[How to] Update Root Hints on DNS Servers

The authoritative name servers that serve the DNS root zone, commonly known as the “root servers“, are a network of hundreds of servers in many countries around the world. The 13 root name servers are operated by 12 independent organizations. Sometimes the IPv4 and/or IPv6 addresses are changed or are added to the list. Thus a good practice is to update your DNS Server Root Hints occasionally. For this blog post the screenshots are taken from a DNS Server running on Windows Server 2008 R2, but for Windows Server 2003 to Windows Server 2012 R2 there are no big differences how to configure this, from Windows Server 2016 and Windows 10, things can be easy configured and scripted with PowerShell, see the bottom of this post.


First of you need to start up the DNS Manager, you can find this under Administrative Tools or run with MMC shortcut dnsmgmt.msc.


Right click on the server, some networks can have listed more DNS Servers, where you want to update the Root Hints to open the context menu and click on Properties.


In the Properties window go to the Root Hints tab and click on Copy from Server.



A new window will pop up to specify the IP address or DNS name of the server to copy the Root Hints from. To get a reliable source, go to the root server’s website and search for a IP address here. At the time of writing you’ll only need to scroll down a bit on the front page to find IPv4 address from the a.root-servers.net DNS Server. Use this IP address or DNS name in the window Server to Copy From and click on OK.


As you can see in my case several IPv6 addresses are added and on the h.root-servers.net even an extra IPv4 address. Click on Apply and OK to close the Properties window.

If you don’t want to do this manually, with Windows Server 2016 and Windows 10 it is possible to script this easily with PowerShell and create a scheduled task for it, see this TechNet page for more information.