Root Hints

Whenever a DNS server is unable to resolve a name directly from its own databaseor with the aid of a forwarder, it sends the query to a server that is authoritativefor the DNS root zone. The server must have the names and addresses of theseservers stored in its database to perform such a query. These names and addressesare known as root hints, and they are stored in the cache.dns file, which is foundat %systemroot%system32dns. cache.dns is a text file that contains NS andA records for every available root server.

If your internal DNS server does not provide access to Internet name resolution,you can improve network security by configuring the root hints of the internalDNS servers to point to the DNS servers that host your root domain and not toInternet root domain DNS servers. To modify the configuration on this tab,perform one or more of the following actions:

  • Select Add to manually type the FQDN and IP addresses of one or moreauthoritative name servers.

  • Select an entry and click Edit to modify it or add an additional IPaddress to an existing record.

  • Select an entry and click Delete to remove a record.

  • Select Copy from Server to copy a list of root hints from another DNSserver. This action is useful if your server was not connected to theInternet at the time DNS was installed.

