Article ID: 813965 - Last Review: May 9, 2007 - Revision: 2.0

Description of DNS registry entries in Windows 2000 Server, part 3 of 3

View products that this article applies to.
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986  (http://support.microsoft.com/kb/256986/ ) Description of the Microsoft Windows Registry

On This Page

Expand all | Collapse all

SUMMARY

This article is part 3 of 3 articles that describe registry entries that affect the behavior of DNS in Microsoft Windows 2000 Server. Additionally, these articles describe different tools that you can use to configure DNS registry entries. The DNS registry entry descriptions are listed by name, and these descriptions include the DNS registry entry change method and the start method. The tools that are described in these articles are Registry Editor, the Dnscmd.exe command-line tool, and the DNS console.
Back to the top

INTRODUCTION

This article is the first of three articles that describe DNS registry entries in Windows 2000 Server.

For additional information about the other two articles in this series of three articles, click the following article numbers to view the articles in the Microsoft Knowledge Base:
813963  (http://support.microsoft.com/kb/813963/ ) Description of DNS registry entries in Windows 2000 Server, part 1 of 3
813964  (http://support.microsoft.com/kb/813964/ ) Description of DNS registry entries in Windows 2000 Server, part 2 of 3
Back to the top

MORE INFORMATION

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
Back to the top

Configuration tools

You can use the following three tools to configure DNS registry entries:
  • Registry Editor
  • Dnscmd.exe
  • The DNS console

Registry Editor

Some DNS registry entries can only be modified by using Registry Editor. To create DNS registry entries, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following subkey:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters
  3. On the Edit menu, point to New, and then click the data type of the entry. For example, click DWORD.
  4. Type the name of the DNS server entry, and then press ENTER.
  5. Right-click the new entry, click Modify, type the value you want in the Value data box, and then click OK.
  6. Quit Registry Editor.
  7. Restart the DNS server for these changes to take effect.

Dnscmd.exe

You can use the Dnscmd.exe command-line tool to perform most of the tasks that you can perform by using the DNS console. For example, you can use the Dnscmd.exe command-line tool to perform the following tasks:
  • Create, delete, and view zones and records
  • Reset server and zone properties
  • Perform the following routine administration operations:
    • Update, reload, and refresh the zone
    • Write the zone back to a file or to Active Directory directory service
    • Pause and resume the zone
    • Clear the cache
    • Start and stop the DNS service
    • View statistics
You can also use the Dnscmd.exe command-line tool to write scripts for remote administration. For more information about Dnscmd.exe, see Windows 2000 Support Tools Help. For more information about how to install and use the Windows 2000 Support Tools and about Support Tools Help, see the Sreadme.doc file in the Support\Tools folder on the Windows 2000 Server CD-ROM.

The DNS console

You can use the DNS console to configure many DNS settings. To start the DNS console, click Start, point to Programs, point to Administrative Tools, and then click DNS.
Back to the top

DNS server entries

The following registry entries (along with the entries that are described in part 2 and part 3) determine the behavior of the whole DNS server. Each of these registry entries is located under the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters
Note These registry entries are read-only when the computer starts. Some registry entries can be reset. Therefore, the server behavior is occasionally changed dynamically through the DNS Administrator. However, if you manually reset a registry entry, you must restart the DNS server to process the entry's new value.

RecursionRetry

Type: DWORD
Default value: 0x3
Function: Determines how frequently DNS repeats recursive client queries when it does not receive a response from a remote server.
You can use the RecursionRetry registry entry to specify how frequently DNS repeats recursive client queries when it does not receive a response from a remote server. If the DNS server does not receive a response before the expiration of the time that is set in the RecursionRetry entry, the DNS server repeats the query to the same server or to other DNS servers.

