Microsoft KB Archive/813963

= Description of DNS registry entries in Windows 2000 Server, part 1 of 3 =

Article ID: 813963

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Server

-



Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SUMMARY
''This article is part 1 of 3 articles that describe registry entries that affect the behavior of DNS in Microsoft Windows 2000 Server. Additionally, these articles describe different tools that you can use to configure DNS registry entries. The DNS registry entry descriptions are listed by name, and these descriptions include the DNS registry entry change method and the start method. The tools that are described in these articles are Registry Editor, the Dnscmd.exe command-line tool, and the DNS console.''



INTRODUCTION
This article is the first of three articles that describe DNS registry entries in Windows 2000 Server.

For additional information about the other two articles in this series of three articles, click the following article numbers to view the articles in the Microsoft Knowledge Base:

813964 Description of DNS registry entries in Windows 2000 Server, part 2 of 3

813965 Description of DNS registry entries in Windows 2000 Server, part 3 of 3



MORE INFORMATION
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Configuration tools
You can use the following three tools to configure DNS registry entries:
 * Registry Editor
 * Dnscmd.exe
 * The DNS console

Registry Editor
Some DNS registry entries can only be modified by using Registry Editor. To create DNS registry entries, follow these steps:  Click Start, click Run, type regedit, and then click OK. Locate and then click the following subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters

 On the Edit menu, point to New, and then click the data type of the entry. For example, click DWORD. Type the name of the DNS server entry, and then press ENTER. Right-click the new entry, click Modify, type the value you want in the Value data box, and then click OK. Quit Registry Editor.</li> Restart the DNS server for these changes to take effect.</li></ol>

Dnscmd.exe
You can use the Dnscmd.exe command-line tool to perform most of the tasks that you can perform by using the DNS console. For example, you can use the Dnscmd.exe command-line tool to perform the following tasks:
 * Create, delete, and view zones and records
 * Reset server and zone properties
 * Perform the following routine administration operations:
 * Update, reload, and refresh the zone
 * Write the zone back to a file or to Active Directory directory service
 * Pause and resume the zone
 * Clear the cache
 * Start and stop the DNS service
 * View statistics

You can also use the Dnscmd.exe command-line tool to write scripts for remote administration. For more information about Dnscmd.exe, see Windows 2000 Support Tools Help. For more information about how to install and use the Windows 2000 Support Tools and about Support Tools Help, see the Sreadme.doc file in the Support\Tools folder on the Windows 2000 Server CD-ROM.

The DNS console
You can use the DNS console to configure many DNS settings. To start the DNS console, click Start, point to Programs, point to Administrative Tools, and then click DNS.

DNS server entries
The following registry entries (along with the entries that are described in part 2 and part 3) determine the behavior of the whole DNS server. Each of these registry entries is located under the following registry subkey:

Note These registry entries are read-only when the computer starts. Some registry entries can be reset. Therefore, the server behavior is occasionally changed dynamically through the DNS Administrator. However, if you manually reset a registry entry, you must restart the DNS server to process the entry's new value.

AddressAnswerLimit
Type: DWORD

Default value: 0

Function: Specifies the maximum number of A records that are stored in response to a query

You can use the AddressAnswerLimit registry entry to specify the maximum number of A (host IP address) resource records that the DNS server can insert in the answer section of a response to an A record query (a query for an IP address). The value of the AddressAnswerLimit entry also influences the setting of the truncation bit. If the value of the AddressAnswerLimit entry is between 5 and 28, the truncation bit is not set on the response. The truncation bit is not set even when the packet space is exceeded. The value of the AddressAnswerLimit entry is imposed on A record queries only.

Change method
To change the value of the AddressAnswerLimit entry, use Dnscmd.exe. Because the change is effective immediately, you do not have to restart the DNS server.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note The AddressAnswerLimit entry was designed to resolve a problem in DNS for Microsoft Windows 95 (without service packs) where DNS fails if it receives more than 28 A records in a response to an A query. This problem occurs infrequently and only when many servers are supporting a Web site. However, because the truncation bit is not set, limiting A records prevents remote DNS servers from using TCP to retry these queries. DNS servers frequently use TCP to retry queries when they receive a response with the truncation bit set.

