In looking at the AD partitions using ADSIEdit I see that both the Domain partition and the DomainDnsZones partitions have a DC=RootDNSServers container which both contain objects of dnsNode class representing the Root Hint servers. I have two questions about this:
-
Why are the Root Hints being stored in AD? I always understood that they were loaded from the "C:\Windows\System32\dns\cache.dns" file.
-
Why are they stored in both the Domain and the DomainDnsZones partitions?
Best Answer
They can be loaded from the cache.dns server, but they also can be loaded from active directory.
If your DNS server is also a DC, it will automatically load root hints from AD first. If it is not a DC, it will use the cache.dns file.
Any customization of the Root Hints are stored at:
As Shane mentioned, I believe the copy in the Domain partition is used for backwards compatibility.