How to make my DNS server not root?

Question

Hi,

I have on premise DC with DNS role installed. Recently i noticed I can't do NSlookup to any external name or IP. However, domain computers have no problem browsing.

Is it related to the fact that I have no configured forwarders on my DNS server? I tried to configure Forwarder to ISP DNS server, but this option is not available, since my DNS server is root.

What are my options? Should I somehow remove root from DNS server? (How?)

Answer 1

Hello,

To update root hints on a Windows Server DNS server that is configured as a domain controller:

1. Click Start, point to Administrative Tools, and then click DNS.
2. In the right pane, right-click ServerName, where ServerName is the name of the server, and then click Properties.
3. Click the Root Hints tab.
4. Do one of the following:
   • Add a root server to the list. To do so, click Add, specify the FQDN and the IP address of the root server that you want to add, and then click OK.
   • Copy the root hints from another DNS server. To do so, click Copy from Server, specify the IP address of the DNS server where you want to copy the root hints from, and then click OK.
5. Click OK.

You can refer to the following link:

Troubleshoot DNS name resolution on the Internet - Windows Server | Microsoft Learn

After configuring root hints, your DNS server should be able to resolve external names and IPs. If the issue persists, you may need to check your firewall settings to ensure that DNS traffic is allowed to pass through.

Best regards

Zunhui

Answer 2

hello,

this was not the question.

I can't configure root hints, because my DNS server is configured as root (adding root hints or forwarders options is greyed out). Question is how to make my DNS server not root?

Answer 3

Hi,

Please ask if you use an administrator account to log in to the DNS server. If not, please log in to the DNS server as an administrator and see if you can configure the forwarder and root prompts.

Best regards

Zunhui