MORE INFORMATION

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Configuration tools

You can use the following three tools to configure DNS registry entries:

• Registry Editor
• Dnscmd.exe
• The DNS console

Registry Editor

Some DNS registry entries can only be modified by using Registry Editor. To create DNS registry entries, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following subkey:

   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters

3. On the Edit menu, point to New, and then click the data type of the entry. For example, click DWORD.
4. Type the name of the DNS server entry, and then press ENTER.
5. Right-click the new entry, click Modify, type the value you want in the Value data box, and then click OK.
6. Quit Registry Editor.
7. Restart the DNS server for these changes to take effect.

Dnscmd.exe

You can use the Dnscmd.exe command-line tool to perform most of the tasks that you can perform by using the DNS console. For example, you can use the Dnscmd.exe command-line tool to perform the following tasks:

• Create, delete, and view zones and records
• Reset server and zone properties
• Perform the following routine administration operations:
  • Update, reload, and refresh the zone
  • Write the zone back to a file or to Active Directory directory service
  • Pause and resume the zone
  • Clear the cache
  • Start and stop the DNS service
  • View statistics

You can also use the Dnscmd.exe command-line tool to write scripts for remote administration. For more information about Dnscmd.exe, see Windows 2000 Support Tools Help. For more information about how to install and use the Windows 2000 Support Tools and about Support Tools Help, see the Sreadme.doc file in the Support\Tools folder on the Windows 2000 Server CD-ROM.

The DNS console

You can use the DNS console to configure many DNS settings. To start the DNS console, click Start, point to Programs, point to Administrative Tools, and then click DNS.

DNS server entries

The following registry entries (along with the entries that are described in part 2 and part 3) determine the behavior of the whole DNS server. Each of these registry entries is located under the following registry subkey:

Note These registry entries are read-only when the computer starts. Some registry entries can be reset. Therefore, the server behavior is occasionally changed dynamically through the DNS Administrator. However, if you manually reset a registry entry, you must restart the DNS server to process the entry's new value.

ListenAddresses

You can use the ListenAddresses registry entry to list the IP addresses that are bound to the DNS server. If the ListenAddresses entry does not appear in the registry or its value contains no IP addresses, the DNS server tries to bind to all IP addresses on the computer.

Change method

To change the value of the ListenAddresses entry, start the DNS console, right-click a server name, click Properties, and then click the Interfaces tab. You can also use Dnscmd.exe. Your changes are effective immediately so that you do not have to restart the DNS server.

Start method

DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note the following items:

• The ListenAddresses entry does not typically improve the performance of DNS servers that are running Windows 2000.
• The default value is optimal for most servers. However, you might want to exclude certain interfaces, especially if you are running Microsoft Windows NT 4.0 Service Pack 1 (SP1) or earlier because these versions cannot bind to more than 15 IP addresses. Windows 2000 is not limited. Also, in Windows NT 4.0, the DNS server does not correctly detect and bind to more than 35 interfaces.
• The DNS server must bind to individual IP addresses because many resolvers require that the DNS response comes from the IP address where the query was sent. The responses may not appear to come from the same IP address for multiple-IP address servers, depending on the TCP/IP stack's routing table.
• Windows 2000 does not add the ListenAddresses entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

LocalNetPriority

You can use this registry entry to specify the order that the DNS server returns A records when it has multiple A records for the same name.

Valid LocalNetPriority entries

Value	Meaning
0	The DNS server returns the A records in the order that they were added to the database. It does not sort the records. If the value of the RoundRobin entry is 1, the server rotates among the records it returns.
1	The DNS server returns records in order of their similarity to the IP address of the querying client.

The order that A records are returned depends on the value of the LocalNetPriority entry and of the RoundRobin entry, as follows:

• When both entries are set to 1 or neither entry appears in the registry, the DNS server rotates among the A records it returns in local net priority order. This is the order of their similarity to the IP address of the querying client.
• If the value of RoundRobin is 0 and the value of LocalNetPriority is 1, the DNS server returns the records in local net priority order. It does not rotate among available addresses.
• If the value of RoundRobin is 1 and the value of LocalNetPriority is 0, the DNS server rotates among the available records in the order that the records were added to the database.
• If the values of RoundRobin and LocalNetPriority are 0, the DNS server returns the records in the order that they were added to the database. It does not try to sort them or to rotate among them.

Change method

To change the value of the LocalNetPriority entry, use the DNS console. Right-click the server name, click Properties, and then click the Advanced tab. This entry corresponds to the Enable Netmask Ordering option. You can also use Dnscmd.exe. With either method, the changes are effective immediately so that you do not have to restart the DNS server.

