none
Deleting .root dns zone in 2008 DNS

    Question

  • Hi,

       We have 2 domain controllers and .root zone is created in the dns. Due to which the external name resolution is not possible. I had tried to add conditional forwarders but i get an error saying that conditional forwarders cannot be created on root dns servers. So i was planning to delete the .root dns zones from the dns servers.we have Bluecoat proxy for internet browsing which is integrated with AD. So i would like to know whether there will be any problem if iam deleting the root DNS zone.

     

    Thanks in advance

    Sri

    Monday, June 27, 2011 3:40 PM

Answers

  • If you have a "root" zone created in your DNS, and you no longer want that configuration, you can just simply delete that zone.  There is no reason to have a root "." zone hosted unless you want to make sure that the DNS server is authoritative for all queries and not allow the DNS server to go elsewhere for name resolution.

    If you delete this zone, the DNS server will be able to use its root hints, or fowarders to resolve queries for zones its not authoritative for.

     


    Visit: anITKB.com, an IT Knowledge Base.
    Monday, June 27, 2011 5:08 PM
  •   I am surprised to read tht you have a . at the top of your DNS tree. I have not seen that since Windows 2000. You can simply remove it. http://support.microsoft.com/kb/298148

     


    Bill
    Monday, June 27, 2011 11:39 PM
  • Bill, I agree, I am also surprised. That was from the old 2000 days where DCPROMO would create it if it detected no internet access while promoting the first DC. Jsut remove it, and the Forwarders option reappear.

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, June 28, 2011 6:52 PM

All replies

  • If you have a "root" zone created in your DNS, and you no longer want that configuration, you can just simply delete that zone.  There is no reason to have a root "." zone hosted unless you want to make sure that the DNS server is authoritative for all queries and not allow the DNS server to go elsewhere for name resolution.

    If you delete this zone, the DNS server will be able to use its root hints, or fowarders to resolve queries for zones its not authoritative for.

     


    Visit: anITKB.com, an IT Knowledge Base.
    Monday, June 27, 2011 5:08 PM
  •   I am surprised to read tht you have a . at the top of your DNS tree. I have not seen that since Windows 2000. You can simply remove it. http://support.microsoft.com/kb/298148

     


    Bill
    Monday, June 27, 2011 11:39 PM
  • Bill, I agree, I am also surprised. That was from the old 2000 days where DCPROMO would create it if it detected no internet access while promoting the first DC. Jsut remove it, and the Forwarders option reappear.

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Tuesday, June 28, 2011 6:52 PM