In this post we continue our trolley ride through the wild and wonderful world of the Microsoft 70-640 Active Directory Configuration certification exam. Today’s subject is Windows Server 2008 DNS server administration.

The screenshot below shows the relevant section from the 70-640 exam blueprint on configuring DNS server settings.

What we will do here is cover each of the aforementioned bullet points by providing (a) very brief definitions of each technology; and (b) links to relevant Microsoft resources to foster your certification study.

Exam 70-640 Domain 1, Subobjective 2 Configure DNS server settin

Exam 70-640 Domain 1, Subobjective 2: Configure DNS server settings

Forwarding ^

We configure Windows Server 2008 DNS servers as forwarders in order to facilitate the resolution of host names that exist outside of our Active Directory forest. These could be Internet host names or hostnames from other corporate external networks. Conditional forwarding allows administrators to granularly control forwarding to specifically listed DNS domains.

Relevant links:

Root hints ^

The root hints file is a sort of HOSTs file (statically maintained) that a DNS server uses for external host name lookups. A Windows administrator can disable root hints, update it periodically with the names and IP addresses of the Internet root servers, or populate a custom list of root hints entries.

Relevant links:

Zone delegation ^

Zone delegation means transferring the authority of part of your DNS namespace to another group or individual. For instance, we might decide to create a DNS delegated subdomain called and give over authority of that domain to our developers. We ourselves would maintain control of the root domain,

Relevant links:

Round robin ^

Round robin is any easy method for establishing load balancing among two or more replica DNS servers. The purpose of Round Robin is to increase host name resolution efficiency and to conserve network load on your DNS servers.

Relevant links:

Disabling recursion ^

By default, Windows Server 2008 DNS servers use recursion to satisfy name resolution requests on behalf of client devices. The recursion process uses a “walking the DNS tree” metaphor and involves the possibility of querying multiple internal and external DNS servers. To heighten network security, DNS servers that do not need to receive recursive queries should have recursion disabled.

Relevant links:

Debug logging ^

Windows Server 2008 DNS administrators can enable debug logging in the DNS server as a troubleshooting method. Because the debug logging process, which captures detailed information on DNS query and name resolution traffic, involves significant CPU, memory, and disk space overhead, we should enable debug logging only for the duration in which it is required.

Relevant Links:

Server scavenging ^

As we already know, we establish zone-wide defaults for resource record aging in the start of authority (SOA) resource record properties. Windows Server 2008 DNS Server has the capability of scouring (or scavenging) its DNS zones and purging outdated records. This scavenging process works both for standard primary zones as well as for Active Directory-integrated zones.

Relevant links:

Conclusion ^

A note for your consideration: I hand-picked every Microsoft URL in these articles. As you doubtless noticed, some of the articles are formally geared toward a previous version of Windows Server. Don’t be put off by that! I’ve found that in some cases the quality and accuracy of older Microsoft whitepapers and support articles are superior to their ultra-current counterparts. If you do notice a discrepancy, please make a note of it in the comments portion of this post, and I will post a correction immediately.

In the next post in this series I will discuss a sample practice question for the DNS Server settings subobjective.


Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account