Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

7 Appendix B: Product Behavior

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include released service packs.

Note: Some of the information in this section is subject to change because it applies to an unreleased, preliminary version of the Windows Server operating system, and thus may differ from the final version of the server software when released. All behavior notes that pertain to the unreleased, preliminary version of the Windows Server operating system contain specific references to Windows Server 2016 Technical Preview as an aid to the reader.

  • Windows NT operating system

  • Windows 2000 operating system

  • Windows XP operating system

  • Windows Server 2003 operating system

  • Windows Vista operating system

  • Windows Server 2008 operating system

  • Windows 7 operating system

  • Windows Server 2008 R2 operating system

  • Windows 8 operating system

  • Windows Server 2012 operating system

  • Windows 8.1 operating system

  • Windows Server 2012 R2 operating system

  • Windows 10 operating system

  • Windows Server 2016 Technical Preview operating system

Exceptions, if any, are noted below. If a service pack or Quick Fix Engineering (QFE) number appears with the product version, behavior changed in that service pack or QFE. The new behavior also applies to subsequent service packs of the product unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms SHOULD or SHOULD NOT implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term MAY implies that the product does not follow the prescription.

<1> Section 2.1:  RPC over named pipes is supported on Windows NT, Windows 2000, and Windows Server 2003 only.

<2> Section 2.1.2: Windows 2000 and Windows Server 2003 clients always request RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH. Windows Server 2008, Windows Server 2008 R2 operating system, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview clients additionally request RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE during R_DnssrvOperation (section 3.1.4.1) or R_DnssrvOperation2 (section 3.1.4.6) when pszOperation is "EnlistDirectoryPartition".

<3> Section 2.1.2: Windows 2000 and Windows Server 2003 clients always request RPC_C_IMP_LEVEL_DELEGATE. Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview clients request RPC_C_IMP_LEVEL_DELEGATE during R_DnssrvOperation or R_DnssrvOperation2 when pszOperation is "EnlistDirectoryPartition".

<4> Section 2.2.1.1.1: Windows Server 2008, Windows Server 2008 R2, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview support type IDs up to and including DNSSRV_TYPEID_UTF8_STRING_LIST. Windows Server 2003 supports type IDs up to and including DNSSRV_TYPEID_ZONE_LIST, as enumerated in section 2.2.1.1.1. Windows 2000 supports type IDs up to and including DNSSRV_TYPEID_ZONE_LIST_W2K. The DNSSRV_TYPEID_ZONE_SCOPE_ENUM structure is available only in Windows Server 2012 R2 and Windows Server 2016 Technical Preview.

<5> Section 2.2.1.1.2: Windows clients and servers use this value to indicate use of LPC [MSDN-RPC].

<6> Section 2.2.1.2.6: Windows Server 2003 supports elements of this union up to and including ZoneCreateDotNet. Windows 2000 supports elements of this union up to and including ZoneListW2K.

<7> Section 2.2.2.1.1: Windows 2000 does not support the following types: DNS_TYPE_SIG, DNS_TYPE_KEY, DNS_TYPE_NXT, DNS_TYPE_NAPTR, and DNS_TYPE_DNAME. Windows Server 2003 does not support DNS_TYPE_NAPTR and DNS_TYPE_DNAME. The types DNS_TYPE_DS, DNS_TYPE_RRSIG, DNS_TYPE_NSEC, DNS_TYPE_DNSKEY, and DNS_TYPE_DHCID are supported only on Windows Server 2008 R2. DNS_TYPE_NSEC3 and DNS_TYPE_NSEC3PARAM are supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview. DNS_TYPE_TLSA is supported on Windows Server 2016 Technical Preview only.

<8> Section 2.2.2.1.2: Windows 2000 does not support the DNS_RPC_FLAG_OPEN_ACL record flag. DNS_RPC_FLAG_RECORD_WIRE_FORMAT and DNS_RPC_FLAG_SUPPRESS_RECORD_UPDATE_PTR are supported in Windows Server 2016 Technical Preview only.

<9> Section 2.2.2.2.4.2: Windows 2000 and Windows Server 2003 do not support DNS_TYPE_DNAME.

<10> Section 2.2.2.2.4.9: This record type is not supported in Windows 2000.

<11> Section 2.2.2.2.4.10: This record type is not supported by Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

<12> Section 2.2.2.2.4.11: This record type is not supported by Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

<13> Section 2.2.2.2.4.12: This record type is not supported by Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

<14> Section 2.2.2.2.4.13: This record type is not supported in Windows 2000.

<15> Section 2.2.2.2.4.14: This record type is not supported by Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

<16> Section 2.2.2.2.4.15: This record type is not supported by Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

<17> Section 2.2.2.2.4.17: This record type is not supported in Windows 2000.

<18> Section 2.2.2.2.4.20: This record type is not supported in Windows 2000.

<19> Section 2.2.2.2.4.24: This record type is supported only by Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<20> Section 2.2.2.2.4.25: This record type is supported only by Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<21> Section 2.2.2.2.4.26:  DNS_RPC_RECORD_TLSA is supported in Windows Server 2016 Technical Preview only.

<22> Section 2.2.2.2.4.27:  The DNS_RPC_RECORD_UNKNOWN structure is supported in Windows Server 2016 Technical Preview only.

