Microsoft KB Archive/813965

= Description of DNS registry entries in Windows 2000 Server, part 3 of 3 =

Article ID: 813965

Article Last Modified on 5/9/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server

-



Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SUMMARY
''This article is part 3 of 3 articles that describe registry entries that affect the behavior of DNS in Microsoft Windows 2000 Server. Additionally, these articles describe different tools that you can use to configure DNS registry entries. The DNS registry entry descriptions are listed by name, and these descriptions include the DNS registry entry change method and the start method. The tools that are described in these articles are Registry Editor, the Dnscmd.exe command-line tool, and the DNS console.''



INTRODUCTION
This article is the first of three articles that describe DNS registry entries in Windows 2000 Server.

For additional information about the other two articles in this series of three articles, click the following article numbers to view the articles in the Microsoft Knowledge Base:

813963 Description of DNS registry entries in Windows 2000 Server, part 1 of 3

813964 Description of DNS registry entries in Windows 2000 Server, part 2 of 3



MORE INFORMATION
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Configuration tools
You can use the following three tools to configure DNS registry entries:
 * Registry Editor
 * Dnscmd.exe
 * The DNS console

Registry Editor
Some DNS registry entries can only be modified by using Registry Editor. To create DNS registry entries, follow these steps:  Click Start, click Run, type regedit, and then click OK. Locate and then click the following subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters

 On the Edit menu, point to New, and then click the data type of the entry. For example, click DWORD. Type the name of the DNS server entry, and then press ENTER. Right-click the new entry, click Modify, type the value you want in the Value data box, and then click OK. Quit Registry Editor.</li> Restart the DNS server for these changes to take effect.</li></ol>

Dnscmd.exe
You can use the Dnscmd.exe command-line tool to perform most of the tasks that you can perform by using the DNS console. For example, you can use the Dnscmd.exe command-line tool to perform the following tasks:
 * Create, delete, and view zones and records
 * Reset server and zone properties
 * Perform the following routine administration operations:
 * Update, reload, and refresh the zone
 * Write the zone back to a file or to Active Directory directory service
 * Pause and resume the zone
 * Clear the cache
 * Start and stop the DNS service
 * View statistics

You can also use the Dnscmd.exe command-line tool to write scripts for remote administration. For more information about Dnscmd.exe, see Windows 2000 Support Tools Help. For more information about how to install and use the Windows 2000 Support Tools and about Support Tools Help, see the Sreadme.doc file in the Support\Tools folder on the Windows 2000 Server CD-ROM.

The DNS console
You can use the DNS console to configure many DNS settings. To start the DNS console, click Start, point to Programs, point to Administrative Tools, and then click DNS.

DNS server entries
The following registry entries (along with the entries that are described in part 2 and part 3) determine the behavior of the whole DNS server. Each of these registry entries is located under the following registry subkey:

Note These registry entries are read-only when the computer starts. Some registry entries can be reset. Therefore, the server behavior is occasionally changed dynamically through the DNS Administrator. However, if you manually reset a registry entry, you must restart the DNS server to process the entry's new value.

RecursionRetry
Type: DWORD

Default value: 0x3

Function: Determines how frequently DNS repeats recursive client queries when it does not receive a response from a remote server.

You can use the RecursionRetry registry entry to specify how frequently DNS repeats recursive client queries when it does not receive a response from a remote server. If the DNS server does not receive a response before the expiration of the time that is set in the RecursionRetry entry, the DNS server repeats the query to the same server or to other DNS servers.

The default value is appropriate for most servers. However, if this value is less than the time that a remote server requires to respond over a slow link, increase this value so that it is slightly longer than the response time that you noted.

Change method
Use Dnscmd.exe to change the value of the RecursionRetry entry. The change is effective immediately so that you do not have to restart the DNS server.

Start method
DNS reads its registry entries only when it starts. If you change the value of the RecursionRetry entry by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the RecursionRetry entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

RecursionTimeout
Type: DWORD

Default value: 0xF (15 seconds)

Function: Determines how long DNS waits for remote servers to respond to a recursive client query before the search is stopped.

You can use the RecursionTimeout registry entry to specify how long DNS waits for remote servers to respond to a recursive client query before DNS stops the search. If the DNS server does not receive a response to a recursive query, the server repeats the query at intervals that are specified by the value of the RecursionRetry entry. If the server does not receive a response before the value of the RecursionTimeout entry expires, the DNS server stops the search and sends a SERVER_FAILURE response to the query.

