On Feb 5, 2008 9:01 AM, Stephen Wimberly <[EMAIL PROTECTED]> wrote: > It would appear that the DNS server is speaking to the "." zone which loads > by default, but I don't have a "." zone, I have only one zone that is named.
The single bare dot (.) represents the root DNS zone (the one that is the parent of the entire DNS namespace). The server needs to know about the root zone so that it can find the various TLDs (Top Level Domains, like .COM, .NET, .US, and so on) and thus the rest of the Internet. Normally, the root zone is loaded on server startup from something called the "root hints". The root hints give the DNS server enough information to find the root zone servers. Once the root zone is loaded from the hints, it becomes part of the DNS server's cache. So it's normally there, but it isn't something you normally see. > I've tried creating and deleting a "." zone and this did not seem to solve > the problem. Configuring your server as authoritative for the root zone will probably prevent it from looking up any names for the rest of the Internet (since you told it that it is now authoritative for the world). Make sure that root zone you created really is deleted. :) > IF I go the other route, (http://support.microsoft.com/kb/294328/en-us) > reconfigure my existing DNS zone as a flat file and not in the active > directory am I going to have downtime ... I've never done that before, but from the procedure explained in that article, I would expect downtime. Active Directory uses DNS to find DCs (Domain Controllers), so at a minimum, I would expect domain logins to possibly fail. Anything depending on name resolution of your AD domain name (likely Exchange, for example) will probably stop working. You could probably work around the above by making sure you have some "standard" DNS zone servers, authoritative for your AD domain name, running independently of the AD-integrated DNS take down. I'm not exactly sure how that would work with MS-DNS. More importantly, I'm not sure that the procedure described in MSKB 294328 is the right thing to try at this point. From what you describe, the problem is just with the root zone or hints, not your own AD-integrated zones. Check the "Root Hints" tab of the DNS server properties. It should list 13 servers, named "a.root-servers.net" through "m.root-servers.net", with IP addresses. More help, to get you started: http://www.google.com/search?q=windows+dns+root+hints http://support.microsoft.com/kb/249868 -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