The default value is appropriate for most servers. However, if this value is less than the time that a remote server requires to respond over a slow link, increase this value so that it is slightly longer than the response time that you noted.
Change method
Use Dnscmd.exe to change the value of the RecursionRetry entry. The change is effective immediately so that you do not have to restart the DNS server.
Start method
DNS reads its registry entries only when it starts. If you change the value of the RecursionRetry entry by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the RecursionRetry entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

RecursionTimeout

Type: DWORD
Default value: 0xF (15 seconds)
Function: Determines how long DNS waits for remote servers to respond to a recursive client query before the search is stopped.
You can use the RecursionTimeout registry entry to specify how long DNS waits for remote servers to respond to a recursive client query before DNS stops the search. If the DNS server does not receive a response to a recursive query, the server repeats the query at intervals that are specified by the value of the RecursionRetry entry. If the server does not receive a response before the value of the RecursionTimeout entry expires, the DNS server stops the search and sends a SERVER_FAILURE response to the query.

This value is appropriate for most DNS servers. However, if this value is less than the time a remote server requires to respond over a slow link, increase this value so that it is slightly longer than the response time that you note. In measuring actual response times, make sure that you distinguish between responses from remote DNS servers and repeated query tries by the client.
Change method
Use Dnscmd.exe to change the value of the RecursionRetry entry. The change is effective immediately so that you do not have to restart the DNS server.
Start method
DNS reads its registry entries only when it starts. If you change the value of the RecursionRetry entry by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the RecursionRetry entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

RoundRobin

Type: DWORD (Boolean)
Default value: 1
Function: Determines the order that the DNS server returns address (A) records when it has multiple A records for the same name.
You can use the RoundRobin registry entry to specify the order that the DNS server returns A records when it has multiple A records for the same name.
Valid RoundRobin entries
Collapse this tableExpand this table
ValueMeaning
0The DNS server returns the A records in a fixed, file load order.
1The DNS server rotates among the A records it returns for a particular name. Rotating helps balance the load that is placed on each connection to the named server.
Change method
To change the value of the RoundRobin entry, use the DNS console. Right-click the server name, click Properties, and then click the Advanced tab. The RoundRobin entry corresponds to the Enable round robin option. You can also use Dnscmd.exe. When you use either method, your changes are effective immediately so that you do not have to restart the DNS server.
Start method
DNS reads its registry entries only when it starts. If you change the value of the RoundRobin entry by editing the registry, the changes are not effective until you restart the DNS server.

Note The order that A records are returned depends on the value of the RoundRobin entry and of the LocalNetPriority entry. Note the following items:
  • When both entries are set to 1 or if the RoundRobin entry is not in the registry, the DNS server rotates among the A records it returns in local net priority order. This is the order of their similarity to the IP address of the querying client.
  • If the value of the RoundRobin entry is 0 and the value of the LocalNetPriority entry is 1, the DNS server returns the records in local net priority order. The DNS server does not rotate among available addresses.
  • If the value of the RoundRobin entry is 1 and the value of the LocalNetPriority entry is 0, the DNS server rotates among the available records in the order that the records were added to the database.
  • If the values of the RoundRobin entry and the LocalNetPriority entry are 0, the DNS server returns the records in the order that they were added to the database. The DNS server does not try to sort them or to rotate among them.

RpcProtocol

Type: DWORD
Default value: 0xFFFFFFFF
Function: Specifies the protocols that administrative remote procedure calls (RPCs) use.
Although these flags are not specific to DNS, the DNS server establishes endpoints to create connections that use these protocols.

The value of the RpcProtocol entry is a bitmap. You can set multiple bits by adding the bits together and setting the value of the RpcProtocol entry to that sum.
Collapse this tableExpand this table
BitMeaning
0x0No protocols (disables RPC for DNS)
0x1 (001 binary)TCP/IP
0x2 (010 binary)Named pipes
0x4 (100 binary)LPC
0xFFFFFFFFAll protocols
Change method
To change the value of the RpcProtocol entry, use the Dnscmd.exe. Do not change the value of the RpcProtocol entry by editing the registry.
Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

ScavengingInterval

Type: DWORD
Default value: 0x0
Function: Determines if the scavenging feature of the DNS is turned on, and specifies how frequently the DNS server scavenges its database records.
You can use the ScavengingInterval registry entry to specify if the scavenging feature of DNS is turned on, and specifies how frequently the DNS server scavenges its database records.

