In this lecture, we’ll learn what root hints is and how it’s used in a Windows DNS server environment.

So, what is the Root Hints file? 

• The root hints file contains a list of thirteen internet servers, and their IPv4 and IPv6 IP addresses.  

• These servers are authoritative for the root domain.

So, what’s a Root Domain? 

The root domain is a group of servers located at the top of the DNS tree.

So, where is the Root Hints file stored? 

• The root hints file is located on the DNS servers hard drive. In the C:\windows\system32\DNS folder.  

• So, if we click on the Cache file  

Notice the IPv4 and the IPv6 IP addresses

• By default, Windows DNS uses these 13 Root hints servers to resolve queries that your local DNS server can’t resolve.
• Another method of resolution is to configure forwarders.

So, what are forwarders, and how do they work with root hints? 

To take a look at forwarders, we will open Server Manager, then click tools, then DNS manager. 

• To open forwarders right click on your server, then click properties, then click the forwarders tab.

• Forwarders are DNS servers that this server can use to resolve DNS queries for records that this server can’t resolve.

• Configuring forwarders is the manual method that will forward DNS queries for external DNS names to DNS servers outside your network.

• Notice that the box is checked, and beside the check box it say’s “Use root hints if no forwarders are available” Notice this setting is greyed out.  

That means that if this check box is checked, you will be using this list of Root servers to resolve queries for zones that don’t exist on the local server.

Let’s go ahead and click edit and there is our IPv4 and our IPv6 IP address for this root server, A-root-servers.net

And this is the same list that I showed you that was on the C: drive of the DNS server.

Let’s go ahead and add a forwarder 

• Click Forwarders

Now click the edit button, now type 8.8.8.8, which is the IP address for googles DNS server. Now click ok

Now we have 8.8.8.8 designated as our forwarder and notice that you can now check or uncheck the box.

• If we uncheck the box that means we won’t be using root hints for query resolution, we’ll be using our forwarder.

Put the check back in there. Now, we’ll click the edit button and remove the forwarder.

• Click our forwarder, then click delete, then click ok.

Let’s take a look at what could happen when we have root hints enabled. 

• In a typical DNS installation, a client forwards a query to the local DNS server.  

The local DNS server forwards the query to the DNS server on the DMZ network.

The DMZ’s DNS server forwards the query to the ISP’s DNS server.  

Then the query would be eventually resolved on the internet.

• If the DNS server on the DMZ goes down.  

Because root hints is enabled on the local DNS server, this server would try to resolve

queries on the internet using the root hints servers.   

                Which would be considered a potential security issue.         

• To be sure that you understand the connection between forwarders and disabling recursion, we need to review the disable recursion option.  

Let’s go ahead and open server manager, click tools, DNS manager, right click on our server, and click properties, now click the Advanced tab.

Server Academy Members Only

Want to access this lesson? Just sign up for a free Server Academy account and you'll be on your way. Already have an account? Click the Sign Up Free button to get started..

Sign In Sign Up Free