (https://go.microsoft.com/fwlink/?LinkId=93659).

To verify iterative name resolution by using root hints

1. Log on to the server that hosts the AD DS and DNS server roles.

2. To open the DNS snap-in, click Start, click Administrative Tools, and then click DNS.

3. In the console tree, right-click the domain controller name, and then click Properties.

4. In the Properties for the domain controller, click the Root Hints tab to view root hints.