<23> Section 2.2.2.2.5:  In Windows NT, Windows 2000, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, if the dwFlags field is set to DNS_RPC_FLAG_RECORD_WIRE_FORMAT, the error DNS_ERROR_RECORD_FORMAT is returned.

<24> Section 2.2.2.2.5: The records DNS_TYPE_DS, DNS_TYPE_RRSIG, DNS_TYPE_NSEC, DNS_TYPE_DNSKEY and DNS_TYPE_DHCID are not supported in Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

<25> Section 2.2.3.1.1: Windows 2000 and Windows Server 2003 do not support IP validation.

<26> Section 2.2.3.1.2: Windows 2000 and Windows Server 2003 do not support IP validation.

<27> Section 2.2.4.1.1: Windows NT 4.0 operating system populates its database in the following order, until successful: from a file-based persistent storage or from the persistent copy of the DNS Zone Table.

<28> Section 2.2.4.2.1: Windows uses the build number as the OS Revision.

<29> Section 2.2.4.2.2.1:  Except for Windows NT Server 4.0 operating system, which predates Active Directory, Windows Server operating system uses "cn=MicrosoftDNS,cn=System" as the constant container RDN. A complete DS Container string could, for example, be "cn=MicrosoftDNS,cn=System,DC=corp,DC=contoso,DC=com".

<30> Section 2.2.4.2.2.2: This version of the structure is for use with Windows Server 2003.

<31> Section 2.2.4.2.2.3: This version of the structure is for use with Windows Server 2008 and Windows Server 2008 R2.

<32> Section 2.2.5.1.1: Windows 2000 does not support the forwarder or stub zone types. Windows 2000 and Windows Server 2003 do not support the secondary cache zone type.

<33> Section 2.2.5.1.4: Windows 2000 does not support any zone request filter values that involve application directory partitions. Windows 2000 does not support stub or forwarder zone request filters.

<34> Section 2.2.5.1.5: Only Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview support DNSSEC key rollover. Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview support only DNS_ROLLOVER_TYPE_PREPUBLISH for signing key descriptors where fIsKSK is FALSE and DNS_ROLLOVER_TYPE_DOUBLE_SIGNATURE for signing key descriptors where fIsKSK is TRUE.

<35> Section 2.2.5.1.6: Only Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview support DNSSEC key rollover.

<36> Section 2.2.5.2.1:  Windows 2000 only supports DNS_RPC_ZONE_W2K.

<37> Section 2.2.5.2.2: The Windows DNS server auto-creates the 0.in-addr.arpa, 127.in-addr.arpa, and 255.in-addr.arpa zones as a performance optimization to avoid unnecessary recursions to the root server for queries for standard IP addresses such as 0.0.0.0, 127.0.0.1 (loopback), and 255.255.255.255 (broadcast).

<38> Section 2.2.5.2.2: Windows 2000 and Windows Server 2003 do not support the ReadOnly bit.

<39> Section 2.2.5.2.3:  Windows 2000 only supports DNS_RPC_ZONE_LIST_W2K.

<40> Section 2.2.5.2.4.2:  Windows Server incorrectly sets this to 0x00000000.

<41> Section 2.2.5.2.4.3: Windows Server incorrectly sets this to 0x00000000.

<42> Section 2.2.5.2.8: This structure is not implemented in Windows 2000.

<43> Section 2.2.5.2.10.1: Windows 2000 uses 5 minutes (300 seconds).

<44> Section 2.2.6.1.2: KeySignScope is available in Windows Server 2012 R2 and Windows Server 2016 Technical Preview only.

<45> Section 2.2.6.1.3: ImportOpResult is available in Windows Server 2012 R2 and Windows Server 2016 Technical Preview only.

<46> Section 2.2.6.2.1: Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview support RSASHA1, RSASHA1-NSEC3-SHA1, RSASHA256, and RSASHA512.

<47> Section 2.2.6.2.3:  Windows Server 2012 operating system, Windows Server 2012 R2, and Windows Server 2016 Technical Preview support automatic DNSSEC signing of zones.

<48> Section 2.2.6.2.9: The DNS_RPC_ZONE_DNSSEC_SETTINGS structure is available in Windows Server 2012 R2 and Windows Server 2016 Technical Preview only.

<49> Section 2.2.6.2.10: The DNS_RPC_ZONE_SKD structure is available in Windows Server 2012 R2 and Windows Server 2016 Technical Preview only.

<50> Section 2.2.6.2.11: The DNS_RPC_SKD_STATE_EX structure is available in Windows Server 2012 R2 and Windows Server 2016 Technical Preview only.

<51> Section 2.2.7.1.1: This enumeration is not supported in Windows NT, Windows 2000, and Windows XP.

<52> Section 2.2.7.1.1: Windows Server 2003 does not support read-only DCs and does not process the msDS-NC-RO-Replica-Locations.

<53> Section 2.2.7.2.1: DNS_RPC_DP_INFO is not supported by Windows NT, Windows 2000, and Windows XP.

<54> Section 2.2.7.2.1: Windows 2000 and Windows Server 2003 do not support read-only DCs and do not process the msDS-NC-RO-Replica-Locations.

<55> Section 2.2.7.2.2: This structure and its associated operations are not supported by Windows NT, Windows 2000, and Windows XP.

<56> Section 2.2.7.2.3: This structure is not supported by Windows NT, Windows 2000, and Windows XP.

<57> Section 2.2.7.2.4: This structure and its associated operations are not supported by Windows NT, Windows 2000, and Windows XP.

