%3CLINGO-SUB%20id%3D%22lingo-sub-398076%22%20slang%3D%22en-US%22%3ENew%20DNS%20and%20AD%20DS%20BPA%E2%80%99s%20released%20(or%3A%20the%20most%20accurate%20list%20of%20DNS%20recommendations%20you%20will%20ever%20find%20from%20Microsoft)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-398076%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3EFirst%20published%20on%20TechNet%20on%20Aug%2002%2C%202010%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%20Hi%20folks%2C%20%3CA%20href%3D%22http%3A%2F%2Fblogs.technet.com%2Fb%2Faskds%2Farchive%2Ftags%2Fned%2Bpyle%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%20Ned%20%3C%2FA%3E%20here%20again.%20We%E2%80%99ve%20released%20another%20wave%20of%20Best%20Practices%20Analyzer%20rules%20for%20Windows%20Server%202008%20%2F%20R2%2C%20and%20if%20you%20care%20about%20Directory%20Services%20you%20care%20about%20these%3A%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3CBLOCKQUOTE%3E%3CSTRONG%3E%20AD%20DS%20rules%20update%20%3C%2FSTRONG%3E%3CP%3E%3C%2FP%3E%0A%20%20%20%3CP%3E%3CSTRONG%3EInfo%3A%20%3C%2FSTRONG%3E%20%3CA%20href%3D%22http%3A%2F%2Fsupport.microsoft.com%2Fkb%2F980360%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Update%20for%20the%20AD%20DS%20Best%20Practices%20Analyzer%20rules%20in%20Windows%20Server%202008%20R2%20%3C%2FA%3E%20%3CBR%20%2F%3E%20%3CSTRONG%3E%20Download%3A%20%3C%2FSTRONG%3E%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3FFamilyID%3D45a9c434-163f-47ed-a285-60e1c0b988b9%26amp%3Bdisplaylang%3Den%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Rules%20Update%20for%20Active%20Directory%20Domain%20Services%20Best%20Practice%20Analyzer%20for%20Windows%20Server%202008%20R2%20x64%20Editions%20(KB980360)%3C%2FA%3E%3C%2FP%3E%0A%20%20%3C%2FBLOCKQUOTE%3E%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3CP%3EThis%20update%20BPA%20for%20Active%20Directory%20Domain%20Services%20include%20seven%20rules%20changes%20and%20updates%2C%20some%20of%20which%20are%20well%20known%20but%20a%20few%20that%20are%20not.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3C%2FP%3E%0A%20%20%3CBLOCKQUOTE%3E%3CSTRONG%3E%20DNS%20Analyzer%202.0%20%3C%2FSTRONG%3E%3CP%3E%3C%2FP%3E%0A%20%20%20%3CP%3E%3CSTRONG%3EOperation%20Info%20%3C%2FSTRONG%3E%20%3A%20%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd391922(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Best%20Practices%20Analyzer%20for%20Domain%20Name%20System%20%E2%80%93%20Ops%20%3C%2FA%3E%20%3CBR%20%2F%3E%20%3CSTRONG%3E%20Configuration%20info%20%3C%2FSTRONG%3E%20%3A%20%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd349801(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Best%20Practices%20Analyzer%20for%20Domain%20Name%20System%20-%20Config%20%3C%2FA%3E%20%3CBR%20%2F%3E%20%3CSTRONG%3E%20Download%3A%20%3C%2FSTRONG%3E%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fdownloads%2Fdetails.aspx%3Fdisplaylang%3Den%26amp%3BFamilyID%3D7289962b-1098-4fdd-8df1-36c2f28b5126%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20Microsoft%20DNS%20(Domain%20Name%20System)%20Model%20for%20Microsoft%20Baseline%20Configuration%20Analyzer%202.0%3C%2FA%3E%3C%2FP%3E%0A%20%20%3C%2FBLOCKQUOTE%3E%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3CP%3ERemember%20when%20%E2%80%93%20%3CA%20href%3D%22http%3A%2F%2Fblogs.technet.com%2Fb%2Faskds%2Farchive%2F2010%2F07%2F17%2Ffriday-mail-sack-saturday-edition.aspx%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%20a%20few%20weeks%20back%20%3C%2FA%3E%20%E2%80%93%20I%20wrote%20about%20recommended%20DNS%20configuration%20and%20I%20promised%20more%20info%3F%20Well%20here%20it%20is%2C%20in%20all%20its%20glory.%20Despite%20what%20you%20might%20have%20heard%2C%20misheard%2C%20remembered%2C%20or%20argued%20about%2C%20this%20is%20the%20official%20recommended%20list%2C%20written%20by%20the%20Product%20Group%20and%20appended%2Fvetted%2Fmunged%20by%20Support.%20Which%20includes%3A%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3C%2FP%3E%0A%20%20%3CUL%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd378900(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20DNS%20servers%20on%20%3CADAPTER%20name%3D%22%22%3E%20should%20include%20their%20own%20IP%20addresses%20on%20their%20interface%20lists%20of%20DNS%20servers%20%3C%2FADAPTER%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd378915(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20IP%20addresses%20that%20belong%20to%20a%20valid%20range%20must%20be%20configured%20on%20%3CADAPTER%20name%3D%22%22%3E%20%3C%2FADAPTER%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd378852(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20%3CADAPTER%20name%3D%22%22%3E%20must%20have%20configured%20DNS%20servers%20%3C%2FADAPTER%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd378975(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Network%20interfaces%20on%20%3CADAPTER%20name%3D%22%22%3E%20must%20be%20configured%20with%20DNS%20servers%20that%20belong%20to%20a%20valid%20IP%20address%20range%20%3C%2FADAPTER%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd378849(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20%3CADAPTER%20name%3D%22%22%3E%20should%20be%20configured%20to%20use%20both%20a%20preferred%20and%20an%20alternate%20DNS%20server%20%3C%2FADAPTER%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd378834(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20%3CADAPTER%20name%3D%22%22%3E%20should%20have%20static%20IPv4%20settings%20%3C%2FADAPTER%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd378899(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20IP%20addresses%20must%20be%20configured%20on%20%3CADAPTER%20name%3D%22%22%3E%20%3C%2FADAPTER%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd391967(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Valid%20network%20interfaces%20should%20precede%20invalid%20interfaces%20in%20the%20binding%20order%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807362(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20DNS%20servers%20on%20%3CADAPTER%20name%3D%22%22%3E%20should%20include%20the%20loopback%20address%2C%20but%20not%20as%20the%20first%20entry%20%3C%2FADAPTER%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807393(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20If%20the%20Global%20Query%20Block%20List%20is%20enabled%2C%20then%20it%20should%20not%20be%20empty%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807360(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Cache%20locking%20should%20be%20configured%20to%2090%25%20or%20greater%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807396(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20forwarding%20timeout%20value%20should%20be%202%20to%2010%20seconds%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807405(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20Hosts%20file%20%3CFILE%20name%3D%22%22%3E%20on%20the%20DNS%20server%20should%20be%20empty%20%3C%2FFILE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807401(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Interface%20%3CADAPTER%20name%3D%22%22%3E%20on%20the%20DNS%20server%20should%20be%20configured%20to%20register%20its%20IP%20addresses%20in%20DNS%20%3C%2FADAPTER%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807391(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20DNS%20server%20must%20have%20root%20hints%20or%20forwarders%20configured%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807387(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20scavenging%20interval%20%3CINTERVAL%20value%3D%22%22%3E%20is%20within%20the%20recommended%20range%20%3C%2FINTERVAL%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807390(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20DNS%20server%20should%20have%20scavenging%20enabled%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807371(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20scavenging%20interval%20%3CINTERVAL%20value%3D%22%22%3E%20is%20not%20set%20to%20a%20recommended%20value%20%3C%2FINTERVAL%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807372(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20has%20scavenging%20enabled%20with%20recommended%20parameters%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807381(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20has%20record%20aging%20disabled%2C%20so%20scavenging%20will%20not%20occur%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807383(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20scavenging%20server%20list%20should%20not%20be%20empty%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807380(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20scavenging%20parameters%20should%20be%20set%20to%20default%20values%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807375(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20socket%20pool%20should%20be%20enabled%20with%20recommended%20settings%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807363(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20recursion%20timeout%20must%20be%20greater%20than%20the%20forwarding%20timeout%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807389(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Forwarding%20server%20%3CIP%20address%3D%22%22%3E%20should%20respond%20to%20DNS%20queries%20%3C%2FIP%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807386(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20At%20least%20one%20DNS%20server%20on%20the%20list%20of%20forwarders%20must%20respond%20to%20DNS%20queries%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807368(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20list%20of%20forwarding%20servers%20must%20not%20contain%20the%20link-local%20IP%20address%20%3CIP%20address%3D%22%22%3E%20%3C%2FIP%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807385(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20list%20of%20forwarding%20servers%20must%20not%20contain%20the%20loopback%