During the scavenging process, the DNS server examines the timestamps of resource records in the DNS database and deletes records that are out of date.
Valid ScavengingInterval entries
Collapse this tableExpand this table
ValueMeaning
0x0Turns off scavenging. The DNS server does not delete old resource records.
0x1–0xFFFFFFFFTurns on scavenging and specifies the number of hours between each scavenging pass.
Change method
To change the value of the ScavengingInterval entry, do not edit the registry directly. Instead, use the DNS console. Right-click a server name, click Properties, click the Advanced tab, and then click to select the Enable automatic scavenging of stale records check box. You can also use Dnscmd.exe to configure this entry.
Activation method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note DNS adds the ScavengingInterval entry to the registry when you use the DNS console or Dnscmd.exe to turn on scavenging and set a scavenging interval. If you turn off scavenging, the DNS console sets the value of the ScavengingInterval entry to 0x0.

Important By default, scavenging is turned off. To turn on the DNS scavenging feature on any zone, you must turn on scavenging on the server by using the ScavengingInterval entry and turned on for the zone by using the Aging entry in a Zone-name subkey. If the ScavengingInterval entry specifies that scavenging is turned off on the DNS server, all values that configure scavenging for any zone are ignored.

SecureResponses

Type: DWORD (Boolean)
Default value: 0
Function: Set the interval between successive cleanup walks of the DNS database.
Note The CleanupInterval registry entry is not available in Windows 2000.

You can use the SecureResponses registry entry to specify if the DNS server tries to eliminate illegitimate records by filtering the records that it saves in its memory cache.

The DNS server saves the records of recursive name queries in a memory cache so that it can respond quickly to new queries for the same name. By default, it saves all records. However, if the value of the SecureResponses entry is 1, DNS saves only those query records for names that are in the same subtree as the server that provided them. For example, the DNS server would save a name server (NS) record for ns.example.com from the example.com server, but it would not save the NS record for ns.example2.com from the example.com server. This filtering is designed to minimize the effect of malicious attacks on an Internet server, but it might generate additional network traffic.
Valid SecureResponses entries
Collapse this tableExpand this table
ValueMeaning
0The DNS server saves all name query records in its memory cache. It does not try to filter out illegitimate records.
1The DNS server saves only those records of names that are in the same subtree as the name in the original query.
Change method
To change the value of the SecureResponses entry, use the DNS console. Right-click the name of a DNS server, click Properties, and then click the Advanced tab. The SecureResponses entry stores the setting of the Secure cache against pollution check box.
Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the SecureResponses entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

SendPort

Type: DWORD
Default value: 0x0
Function: Specifies a port that the DNS server uses to send recursive User Datagram Protocol (UDP) queries to other DNS servers.
You can use the SendPort registry entry to specify a port that the DNS server uses to send recursive UDP queries to other DNS servers. By default, the DNS server sends recursive UDP queries through a randomly selected port that is named the DNS port. The SendPort entry directs the DNS server to use a particular port. You may want to add the SendPort entry to the registry if you want to use port 53 or another port.

If the value of the SendPort entry is 0 or if the entry does not appear in the registry, DNS randomly selects a port.
Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the SendPort entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

StrictFileParsing

Type: DWORD
Default value: 0
Function: Determines how the DNS server responds when it receives zone files whose records contain errors that violate Requests for Comments (RFCs).
You can use the StrictFileParsing registry entry to specify how the DNS server responds when it receives zone files whose records contain errors that violate Requests for Comments (RFCs). These include records for names that are outside the zone, canonical name (CNAME) records at names that contain other records, and other records at names that contain CNAME records.
Valid StrictFileParsing entries
Collapse this tableExpand this table
ValueMeaning
0When the DNS server encounters an erroneous record, it writes an error to the DNS log in Event Viewer and continues to load.
1When the DNS server encounters erroneous records, it writes an error to the DNS log in Event Viewer and stops without loading.
Change method
To change the value of the StrictFileParsing entry, use the DNS console. Right-click the server name, click Properties, and then click the Advanced tab. The StrictFileParsing entry corresponds to the Fail on load if bad zone data option. You can also use Dnscmd.exe to configure this setting. You can use either method, and the changes are effective immediately so that you do not have to restart the DNS server.
Activation method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console or Dnscmd.exe. If you change the value of the StrictFileParsing entry by editing the registry, the changes are not effective until you restart the DNS server.