<58> Section 2.2.7.2.5: This structure and its associated operations are not supported by Windows NT, Windows 2000, and Windows XP.

<59> Section 2.2.7.2.6: This structure and its associated operations are not supported by Windows NT, Windows 2000, and Windows XP.

<60> Section 2.2.8.1.1: Windows NT 4.0 and Windows 2000 do not support this structure. Windows Server 2003 does not support the following values: DNS_RPC_AUTOCONFIG_INTERNAL_SELFPOINT_PREPEND, DNS_RPC_AUTOCONFIG_INTERNAL_SELFPOINT_APPEND (use DNS_RPC_AUTOCONFIG_INTERNAL_SELFPOINT instead), and DNS_RPC_AUTOCONFIG_INTERNAL_RETURN_ERRORS.

<61> Section 2.2.8.1.1: Windows Server 2003 does not support the DNS_RPC_AUTOCONFIG_INTERNAL_SELFPOINT_PREPEND constant. Use DNS_RPC_AUTOCONFIG_INTERNAL_SELFPOINT instead.

<62> Section 2.2.8.1.1:  Windows Server 2003 uses the values in the following table to obtain a constant. Windows Server 2003 interprets each value in the right-hand column as the corresponding constant in the left-hand column, regardless of the version of the client connecting to it. The client uses the corresponding values in the table to indicate each constant, regardless of the version of the server it is connecting to. No Windows implementation checks the version of the other communicating host when determining how to select or interpret these values.

Constant

Value used by Windows Server 2003

DNS_RPC_AUTOCONFIG_INTERNAL_ROOTHINTS

0x00000001

DNS_RPC_AUTOCONFIG_INTERNAL_FORWARDERS

0x00000002

DNS_RPC_AUTOCONFIG_ZONES

0x00000008

DNS_RPC_AUTOCONFIG_INTERNAL_SELFPOINT

0x00000004

DNS_RPC_AUTOCONFIG_ALL

0xFFFFFFFF

<63> Section 2.2.9.1.1: DNS_LOG_LEVEL_UNMATCHED_RESPONSE is not supported by Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

<64> Section 2.2.10.1.1: DNSSRV_STATID_DNSSEC is not supported by Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

<65> Section 2.2.10.2.6: Windows 2000 DNS servers do not include this field.

<66> Section 2.2.10.2.7: Windows 2000 DNS servers do not implement the ResponseMismatched field. Windows 2000 and Windows Server 2003 DNS servers do not implement the GnzLocalQuery field.

<67> Section 2.2.10.2.7: This field is not supported by Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

<68> Section 2.2.10.2.8: This record type is not supported by Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

<69> Section 2.2.10.2.9: Windows 2000 and Windows Server 2003 DNS servers do not include this field.

<70> Section 2.2.10.2.9: Windows 2000 DNS servers do not include this field.

<71> Section 2.2.10.2.10: Windows 2000 DNS servers do not include this field.

<72> Section 2.2.10.2.14: Windows 2000 does not include this field.

<73> Section 2.2.10.2.20:  Windows 2000 does not support PacketsForNsListUsed, PacketsForNsListReturned, and PacketsForNsListInUse.

<74> Section 2.2.10.2.20: Windows 2000 DNS servers do not include this field.

<75> Section 2.2.12.1.1: The DNS_ZONE_STATS_TYPE enumerator is available in Windows Server 2012 R2 and Windows Server 2016 Technical Preview only.

<76> Section 2.2.12.2.1: The DNSSRV_ZONE_TIME_STATS structure is available in Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview only.

<77> Section 2.2.12.2.2: The DNSSRV_ZONE_QUERY_STATS structure is available in Windows Server 2012 R2 and Windows Server 2016 Technical Preview only.

<78> Section 2.2.12.2.3: The DNSSRV_ZONE_TRANSFER_STATS structure is available in Windows Server 2012 R2 and Windows Server 2016 Technical Preview only.

<79> Section 2.2.12.2.4: The DNSSRV_ZONE_UPDATE_STATS structure is available in Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview only.

<80> Section 2.2.12.2.5: The DNS_RPC_ZONE_STATS_V1 structure is available in Windows Server 2012 R2 and Windows Server 2016 Technical Preview only.

<81> Section 2.2.13.2.1: The DNS_RPC_ENUM_ZONE_SCOPE_LIST structure is available in Windows Server 2012 R2 and Windows Server 2016 Technical Preview only.

<82> Section 2.2.13.2.2.1: The DNS_RPC_ZONE_SCOPE_CREATE_INFO_V1 structure is available in Windows Server 2012 R2 and Windows Server 2016 Technical Preview only.

<83> Section 2.2.13.2.3.1: The DNS_RPC_ZONE_SCOPE_INFO_V1 structure is available in Windows Server 2012 R2 and Windows Server 2016 Technical Preview only.

<84> Section 2.2.14.1.1: The DNS_RPC_ENUM_SCOPE_LIST structure is supported in Windows Server 2012 R2 with [MSKB-2919355] and Windows Server 2016 Technical Preview and is reserved for future use.

<85> Section 2.2.15:  DNS Policy constants and structures are implemented in Windows 10 and Windows Server 2016 Technical Preview only.

<86> Section 2.3: The dnsProperty and dnsRecord attributes, and their associated properties, are not supported on Windows NT 4.0.