DNS does not add the AddressAnswerLimit entry to the registry. You can add the AddressAnswerLimit entry by editing the registry or by using a program that edits the registry, such as Dnscmd.exe.

AutoConfigFileZones
Type: DWORD

Default value: 1

Function: Determines whether the DNS server updates the resource records of a server

You can use the AutoConfigFileZones registry entry to determine if the DNS server updates the resource records of standard primary zones. This update occurs when the following local computer changes occur:
 * The local computer fully qualified domain name (FQDN) changes.
 * The local computer name changes.
 * The local computer primary DNS suffix changes.

The AutoConfigFileZones entry establishes criteria for zone updates. If a zone meets the criteria, when the FQDN of the local computer changes, the DNS server updates the host name on resource records that include the local computer name. These records include Start of Authority (SOA) records, name server (NS) records, and address (A) records. Otherwise, the records are not updated when the computer name changes.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

BindSecondaries
Type: DWORD

Default value: 1

Function: Determines the message format to use when messages are sent to non-Microsoft DNS servers.

You can use the BindSecondaries registry entry to make it possible for the DNS server to communicate with non-Microsoft DNS servers that use an earlier, slower version of the DNS BIND service.

Change method
To change the value of the BindSecondaries entry, use the DNS console. Right-click the server name, click Properties, and then click the Advanced tab. The BindSecondaries entry corresponds to the Bind Secondaries option in the Advanced server options list.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Transfers between Microsoft DNS servers always use the faster, high-compression method, regardless of the value of the BindSecondaries entry.

The default value of the BindSecondaries entry is appropriate for most DNS servers. Change the value of this entry to 0 only if you have NEW BIND servers (or non-BIND, non-Windows servers) that are secondaries to a Microsoft DNS server and if transfer performance is a high priority.

Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

BootMethod
Type: DWORD

Default value: 3

Function: Determines the initialization method for DNS.

You can use the BootMethod registry entry to determine the source of information that DNS uses to start, such as settings to configure the DNS service, a list of authoritative zones, and configuration settings for the zones.

Change method
To change the value of this entry, use the DNS console. Right-click the server name, click Properties, and then click the Advanced tab. This entry corresponds to the Load zone data on startup box.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note This entry is designed to replace the EnableRegistryBoot registry entry that determined the source of startup DNS information in versions of Microsoft Windows NT 4.0 before Service Pack 4. If the EnableRegistryBoot entry appears in the registry of a computer that is running Windows 2000, DNS sets the BootMethod entry to the corresponding value and uses the BootMethod entry thereafter.

The new BIND file style for configuring DNS servers is not supported by DNS in Windows 2000.

DatabaseDirectory
Type: REG_SZ

Default value: \System\Dns

Function: Determines the location of the DNS database.

You can use the DatabaseDirectory registry entry to specify the folder location for the Domain Name System (DNS) database.

By default, the DNS database is located in the \System32\Dns folder, but you can add this entry to the registry to change the default location. If you do this, the DNS server loads from and writes new zone records to the new location. If you already have a DNS database in the \System32\Dns folder, you must move it to the new location manually because DNS will not move or maintain the original database.

Start method
DNS reads its registry entries only when it starts. To make changes to the DatabaseDirectory entry effective, you must restart DNS.

Note Windows 2000 does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

BIND files must be located in the \System32\Dns folder, regardless of the value of this entry.

DefaultAgingState
Type: DWORD

Default value: 0

Function: Determines if scavenging is turned on for Active Directory directory service zones.

You can use the DefaultAgingState registry entry to specify if the DNS scavenging feature is turned on by default on newly created zones that are Active Directory–integrated.

During the scavenging process, the DNS server examines the timestamps of resource records for this zone in the DNS database and deletes records that are out of date.

Valid DefaultAgingState entries
When you create a new Active Directory–integrated zone, the system copies the value of the DefaultAgingState entry into the value of the Aging entry in the Zone-name subkey for the new zone and then uses the value of the Aging entry.

