Infrastructure

Removing Root Hints from a Windows DNS server – Cache.dns

I was working for a Credit Card Processing company that wanted to remove Root Hints from their DNS servers and add forwarders to specific DNS servers. This didn’t seem like a difficult task at all. Open the DNS MMC and remove the Root Hints, unfortunately it turns out to be a little more complicated than that.

A few days after deleting all of the Root Hints, I noticed that the Root Hints had returned??? I was a little perplexed, so I deleted them again and rebooted the system. The Root Hints had returned!!! I quickly surmised that there was a config file somewhere that was being loaded on a reboot.

DNS stores the Root Hint configuration in a file called Cache.dns in the %systemroot%\system32\dns folder. Apparently only changes and additions made in the MMC are written to this file, not deletions.

Armed with this knowledge, I renamed the original file to keep a copy and created a blank Cache.dns file to match our design goals of removing root hints.

Leave a Reply

x

We use cookies to ensure the best possible experience on our website. Detailed information on the use of cookies on this site is provided in our Privacy and Cookie Policy. Further instruction on how to disable our cookies can be found there.