<87> Section 2.3: The following attributes of dnsZone are supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview:

  • msDNS-IsSigned

  • msDNS-NSEC3OptOut

  • msDNS-SigningKeys

  • msDNS-SignWithNSEC3

  • msDNS-NSEC3UserSalt

  • msDNS-DNSKEYRecords

  • msDNS-DSRecordSetTTL

  • msDNS-NSEC3Iterations

  • msDNS-PropagationTime

  • msDNS-NSEC3CurrentSalt

  • msDNS-RFC5011KeyRollovers

  • msDNS-NSEC3HashAlgorithm

  • msDNS-DSRecordAlgorithms

  • msDNS-DNSKEYRecordSetTTL

  • msDNS-MaintainTrustAnchor

  • msDNS-NSEC3RandomSaltLength

  • msDNS-SigningKeyDescriptors

  • msDNS-SignatureInceptionOffset

  • msDNS-ParentHasSecureDelegation

  • msDNS-SecureDelegationPollingPeriod

<88> Section 2.3.1.1: msDNS-ServerSettings is supported only by Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<89> Section 2.3.2.1.1: The following table lists dnsProperty Ids that are supported under different versions of Windows Server.

Property Name

Windows NT 4.0

Windows 2000

Windows Server 2003

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016 Technical Preview

DSPROPERTY_ZONE_TYPE

X

X

X

X

X

X

X

DSPROPERTY_ZONE_ALLOW_UPDATE

X

X

X

X

X

X

X

DSPROPERTY_ZONE_SECURE_TIME

X

X

X

X

X

X

X

DSPROPERTY_ZONE_NONREFRESH_INTERVAL

X

X

X

X

X

X

X

DSPROPERTY_ZONE_REFRESH_INTERVAL

X

X

X

X

X

X

X

DSPROPERTY_ZONE_AGING_STATE

X

X

X

X

X

X

X

DSPROPERTY_ZONE_SCAVENGING_SERVERS

X

X

X

X

X

X

X

DSPROPERTY_ZONE_DELETED_FROM_HOSTNAME

X

X

X

DSPROPERTY_ZONE_AGING_ENABLED_TIME

X

X

X

X

X

DSPROPERTY_ZONE_MASTER_SERVERS

X

X

X

X

X

DSPROPERTY_ZONE_AUTO_NS_SERVERS

X

X

X

X

X

X

DSPROPERTY_ZONE_DCPROMO_CONVERT

X

X

X

X

X

X

DSPROPERTY_ZONE_SCAVENGING_SERVERS_DA

X

X

X

X

X

DSPROPERTY_ZONE_MASTER_SERVERS_DA

X

X

X

X

X

DSPROPERTY_ZONE_AUTO_NS_SERVERS_DA

X

X

X

X

X

DSPROPERTY_ZONE_NODE_DBFLAGS

X

X

X

X

X

X

X

<90> Section 2.3.2.1.1: The DNS server does not write the DSPROPERTY_ZONE_SCAVENGING_SERVERS propertyId if ForceForestBehaviorVersion (section 3.1.1.1.1) indicates a forest (1) behavior version corresponding to Windows NT, Windows 2000, or Windows Server 2003.

<91> Section 2.3.2.1.1: Windows 2000 and Windows Server 2003 initialize this value with the hostname of the server when the zone is being deleted and preserve the value at all other times. Windows Server 2008 and Windows Server 2008 R2 ignore this value. Windows NT Server 4.0 does not support this structure. The hostname written is the FQDN of the local machine, as determined by the GetComputerNameExW system call.

<92> Section 2.3.2.1.1: The DNS server does not write the DSPROPERTY_ZONE_MASTER_SERVERS propertyId if ForceForestBehaviorVersion (section 3.1.1.1.1) indicates a forest behavior version corresponding to Windows NT, Windows 2000, or Windows Server 2003.

<93> Section 2.3.2.1.1: The DNS server does not write the DSPROPERTY_ZONE_AUTO_NS_SERVERS propertyId if ForceForestBehaviorVersion (section 3.1.1.1.1) indicates a forest behavior version corresponding to Windows NT, Windows 2000, or Windows Server 2003.

<94> Section 2.3.2.1.2: The RODC mode check is not supported on Windows NT, Windows 2000, and Windows Server 2003.

<95> Section 2.3.2.1.2: The DcPromo flags are not supported on Windows NT and Windows 2000.

<96> Section 3.1.1: Windows Server (except Windows NT Server 4.0 which predates Active Directory) uses "cn=MicrosoftDNS,cn=System" as the constant container relative distinguished name. A complete DS Container string could, for example, be "cn=MicrosoftDNS,cn=System,DC=corp,DC=contoso,DC=com". The access control list is stored in the ntSecurityDescriptor attribute of this container and can be modified using standard LDAP modify operations (see [MS-ADTS] section 3.1.1.5.3).

<97> Section 3.1.1: In Windows, this access control list by default grants Full Control to the Domain Administrators group, Full Control to members of the "DnsAdmins" group, and Full Control to members of the Enterprise Domain Controllers group if the DNS server is Active Directory integrated, and Full control to the Administrators group and the System Operators group otherwise.

<98> Section 3.1.1: Windows Server (except Windows NT Server 4.0 which predates Active Directory) uses the dnsTombstoned attribute to store DNS Record Tombstone State in the directory server. A value of TRUE indicates that the node is a tombstone. Any other value indicates that the node is not a tombstone. Windows Server does not support DNS Record Tombstone state for zones that are not stored in the directory server.