Change method
To change the value of the DefaultAgingState entry, use the DNS console. Right-click the name of a server, and then click Set Aging/Scavenging for all zones.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note By default, scavenging is turned off on the DNS server and on all zones. To turn on scavenging for any zone, you must turn it on for the DNS server (as specified in the ScavengingInterval entry) and for the zone (as specified by the value of the Aging entry). If scavenging is turned off on the DNS server, all entries that configure scavenging on any zone are ignored.

You can apply this value to existing Active Directory–integrated zones by clicking the Apply these settings to the existing Active Directory–integrated zones option in the Server Aging/Scavenging Confirmation dialog box.

Important DNS adds the DefaultAgingState entry to the registry when you use the DNS console to configure scavenging. Do not edit the registry to add, delete, or change this entry.

DefaultNoRefreshInterval
Type: DWORD

Default value: 168 hours (1 week)

Function: Specifies the duration of the no-refresh interval.

You can use the DefaultNoRefreshInterval registry entry to specify the duration of the no-refresh interval for new Active Directory–integrated zones.

The no-refresh interval is the period of time when servers cannot update the timestamp of the resource record and the scavenging feature cannot delete the record. The no-refresh interval is designed to improve the performance of services that are related to Active Directory by concentrating the write operations for a record.

When you create a new Active Directory–integrated zone, the system copies the value of the DefaultNoRefreshInterval entry into the NoRefreshInterval entry in the Zone-name subkey for the new zone, and it uses the value of the NoRefreshInterval entry thereafter.

Change method
To change the value of the DefaultNoRefreshInterval entry, use the DNS console. Right-click the name of a server, and then click Set Aging/Scavenging for all zones.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note By default, scavenging is turned off on the DNS server and on all zones. To turn on scavenging for any zone, you must turn it on for the DNS server (as specified in the ScavengingInterval entry) and for the zone (as specified by the value of the Aging entry). If scavenging is turned off on the DNS server, all entries that configure scavenging on any zone are ignored.

You can apply this value to existing Active Directory–integrated zones by clicking the Apply these settings to the existing Active Directory–integrated zones option in the Server Aging/Scavenging Confirmation dialog box.

Important DNS adds the DefaultNoRefreshInterval entry to the registry when you use the DNS console to configure scavenging. Do not edit the registry to add, delete, or change this entry.

DefaultRefreshInterval
Type: DWORD

Default value: 168 hours (1 week)

Function: Specifies the duration of the refresh interval.

You can use the DefaultRefreshInterval registry entry to specify the duration of the refresh interval for new Active Directory–integrated zones. The refresh interval is the time when the server can update the timestamp of a resource record. During the refresh interval, a record cannot be deleted by the scavenging feature of the DNS server.

When you create a new Active Directory–integrated zone, the system copies the value of the DefaultRefreshInterval entry into the RefreshInterval entry in the Zone-name subkey for the new zone, and it uses the value of RefreshInterval thereafter.

Change method
To change the value of the DefaultRefreshInterval entry, use the DNS console. Right-click the name of a server, and then click Set Aging/Scavenging for all zones.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note By default, scavenging is turned off on the DNS server and on all zones. To turn on scavenging for any zone, you must turn it on for the DNS server (as specified in the ScavengingInterval entry) and for the zone (as specified in the Aging entry). If scavenging is turned off on the DNS server, all entries that configure scavenging on any zone are ignored.

You can apply the DefaultRefreshInterval entry to existing Active Directory–integrated zones by selecting the Apply these settings to the existing Active Directory–integrated zones option in the Server Aging/Scavenging Confirmation dialog box.

Important DNS adds the DefaultRefreshInterval entry to the registry when you use the DNS console to configure scavenging. Do not edit the registry to add, delete, or change this value.

DisableAutoReverseZones
Type: DWORD

Default value: 0

Function: Determines if the DNS Server automatically creates standard reverse lookup zones.

You can use the DisableAutoReverseZones registry entry to turn on and turn off automatic reverse zones, an optimizing feature of DNS. When this feature is turned on, DNS automatically creates three reverse lookup zones.

