RouteThrough (RT) Record

The RouteThrough record is used to bind internal hosts which didn't have direct wide are network(WAN) address to intermediate routes. This record contains two fields. A 16-bit integer used to indicate preference for each intermediate route and the domain name of the route through host.
To create RT record through dns manager snap-in, follow the below instructions.
1.Open dns manager using dnsmgmt.msc
2.In the console tree, browse to dns zone "myrootdns.com", right click on the zone and click "new other records".
3. Select "RouteThrough(RT) Record" list item in the resource record type dialog.
4. Enter route through host and click OK in new resource record dialog.
5. Click "Done" button in resource record type dialog.
6. Verify the RouteThrough record has created in dns manager.

NS (name server) record

A Name Server (NS) record allows to delegate a child domain to a dns server. For example, Assume myrootdns.com is the main domain, subdomain.myrootdns.com is the subdomain and childdnsserver.myrootdns.com is server machine which should act as name server for subdomain.myrootdns.com

set resetlistenaddresses using dnscmd

To add an IP address on the DNS server that listens for DNS clients through command line using dnscmd, do the following

1. Assume the dns server "dnsserver", IP address to be added is 192.168.1.100.

2. Run the following to reset listen addresses

dnscmd dnsserver /ResetListenaddresses 192.168.1.100

Install dns server through command prompt

The following shows on installing dns server on command line using sysocmgr command. sysocmgr.exe is used to install windows optional components using unattended file.

1. Create a unattended file unattend.txt with the following content

[NetOptionalcomponents]
DNS=1

2. Now run the command below to install dns server automatically.

sysocmgr.exe /i:sysoc.inf /u:"unattend.txt" /f



3. To install it silently i.e without UI, run
sysocmgr /i:sysoc.inf /u:"unattend.txt" /f /q

4. Also to install it on multi-language environment, run

sysocmgr /i:sysoc.inf /u:"unattend.txt" /f /q /i

Install DNS Server

The following illustrates on how to install a stand alone dns server,
1. Open add/remove program's Windows Component add/remove dialog using the command control appwiz.cpl,,2

2. double Click on "Network services" in windows components wizard.

3. In the Network Services dialog, select "Domain Name System (DNS)" and click OK.

4. Now click next in Windows Components wizard, Thus starts configuring dns server.

5. To verify the system successfully installed dns, check the dns server is running in servives wizard (services.msc).

Relevant Posts:

Install dns server automatically through command line

Directory partition Information

A Directory Partition contain information above root dns, zone count, replica count resource records and so on.

To know information of a specific directory partition, do the following

1. Assume the dns server is "dnsserver", domain zone is "myrootdns.com", Directory Partition created at "dnsserver" is "DomainDnsZones.myrootdns.com"

2. To know info of the DomainDnsZones.myrootdns.com, run

dnscmd dnsserver /DirectoryPartitionInfo DomainDnsZones.myrootdns.com









3. To know Directory info in full detail, run

dnscmd dnsserver /DirectoryPartitionInfo DomainDnsZones.myrootdns.com /detail

Remove Application Directory Partition using dnscmd

To remove a ApplicationDirectoryPartion say "ExamplePartition.myrootdns.com" using dnscmd.exe command, do the following

1. Verify the directory partion ExamplePartition.myrootdns.com









It can also be verified by running the following command

dnscmd /EnumDirectoryPartitions

2. Now run the following to delete the directory partition

dnscmd /DeleteDirectoryPartition ExamplePartition.myrootdns.com

Create builtin directory partitions

By Default, when the DNS is installed, a application directory partition is automatically created at the forest and domain levels. If these didn't created while installing DNS, the dns manager console can be used to create builtin active directory partitions.
The following illustrates creating builtin directory partitions in dns manager console.

1. Assume the dnsserver name is "dnsserver".
2. Open DnsManager using the command dnsmgmt.msc.
3. In the dns manager console tree, right click on dns server node "dnsserver" and select "CreateDefaultApplicationDirectoryPartitions" option.

Set CurrentTime on a zone usng dnscmd

Dnscmd /ageallrecords command sets current time on a timestamp to resource record at a specified dns zone.


