Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How to Delegate All Internet Top-Level Domains on an Internal Root DNS Server


View products that this article applies to.

Summary

This article describes how to configure the internal root DNS server to provide name resolution for Internet top-level domains.

↑ Back to the top


More information

Internal root DNS servers do not have root hints and do not forward or resolve any names beyond itself. This behavior is by design to protect the internal DNS server from an Internet attack. You must have a firewall in place to protect the root DNS server.

Depending on your network configuration, you may want the internal root DNS server to provide name resolution services for all Internet top-level domains (.net, .com, .edu), while you still protect it from any outside exposure. To do so, delegate all the Internet top-level domains on an internal root DNS server. Down-level DNS servers in your organization are then able to resolve iterative queries to your root DNS servers for top-level domains.

NOTE: Network Solutions provides a list of aggregated .com, .org, and .net top-level domain zone files (including the checksum files) and is subject to the restrictions described in the Access Agreement with Network Solutions. You use this file to build the delegated top-level domains.

To delegate all Internet top-level domains:
  1. Extract the root.zone file from the root.zone.gz file in the following location, and then copy root.zone to the %SystemRoot%\System32\DNS folder: ftp://ftp.rs.internic.net/domain
  2. Rename the file "Cache.dns".

    If you have a Cache.dns file already in the DNS folder, move it to a safe backup location in case you have to retrieve it at a later date.
  3. Create a new .(root) zone on the DNS server:
    1. In the DNS snap-in, right-click Forward lookup zones, and then click New Zone.
    2. When the New Zone Wizard starts, click Next
    3. Click Primary, click to clear Store the zone in Active Directory, and then click Next.
    4. In the Name box, type a dot (.), and then click Next.
    5. Click Use this existing file, type cache.dns, and then click Next.
    6. Click Do not allow dynamic updates (default), click Next, and then click Finish.
After you complete this procedure, the root zone is created with all Internet top-level domains delegated below it.

↑ Back to the top


Keywords: KB294906, kbhowto, kbenv

↑ Back to the top

Article Info
Article ID : 294906
Revision : 10
Created on : 3/2/2007
Published on : 3/2/2007
Exists online : False
Views : 315