<99> Section 3.1.1: In Windows 2000, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2, this Access Control List by default grants Full Control to the Domain Administrators Group, Create All Child Objects privilege to Authenticated Users, and Read privilege to Everyone. If the zone is not stored in the DNS Forest Partition in the directory server, Full Control is also granted to the "DnsAdmins" group. In Windows Server 2008 and Windows Server 2008 R2, Full Control is also granted to members of the Enterprise Domain Controllers group, and Container Inheritance is enabled. In all other versions of Windows, Container Inheritance is not enabled. 

<100> Section 3.1.1: Only Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016 Technical Preview support this element.

<101> Section 3.1.1: Only Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016 Technical Preview support this element.

<102> Section 3.1.1: The Windows 2000 DNS server does not implement an Application Directory Partition Table and does not support any operations related to application directory partitions.

<103> Section 3.1.1:  Windows Server except Windows NT Server 4.0 (which predates Active Directory) and Windows 2000 (which predates Application Directory Partitions) use "CN=MicrosoftDNS,CN=PartitionName" as the container relative distinguished name, where PartitionName is ForestDnsZones, DomainDnsZones, or a custom label specified by the administrator. A complete distinguished name for the object where this Access Control List is stored could be, for example, "CN=MicrosoftDNS,CN=DomainDnsZones,DC=corp,DC=contoso,DC=com". The access control list is stored in the ntSecurityDescriptor attribute of this container and can be modified using standard LDAP modify operations (see [MS-ADTS] section 3.1.1.5.3).

By default this Access Control List grants Full Control to members of the "DnsAdmins" group, Full Control to members of the Enterprise Domain Controllers group, and if the name of this partition is not ForestDnsZones Full Control to members of the Domain Administrators group.

<104> Section 3.1.1:  Windows Server uses the LocalSystem account as the default DNS Server Credentials.

<105> Section 3.1.1:  Windows NT 4.0 and Windows 2000 do not support DownlevelDCsInDomain. All the supporting versions of the DNS servers acquire the value using the LDAP filter "(&(objectCategory=ntdsDsa)(!(msDS-Behavior-Version>=x))(|(msDS-HasMasterNCs=y)(hasMasterNCs=y)))", where x is the forest functional level value ("ms-DS-Behavior-Version: Forest Functional Level", [MS-ADTS] section 6.1.4.4) that corresponds to that of Windows Server 2003, and y is the domain partition value ("nTDSDSA Object", [MS-ADTS] section 6.1.1.2.2.1.2.1.1).

<106> Section 3.1.1.1.1: Range verification is not supported in Windows NT 4.0, Windows 2000, and Windows Server 2003. In these versions, the range is unlimited, unless otherwise specified for a property. On upgrade, from Windows NT 4.0, Windows 2000, or Windows Server 2003 to Windows Server 2008 or Windows Server 2008 R2, range verification is enforced on values set under the previous version. On upgrade, if the value is zero, but not in the new version's range, and the zero value is disallowed, then the default value is used.

<107> Section 3.1.1.1.1: In Windows NT 4.0 this property does not exist.

<108> Section 3.1.1.1.1: In Windows NT 4.0 this property does not exist.

<109> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000 this property does not exist.

<110> Section 3.1.1.1.1: In Windows NT 4.0, Windows 2000, and Windows Server 2003, the default value is 0x00000001.

<111> Section 3.1.1.1.1: Windows NT 4.0 does not implement this property.

<112> Section 3.1.1.1.1: Windows NT 4.0 does not support this property.

<113> Section 3.1.1.1.1: Windows NT 4.0 does not support this property.

<114> Section 3.1.1.1.1: Windows NT 4.0 and Windows 2000 do not support this property.

<115> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, the default value is 0x0000012C (5 minutes).

<116> Section 3.1.1.1.1: In Windows NT 4.0, Windows 2000, and Windows Server 2003, the default value is 0x00093A80 (7 days).

<117> Section 3.1.1.1.1: In Windows NT 4.0, Windows 2000, and Windows Server 2003, the default value is 0x00000005.

<118> Section 3.1.1.1.1: Windows NT 4.0 uses zero as the default value.

<119> Section 3.1.1.1.1: In Windows NT 4.0 this parameter is not implemented. In Windows 2000, the default value is 0x04000000 (4 MB).

<120> Section 3.1.1.1.1: The following table lists DNS_LOG_LEVELS flags that are supported for different versions of Windows Server. Where a flag is unsupported, the flag will be stored but ignored.

Property Name

Windows NT 4.0

Windows 2000

Windows Server 2003

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016 Technical Preview

DNS_LOG_LEVEL_ANSWERS

X

X

X

X

X

X

X

X

DNS_LOG_LEVEL_DS_UPDATE

X

X

DNS_LOG_LEVEL_DS_WRITE

X

X

DNS_LOG_LEVEL_FULL_PACKETS

X

X

X

X

X

X

X

X

DNS_LOG_LEVEL_NOTIFY

X

X

X

X

X

X

X

X

DNS_LOG_LEVEL_QUERY

X

X

X

X

X

X

X

X

DNS_LOG_LEVEL_QUESTIONS

X

X

X

X

X

X

X

X

DNS_LOG_LEVEL_RECV

X

X

X

X

X

X

X

X

DNS_LOG_LEVEL_SEND

X

X

X

X

X

X

X

X

DNS_LOG_LEVEL_TCP

X

X

X

X

X

X

X

X

DNS_LOG_LEVEL_UDP

X

X

X

X

X

X

X

X

DNS_LOG_LEVEL_UNMATCHED_RESPONSE

X

X

X

X

DNS_LOG_LEVEL_UPDATE

X

X

X

X

X

X

X

X

DNS_LOG_LEVEL_WRITE_THROUGH

X

X

X

X

X

X

X

X

<121> Section 3.1.1.1.1: Windows NT 4.0 does not implement this property.

