Windows Server 2003 : Installing and Configuring DNS Servers (part 3) - Exploring DNS Server Properties Tabs

12/7/2013 2:33:50 AM

5. Viewing and Clearing the DNS Server Cache

The contents of the DNS server cache can be viewed only in the DNS console. To view the cache contents, from the View menu select Advanced. Once the DNS console View mode is set to Advanced, a new folder appears in the DNS console tree, Cached Lookups. This folder hierarchically organizes the cached lookups for queries that the DNS server has performed. In other words, this folder displays the DNS server cache in a hierarchical format. Figure 2 shows sample contents of the Cached Lookups folder.

Figure 2. DNS server cache

To clear the DNS server cache, you can right-click the DNS server icon in the DNS console and select Clear Cache. Alternatively, you can restart the DNS Server service or use the Dnscmd /clearcache command.

6. Exploring DNS Server Properties Tabs

The DNS server properties dialog box allows you to configure settings that apply to the DNS server and all its hosted zones. You can access this dialog box in the DNS console tree by right-clicking the DNS server you want to configure and then selecting Properties. The DNS server properties dialog box contains eight tabs, which are introduced next.

Interfaces Tab

The Interfaces tab allows you to specify which of the local computer’s IP addresses should listen for DNS requests. For example, if your server is multihomed and has one IP address for the local network and another IP address connected to the Internet, you can prevent the DNS server from servicing DNS queries from outside the local network. To perform this task, specify that the DNS server listen only on the computer’s internal IP address.

By default, the setting on this tab specifies that the DNS server listens on all IP addresses associated with the local computer.

Forwarders Tab

The Forwarders tab allows you to forward DNS queries received by the local DNS server to upstream DNS servers, called forwarders. Using this tab, you can specify the IP addresses of the upstream forwarders, and you can specify the domain names of queries that should be forwarded. For example, in Figure 3, all queries received for the domain will be forwarded to the DNS server When, after receiving and forwarding a query from an internal client, the local forwarding server receives a query response back from, the local forwarding server then passes this query response back to the original querying client. The process of forwarding selected queries in this way is known as conditional forwarding.

Figure 3. Forwarders tab

In all cases, a DNS server configured for forwarding uses forwarders only after it has determined that it cannot resolve a query using its authoritative data (primary or secondary zone data) or cached data.


To specify how long the forwarding server should wait for a response from a forwarder before timing out, on the Forwarders tab, enter a value in the Number Of Seconds Before Forward Queries Time Out text box. The default setting is 5.

When to Use Forwarders

In some cases, network administrators might not want DNS servers to communicate directly with external servers. For example, if your organization is connected to the Internet by means of a slow wide area link, you can optimize name resolution performance by channeling all DNS queries through one forwarder, as shown in Figure 4. Through this method, the server cache of the DNS forwarder has the maximum potential to grow and reduce the need for external queries.

Figure 4. Using forwarding to consolidate caching

Another common use of forwarding is to allow DNS clients and servers inside a firewall to resolve external names securely. When an internal DNS server or client communicates with external DNS servers by making iterative queries, normally the ports used for DNS communication with all external servers must be left open to the outside world through the firewall. However, by configuring a DNS server inside a firewall to forward external queries to a single DNS forwarder outside your firewall, and by then opening ports only to this one forwarder, you can resolve names without exposing your network to outside servers. Figure 5 illustrates this arrangement.

Figure 5. Secure iteration with forwarders

Disabling Recursion

The Forwarders tab allows you to disable recursion on any queries, specified by domain, that have been configured to be forwarded to an upstream server. When recursion is not disabled (the default), the local DNS server attempts to resolve a fully qualified domain name (FQDN) after a forwarder has failed to do so. This condition is preferable if you want to optimize settings for fault tolerance: if the upstream forwarder is down, name resolution can fall back to the local DNS server.

However, when under this default setting the forwarder receives the forwarded query and still fails to resolve it, the subsequent fallback recursion that occurs at the local DNS server is usually redundant and delays an inevitable query failure message response. Disabling recursion on queries for which forwarding has been configured thus optimizes the speed of negative query responses at the expense of fault tolerance.

When forwarders are configured this way in combination with disabling recursion, the local DNS server is known as a slave server because in these cases, it is completely dependent on the forwarder for queries that it cannot resolve locally.


Do not confuse the use of the term slave server with the term slave zone, which is used in some implementations of DNS. In some non-Microsoft DNS servers, such as Berkeley Internet Name Domain (BIND), primary zones are called master zones and secondary zones are called slave zones.

Advanced Tab

The Advanced tab allows you to enable, disable, and configure certain DNS server options and features such as recursion, round robin, automatic scavenging, and netmask ordering.


Whereas the Forwarders tab allows you to disable recursion on selected queries for domains used with forwarders, the Advanced tab allows you to disable recursion for all queries received by the local DNS server.


If you disable recursion on a DNS server using the Advanced tab, you cannot use forwarders on the same server, and the Forwarders tab becomes inactive.

Root Hints Tab

The Root Hints tab contains a copy of the information found in the WINDOWS\System32\Dns\Cache.dns file. For DNS servers answering queries for Internet names, this information does not need to be modified. However, when you are configuring a root DNS server (named “.”) for a private network, you should delete the entire Cache.dns file. (When your DNS server is hosting a root server, the Root Hints tab itself is unavailable.)