The following shows setting current time on a timestamp to resource record on a zone called "myrootdns.com" in a dnsserver "dnsserver".

dnscmd.exe dnsserver /ageallrecords myrootdns.com dnsserver.myrootdns.com







To apply timestamp to all child nodes in the forest tree, run

dnscmd.exe dnsserver /ageallrecords myrootdns.com dnsserver.myrootdns.com /tree /f






Note: 1. The ageallrecords operation is for backward compatibility between the current version of DNS and previous releases in which aging and scavenging were not supported. This operation adds a time stamp with the current time to records that do not have one and sets the current time on records that do have a time stamp.
2. Scavengin of resource records will not occur until they are timestamped.
3. NS, SOA and WINS records are not included in the scavenging process timestampt doesn't apply to them as well the /ageallrecords operation
4. This operation fails unless scavenging is enabled for the DNS server and the zone.
To enable scavenging on a zone.
5. Adding time stamp to DNS records makes them incompatible with DNS servers that run on earlier versions of operating systems.
6. Time stamp you add by using the ageallrecords operation cannot be reversed.

Relevant Posts:
TroubleShoot:dnscmd /ageallrecords fails

Enable StrictFileParsing on command line

To enable StrictFileParsing on command prompt using dnscmd.exe,

dnscmd /config /StrictFileParsing 1


To verify the status, run

dnscmd /info /StrictFileParsing

strictfileparsing registry key

This registry key specifies the dns server on how to respond when it receives zone files which contain erroneous resource records. The error records can be records for names out of the dns zone and wrong CNAME records.

Key Name: strictfileparsing
Type: dword(boolean)
Default: 0
Location: HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters
Functionality: Defines the behavior of the dns server when it finds wrong resource records while loading zone data.

By Default(Reg key does exists), If the dns server receives erroneous records, it logs the error in to dns eventlog and continues loading.
If the reg key is one, If the server receives error records, it logs error in dns event log viewer and stops loading.
Note: 1. In the earlier versions of Windows NT 4.0, dns server doesn't start if it finds erroneous resource records.
2. Direct changes to registry key will be effective only after restarting the dns server. This is due to fact that the dns server loads this registry at the startup.

To change the reg key value to 1, without having to restart the dns server, do the following.
1. Assume the dns server name is "dnsserver".
2. Open dns manager using the command dnsmgmt.msc
3. In the console tree, right click on server node "dnsserver" and click properties.












4. Go to advanced tab, Select "Fail on Load If bad zone data", click apply and click OK button.

















Relevant Posts:
Set Strictfileparsing on command Prompt

set XfrConnectTimeout on command prompt

To set XfrConnectTimeout on command line using dnscmd.exe, run

dnscmd /config /XfrConnectTimeout 50

The above sets the XfrConnectTimeout to 50secs.

To verify the value, run
dnscmd /info /XfrConnectTimeout

xfrconnecttimeout Registry Key

The xfrconnecttimeout registry key specifies the maximum time the dns system must wait for the secondary server to connect to the primary server. If the secondary server didn't connect to the primary server in time, then the dns system drops the connection from secondary server to primary server.

Key Name: xfrconnecttimeout
Type: dword
Default: 0x1E secs
Range: 0x0 to 0xFFFFFFFF
Functionality: maximum time to wait for the connection from seconday server to primary server before dropping the connection.
Location: HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters

The default value of the reg key is 30 secs.
Note: Direct changes to reg key doesn't becomde effective untill the server restarts. Instead use dnscmd.exe to change the reg key value.

Enable disablensrecordsautocreation using dnscmd

To enable disablensrecordsautocreation on command prompt, run the following

dnscmd /config /disablensrecordsautocreation 1







To know the status of the setting, run
dnscmd /info /disablensrecordsautocreation


To disable disablensrecordsautocreation, run

dnscmd /config /disablensrecordsautocreation 0


verify it by,

dnscmd /info disablensrecordsautocreation

Disablensrecordsautocreation registry Key

This registry key restricts the dns server to create name server(NS) resource records automatically while loading it's dns zones. By Default (reg key doesn't exists), the dns server automates creation of name server(NS) resource records upon loading it's zones.