This value is appropriate for most DNS servers. However, if this value is less than the time a remote server requires to respond over a slow link, increase this value so that it is slightly longer than the response time that you note. In measuring actual response times, make sure that you distinguish between responses from remote DNS servers and repeated query tries by the client.

Change method
Use Dnscmd.exe to change the value of the RecursionRetry entry. The change is effective immediately so that you do not have to restart the DNS server.

Start method
DNS reads its registry entries only when it starts. If you change the value of the RecursionRetry entry by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the RecursionRetry entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

RoundRobin
Type: DWORD (Boolean)

Default value: 1

Function: Determines the order that the DNS server returns address (A) records when it has multiple A records for the same name.

You can use the RoundRobin registry entry to specify the order that the DNS server returns A records when it has multiple A records for the same name.

Change method
To change the value of the RoundRobin entry, use the DNS console. Right-click the server name, click Properties, and then click the Advanced tab. The RoundRobin entry corresponds to the Enable round robin option. You can also use Dnscmd.exe. When you use either method, your changes are effective immediately so that you do not have to restart the DNS server.

Start method
DNS reads its registry entries only when it starts. If you change the value of the RoundRobin entry by editing the registry, the changes are not effective until you restart the DNS server.

Note The order that A records are returned depends on the value of the RoundRobin entry and of the LocalNetPriority entry. Note the following items:
 * When both entries are set to 1 or if the RoundRobin entry is not in the registry, the DNS server rotates among the A records it returns in local net priority order. This is the order of their similarity to the IP address of the querying client.
 * If the value of the RoundRobin entry is 0 and the value of the LocalNetPriority entry is 1, the DNS server returns the records in local net priority order. The DNS server does not rotate among available addresses.
 * If the value of the RoundRobin entry is 1 and the value of the LocalNetPriority entry is 0, the DNS server rotates among the available records in the order that the records were added to the database.
 * If the values of the RoundRobin entry and the LocalNetPriority entry are 0, the DNS server returns the records in the order that they were added to the database. The DNS server does not try to sort them or to rotate among them.

RpcProtocol
Type: DWORD

Default value: 0xFFFFFFFF

Function: Specifies the protocols that administrative remote procedure calls (RPCs) use.

Although these flags are not specific to DNS, the DNS server establishes endpoints to create connections that use these protocols.

The value of the RpcProtocol entry is a bitmap. You can set multiple bits by adding the bits together and setting the value of the RpcProtocol entry to that sum.

Change method
To change the value of the RpcProtocol entry, use the Dnscmd.exe. Do not change the value of the RpcProtocol entry by editing the registry.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

ScavengingInterval
Type: DWORD

Default value: 0x0

Function: Determines if the scavenging feature of the DNS is turned on, and specifies how frequently the DNS server scavenges its database records.

You can use the ScavengingInterval registry entry to specify if the scavenging feature of DNS is turned on, and specifies how frequently the DNS server scavenges its database records.

During the scavenging process, the DNS server examines the timestamps of resource records in the DNS database and deletes records that are out of date.

Change method
To change the value of the ScavengingInterval entry, do not edit the registry directly. Instead, use the DNS console. Right-click a server name, click Properties, click the Advanced tab, and then click to select the Enable automatic scavenging of stale records check box. You can also use Dnscmd.exe to configure this entry.

Activation method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note DNS adds the ScavengingInterval entry to the registry when you use the DNS console or Dnscmd.exe to turn on scavenging and set a scavenging interval. If you turn off scavenging, the DNS console sets the value of the ScavengingInterval entry to 0x0.

Important By default, scavenging is turned off. To turn on the DNS scavenging feature on any zone, you must turn on scavenging on the server by using the ScavengingInterval entry and turned on for the zone by using the Aging entry in a Zone-name subkey. If the ScavengingInterval entry specifies that scavenging is turned off on the DNS server, all values that configure scavenging for any zone are ignored.

SecureResponses
Type: DWORD (Boolean)

Default value: 0

Function: Set the interval between successive cleanup walks of the DNS database.

Note The CleanupInterval registry entry is not available in Windows 2000.

You can use the SecureResponses registry entry to specify if the DNS server tries to eliminate illegitimate records by filtering the records that it saves in its memory cache.

