Allow NS record creation for specific domain controllers

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To allow NS resource record creation for specific domain controllers

  1. Open Command Prompt.

    Important

    • This procedure applies to domain controller name server (NS) resource records in Active Directory-integrated DNS zones that are hosted on DNS servers configured to not add these resource records for their authoritative zones. For more information, see Related Topics.
  2. Type:

    dnscmdServerName /Config ZoneName /AllowNSRecordsAutoCreation IpAddresses...

    Value Description

    dnscmd

    Specifies the name of the command-line program.

    ServerName

    Required. Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.).

    /Config

    Required. Specifies the configuration command.

    ZoneName

    Required. Specifies the fully qualified domain name (FQDN) of the zone.

    /AllowNSRecordsAutoCreation

    Required. Specifies that domain controllers entered for Value will add their names to NS resource records for the zone specified in ZoneName. NS resource records that were previously registered for this zone are not affected. Therefore, you must remove them manually if you do not want them.

    IpAddresses...

    Required. Specifies the IP addresses of the domain controllers that will add their names in NS resource records for the zone specified in ZoneName. Type a space-separated list of the IP addresses of the DNS servers. For example, 10.0.0.0 172.16.0.0 192.168.0.0.

Additional considerations

  • To perform this procedure, you must be a member of the DnsAdmins or the Domain Admins group in Active Directory. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

  • This procedure requires the Dnscmd Windows support tool. For information about installing Windows support tools, see Related Topics.

  • To view the complete syntax for this command, at a command prompt, type:

    dnscmd /Config /?

  • If any domain controllers in the specified zone are not listed for IpAddresses..., their names will be deleted from the NS resource records for the zone specified in ZoneName.

    To specify that all domain controllers are allowed to add their names to NS resource records for the zone, or to clear the list of allowed DNS server IP addresses, type the command and omit IpAddresses...:

    dnscmdServerName**/ConfigZoneName/AllowNSRecordsAutoCreation**

  • Regardless of the settings above, query responses sent to DNS clients from authoritative DNS servers and selected domain controllers will indicate that the responses are from authoritative DNS servers.

Formatting legend

Format Meaning

Italic

Information that the user must supply

Bold

Elements that the user must type exactly as shown

Ellipsis (...)

Parameter that can be repeated several times in a command line

Between brackets ([])

Optional items

Between braces ({}); choices separated by pipe (|). Example: {even|odd}

Set of choices from which the user must choose only one

Courier font

Code or program output

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Restrict NS resource record registration