In addition, if you are configuring a DNS server within a large private namespace, you can use this tab to delete the Internet root servers and specify the root servers in your network instead.


Every few years, the list of root servers on the Internet is slightly modified. Because the Cache.dns file already contains so many possible root servers to contact, it is not necessary to modify the root hints file as soon as these changes occur. However, if you do learn of the availability of new root servers, you can choose to modify your root hints accordingly. As of this writing, the last update to the root servers list was made on November 5, 2002. You can download the latest version of the named cache file from InterNIC at

Figure 6 shows the Root Hints tab.

Figure 6. Root Hints tab

Debug Logging Tab

The Debug Logging tab allows you to troubleshoot the DNS server by logging the packets it sends and receives. Because logging all packets is resource-intensive, this tab allows you to determine which packets to log, as specified by transport protocol, source IP address, packet direction, packet type, and packet contents.

Event Logging Tab

You can access the DNS Events log in the DNS console tree in the Event Viewer node. This log maintains a record of errors, warnings, and other events that allow you to troubleshoot or monitor DNS performance.

The Event Logging tab allows you to restrict the events written to the DNS Events log file to only errors or to only errors and warnings. It also allows you to disable DNS logging. For more powerful features related to the filtering of DNS events, use the Filter tab of the DNS Events Properties dialog box. You can open this dialog box by selecting Event Viewer in the left pane of the DNS console, right-clicking DNS Events in the right pane, and selecting Properties.

Monitoring Tab

The Monitoring tab allows you to test basic DNS functionality with two simple tests. The first test is a simple query against the local DNS server. To perform the first test successfully, the server must be able to answer forward and reverse queries targeted at itself.

The second test is a recursive query to the root DNS servers. To perform this second test successfully, the DNS server computer must be able to connect to the root servers specified on the Root Hints tab.

The Monitoring tab, shown in Figure 7, also allows you to schedule these tests to be conducted at regularly specified intervals. The results of the tests, whether performed manually or automatically, are shown in the Test Results area of the tab.

Figure 8-7. Monitoring tab

Security Tab

The Security tab is available only when the DNS server is also a domain controller. This tab allows you to control which users are granted permissions to view, configure, and modify the DNS server and its zones. By clicking the Advanced button, you can further refine settings related to DNS server permissions.

  •  Windows Server 2008 and Windows Vista : Using .adm Template Language (part 7)
  •  Windows Server 2008 and Windows Vista : Using .adm Template Language (part 7)
  •  Windows Server 2008 and Windows Vista : Using .adm Template Language (part 6)
  •  Windows Server 2008 and Windows Vista : Using .adm Template Language (part 5)
  •  Windows Server 2008 and Windows Vista : Using .adm Template Language (part 4) - Syntax for Updating the GPME Interface - POLICY
  •  Windows Server 2008 and Windows Vista : Using .adm Template Language (part 3) - Syntax for Updating the GPME Interface - STRINGS , CATEGORY
  •  Windows Server 2008 and Windows Vista : Using .adm Template Language (part 2) - Syntax for Updating the Registry
  •  Windows Server 2008 and Windows Vista : Using .adm Template Language (part 1) - Structure of an .adm Template
  •  Windows Server 2008 and Windows Vista : Creating Custom .adm Templates - A Simple .adm Template
  •  Windows Server 2003 : Implementing Software Restriction Policies (part 5) - Optional Tasks for Implementing Software Restriction Policies
    PS4 game trailer XBox One game trailer
    WiiU game trailer 3ds game trailer
    Top 10 Video Game
    -   Minecraft Mods - MAD PACK #10 'NETHER DOOM!' with Vikkstar & Pete (Minecraft Mod - Mad Pack 2)
    -   Minecraft Mods - MAD PACK #9 'KING SLIME!' with Vikkstar & Pete (Minecraft Mod - Mad Pack 2)
    -   Minecraft Mods - MAD PACK #2 'LAVA LOBBERS!' with Vikkstar & Pete (Minecraft Mod - Mad Pack 2)
    -   Minecraft Mods - MAD PACK #3 'OBSIDIAN LONGSWORD!' with Vikkstar & Pete (Minecraft Mod - Mad Pack 2)
    -   Total War: Warhammer [PC] Demigryph Trailer
    -   Minecraft | MINIONS MOVIE MOD! (Despicable Me, Minions Movie)
    -   Minecraft | Crazy Craft 3.0 - Ep 3! "TITANS ATTACK"
    -   Minecraft | Crazy Craft 3.0 - Ep 2! "THIEVING FROM THE CRAZIES"
    -   Minecraft | MORPH HIDE AND SEEK - Minions Despicable Me Mod
    -   Minecraft | Dream Craft - Star Wars Modded Survival Ep 92 "IS JOE DEAD?!"
    -   Minecraft | Dream Craft - Star Wars Modded Survival Ep 93 "JEDI STRIKE BACK"
    -   Minecraft | Dream Craft - Star Wars Modded Survival Ep 94 "TATOOINE PLANET DESTRUCTION"
    -   Minecraft | Dream Craft - Star Wars Modded Survival Ep 95 "TATOOINE CAPTIVES"
    -   Hitman [PS4/XOne/PC] Alpha Gameplay Trailer
    -   Satellite Reign [PC] Release Date Trailer
    Game of War | Kate Upton Commercial