Re: Windows 2008 DNS forwarders and root hints

Tech-Archive recommends: Fix windows errors by optimizing your registry

In news:uXjW$4BvJHA.248@xxxxxxxxxxxxxxxxxxxx,
David Chadwick <david@xxxxxxxxxxxxxxx>, seeking assistance, posted the following:

Hi Ace,

Thanks for the reply - I understand what you are saying. However I
still want to state my main point again and see what you think.

I understand DNS enough to "get around" - not as well as you, but I
have a reasonable understanding of a devolving iterative query
starting with the roots versus a recursive query to a forwarder.

I'll try and be concise! :)

Firstly - I am only interested in Windows 2008 using the Windows 2008
management tool here. In this scenario, the setting I am asking
about is on the Forwarder tab and is called "Use root hints if no
forwarders are available". Toggling this checkbox simply changes
IsSlave from 0 to 1 and back again.

As expected, based on my previous explanation.


I think this is the same thing as ticking "Do not use recursion" when
"All other DNS Domains" is selected in Windows 2003. To my
knowledge, this toggles IsSlave between 0 and 1 also. For the
purpose of my question this is not relevant. I am only interested in
the Windows 2008 tool.

Similar setting with 2003, but 2008 does everyone a favor by graying it out if no forwarder is present, which forces it to use the forwarders and the IsSlave disappears.


Essentially all I am saying is that I believe the tool incorrectly
sets the option back to front. When you TICK "Use root hints if no
forwarders are available", this actually sets IsSlave to 1 which
tells the DNS server *not* to use the root hints. If the forwarder
is not available, the DNS query fails (the server makes no attempt to
perform a devolving iterative query to the roots).




If I UNTICK "Use root hints if no forwarders are available", this sets
IsSlave to 0 which tells the DNS server to use the root hints. If the
forwarder is not available, the DNS server performs a devolving
iterative query against the roots and the query succeeds.

Am I making sense? Unless I am totally missing something, the
Windows 2008 tool is getting it completely wrong. If I tick the
option to use the root hints, it should use the root hints! This
could be fixed in two ways - either the tool needs to reverse when it
sets IsSlave to 0 and 1 (swap it around), or they could re-write the
option to be called something like "Do not use root hints if no
forwarders are available".
Am I making sense? Can you confirm what I am saying? I am not
confused about what IsSlave does - I think I understand it pretty
well. I just believe the interface is doing exactly the opposite of
what it should be doing based on what the option says. Either that
or I am completely misunderstanding something....

Cheers,
David

You are making sense in your statement, but I didn't see it testing it. I spent a good 30 minutes messing with this, and each time I was able to successfully resolve queries. Here are my steps. Check them out. If they differed from yours, let me know.
===
Forwarders present:
Ticked "use Root hints if no forwarders are available
Refreshed reg
IsSlave = 1 (means it will recurse using forwarders)
List of forwarders remained in reg

Deleted the forwarders while the box was still ticked.
Checkbox grayed out, but remained ticked
Refreshed Reg
IsSlave setting disappeared (meaning it becomes an iterative resolver to use Roots)
So I assume it will now use the Roots
Tested with nslookup.
Made sure it was using this DNS server.
Resovled microsoft.com successfully.

Cleared DNS server cache (no need to clear local cache because nslookup has it's own resolver and cache for each session)
exited nslookup
Tried again, successfully resolved microsoft.com and endoftheinternet.com (I chose that because I was not at that site in at least 2 years to insure it is not cached anywhere)
So it can resolve fine using the Roots
Just in case, I set nslookup to diagnostic mode by using: set d2
Ran another query for beginningoftheinternet.com
Successfully resolved it using the Roots.

While the grayed out box was still ticked
I created a forwarder to 4.2.2.2
Refreshed Registry
IsSlave setting reappered = 0 (means it should only use Roots)
Unticked the checkbox
Refreshed Registry
IsSlave setting still = 0
Invoked a new instance of nslookup
Resolved intel.com successfully

removed forwarder
Unticked the box
hit apply
Refreshed reg
IsSlave disappeared
Resolved highpoint-solutions.com successfully

Ace


.

Relevant Pages

  • Re: Windows 2008 DNS forwarders and root hints
    ... we have ticked the option "Use root hints if no forwarders are present" and IsSlave is set to 1. ... with IsSlave being set to 1 this tells DNS that it can ONLY resolve DNS by doing a recursive query to the forwarder. ...
    (microsoft.public.windows.server.dns)
  • Re: Windows 2008 DNS forwarders and root hints
    ... we have ticked the option "Use root hints if no forwarders are present" and IsSlave is set to 1. ... with IsSlave being set to 1 this tells DNS that it can ONLY resolve DNS by doing a recursive query to the forwarder. ...
    (microsoft.public.windows.server.dns)
  • Re: Forworders or Root Hints?
    ... Forwarders give you a more specific resolution method. ... Others like root hints because they are potentially more ... I'm trying to configure my DC servers as a DNS server. ... will resolve to outside with this DNS server. ...
    (microsoft.public.windows.server.dns)
  • Re: DNS forwarding
    ... > it to use the ISP's DNS server and resolution would work without ... The DNS server should be able to resolve external domains, ... Forwarders are optional, unless you have "Do not use ... Are your root hints resolved? ...
    (microsoft.public.win2000.dns)
  • Re: Forworders or Root Hints?
    ... disagree with what you say but I have seen from experience that root hints ... doable for the same reasons as the stub Zones) and Forwarding. ... I understand forwarders and conditional forwarders. ... only DNS server to do that job? ...
    (microsoft.public.windows.server.dns)