Start method

DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console or Dnscmd.exe. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the LocalNetPriority entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

LogFileMaxSize

You can use the LogFileMaxSize registry entry to specify the maximum permissible size of the DNS transaction log, Dns.log. When the log reaches the specified maximum size, DNS writes over the oldest transactions.

Start method

DNS reads its registry entries only when it starts. Changes are not effective until you restart the DNS server.

Note the following items:

• Windows 2000 does not add the LogFileMaxSize entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
• If you type a value that is less than 64 KB (0x10000), the system sets the maximum log size to 64 KB.

LogFilePath

You can use the LogFilePath registry entry to specify the file name and location of the DNS transaction log file (Dns.log).

If you change the value of the LogFilePath entry, DNS creates new log files in the specified folder, but it does not move existing log files to the new location. Also, DNS does not delete or maintain log files in the original location.

Start method

DNS reads its registry entries only when it starts. Changes are not effective until you restart the DNS server.

Note the following items:

• Windows 2000 does not add the LogFilePath entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
• You must type a file name and a path in the value of the LogFilePath entry. If you omit the name, DNS interprets the name of the final folder as a file name. For example, if you type C:\temp, DNS creates a file that is named temp and stores it in the root folder of drive C.

LogLevel

Directs the Kerberos authentication protocol to record an informational event in the system log in Event Viewer when it receives a request for a service ticket.

Valid LogLevel entries

Value	Meaning
0	Ticket requests are not recorded in the event log.
1	Ticket requests are recorded in the event log (Source = Kerberos).

Note Windows 2000 does not add the LogLevel entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

LooseWildcarding

You can use the LooseWildcarding registry entry to specify if the DNS server uses loose wildcarding, as it does in Windows NT 4.0. This method does not strictly comply with standards for using the wildcard character in resource records that is specified by Request for Comment (RFC) 1034, "Domain names—concepts and facilities."

Valid LooseWildcarding entries

Value	Meaning
0	Do not use loose wildcarding. Records must match the name and record type that is specified in a name query. Otherwise, the DNS server returns an empty response, meaning that no match was found. This setting complies with RFC 1034.
1	Use loose wildcarding. If no resource record matches the name and type that is specified in the query, the DNS server searches for a related wildcard record of the type that is specified in the query. Then, the DNS server returns a resource record that matches the wildcard pattern.

Start method

DNS reads its registry entries only when it starts. If you change the value of the LooseWildcarding entry by editing the registry, the changes are not effective until you restart the DNS server.

Note the following items:

• Windows 2000 does not add the LooseWildcarding entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
• The default method that the DNS server uses to resolve queries that contain wildcard characters is changed for Windows 2000. In Windows NT 4.0, by default, the DNS server does not comply with RFC 1034. Instead, it searches until it finds a record that matches the name and record type in the query.
• If your hosts can receive mail, the default value is optimal. However, if you advertise hosts that are not mail servers, you may want to add mail exchange (MX) records for each host to the DNS. If you set the value of the LooseWildcarding entry to 1, two MX records can satisfy all queries for the authoritative zone.

MaxCacheTtl

You can use the MaxCacheTtl registry entry to specify how long the DNS server can save a record of a recursive name query.

If the value of the MaxCacheTtl entry is 0x0, the DNS server does not save any records.

The DNS server saves the records of recursive name queries in a memory cache so that it can respond quickly to new queries for the same name. Records are deleted from the cache periodically to keep the cache content current. The interval when the records remain in the cache typically is determined by the value of the Time to Live (TTL) field in the record. The MaxCacheTtl entry establishes the maximum time that records can remain in the cache. The DNS server deletes records from the cache when the value of this entry expires, even if the value of the TTL field in the record is greater.

Change method

To change the value of the MaxCacheTtl entry, use Dnscmd.exe, a tool that is included with the Windows 2000 Support Tools. The change is effective immediately so that you do not have to restart the DNS server.

Start method

DNS reads its registry entries only when it starts. If you change the value of the MaxCacheTtl entry by editing the registry, the changes are not effective until you restart the DNS server.

Note the following items:

• Windows 2000 does not add the MaxCacheTtl entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
• The MaxCacheTtl entry does not affect Windows Internet Name Service (WINS) data that is saved in the DNS memory cache. WINS data is saved until the Cache Timeout Value on the WINS record expires. To view or change the Cache Timeout Value on the WINS record, use the DNS snap-in. Right-click a zone name, click Properties, click the WINS tab, and then click Advanced.