Reverse lookup zones make it possible for the DNS server to be authoritative. A DNS server is authoritativethat if it knows the answer to the most common name queries in advance and can respond to the common name queries immediately to eliminate unnecessary recursive queries. By default, the DNS server is authoritative for the following three reverse lookup zones:
 * 0.in-addr.arpa (0.0.0.0)
 * 127.in-addr.arpa (127.0.0.1 - loopback)
 * 255.in-addr.arpa (255. 255. 255. 255 - broadcast)

Change method
If Microsoft Product Support Services (PSS) instructs you to change the value of this entry, use Dnscmd.exe.

Start method
Because the DNS server only creates zones when it starts, you must restart the DNS server to make changes to the DisableAutoReverseZones entry effective. Additionaly, you must restart the DNS server when you use Dnscmd.exe to make the change.

Note DNS does not add the DisableAutoReverseZones entry to the registry. You can add it by editing the registry or by using a program that edits the registry, such as Dnscmd.exe.

Important Do not change the value of the DisableAutoReverseZones entry unless you are instructed to do this by Microsoft PSS. You can use automatic reverse zones to improve the performance of the DNS server. The default value is optimal for most DNS server configurations.

EnableRegistryBoot
Type: DWORD

Default value: 0

Function: Determines the source of information that is required to initialize DNS.

You can use the EnableRegistryBoot registry entry to specify the source of information that the Domain Name System (DNS) uses to start, such as settings to configure DNS, a list of authoritative zones, and configuration settings for the zones.

In Windows 2000, the BootMethod entry has replaced the EnableRegistryBoot entry. If this entry appears in the registry, DNS uses its value to set the value of BootMethod, and it uses BootMethod thereafter.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note The EnableRegistryBoot entry is included in the registry for compatibility with Microsoft Windows NT 4.0 and earlier. For Windows 2000, use the BootMethod entry.

Important The default startup behavior of the DNS server, as previously described, applies only to Windows 2000 and Windows NT 4.0 with Service Pack 4. Before Windows NT 4.0 Service Pack 4, the DNS server started by using values from the boot file, but it began storing values in the registry as soon as the DNS snap-in was used to change a value that affected the boot file. For more information, see the Microsoft Windows NT 4.0 Resource Kit.

Windows 2000 does not add the EnableRegistryBoot entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

ForwardDelegations
Type: DWORD

Default value: 0

Function: Determines if the DNS server forwards queries to delegated sub-zones. The ForwardDelegations entry is used when the delegated subzone is in the DNS server authoritative zone.

You can use the ForwardDelegations registry entry to specify if the Domain Name System (DNS) server forwards queries about delegated subzones to servers that are outside its authoritative zone. The ForwardDelegations entry is used only if the delegated subzone is in the DNS server's authoritative zone, even though the primary server for the subzone is in another zone.

By default, when the DNS server receives a query for a name that is outside its authoritative zone, it forwards the query to a similarly-named server in another zone. However, when it receives a query for a delegated subzone and the subzone is in the DNS server's zone (even when the primary server for the site is in another zone), it sends the query directly to the subzone and does not forward it. When the value of the ForwardDelegations entry is 1, the DNS server forwards queries for delegated subzones to other servers, just as it does for names in other zones.

You may want to add this entry and set it to 1 if the delegation is at a remote site that a remote server can more easily reach.

Change method
To change the value of the ForwardDelegations entry, use Dnscmd.exe. The change is effective immediately so that you do not have to restart the DNS server.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the ForwardDelegations entry to the registry. You can add it by editing the registry or by using a program that edits the registry, such as Dnscmd.exe.

Important The ForwardDelegations entry is used only when forwarding is turned on. If the value of the Forwarders entry does not contain at least one valid IP address, the ForwardDelegations entry is ignored.

Forwarders
Type: REG_SZ

Default value: Blank

Function: Determines the forwarders server list.

You can use the Forwarders registry entry to specify the servers (as identified by their IP addresses) where the DNS server forwards queries for names that are outside its authoritative zone. Queries to the servers in the forwarders list are performed recursively, not iteratively, on behalf of the querying client. By default, no forwarding servers are specified, and the DNS server sends name queries to other servers iteratively.