20address%20%3CIP%20address%3D%22%22%3E%20%3C%2FIP%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807392(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20More%20than%20one%20forwarding%20server%20should%20be%20configured%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807364(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20master%20server%20list%20must%20not%20be%20empty%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807378(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20update%20notification%20list%20must%20not%20be%20empty%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807398(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20secondary%20servers%20list%20should%20not%20be%20empty%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807366(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20should%20be%20present%20on%20the%20secondary%20server%20%3CIP%20address%3D%22%22%3E%20configured%20to%20receive%20zone%20update%20notifications%20%3C%2FIP%3E%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807357(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20scavenging%20servers%20should%20host%20the%20zone%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807361(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20list%20of%20root%20hints%20must%20not%20contain%20the%20link-local%20IP%20address%20%3CIP%20address%3D%22%22%3E%20%3C%2FIP%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807404(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20list%20of%20root%20hints%20must%20not%20contain%20the%20host%20IP%20address%20or%20loopback%20address%20%3CIP%20address%3D%22%22%3E%20%3C%2FIP%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807388(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20list%20of%20root%20hints%20should%20contain%20more%20than%20one%20entry%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807356(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20is%20Active%20Directory%20integrated%20and%20should%20be%20present%20and%20configured%20as%20primary%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807395(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20is%20an%20Active%20Directory%20integrated%20DNS%20Zone%20and%20must%20be%20available%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807400(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20is%20an%20Active%20Directory%20integrated%20DNS%20zone%20and%20must%20be%20configured%20as%20primary%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807374(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20transfers%20from%20the%20primary%20to%20the%20secondary%20DNS%20server%20must%20be%20successful%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd391921(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20DNS%20server%20%3CIP%20address%3D%22%22%3E%20on%20%3CADAPTER%20name%3D%22%22%3E%20must%20be%20able%20to%20resolve%20names%20in%20the%20forest%20root%20domain%20name%20zone%20%3C%2FADAPTER%3E%3C%2FIP%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd378829(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20DNS%20server%20%3CIP%20address%3D%22%22%3E%20on%20%3CADAPTER%20name%3D%22%22%3E%20must%20be%20able%20to%20resolve%20names%20in%20the%20primary%20DNS%20domain%20zone%20%3C%2FADAPTER%3E%3C%2FIP%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd378976(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20DNS%20server%20%3CIP%20address%3D%22%22%3E%20on%20%3CADAPTER%20name%3D%22%22%3E%20must%20resolve%20Global%20Catalog%20resource%20records%20for%20the%20domain%20controller%20%3C%2FADAPTER%3E%3C%2FIP%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd378940(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20DNS%20server%20%3CIP%20address%3D%22%22%3E%20on%20%3CADAPTER%20name%3D%22%22%3E%20must%20resolve%20Kerberos%20resource%20records%20for%20the%20domain%20controller%20%3C%2FADAPTER%3E%3C%2FIP%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd391951(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20DNS%20server%20%3CIP%20address%3D%22%22%3E%20on%20%3CADAPTER%20name%3D%22%22%3E%20must%20resolve%20LDAP%20resource%20records%20for%20the%20domain%20controller%20%3C%2FADAPTER%3E%3C%2FIP%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd391855(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20DNS%20server%20%3CIP%20address%3D%22%22%3E%20on%20%3CADAPTER%20name%3D%22%22%3E%20must%20resolve%20PDC%20RRs%20for%20the%20domain%20controller%20%3C%2FADAPTER%3E%3C%2FIP%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdd391876(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20DNS%20server%20%3CIP%20address%3D%22%22%3E%20on%20%3CADAPTER%20name%3D%22%22%3E%20must%26nbsp%3B%20resolve%20the%20name%20of%20this%20computer%20%3C%2FADAPTER%3E%3C%2FIP%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807397(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20DNS%20servers%20assigned%20to%20the%20network%20adapter%20should%20respond%20consistently