How to delete root hints and add new one programmatically in Windows 2003 DNS ?

pilozite used Ask the Experts™
I have hundreds of windwos 2003 domain controllers with AD-integrated DNS. I want to delete existing root hints and add new one programmatically. I sucessfully add my roothints with a DNSCMD command.

However I cannot delete the existing root hints (except using the DNS MMC GUI).

This VBScript this sample doesn't work

My tries with DNSCMD command failed too (Example DNSCMD MyServerName /RecordDelete /RootHints myhints.domain NS gives "invalid zone type").

How can I achieve this ?

thank you
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If you want to remove or edit the dns root hints you have to edit a file
%systemroot%\system32\dns folder , the file is called Cache.dns
If you want it done through a script two options one create a sample file and make the script copy over it.Thats one way i can think off


No, the cache.dns isn't used in this scénario. Editing it won t change the root hints.
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Chris DentPowerShell Developer
Top Expert 2010


We should be able to nuke it in AD. Can you see if it's this version:

1. Open AD Users and Computers
2. Select View then Advanced Features
3. Expand System
4. Expand MicrosoftDNS
5. Expand RootDNSServers

That's the most likely I think, but it may also be in either of DomainDNSZones or ForestDNSZones.



thanks for your response.

Yes, I see Root node records in this OU (even old dns node that I suppressed long ago on my test server), but deleting them here won't change the Root Hints list in the DNS console (I stille have my test root hints in the list, even If I refresh/clear cache/etc...)
PowerShell Developer
Top Expert 2010

You have to cope with how tenacious root hints are.

The copy in AD is loaded preferentially either from the DomainDNSZones application partition or from the domain partition (as above).

If the copy from AD fails to load "cache.dns" is loaded.

Only if both copies in AD, and cache.dns are deleted (or renamed), and only after the DNS service is restarted will any change become apparent.



Thanks for your help. Yes Root Hints are really tenacious !

In order to update my root hints on my test lab, i've done this :

- I deleted the dns Node in the following OU : MyDomain/System/MicrosoftDNS/RootDNSServer
- I modified the cache.dns on the DNS server with new values
- I launched a DNSCMD MyServerName /ClearCache

and my root hints on the server were updated, I think I can manage to script all that. Don't know how this will work with several DNS but I think it'll be ok !

Thanks again


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial