Configuring DNS server properties

One of the first things I had to figure out when I learned DNS in Active Directory was how to remember if a property was that of the DNS server or a zone. Both are exposed in the DNS Management snap-in tool.

DNS server properties are exposed by right-clicking on the DNS server icon as shown in Figure 1. Zone properties, on the other hand, are found if you right-click on a particular zone name under Forward or Reverse Lookup Zones.

Here are a couple of ways to keep them straight: Figure 1: DNS server properties and the DNS server icon
[IMAGE]

The DNS Server Properties page

Let's take a closer look at the server properties. Figure 2 shows the DNS Server Properties page, with eight tabs, followed by a description of features included for each of those eight areas.

Figure 2: DNS Server Properties page
[IMAGE] Figure 3: Conditional Forwarding feature in action
[IMAGE]Figure 4: Advanced tab settings
[IMAGE]Root Hints
Root Hints is a list of all DNS servers at the ro

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Domain Name System (DNS) Domain Name System (DNS) Guide An alternate strategy for DNS server backup DNS troubleshooting tips for Active Directory How the DC locator works in Active Directory For Active Directory performance gains, delegate the _MSDCS DNS zone Best practices for DNS structure design DNS best practices: Making AD rock-solid Name resolution in DNS Preventing DNS registration of certain SRV records How do I create a secondary DNS server? Active Directory Administration Using Active Directory to manage Macs in a Windows environment Troubleshooting poor Windows logon performance in Active Directory environments Common Active Directory security oversights Scripting domain controller installations: A must for Server Core Taming the LSASS.exe process for Active Directory performance and security Troubleshooting Active Directory database errors Active Directory database basics: Performing an offline defrag Branch office security: Pros and cons of read-only domain controllers Tips for Windows domain controller optimization How to rebuild the SYSVOL tree when none exists in Active Directory

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ot of the Internet and is used in recursive name resolution. On this tab, there is an ADD button that allows you to build custom root hints. The only experience I've had with custom root hints has been bad. Folks will configure a particular DNS server to serve as a root hint, but then it gets misconfigured or the IP address changes, and you forget that it's there, which can cause troubleshooting problems and DNS errors. My recommendation: Do not build custom root hints.

Debug Logging
Figure 5 shows all the options on this tab if you check the "log packets for debugging" option. It is a decent option to use if you don't want the hassle of setting up a network trace and are limited to DNS packets. Note: At the bottom of this page, you can configure the size and location of the DNS log. If this size is exceeded, it will overwrite itself. The log is located at %windir%\system32\dns\dns.log.

Figure 5: Debug Logging options
[IMAGE] Figure 6: Monitoring
[IMAGE]Yes, DNS is simple, but there are a number of options you can use, especially to aid in troubleshooting and taking forwarding shortcuts like conditional forwarding. Coming up, I will discuss zone properties, which are more likely to be changed.

Gary Olsen is a systems software engineer for Hewlett-Packard in Global Solutions Engineering. He authored Windows 2000: Active Directory Design and Deployment and co-authored Windows Server 2003 on HP ProLiant Servers.

Rate this Tip To rate tips, you must be a member of SearchWindowsServer.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.