NameCheckFlag

You can use the NameCheckFlag registry entry to specify the character standard that is applied to DNS names. The standard determines the characters that are permitted and the characters that are prohibited in DNS names .

Valid NameCheckFlag entries

Value	Meaning
0	Permit ANSI characters that comply with the RFCs.
1	Permit ANSI characters that do not comply with the RFCs.
2	Permit multibyte UTF8 characters.
3	Permit all characters.

Change method

To change the value of the NameCheckFlag entry, use the DNS console. Right-click a DNS server, click Properties, click the Advanced tab, and then click the encoding format you want to use in the Name checking box. You can also use Dnscmd.exe. Changes are effective immediately so that you do not have to restart the DNS server.

Start method

DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console or Dnscmd.exe. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the NameCheckFlag entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

NoRecursion

You can use the NoRecursion registry entry to specify if the DNS server performs recursive resolution to comply with the RecursionDesired bit in the DNS name query packet header. Recursion occurs only when the value of the NoRecursion entry is 0 and the RecursionDesired bit is set.

Valid NoRecursion entries

Value	Meaning
0	Permit ANSI characters that comply with the RFCs.
1	Permit ANSI characters that do not comply with the RFCs.
2	Permit multibyte UTF8 characters.
3	Permit all characters.

You might want to change the value of the NoRecursion entry if clients are limited to the names on a server, such as in an intranet, or if the server cannot resolve external names.

Change method

To change the value of the NoRecursion entry, use the DNS console. Right-click the server name, click Properties, and then click the Advanced tab. This entry corresponds to the Disable Recursion option. You can also use Dnscmd.exe. Changes are effective immediately so that you do not have to restart the DNS server.

Note Do not change the value of the NoRecursion entry by editing the registry.

Start method

DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console or Dnscmd.exe. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note the following items:

• If you start DNS by using a standard BIND file, the value of the RecursionDesired bit in the BIND file takes precedence over the value of the NoRecursion entry. The NoRecursion entry might be deleted or its value replaced by the value in the BIND file.
• Windows 2000 does not add the NoRecursion entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

PreviousLocalHostname

You can use the PreviousLocalHostname registry entry to store the FQDN of the local computer. When the computer name or the primary DNS suffix changes, the DNS server uses the previous name to update resource records on primary, Active Directory–integrated zones.

The DNS server copies the name of the local computer that is stored in the Hostname entry and the primary DNS suffix that is stored in the PrimaryDnsSuffix entry to the value of the PreviousLocalHostname entry. If the computer name or primary DNS suffix changes, the DNS server searches Start of Authority (SOA), name server (NS), and A resource records for the value of the PreviousLocalHostname entry, and it replaces each instance with the new computer name. Then, it copies the new value of Hostname and PrimaryDnsSuffix to the value of the PreviousLocalHostname entry for future changes.

Start method

DNS reads its registry entries only when it starts. If you change the value of the PreviousLocalHostname entry by editing the registry, the changes are not effective until you restart the DNS server.

Note The DNS server updates resource records according to the standards that are set for the zone and that are stored in the AutoConfigFileZones entry.

PublishAddresses

You can use the PublishAddresses registry entry to specify the IP addresses that you want to publish for the computer. The DNS server creates A records only for the addresses in this list.

If the PublishAddresses entry does not appear in the registry or if its value is blank, the DNS server creates an A record for each computer's IP addresses.

The PublishAddresses entry is designed for computers with multiple IP addresses, where you want to publish only a subset of the available addresses. Typically, this process is used to prevent the DNS server from returning a private network address in response to a query when the computer has a corporate network address.

Start method

DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the PublishAddresses entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

PublishAutonet

You can use the PublishAutonet registry entry to specify if the DNS server builds A records for temporary IP addresses that are produced by Automatic Private IP Addressing (APIPA). The PublishAutonet entry applies only when the DNS server is building A records for the computer where it is running.

APIPA is designed for computers on single-subnet networks that do not include a Dynamic Host Configuration Protocol (DHCP) server. APIPA automatically assigns an IP address from its reserved range, 169.254.0.01 through 169-254.255.254. These APIPA IP addresses are generally known as autonet addresses, and are used only until the system finds a DHCP server. APIPA addresses cannot be used on the Internet.

Valid PublishAutonet entries

Value	Meaning
0	Exclude APIPA addresses.
1	Include APIPA addresses.

Start method

DNS reads its registry entries only when it starts. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the PublishAutonet entry to the registry. You can add it by editing the registry or by using a program that edits the registry.