You may want to specify a list of forwarding servers in the DNS console if the DNS server is communicating across slow links or if you are intentionally querying a specific server to accumulate a name cache on that server.

Change method
To change the value of the Forwarders entry, right-click a server name in the DNS console, and then click the Forwarders tab. You can also use Dnscmd.exe. The change is effective immediately so that you do not have to restart the DNS server.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note If you start DNS by using a standard BIND file, the value of Forwarders in the BIND file takes precedence over the value of the Forwarders entry. The entry might be deleted or its value replaced by the value in the BIND file. The DNS snap-in does not add this entry to the registry unless you use the Forwarders tab to change the default value. Additionally, Windows 2000 does not add the Forwarders entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

Important A single forwarder is typically more efficient than multiple forwarders, because query results are concentrated in one forwarder's cache. To indicate that a forwarder will be queried more than one time if an initial query is unsuccessful, list the IP address of the forwarder more than one time on the Forwarders tab.

ForwardingTimeout
Type: DWORD

Default value: 0x5

Function: Determines how long the DNS service waits for a response from a forwarder before it resolves the query.

You can use the ForwardingTimeout registry entry to specify how long DNS waits for each server in the list in Forwarders to respond to a query. If a forwarding server does not respond before the time that is specified here expires, the DNS server forwards the query to the next server in the Forwarders list. If none of the servers respond in the time that is specified by the ForwardingTimeout entry, the value of the IsSlave entry determines how the DNS server responds to the original query.

Change method
To change the value of the ForwardingTimeout entry, right-click a server name in the DNS console, click Properties, and then click the Forwarders tab. You can also use Dnscmd.exe. The change is effective immediately when you use the DNS console or Dnscmd.exe so that you do not have to restart the DNS server.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server. Note the following items:
 * DNS adds the ForwardingTimeout entry to the registry when you use the DNS Server Properties dialog box to turn on forwarders.
 * The ForwardingTimeout entry is used only when forwarding is turned on. If the value of the Forwarders entry does not contain at least one valid IP address, the ForwardingTimeout entry is ignored.
 * Zero (0x0) is not a valid value for the ForwardingTimeout entry. If you type 0x0, DNS uses the default value, 0x5.
 * The ForwardingTimeout entry value is used only when it is less than or equal to the value of the RecursionTimeout entry. If the ForwardingTimeout entry is larger than the RecursionTimeout entry, the DNS server uses the value of the RecursionTimeout entry.
 * Windows 2000 does not add the ForwardingTimeout entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
 * Do not change the value of the ForwardingTimeout entry by editing the registry. If the Forwarders entry contains valid IP addresses and this entry is deleted, the DNS server might not start or might not operate correctly.

IsSlave
Type: DWORD

Default value: 3

Function: Determines how the DNS server responds when it does not receive a response.

You can use this registry setting to specify how the DNS server responds when it does not receive a response to a query it has forwarded.

Change method
To change the value of the IsSlave entry, right-click a server name in the DNS console, click Properties, click the Forwarders tab, and then click to select or clear the Do not use recursion check box. You can also use Dnscmd.exe. Your changes are effective immediately so that you do not have to restart the DNS server.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server. Note the following items:
 * If you start DNS by using a standard BIND file, the value of Slave in the BIND file takes precedence over the value of the IsSlave entry. The IsSlave entry might be deleted, or the value in the BIND file might replace the value of the IsSlave entry.
 * The IsSlave entry is used only when forwarding is turned on. Forwarding is turned on when the value of the Forwarders entry includes at least one valid IP address.
 * Generally, a single forwarder is more efficient than multiple forwarders, because query results are concentrated in one forwarder's cache. To indicate that a forwarder will be queried more than one time if an initial query is unsuccessful, list the IP address of the forwarder more than one time on the Forwarders tab.
 * Windows 2000 does not add the IsSlave entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
 * Do not change the value of the IsSlave entry by editing the registry. If the Forwarders entry contains valid IP addresses and this entry is deleted, the DNS server might not start or might not operate correctly.

Keywords: kbregistry kbdns kbinfo KB813963

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.