Allow NS resource record creation for domain controllers

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

You can use the following procedure to allow name server (NS) resource record creation for specific domain controllers. This procedure applies to domain controller NS resource records in Active Directory–integrated Domain Name System (DNS) zones that are hosted on DNS servers that are configured to not add these resource records for their authoritative zones.

Administrative credentials

To perform this procedure, you must be a member of the DnsAdmins or the Domain Admins group in Active Directory. As a security best practice, consider using the Run as command to perform this procedure.

To allow NS resource record creation for specific domain controllers

  • At a command prompt, type the following command, and then press ENTER:

    dnscmd ServerName /Config ZoneName /AllowNSRecordsAutoCreation IpAddresses...

    Value Description

    ServerName

    Required. Specifies the DNS host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.).

    ZoneName

    Required. Specifies the fully qualified domain name (FQDN) of the zone.

    /AllowNSRecordsAutoCreation

    Required. Specifies that domain controllers that are entered for Value add their names to NS resource records for the zone that is specified in ZoneName. NS resource records that were previously registered for this zone are not affected. Therefore, you must remove them manually if you do not want them.

    IpAddresses...

    Required. Specifies the IP addresses of the domain controllers that add their names in NS resource records for the zone that is specified in ZoneName. Type a space-separated list of the IP addresses of the DNS servers, for example, 10.0.0.0 172.16.0.0 192.168.0.0.

If any domain controllers in the specified zone are not listed for IpAddresses..., their names are deleted from the NS resource records for the zone that is specified in ZoneName.

To specify that all domain controllers are allowed to add their names to NS resource records for the zone or to clear the list of allowed DNS server IP addresses, type the command and omit IpAddresses...:

dnscmdServerName**/ConfigZoneName/AllowNSRecordsAutoCreation**

Regardless of the settings that are specified in this command, query responses that are sent to DNS clients from authoritative DNS servers and selected domain controllers will indicate that the responses are from authoritative DNS servers.