IPV4 and IPV6 Root HInts
In this lecture, we’ll learn what root hints is and how it’s used in a Windows DNS server environment.
So, what is the Root Hints file?
- The root hints file contains a list of thirteen internet servers, and their IPv4 and IPv6 IP addresses.
- These servers are authoritative for the root domain.
So, what’s a Root Domain?
The root domain is a group of servers located at the top of the DNS tree.
So, where is the Root Hints file stored?
- The root hints file is located on the DNS servers hard drive. In the C:\windows\system32\DNS folder.
- So, if we click on the Cache file
Notice the IPv4 and the IPv6 IP addresses
- By default, Windows DNS uses these 13 Root hints servers to resolve queries that your local DNS server can’t resolve.
- Another method of resolution is to configure forwarders.
So, what are forwarders, and how do they work with root hints?
To take a look at forwarders, we will open Server Manager, then click tools, then DNS manager.
- To open forwarders right click on your server, then click properties, then click the forwarders tab.
- Forwarders are DNS servers that this server can use to resolve DNS queries for records that this server can’t resolve.
- Configuring forwarders is the manual method that will forward DNS queries for external DNS names to DNS servers outside your network.
- Notice that the box is checked, and beside the check box it say’s “Use root hints if no forwarders are available” Notice this setting is greyed out.
That means that if this check box is checked, you will be using this list of Root servers to resolve queries for zones that don’t exist on the local server.
Let’s go ahead and click edit and there is our IPv4 and our IPv6 IP address for this root server, A-root-servers.net
And this is the same list that I showed you that was on the C: drive of the DNS server.
Let’s go ahead and add a forwarder
- Click Forwarders
Now click the edit button, now type 184.108.40.206, which is the IP address for googles DNS server. Now click ok
Now we have 220.127.116.11 designated as our forwarder and notice that you can now check or uncheck the box.
- If we uncheck the box that means we won’t be using root hints for query resolution, we’ll be using our forwarder.
Put the check back in there. Now, we’ll click the edit button and remove the forwarder.
- Click our forwarder, then click delete, then click ok.
Let’s take a look at what could happen when we have root hints enabled.
- In a typical DNS installation, a client forwards a query to the local DNS server.
The local DNS server forwards the query to the DNS server on the DMZ network.
The DMZ’s DNS server forwards the query to the ISP’s DNS server.
Then the query would be eventually resolved on the internet.
- If the DNS server on the DMZ goes down.
Because root hints is enabled on the local DNS server, this server would try to resolve
queries on the internet using the root hints servers.
Which would be considered a potential security issue.
- To be sure that you understand the connection between forwarders and disabling recursion, we need to review the disable recursion option.
Let’s go ahead and open server manager, click tools, DNS manager, right click on our server, and click properties, now click the Advanced tab.
Sign up to access the rest of this lesson
You must either log in or sign up to access this lesson.