Key Name: Disablensrecordsautocreation
Type: dword
Default: 0
Functionality: Determines auto creation of NS records for authoritative zones on dns server.
Location: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dns\parameters"

If reg key set to 1, then dns server restricted from registering NS resource records for authoritative zones, and also existing Name server (NS) records for the authoritative zones that are located on the DNS server are deleted automatically.

Note: 1. This reg settings restricted to only NS resource records that registered to Active Directory integrated Domain Controllers(DC).
2. Incorrectly editing the registry key may have adverse effect on the system. Save Last Known Good Configuration before editing the reg key.
3. The registry key doesn't exist by default, however if one wants to restrict (disallow) NS record registration, then create the reg key and set it to 1.
4. One must be a member of the Administrators group on the local computer, or must have been delegated the appropriate authority.

Set Dstombstoneinterval using dnscmd command

The following illustrates setting Dstombstoneinterval to some value, say 10secs, on command prompt.
dnscmd /config /Dstombstoneinterval 5

To verify the interval, run

dnscmd /info /Dstombstoneinterval

Dstombstoneinterval Registry Key

This registry key configured for a DNS server determines the amount of time in seconds to keep tombstoned (deleted) records in Active Directory alive .

Key Name: Dstombstoneinterval
Type: dword
Default: 4 secs.
Functionality:
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dns\parameters.

Relevant Posts:
set dstombstoneinterval on command prompt

Set EnableDnsSec using dnscmd

To set EnableDnsSec on command line.

1. To set EnableDnsSec to 1, run
dnscmd /config /EnabledDnsSec 1





To verify the settings, do run
dnscmd /info /EnableDnsSec


2. To set EnableDnsSec to 0, run
dnscmd /config /EnabledDnsSec 0

To verify the settings, do run
dnscmd /info /EnableDnsSec






3. To set EnableDnsSec to 2, run
dnscmd /config /EnabledDnsSec 2

To verify the settings, do run
dnscmd /info /EnableDnsSec

DisableAutoReverseZones Registry Key

This registry key determines whether to create reverse lookup dns zones automatically or not.
Automatically creating reverse lookup zones is a useful and optimized dns feature. If reverse lookup zones are created automatically, then the authoritative server can avoid recursive queries for most of the common dns queries.

By default, the DNS server is generally authoritative for the following three reverse lookup zones:

1. 0.in-addr.arpa (0.0.0.0).
2. 127.in-addr.arpa (127.0.0.1 - loopback).
3. 255.in-addr.arpa (255. 255. 255. 255 - broadcast).

Key Name: DisableAutoReverseZones

Type: REG DWORD
Default value: 0 (Creates three reverse lookupzones specified above automatically).
Functionality: Allow/disallow DNS Server to create standard dns reverse lookup zones automatically.
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dns\parameters.

Note: 1. DNS by default, does not add the DisableAutoReverseZones reg entry in to the registry. One can add to registry directly or by using the command Dnscmd.exe.
2. In both the above cases, dns server should restarted in make the changes effective. This is due to the fact that dns server creates reverse lookup zones during the startup.

Relevant Posts:
Enable or Disable disableautoreversezones on command prompt .

DefaultRefreshInterval Registry Key

This registry key specifies the duration during which the active directory integrated dns zone can update timestamp of dns resource records. During DefaultRefreshInterval period Scavenging settings doesn't have effect on dns zones.

Key Name: DefaultRefreshInterval
Type: dword
Default: 7 days.
Functionality: Specifies the duration of refresh interval.
Location: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dns\parameters".

When a new active directory dns zone is created, the system copies the DefaultRefreshInterval reg value in the new dns zone's sub key entry DefaultRefreshInterval.

Note: Direct changes to this key will be effective only after rebooting the server.

To change DefaultRefreshInterval with having to restart the system, do the following.

1. Assume the dns server name is "dnserver".
2. Open DnsManger using the command dnsmgmt.msc.
3. In the console tree, right click on the server node "dnsserver" and click "set Aging and Scavenging for this server".












4. In the server Aging/Scavenging properties dialog, select the option "DefaultRefreshInterval" , set the interval click apply and click ok button.



















5. Click ok on confirmation dialog.





















Relevant Posts:
set defaultrefreshinterval on command prompt