A code defect in the Windows Server 2008 SP1 (RTM) and Service Pack 2 version of Dnsmgmt.msc causes the DNS service to use the opposite behavior than the Use root hints if no forwarders are available checkbox in the DNS Manager snap-in.
This problem is scheduled be fixed in Windows Server 2008 Service Pack 3. Customers requiring a post-SP2 fix should request a QFE from Microsoft.
This problem does not exist in the Windows Server 2008 R2 version of Dnsmgmt.msc.
As a workaround, you can use the Windows Server 2008 version of the DNSCMD tool, which correctly displays and configures the root hint behavior. Otherwise use the opposite checkbox configuration to obtain the desired behavior. See the "More Information" section for the DNSCMD tool syntax.
The Use root hints if no forwarders are available checkbox in Windows Server 2008 DNS Manager is equivalent to the Do not use recursion for this domain in the Forwarders tab of the Windows Server 2003 DNS Manager snap-in.
Toggling the use root hints if no forwarders are available checkbox (or its Windows Server 2003 equivalent) modifies the following registry value:
Value Name: IsSlave
Value Path: HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters
Value Type: REG_DWORD
Value Data: 0 | 1 (Default value: 0)
Not a slave. If the forwarder servers do not respond, the DNS server issues standard iterative queries to try to resolve the remote name.
Is a slave. If the forwarder servers do not respond, the DNS server terminates the search and sends a SERVER_FAILURE response to the query.
The DNS Server service and DNS Manager snap-in both read DNS registry entries only on startup. You can change entries while the DNS server is running by using the DNS console or DNSCMD tool. If you change entries by editing the registry or by using the DNSCMD tool, the changes are not effective until you restart the DNS Server service. Similarly, if DNS server registry keys are modified directly, restart the DNS Manager snap-in, Dnsmgmt.msc, so that it will reflect current configuration settings.
To view the status of the IsSlave setting in the registry using DNSCMD.EXE use the command:
To modify the value of the IsSlave setting using DNSCMD.EXE:
c:\>dnscmd /config /isslave 0
c:\>dnscmd /config /isslave 1
Sample output from "dnscmd /info" is shown below:
server name = dc1.contoso.com
version = <build #>
<truncated for brevity - scroll to bottom of DNSCMD output>
forward timeout = 5
slave = 0 <----Current value in registry for IsSlave
Command completed successfully.
Article ID: 2001154 - Last Review: 12/07/2010 20:41:00 - Revision: 13.0