<122> Section 3.1.1.1.1: This parameter is implemented only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<123> Section 3.1.1.1.1: In Windows NT 4.0 the default value is 0x00000003.

<124> Section 3.1.1.1.1: Windows NT 4.0 does not implement this property.

<125> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<126> Section 3.1.1.1.1: In Windows NT 4.0, this property is not implemented.

<127> Section 3.1.1.1.1: In Windows NT 4.0, this property is not supported.

<128> Section 3.1.1.1.1: In Windows NT 4.0, Windows 2000, and Windows Server 2003, the default value is 0x0000000F.

<129> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented. In Windows Server 2003, the default value is 0x00000001.

<130> Section 3.1.1.1.1: In Windows NT 4.0, Windows 2000, Windows Server 2003, and Windows Server 2008, the default value is 0xFFFFFFFF.

<131> Section 3.1.1.1.1: In Windows NT 4.0 the default value is 0.

<132> Section 3.1.1.1.1: In Windows NT 4.0, this property is not implemented. In Windows 2000 and Windows Server 2003, the value's range MUST be unlimited, and the value zero MUST be treated as a flag value for 0xFFFFFFFF.

<133> Section 3.1.1.1.1: Windows NT 4.0 does not implement this property.

<134> Section 3.1.1.1.1: In Windows NT 4.0, this property is not implemented. In Windows 2000, the default value is 0x00000001.

<135> Section 3.1.1.1.1: In Windows NT 4.0, Windows 2000, Windows Server 2003, and Windows Server 2008, this value is not implemented.

<136> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<137> Section 3.1.1.1.1: Windows NT 4.0 does not implement this property.

<138> Section 3.1.1.1.1: Windows NT Server 4.0 and Windows 2000 do not limit this value.

<139> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented. In Windows Server 2003, the default value is 0x0000000F, the minimum value is 0x00000003, the maximum value is 0x00000078, and values greater than the maximum or less than the minimum are treated as flag values for the maximum and minimum respectively.

<140> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented. In Windows Server 2003, the default value is 0x00000001.

<141> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<142> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<143> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<144> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<145> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented. In Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2 operating system, and Windows Server 2016 Technical Preview, the default value is 0x00015180 (1 day), and the allowed range is 0x00000E10 (1 hour) to 0x00EFF100 (182 days).

<146> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<147> Section 3.1.1.1.1: This property is not implemented in Windows NT 4.0 and Windows 2000. Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview process DNSSEC based on [RFC2535] and the value is an enumerated DWORD, with the permitted range between 0x00000000 to 0x00000002, inclusive. The meaning of the allowed values is indicated in the following table.

Name/Value

Meaning

DNS_DNSSEC_DISABLED

0x00000000

The server will not include DNSSEC information in responses.

DNS_DNSSEC_ENABLED_IF_EDNS

0x00000001

The server will include DNSSEC information in a response only if the client request had EDNS [RFC2671] enabled.

DNS_DNSSEC_ENABLED_ALWAYS

0x00000002

The server will include DNSSEC information in a response whenever such information is available.

<148> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented. In Windows Server 2008 the default value is zero.

<149> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<150> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented. Default values are as follows:

  • Windows Server 2003: zero (FALSE)

  • Windows Server 2008: nonzero value (TRUE)

  • Windows Server 2008 R2: nonzero value (TRUE)

<151> Section 3.1.1.1.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<152> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<153> Section 3.1.1.1.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<154> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<155> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<156> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<157> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<158> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented. In Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview, the default value is 0x00015180 (1 day).

<159> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<160> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented. In Windows Server 2003, the default value is 0xFFFFFFFF (DNS_SERVER_UNLIMITED_CACHE_SIZE).

<161> Section 3.1.1.1.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<162> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<163> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<164> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<165> Section 3.1.1.1.1: In Windows, the default value varies with the operating system version. In Windows Server 2003, and Windows Server 2008, the default value is 0x00000500. In Windows Server 2008 R2, the default value is 0x00000FA0.

<166> Section 3.1.1.1.1: This property is not supported in Windows NT 4.0 or Windows 2000.

<167> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<168> Section 3.1.1.1.1: Windows NT 4.0 and Windows 2000 do not support this property.

<169> Section 3.1.1.1.1: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<170> Section 3.1.1.1.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<171> Section 3.1.1.1.1: Windows NT 4.0, Windows 2000, and Windows Server 2003 do not support these properties.

<172> Section 3.1.1.1.1: In Windows NT 4.0, Windows 2000, Windows Server 2003, and Windows Server 2008 R2, this property is not implemented.

<173> Section 3.1.1.1.1: This property is not supported on Windows NT 4.0, Windows 2000, or Windows Server 2003.

