Windows command dnscmd /config command

Share on facebook
Share on google
Share on twitter
Share on linkedin

dnscmd /config command

DNS resolves intermittently - EDNS Problems | PeteNetLive

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/dnscmd

https://computerthang.com/p/intel-xeon-e5-2650l-8-core-rx560-gtx960-4g-16g-ram-240g-ssd/

Changes values in the registry for the DNS server and individual zones. This command also modifies the configuration of the specified server. Accepts server-level and zone-level settings.

 Caution

Don’t edit the registry directly unless you have no alternative. The registry editor bypasses standard safeguards, allowing settings that can degrade performance, damage your system, or even require you to reinstall Windows. You can safely alter most registry settings by using the programs in Control Panel or Microsoft Management Console (mmc). If you must edit the registry directly, back it up first. Read the registry editor help for more information.

Server-level syntax

dnscmd [<servername>] /config <parameter>

Parameters

 Note

This article contains references to the term slave, a term that Microsoft no longer uses. When the term is removed from the software, we’ll remove it from this article.

Parameters Description
<servername> Specifies the DNS server that you are planning to manage, represented by local computer syntax, IP address, FQDN, or host name. If this parameter is omitted, the local server is used.
<parameter> Specify a setting and, as an option, a value. Parameter values use this syntax: parameter [value].
/addressanswerlimit[0|5-28] Specifies the maximum number of host records that a DNS server can send in response to a query. The value can be zero (0), or it can be in the range of 5 through 28 records. The default value is zero (0).
/bindsecondaries[0|1] Changes the format of the zone transfer so that it can achieve maximum compression and efficiency. Accepts the values:

  • 0 – Uses maximum compression and is compatible with BIND versions 4.9.4 and later only
  • 1 – Sends only one resource record per message to non-Microsoft DNS servers and is compatible with BIND versions earlier than 4.9.4. This is the default setting.
/bootmethod[0|1|2|3] Determines the source from which the DNS server gets its configuration information. Accepts the values:

  • 0 – Clears the source of configuration information.
  • 1 – Loads from the BIND file that is located in the DNS directory, which is %systemroot%\System32\DNS by default.
  • 2 – Loads from the registry.
  • 3 – Loads from AD DS and the registry. This is the default setting.
/defaultagingstate[0|1] Determines whether the DNS scavenging feature is enabled by default on newly created zones. Accepts the values:

  • 0 – Disables scavenging. This is the default setting.
  • 1 – Enables scavenging.
/defaultnorefreshinterval[0x1-0xFFFFFFFF|0xA8] Sets a period of time in which no refreshes are accepted for dynamically updated records. Zones on the server inherit this value automatically.To change the default value, type a value in the range of 0x1-0xFFFFFFFF. The default value from the server is 0xA8.
/defaultrefreshinterval [0x1-0xFFFFFFFF|0xA8] Sets a period of time that is allowed for dynamic updates to DNS records. Zones on the server inherit this value automatically.To change the default value, type a value in the range of 0x1-0xFFFFFFFF. The default value from the server is 0xA8.
/disableautoreversezones [0|1] Enables or disables the automatic creation of reverse lookup zones. Reverse lookup zones provide resolution of Internet Protocol (IP) addresses to DNS domain names. Accepts the values:

  • 0 – Enables the automatic creation of reverse lookup zones. This is the default setting.
  • 1 – Disables the automatic creation of reverse lookup zones.
/disablensrecordsautocreation [0|1] Specifies whether the DNS server automatically creates name server (NS) resource records for zones that it hosts. Accepts the values:

  • 0 – Automatically creates name server (NS) resource records for zones that the DNS server hosts.
  • 1 – Doesn’t automatically create name server (NS) resource records for zones that the DNS server hosts.
/dspollinginterval [0-30] Specifies how often the DNS server polls AD DS for changes in active directory integrated zones.
/dstombstoneinterval [1-30] The amount of time in seconds to retain deleted records in AD DS.
/ednscachetimeout [3600-15724800] Specifies the number of seconds that extended DNS (EDNS) information is cached. The minimum value is 3600, and the maximum value is 15,724,800. The default value is 604,800 seconds (one week).
/enableednsprobes [0|1] Enables or disables the server to probe other servers to determine if they support EDNS. Accepts the values:

  • 0 – Disables active support for EDNS probes.
  • 1 – Enables active support for EDNS probes.
/enablednssec [0|1] Enables or disables support for DNS Security Extensions (DNSSEC). Accepts the values:

  • 0 – Disables DNSSEC.
  • 1 – Enables DNSSEC.
/enableglobalnamessupport [0|1] Enables or disables support for the GlobalNames zone. The GlobalNames zone supports resolution of single-label DNS names across a forest. Accepts the values:

  • 0 – Disables support for the GlobalNames zone. When you set the value of this command to 0, the DNS Server service does not resolve single-label names in the GlobalNames zone.
  • 1 – Enables support for the GlobalNames zone. When you set the value of this command to 1, the DNS Server service resolves single-label names in the GlobalNames zone.
/enableglobalqueryblocklist [0|1] Enables or disables support for the global query block list that blocks name resolution for names in the list. The DNS Server service creates and enables the global query block list by default when the service starts the first time. To view the current global query block list, use the dnscmd /info /globalqueryblocklist command. Accepts the values:

  • 0 – Disables support for the global query block list. When you set the value of this command to 0, the DNS Server service responds to queries for names in the block list.
  • 1 – Enables support for the global query block list. When you set the value of this command to 1, the DNS Server service does not respond to queries for names in the block list.
/eventloglevel [0|1|2|4] Determines which events are logged in the DNS server log in Event Viewer. Accepts the values:

  • 0 – Logs no events.
  • 1 – Logs only errors.
  • 2 – Logs only errors and warnings.
  • 4 – Logs errors, warnings, and informational events. This is the default setting.
/forwarddelegations [0|1] Determines how the DNS server handles a query for a delegated subzone. These queries can be sent either to the subzone that is referred to in the query or to the list of forwarders that is named for the DNS server. Entries in the setting are used only when forwarding is enabled. Accepts the values:

  • 0 – Automatically sends queries that refer to delegated subzones to the appropriate subzone. This is the default setting.
  • 1 – Forwards queries that refer to the delegated subzone to the existing forwarders.
/forwardingtimeout [<seconds>] Determines how many seconds (0x1-0xFFFFFFFF) a DNS server waits for a forwarder to respond before trying another forwarder. The default value is 0x5, which is 5 seconds.
/globalneamesqueryorder [0|1] Specifies whether the DNS Server service looks first in the GlobalNames zone or local zones when it resolves names. Accepts the values:

  • 0 – The DNS Server service attempts to resolve names by querying the GlobalNames zone before it queries the zones for which it is authoritative.
  • 1 – The DNS Server service attempts to resolve names by querying the zones for which it is authoritative before it queries the GlobalNames zone.
/globalqueryblocklist[[<name> [<name>]...] Replaces the current global query block list with a list of the names that you specify. If you do not specify any names, this command clears the block list. By default, the global query block list contains the following items:

  • isatap
  • wpad

The DNS Server service can remove either or both of these names when it starts the first time, if it finds these names in an existing zone.
/isslave [0|1] Determines how the DNS server responds when queries that it forwards receive no response. Accepts the values:

  • 0 – Specifies that the DNS server is not a subordinate. If the forwarder does not respond, the DNS server attempts to resolve the query itself. This is the default setting.
  • 1 – Specifies that the DNS server is a subordinate. If the forwarder does not respond, the DNS server terminates the search and sends a failure message to the resolver.
/localnetpriority [0|1] Determines the order in which host records are returned when the DNS server has multiple host records for the same name. Accepts the values:

  • 0 – Returns the records in the order in which they are listed in the DNS database.
  • 1 – Returns the records that have similar IP network addresses first. This is the default setting.
/logfilemaxsize [<size>] Specifies the maximum size in bytes (0x10000-0xFFFFFFFF) of the Dns.log file. When the file reaches its maximum size, DNS overwrites the oldest events. The default size is 0x400000, which is 4 megabytes (MB).
/logfilepath [<path+logfilename>] Specifies the path of the Dns.log file. The default path is %systemroot%\System32\Dns\Dns.log. You can specify a different path by using the format path+logfilename.
/logipfilterlist <IPaddress> [,<IPaddress>...] Specifies which packets are logged in the debug log file. The entries are a list of IP addresses. Only packets going to and from the IP addresses in the list are logged.
/loglevel [<eventtype>] Determines which types of events are recorded in the Dns.log file. Each event type is represented by a hexadecimal number. If you want more than one event in the log, use hexadecimal addition to add the values, and then enter the sum. Accepts the values:

  • 0x0 – The DNS server does not create a log. This is the default entry.
  • 0x10 – Logs queries and notifications.
  • 0x20 – Logs updates.
  • 0xFE – Logs nonquery transactions.
  • 0x100 – Logs question transactions.
  • 0x200 – Logs answers.
  • 0x1000 – Logs send packets.
  • 0x2000 – Logs receive packets.
  • 0x4000 – Logs User Datagram Protocol (UDP) packets.
  • 0x8000 – Logs Transmission Control Protocol (TCP) packets.
  • 0xFFFF – Logs all packets.
  • 0x10000 – Logs active directory write transactions.
  • 0x20000 – Logs active directory update transactions.
  • 0x1000000 – Logs full packets.
  • 0x80000000 – Logs write-through transactions.
/maxcachesize Specifies the maximum size, in kilobytes (KB), of the DNS server s memory cache.
/maxcachettl [<seconds>] Determines how many seconds (0x0-0xFFFFFFFF) a record is saved in the cache. If the 0x0 setting is used, the DNS server doesn’t cache records. The default setting is 0x15180 (86,400 seconds or 1 day).
/maxnegativecachettl [<seconds>] Specifies how many seconds (0x1-0xFFFFFFFF) an entry that records a negative answer to a query remains stored in the DNS cache. The default setting is 0x384 (900 seconds).
/namecheckflag [0|1|2|3] Specifies which character standard is used when checking DNS names. Accepts the values:

  • 0 – Uses ANSI characters that comply with Internet Engineering Task force (IETF) Request for Comments (Rfcs).
  • 1 – Uses ANSI characters that do not necessarily comply with IETF Rfcs.
  • 2 – Uses multibyte UCS Transformation format 8 (UTF-8) characters. This is the default setting.
  • 3 – Uses all characters.
/norecursion [0|1] Determines whether a DNS server performs recursive name resolution. Accepts the values:

  • 0 – The DNS server performs recursive name resolution if it is requested in a query. This is the default setting.
  • 1 – The DNS server does not perform recursive name resolution.
/notcp This parameter is obsolete, and it has no effect in current versions of Windows Server.
/recursionretry [<seconds>] Determines the number of seconds (0x1-0xFFFFFFFF) that a DNS server waits before again trying to contact a remote server. The default setting is 0x3 (three seconds). This value should be increased when recursion occurs over a slow wide area network (WAN) link.
/recursiontimeout [<seconds>] Determines the number of seconds (0x1-0xFFFFFFFF) that a DNS server waits before discontinuing attempts to contact a remote server. The settings range from 0x1 through 0xFFFFFFFF. The default setting is 0xF (15 seconds). This value should be increased when recursion occurs over a slow WAN link.
/roundrobin [0|1] Determines the order in which host records are returned when a server has multiple host records for the same name. Accepts the values:

  • 0 – The DNS server does not use round robin. Instead, it returns the first record to every query.
  • 1 – The DNS server rotates among the records that it returns from the top to the bottom of the list of matching records. This is the default setting.
/rpcprotocol [0x0|0x1|0x2|0x4|0xFFFFFFFF] Specifies the protocol that remote procedure call (RPC) uses when it makes a connection from the DNS server. Accepts the values:

  • 0x0 – Disables RPC for DNS.
  • 0x01 – Uses TCP/IP
  • 0x2 – Uses named pipes.
  • 0x4 – Uses local procedure call (LPC).
  • 0xFFFFFFFF – All protocols. This is the default setting.
/scavenginginterval [<hours>] Determines whether the scavenging feature for the DNS server is enabled, and sets the number of hours (0x0-0xFFFFFFFF) between scavenging cycles. The default setting is 0x0, which disables scavenging for the DNS server. A setting greater than 0x0 enables scavenging for the server and sets the number of hours between scavenging cycles.
/secureresponses [0|1] Determines whether DNS filters records that are saved in a cache. Accepts the values:

