How to Delegate All Internet Top-Level Domains on an Internal Root DNS Server (294906)


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
This article was previously published under Q294906

SUMMARY

This article describes how to configure the internal root DNS server to provide name resolution for Internet top-level domains.

MORE INFORMATION

Internal root DNS servers do not have root hints and do not forward or resolve any names beyond itself. This behavior is by design to protect the internal DNS server from an Internet attack. You must have a firewall in place to protect the root DNS server.

Depending on your network configuration, you may want the internal root DNS server to provide name resolution services for all Internet top-level domains (.net, .com, .edu), while you still protect it from any outside exposure. To do so, delegate all the Internet top-level domains on an internal root DNS server. Down-level DNS servers in your organization are then able to resolve iterative queries to your root DNS servers for top-level domains.

NOTE: Network Solutions provides a list of aggregated .com, .org, and .net top-level domain zone files (including the checksum files) and is subject to the restrictions described in the Access Agreement with Network Solutions. You use this file to build the delegated top-level domains.

To delegate all Internet top-level domains:
  1. Extract the root.zone file from the root.zone.gz file in the following location, and then copy root.zone to the %SystemRoot%\System32\DNS folder: ftp://ftp.rs.internic.net/domain
  2. Rename the file "Cache.dns".

    If you have a Cache.dns file already in the DNS folder, move it to a safe backup location in case you have to retrieve it at a later date.
  3. Create a new .(root) zone on the DNS server:
    1. In the DNS snap-in, right-click Forward lookup zones, and then click New Zone.
    2. When the New Zone Wizard starts, click Next
    3. Click Primary, click to clear Store the zone in Active Directory, and then click Next.
    4. In the Name box, type a dot ( .), and then click Next.
    5. Click Use this existing file, type cache.dns, and then click Next.
    6. Click Do not allow dynamic updates (default), click Next, and then click Finish.
After you complete this procedure, the root zone is created with all Internet top-level domains delegated below it.
Modification Type:MajorLast Reviewed:6/29/2006
Keywords:kbenv kbhowto KB294906
©2004 Microsoft Corporation. All rights reserved.