<174> Section 3.1.1.1.1: On Windows Server 2008 and Windows Server 2008 R2, the default value is 0x00000001. On Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview, the default value is 0x00000000.

<175> Section 3.1.1.1.1: This property is not supported in Windows NT 4.0, Windows 2000, or on Windows Server 2003

<176> Section 3.1.1.1.1: The EnableGlobalQueryBlockList property is not supported in Windows NT, Windows 2000, or Windows Server 2003.

<177> Section 3.1.1.1.1: The OpenACLOnProxyUpdates and CacheLockingPercent properties are not supported in Windows NT, Windows 2000, Windows Server 2003, or Windows Server 2008.

<178> Section 3.1.1.1.1: ZoneWritebackInterval is available only in Windows Server 2012 R2 and Windows Server 2016 Technical Preview.

<179> Section 3.1.1.1.2: Windows NT Server 4.0, Windows 2000, and Windows Server 2003 use DNSSRV_TYPEID_IPARRAY for input and return values. Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview accept DNSSRV_TYPEID_IPARRAY and DNSSRV_TYPEID_ADDRARRAY as input and output DNSSRV_TYPEID_ADDRARRAY unless dwClientVersion is used to request a previous format.

<180> Section 3.1.1.1.2: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<181> Section 3.1.1.1.2: Windows 2000 does not support these properties.

<182> Section 3.1.1.1.3: Windows 2000 does not support these properties.

<183> Section 3.1.1.1.3: If the path or filename is not absolute, Windows Server stores the log file relative to the "%SystemRoot%\System32" directory.

<184> Section 3.1.1.1.3: Windows 2000 and Windows 2003 do not support these properties.

<185> Section 3.1.1.1.3: In Windows NT 4.0 and Windows 2000, this property is not implemented.

<186> Section 3.1.1.1.3: This parameter is implemented only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<187> Section 3.1.1.1.4: Windows 2000 and Windows Server 2003 do not support these properties.

<188> Section 3.1.1.2.1: On Windows, it is written into the system32\dns directory.

<189> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<190> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<191> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<192> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<193> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<194> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<195> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<196> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<197> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<198> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<199> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<200> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<201> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<202> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<203> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<204> Section 3.1.1.2.1: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<205> Section 3.1.1.2.1: This property is not supported on Windows NT 4.0.

<206> Section 3.1.1.2.1: This property is not supported on Windows NT 4.0 and Windows 2000. Furthermore, it is only supported on zones configured for forwarding.

<207> Section 3.1.1.2.1: This property is not supported on Windows NT 4.0 and Windows 2000. Furthermore, it is only supported on zones configured for forwarding.

<208> Section 3.1.1.2.1: This property is supported only on Windows NT 4.0.

<209> Section 3.1.1.2.1: The PluginEnabled property of a zone is available in Windows Server 2012 R2 and Windows Server 2016 Technical Preview only.

<210> Section 3.1.1.2.2: Windows 2000 does not support these properties.

<211> Section 3.1.1.2.3: Windows 2000 does not support these properties.

<212> Section 3.1.1.2.3: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<213> Section 3.1.1.2.3: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<214> Section 3.1.1.2.3: This property is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<215> Section 3.1.1.2.5: DNS zone scope configuration information is available in Windows Server 2012 R2 and Windows Server 2016 Technical Preview only. Zone scopes inherit all the properties and configurations of the zone in which they are created unless overridden explicitly.

<216> Section 3.1.1.3.2:  Windows NT Server 4.0, Windows 2000, and Windows Server 2003 use DNSSRV_TYPEID_IPARRAY for input and return values. Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview accept DNSSRV_TYPEID_IPARRAY and DNSSRV_TYPEID_ADDRARRAY as input and output DNSSRV_TYPEID_ADDRARRAY unless dwClientVersion is used to request a previous format.

<217> Section 3.1.3: Windows NT 4.0 does not support invocation of the Netlogon protocol implementation.

<218> Section 3.1.4: Windows 2000 supports only opnums 0 through 4.

<219> Section 3.1.4.1:  The following values are implemented in Windows Server 2016 Technical Preview only.

§ CreateClientSubnetRecord

§ DeleteClientSubnetRecord

§ DeleteSubnetsInRecord

§ AddSubnetsInRecord

§ ResetClientSubnetRecord

§ CreatePolicy

§ DeletePolicy

§ UpdatePolicy

<220> Section 3.1.4.1: In Windows, the DNS server process can fail on the Restart command.

<221> Section 3.1.4.1: Windows 2000 uses DNSSRV_TYPEID_ZONE_CREATE_W2K. Windows Server 2003 uses DNSSRV_TYPEID_ZONE_CREATE_DOTNET.

<222> Section 3.1.4.1: Windows NT Server 4.0 and Windows 2000 return error 9611 (invalid DNS zone type) for ZoneCreate operations with DNS_ZONE_TYPE_STUB or DNS_ZONE_TYPE_CACHE record types. Windows returns the same error for DNS_ZONE_TYPE_CACHE and DNS_ZONE_TYPE_SECONDARY_CACHE.

<223> Section 3.1.4.1:  Windows 2000 returns a failure for this value of pszOperation. Windows Server 2003 accepts DWORD input only. The Windows Server 2003 DNS client sends DWORD input.