Note The default behavior of DNS changed in Microsoft Windows NT 4.0 with Service Pack 4 (SP4). In versions of Windows NT 4.0 before SP4, the DNS server does not start if it encounters incorrect zone records. Check the system log in Event Viewer for errors.

Important Windows 2000 does not add the StrictFileParsing entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

UpdateOptions

Type: DWORD
Default value: 0x30F
Function: Prevents DNS dynamic update of certain types of records.
The UpdateOptions registry entry prevents DNS dynamic update of certain types of records.

You can use the UpdateOptions entry to turn off DNS dynamic update on a record type, set the bit for that record type to 1, or sum the hexadecimal values of the record types. The UpdateOptions entry is a bitmask.
Back to the top

Valid UpdateOptions entries

Collapse this tableExpand this table
ValueMeaning
0x0DNS dynamic update does not restrict any record types.
0x1Start of Authority (SOA) records.
0x2Name server (NS) records.
0x4Delegation NS records.
0x8Server host records.
0x100On secure dynamic update, exclude SOA records.
0x200 On secure dynamic update, exclude root NS records.
0x30FOn standard dynamic update, exclude NS, SOA, and server host records. On secure dynamic update, exclude root NS and SOA records. Permit delegations and server host updates.
0x400On secure dynamic update, exclude delegation NS records.
0x800On secure dynamic update, exclude server host records.
0x1000000DS peer records.
0x80000000Turn off DNS dynamic update.
Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the UpdateOptions entry to the registry. You can add it by editing the registry or by using a program that edits the registry. To find other registry entries that are related to DNS dynamic update, type "dynamic update" on the Search tab in this file.

WriteAuthorityNs

Type: DWORD (Boolean)
Default value: 0 (Do not use database)
Function: Determines when the DNS serverwrites NS (name server) records in the Authority section of a response.
You can use the WriteAuthorityNs registry entry to specify when the DNS server writes NS records in the Authority section of a response. The WriteAuthorityNs entry prevents the DNS server from writing unnecessary NS records in the Authority section, and it makes sure that the DNS server complies with relevant Requests for Comments (RFCs).
Valid WriteAuthorityNs entries
Collapse this tableExpand this table
ValueMeaning
0The DNS server writes NS records in the Authority section of referrals only. The WriteAuthorityNs entry complies with RFC 1034, Domain names—concepts and facilities, and with RFC 2181, Clarifications to the DNS Specification.
1The DNS server writes NS records in the Authority section of all successful authoritative responses. These NS records are neither required nor useful.
Change method
To change the value of the WriteAuthorityNs entry, use Dnscmd.exe. The change is effective immediately so that you do not have to restart the DNS server.
Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using Dnscmd.exe. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note The default value is optimal for most DNS servers. Providing NS records in the Authority section consumes processor time and network bandwidth, and we do not recommend it unless a network program or service requires it.

Important Windows 2000 does not add the WriteAuthorityNs entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

XfrConnectTimeout

Type: DWORD (Boolean)
Default value: 1E (30 seconds)
Function: Sets security on zone transfer requests.
You can use the XfrConnectTimeout registry entry to specify how long the DNS server waits for the secondary server to connect to a primary server. If the connection is not established when the value of the XfrConnectTimeout entry expires, the DNS server drops the connection.
Start method
DNS reads its registry entries only when it starts. You can change entries while the DNS server is running by using the DNS console. If you change entries by editing the registry, the changes are not effective until you restart the DNS server.

Note Windows 2000 does not add the XfrConnectTimeout entry to the registry. You can add it by editing the registry or by using a program that edits the registry.
Back to the top
APPLIES TO
  • Microsoft Windows 2000 Server
Back to the top
Keywords: 
kbregistry kbdns kbinfo KB813965
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers