How to Delegate All Internet Top-Level Domains on an Internal Root DNS Server

Article translations Article translations
Article ID: 294906 - View products that this article applies to.
This article was previously published under Q294906
Expand all | Collapse all


This article describes how to configure the internal root DNS server to provide name resolution for Internet top-level domains.


Internal root DNS servers do not have root hints and do not forward or resolve any names beyond itself. This behavior is by design to protect the internal DNS server from an Internet attack. You must have a firewall in place to protect the root DNS server.

Depending on your network configuration, you may want the internal root DNS server to provide name resolution services for all Internet top-level domains (.net, .com, .edu), while you still protect it from any outside exposure. To do so, delegate all the Internet top-level domains on an internal root DNS server. Down-level DNS servers in your organization are then able to resolve iterative queries to your root DNS servers for top-level domains.

NOTE: Network Solutions provides a list of aggregated .com, .org, and .net top-level domain zone files (including the checksum files) and is subject to the restrictions described in the Access Agreement with Network Solutions. You use this file to build the delegated top-level domains.

To delegate all Internet top-level domains:
  1. Extract the file from the file in the following location, and then copy to the %SystemRoot%\System32\DNS folder:
  2. Rename the file "Cache.dns".

    If you have a Cache.dns file already in the DNS folder, move it to a safe backup location in case you have to retrieve it at a later date.
  3. Create a new .(root) zone on the DNS server:
    1. In the DNS snap-in, right-click Forward lookup zones, and then click New Zone.
    2. When the New Zone Wizard starts, click Next
    3. Click Primary, click to clear Store the zone in Active Directory, and then click Next.
    4. In the Name box, type a dot (.), and then click Next.
    5. Click Use this existing file, type cache.dns, and then click Next.
    6. Click Do not allow dynamic updates (default), click Next, and then click Finish.
After you complete this procedure, the root zone is created with all Internet top-level domains delegated below it.


Article ID: 294906 - Last Review: March 2, 2007 - Revision: 7.3
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
kbenv kbhowto KB294906

Give Feedback


Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from