RootDNSServers deleted/missing

Posted on 2007-08-06
Medium Priority
Last Modified: 2013-11-05
I was having issues with resolving external host names. I followed instructions on KB249868 article afterwards I found that the RootDNSServer container in AD was not recreated and I am still having external name resolution problems. I cannot get to CNN.com in particular by name but can reach by IP.

I have a Windows Server 2003 AD Domain with SP2. We use W2k3 DNS servers using Root Hints to resolve external DNS. No event errors and most sites resolve fine.

My Questions:

1.Is RootDNSServer container in W2k3 necessary?
2.How can I recreate this container?

Question by:rhenz2274
LVL 19

Accepted Solution

aissim earned 672 total points
ID: 19642438
1) Not an ABSOLUTE must, as your article states if it doesn't find them in AD it will check the cache.dns. But I wouldn't stop until they are recreated!

2) When you look at the properties of your DNS server, on the Root Hints tab are they all listed??
If not I would start by manually recreating them there. In the form of a.root-servers.net / b.root-servers.net / etc......IP addresses can be obtained here http://www.root-servers.org/
LVL 70

Assisted Solution

KCTS earned 664 total points
ID: 19642461
Make sure you do not have a root domain '.' (root) defined in DNS. if you have delete it as it will prevent any external name resolution. Ithe onlt exception is of tou are using an internal proxy server)

Using forwarders to point to your ISPs DNS server(s) is much more efficient that root hints so I would change that.
LVL 11

Assisted Solution

by:Chris Gralike
Chris Gralike earned 664 total points
ID: 19642730
By default the Object type "container" cannot be created by hand. They are default objects created on installation. What you might try is to execute a "ipconfig /Registerdns" on the server that has the dns role assigned to it.

The AD Container: CN="RootDNSServers",CN="MicrosoftDNS",DC="Domain",DC="TLD" is maintained by the dns server. And describes the object type dns-node. A work arround might be to "forward" all queries to some other dns zone (ie your provider). But im not sure how "trustworthy" your dns will be without these entries... Not quite sure what the impact is of loosing them, never seen them deleted before...

Also you might want to try and enter the root servers manualy in the DNS Management MMC plug-in.


Expert Comment

ID: 21236431
You can also go into the DNS properties > Root Hints tab > click the copy button > select a known DNS server (you can use your ISP if it is allowed) IP address. This will create the entries. In some cases I have found that the ISP includes UNKNOWN IP Address entires; delete these and also delete the reference to your own DNS server from this table. If you stop and restart the DNS Server service the Root Hints that were copied above are writtne to the DNS Cache file on the server.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question