Windows 2000 DNS Server

If a DNS server is a member of the DnsUpdateProxy group, the DNS server does not get ownership of the A and PTR records when registering a DHCP cient in the DNS database.

To manually edit an SRV record, edit netlogon.dns. It is located in the \WINNT\system32\config\netlogon.dns. Run netdiag /fix to refresh / apply changes.

A DNS forwarder is a DNS server that accepts recursive queries from another DNS server (it performs recursion for a forwarding DNS server). The process of forwarding a DNS query involves both a "forwarding" DNS server and a "forwarder" DNS server.

A slave DNS server does not use recursion. A slave DNS server is a forwarding server that does not fall back to iterative. You can configure a slave DNS server in the properties of the DNS server on the forwarders tab, check "do not use recursion" or on the advanced tab, check "disable recursion". They are the same settings.

A DNS server can use a forwarder in nonexclusive or exclusive modes:

nonexclusive - forward, if fail, recursion
exclusive - forward, if fail, nothing (slave)

A preferred DNS server is a DNS server that returns recursive queries. It is set on the client machine.

Active Directory integrated DNS can only be hosted on domain controllers

To find DC SRVs in your domain:

	c:\>nslookup
	>set q=SRV
	>_ldap._tcp.dc._mcdcs.yourdomain.

DNS Server Properties

Bind secondaries: BIND secondaries that do not support "fast transfer". BIND versions < 4.9.4.
enable netmask ordering: Multihomed-shortest path.
secure cache against pollution: No junk in iterative searches is cached.

If you are operating an internal root DNS server, do not use root hints. Delete cache.dns from all root servers.

You cannot use "Active Directory Integrated" zones unless the DNS server is running on a domain controller. This is configured in the properties of the zone.

Hostname Resolution Order

localhost
DNS client cache
DNS
NetBIOS Remote Name Cache
WINS
broadcast
LMHOSTS

SRV records registered by a domain controller are stored in netlogon.dns.

The Windows 2000 HOSTS file is stored in \WINNT\system32\drivers\etc\

Recursive queries to DNS servers require either a positive or negative
answer from the server.

Iterative queries to DNS servers return referral responses directing
to another DNS server.

To view DNS cache:
	ipconfig /displaydns
To clear DNS cache
	ipconfig /flushdns

zone database information:
	\WINNT\system32\dns


BINDS root.hints and Windows 2000's cache.dns can be obtained from:
	ftp://ftp.rs.internic.net/domain/root.zone.gz

DNS Suffixes (Client):

Network and Dial-up Connections, Local Area Connection, properties, TCP/IP properties, advanced, DNS tab:

	Append Primary and connection specific DNS suffixes:
		domain: spcsys.com
		command: ping diamond
		resolution: diamond.spcsys.com

	Append Parent Suffixes of the primary DNS suffix:
		domain: spcsys.com
		command: ping diamond
		resolution: diamond.net.spcsys.com ... diamond.spcsys.com

Zone Tranfers (XFRs)

When a secondary server is configured for a zone, it first performs a zone transfer during which it obtains a copy of the primary server's address database. This process is known as an all-zone transfer (AXFR).

After initial synchronization, incremental zone transfers (IXFRs) are used. IXFRs use serial numbers to determine which records are new or out of date.

Zone XFRs may occur in response to the following events:

The zone refresh interval has been exceeded.
A master server notifies a secondary server of a zone change.
A secondary DNS server service is started for the zone.
An administrator manually initiated a zone XFR from a secondary server.