The DNS server saves the records of recursive name queries in a memory cache so that it can respond quickly to new queries for the same name. By default, it saves all records. However, if the value of the SecureResponses entry is 1, DNS saves only those query records for names that are in the same subtree as the server that provided them. For example, the DNS server would save a name server (NS) record for ns.example.com from the example.com server, but it would not save the NS record for ns.example2.com from the example.com server. This filtering is designed to minimize the effect of malicious attacks on an Internet server, but it might generate additional network traffic.

Change method
To change the value of the SecureResponses entry, use the DNS console. Right-click the name of a DNS server, click Properties, and then click the Advanced tab. The SecureResponses entry stores the setting of the Secure cache against pollution check box.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the SecureResponses entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

SendPort
Type: DWORD

Default value: 0x0

Function: Specifies a port that the DNS server uses to send recursive User Datagram Protocol (UDP) queries to other DNS servers.

You can use the SendPort registry entry to specify a port that the DNS server uses to send recursive UDP queries to other DNS servers. By default, the DNS server sends recursive UDP queries through a randomly selected port that is named the DNS port. The SendPort entry directs the DNS server to use a particular port. You may want to add the SendPort entry to the registry if you want to use port 53 or another port.

If the value of the SendPort entry is 0 or if the entry does not appear in the registry, DNS randomly selects a port.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the SendPort entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

StrictFileParsing
Type: DWORD

Default value: 0

Function: Determines how the DNS server responds when it receives zone files whose records contain errors that violate Requests for Comments (RFCs).

You can use the StrictFileParsing registry entry to specify how the DNS server responds when it receives zone files whose records contain errors that violate Requests for Comments (RFCs). These include records for names that are outside the zone, canonical name (CNAME) records at names that contain other records, and other records at names that contain CNAME records.

Change method
To change the value of the StrictFileParsing entry, use the DNS console. Right-click the server name, click Properties, and then click the Advanced tab. The StrictFileParsing entry corresponds to the Fail on load if bad zone data option. You can also use Dnscmd.exe to configure this setting. You can use either method, and the changes are effective immediately so that you do not have to restart the DNS server.

Activation method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console or Dnscmd.exe. If you change the value of the StrictFileParsing entry by editing the registry, the changes are not effective until you restart the DNS server.

Note The default behavior of DNS changed in Microsoft Windows NT 4.0 with Service Pack 4 (SP4). In versions of Windows NT 4.0 before SP4, the DNS server does not start if it encounters incorrect zone records. Check the system log in Event Viewer for errors.

Important Windows 2000 does not add the StrictFileParsing entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

UpdateOptions
Type: DWORD

Default value: 0x30F

Function: Prevents DNS dynamic update of certain types of records.

The UpdateOptions registry entry prevents DNS dynamic update of certain types of records.

You can use the UpdateOptions entry to turn off DNS dynamic update on a record type, set the bit for that record type to 1, or sum the hexadecimal values of the record types. The UpdateOptions entry is a bitmask.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the UpdateOptions entry to the registry. You can add it by editing the registry or by using a program that edits the registry. To find other registry entries that are related to DNS dynamic update, type &quot;dynamic update&quot; on the Search tab in this file.

WriteAuthorityNs
Type: DWORD (Boolean)

Default value: 0 (Do not use database)

Function: Determines when the DNS serverwrites NS (name server) records in the Authority section of a response.

You can use the WriteAuthorityNs registry entry to specify when the DNS server writes NS records in the Authority section of a response. The WriteAuthorityNs entry prevents the DNS server from writing unnecessary NS records in the Authority section, and it makes sure that the DNS server complies with relevant Requests for Comments (RFCs).

Change method
To change the value of the WriteAuthorityNs entry, use Dnscmd.exe. The change is effective immediately so that you do not have to restart the DNS server.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using Dnscmd.exe. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note The default value is optimal for most DNS servers. Providing NS records in the Authority section consumes processor time and network bandwidth, and we do not recommend it unless a network program or service requires it.

Important Windows 2000 does not add the WriteAuthorityNs entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

XfrConnectTimeout
Type: DWORD (Boolean)

Default value: 1E (30 seconds)

Function: Sets security on zone transfer requests.

You can use the XfrConnectTimeout registry entry to specify how long the DNS server waits for the secondary server to connect to a primary server. If the connection is not established when the value of the XfrConnectTimeout entry expires, the DNS server drops the connection.

Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the XfrConnectTimeout entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

Keywords: kbregistry kbdns kbinfo KB813965

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.