Showing posts with label lockdown. Show all posts
Showing posts with label lockdown. Show all posts

Tuesday, April 30, 2013

How To Remove The Root Hints from Windows DNS

I ran into a problem while I was locking down a Windows DNS server where I would remove the root hints, but they would keep coming back. I first thought it was because of the "root hints" updates that Microsoft releases every so often. In reality, it was because the root entries were listed in the %windir%\system32\dns\cache.dns file. If you comment out those root hints with a semicolon (including the lines that start with a period (.)), then remove the root hints from your DNS server properties in the DNS Manager MMC snap-in. They should stay away. An example of the cache.dns file after it's been commented out is below.