%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807377(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20master%20servers%20must%20respond%20to%20queries%20for%20the%20zone%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807384(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20secondary%20servers%20must%20respond%20to%20queries%20for%20the%20zone%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807379(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20master%20server%20%3CIP%20address%3D%22%22%3E%20must%20respond%20to%20queries%20for%20the%20zone%20%3C%2FIP%3E%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807402(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20secondary%20server%20%3CIP%20address%3D%22%22%3E%20should%20respond%20to%20queries%20for%20the%20zone%20%3C%2FIP%3E%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807382(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Root%20hint%20server%20%3CIP%20address%3D%22%22%3E%20must%20respond%20to%20NS%20queries%20for%20the%20root%20zone%20%3C%2FIP%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807399(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20At%20least%20one%20name%20server%20in%20the%20list%20of%20root%20hints%20must%20respond%20to%20queries%20for%20the%20root%20zone%20%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807359(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20The%20DNS%20server%20configured%20on%20the%20adapter%20%3CADAPTER%20name%3D%22%22%3E%20should%20resolve%20the%20name%20of%20this%20computer%20%3C%2FADAPTER%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%20%3CLI%3E%3CA%20href%3D%22http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fff807365(WS.10).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20DNS%3A%20Zone%20%3CZONE%20name%3D%22%22%3E%20is%20an%20Active%20Directory%20integrated%20DNS%20zone%20and%20must%20be%20running%20%3C%2FZONE%3E%3C%2FA%3E%3C%2FLI%3E%0A%20%20%3C%2FUL%3E%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Awww%20yeaaaahhh%E2%80%A6%20just%20memorize%20that%20and%20you%E2%80%99ll%20win%20any%20%22Microsoft%20recommended%20DNS%22%20bar%20bets%20you%20can%20imagine.%20That%E2%80%99s%20the%20cool%20thing%20about%20this%20ongoing%20BPA%20project%3A%20not%20only%20do%20you%20get%20a%20tool%20that%20will%20check%20your%20work%20in%20later%20OS%20versions%2C%20but%20the%20valid%20documentation%20gets%20centralized.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3CP%3E-%20Ned%20%E2%80%9CArren%20hates%20cowboys%E2%80%9D%20Pyle%3C%2FP%3E%0A%20%0A%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-398076%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20TechNet%20on%20Aug%2002%2C%202010%20Hi%20folks%2C%20Ned%20here%20again.%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-398076%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ebpa%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDNS%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Einfrastructure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ened%20pyle%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%207%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ewindows%20server%202008%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ewindows%20server%202008%20dns%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ewindows%20server%202008%20r2%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ewindows%20vista%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft
First published on TechNet on Aug 02, 2010
Hi folks, Ned here again. We’ve released another wave of Best Practices Analyzer rules for Windows Server 2008 / R2, and if you care about Directory Services you care about these:

AD DS rules update

Info: Update for the AD DS Best Practices Analyzer rules in Windows Server 2008 R2
Download: Rules Update for Active Directory Domain Services Best Practice Analyzer for Windows Server 20...



This update BPA for Active Directory Domain Services include seven rules changes and updates, some of which are well known but a few that are not.

DNS Analyzer 2.0

Operation Info : Best Practices Analyzer for Domain Name System – Ops
Configuration info : Best Practices Analyzer for Domain Name System - Config
Download: Microsoft DNS (Domain Name System) Model for Microsoft Baseline Configuration Analyzer 2.0 ...



Remember when – a few weeks back – I wrote about recommended DNS configuration and I promised more info? Well here it is, in all its glory. Despite what you might have heard, misheard, remembered, or argued about, this is the official recommended list, written by the Product Group and appended/vetted/munged by Support. Which includes:



Awww yeaaaahhh… just memorize that and you’ll win any "Microsoft recommended DNS" bar bets you can imagine. That’s the cool thing about this ongoing BPA project: not only do you get a tool that will check your work in later OS versions, but the valid documentation gets centralized.

- Ned “Arren hates cowboys” Pyle