  • 0 – Saves all responses to name queries to a cache. This is the default setting.
  • 1 – Saves only the records that belong to the same DNS subtree to a cache.
/sendport [<port>] Specifies the port number (0x0-0xFFFFFFFF) that DNS uses to send recursive queries to other DNS servers. The default setting is 0x0, which means that the port number is selected randomly.
/serverlevelplugindll[<dllpath>] Specifies the path of a custom plug-in. When Dllpath specifies the fully qualified path name of a valid DNS server plug-in, the DNS server calls functions in the plug-in to resolve name queries that are outside the scope of all locally hosted zones. If a queried name is out of the scope of the plug-in, the DNS server performs name resolution using forwarding or recursion, as configured. If Dllpath is not specified, the DNS server ceases to use a custom plug-in if a custom plug-in was previously configured.
/strictfileparsing [0|1] Determines a DNS server’s behavior when it encounters an erroneous record while loading a zone. Accepts the values:

  • 0 – The DNS server continues to load the zone even if the server encounters an erroneous record. The error is recorded in the DNS log. This is the default setting.
  • 1 – The DNS server stops loading the zone, and it records the error in the DNS log.
/updateoptions <RecordValue> Prohibits dynamic updates of specified types of records. If you want more than one record type to be prohibited in the log, use hexadecimal addition to add the values, and then enter the sum. Accepts the values:

  • 0x0 – Doesn’t restrict any record types.
  • 0x1 – Excludes start of authority (SOA) resource records.
  • 0x2 – Excludes name server (NS) resource records.
  • 0x4 – Excludes delegation of name server (NS) resource records.
  • 0x8 – Excludes server host records.
  • 0x100 – During secure dynamic update, excludes start of authority (SOA) resource records.
  • 0x200 – During secure dynamic update, excludes root name server (NS) resource records.
  • 0x30F – During standard dynamic update, excludes name server (NS) resource records, start of authority (SOA) resource records, and server host records. During secure dynamic update, excludes root name server (NS) resource records and start of authority (SOA) resource records. Allows delegations and server host updates.
  • 0x400 – During secure dynamic update, excludes delegation name server (NS) resource records.
  • 0x800 – During secure dynamic update, excludes server host records.
  • 0x1000000 – Excludes delegation signer (DS) records.
  • 0x80000000 – Disables DNS dynamic update.
/writeauthorityns [0|1] Determines when the DNS server writes name server (NS) resource records in the Authority section of a response. Accepts the values:

  • 0 – Writes name server (NS) resource records in the Authority section of referrals only. This setting complies with Rfc 1034, Domain names concepts and facilities, and with Rfc 2181, Clarifications to the DNS Specification. This is the default setting.
  • 1 – Writes name server (NS) resource records in the Authority section of all successful authoritative responses.
/xfrconnecttimeout [<seconds>] Determines the number of seconds (0x0-0xFFFFFFFF) a primary DNS server waits for a transfer response from its secondary server. The default value is 0x1E (30 seconds). After the time-out value expires, the connection is terminated.

Zone-level syntax

Modifies the configuration of the specified zone. The zone name must be specified only for zone-level parameters.

dnscmd /config <parameters>

Parameters

Parameters Description
<parameter> Specify a setting, a zone name, and, as an option, a value. Parameter values use this syntax: zonename parameter [value].
/aging <zonename> Enables or disables scavenging in a specific zone.
/allownsrecordsautocreation <zonename> [value] Overrides the DNS server’s name server (NS) resource record autocreation setting. Name server (NS) resource records that were previously registered for this zone are not affected. Therefore, you must remove them manually if you do not want them.
/allowupdate <zonename> Determines whether the specified zone accepts dynamic updates.
/forwarderslave <zonename> Overrides the DNS server /isslave setting.
/forwardertimeout <zonename> Determines how many seconds a DNS zone waits for a forwarder to respond before trying another forwarder. This value overrides the value that is set at the server level.
/norefreshinterval <zonename> Sets a time interval for a zone during which no refreshes can dynamically update DNS records in a specified zone.
/refreshinterval <zonename> Sets a time interval for a zone during which refreshes can dynamically update DNS records in a specified zone.
/securesecondaries <zonename> Determines which secondary servers can receive zone updates from the primary server for this zone.