<224> Section 3.1.4.1: Windows XP and Windows Server 2003 accept DNSSRV_TYPEID_IPARRAY and IP4_ARRAY and do not accept DNSSRV_TYPEID_ADDRARRAY and DNS_ADDR_ARRAY. Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview accept DNSSRV_TYPEID_ADDR_ARRAY and DNS_ADDR_ARRAY and do not accept DNSSRV_TYPEID_IPARRAY and IP4_ARRAY.

<225> Section 3.1.4.1: Windows 2000 uses DNSSRV_TYPEID_FORWARDERS_W2K. Windows Server 2003 uses DNSSRV_TYPEID_FORWARDERS_DOTNET.

<226> Section 3.1.4.1: Windows NT 4.0 and Windows 2000 do not support this value. Windows XP and Windows Server 2003 accept DNSSRV_TYPEID_IPARRAY and IP4_ARRAY and do not accept DNSSRV_TYPEID_ADDRARRAY and DNS_ADDR_ARRAY. Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview accept DNSSRV_TYPEID_ADDR_ARRAY and DNS_ADDR_ARRAY and do not accept DNSSRV_TYPEID_IPARRAY and IP4_ARRAY.

<227> Section 3.1.4.1:  See behavior note for the LogIPFilterList value.

<228> Section 3.1.4.1: See behavior note for the LogIPFilterList value.

<229> Section 3.1.4.1: This operation is supported only on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

<230> Section 3.1.4.1: This operation is supported in Windows Server 2012 R2 with [MSKB-2919355] and Windows Server 2016 Technical Preview and is reserved for future use.

<231> Section 3.1.4.1: This operation is supported in Windows Server 2012 R2 with [MSKB-2919355] and Windows Server 2016 Technical Preview and is reserved for future use.

<232> Section 3.1.4.1:  The following values are supported on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

§ SignZone

§ UnsignZone

§ ResignZone

§ PerformZoneKeyRollover

§ PokeZoneKeyRollover

§ RetrieveRootTrustAnchor

§ TransferKeymasterRole

<233> Section 3.1.4.1: A Windows implementation allows DNS_ZONE_NOTIFY_LEVEL to be set only to values 0x0 through 0x1. Attempts to set this property to a higher value result in the effective value 0x1.

<234> Section 3.1.4.1: Windows 2000 uses DNSSRV_TYPEID_ZONE_CREATE_W2K, and cannot convert from other types. Windows Server 2003 uses DNSSRV_TYPEID_ZONE_CREATE_DOTNET, and can convert from DNSSRV_TYPEID_ZONE_CREATE_W2K.

Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview use DNSSRV_TYPEID_ZONE_CREATE and can convert from DNSSRV_TYPEID_ZONE_CREATE_W2K and DNSSRV_TYPEID_ZONE_CREATE_DOTNET.

<235> Section 3.1.4.1: Windows 2000 uses DNSSRV_TYPEID_ZONE_DATABASE_W2K. Windows Server 2003 uses DNSSRV_TYPEID_ZONE_DATABASE.

<236> Section 3.1.4.1: If ForceForestBehaviorVersion (section 3.1.1.1.1) indicates a forest behavior version of Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 Technical Preview the server writes only DNS_ADDR_ARRAY values to the directory server. Otherwise, the server writes both IP4_ARRAY and DNS_ADDR_ARRAY values. Windows NT 4.0, Windows 2000, and Windows Server 2003 do not support this forest version check, and write only IP4_ARRAY values to the directory server.

Windows 2000 and Windows Server 2003 accept DNSSRV_TYPEID_IPARRAY and IP4_ARRAY and silently disregard DNSSRV_TYPEID_ADDRARRAY and DNS_ADDR_ARRAY. They also write only the IP4_ARRAY value to the directory server if the server is DS-integrated; when reading from the directory server, only the IP4_ARRAY value is read, and any DNS_ADDR_ARRAY values are ignored. Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview accept DNSSRV_TYPEID_ADDRARRAY and DNS_ADDR_ARRAY and do not accept DNSSRV_TYPEID_IPARRAY and IP4_ARRAY, and write both formats to the directory server if the server is DS-integrated; when reading from the directory server, the DNS_ADDR_ARRAY value is read if it exists; otherwise the IP4_ARRAY value is read.

<237> Section 3.1.4.1: Windows 2000 does not support this operation. Windows Server 2003 accepts DNSSRV_TYPEID_IPARRAY and IP4_ARRAY and does not accept DNSSRV_TYPEID_ADDRARRAY and DNS_ADDR_ARRAY. Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview accept DNSSRV_TYPEID_ADDR_ARRAY and DNS_ADDR_ARRAY and do not accept DNSSRV_TYPEID_IPARRAY and IP4_ARRAY.

<238> Section 3.1.4.1:  Windows 2000 uses DNSSRV_TYPEID_ZONE_SECONDARIES_W2K. Windows Server 2003 uses DNSSRV_TYPEID_ZONE_SECONDARIES_DOTNET.

<239> Section 3.1.4.1:  See behavior note for the MasterServer value.

<240> Section 3.1.4.1:  See behavior note for the MasterServer value.

<241> Section 3.1.4.1: CreateZoneScope is available only in Windows Server 2012 R2 and Windows Server 2016 Technical Preview.

<242> Section 3.1.4.1: DeleteZoneScope is available only in Windows Server 2012 R2 and Windows Server 2016 Technical Preview.

<243> Section 3.1.4.1: In Windows NT 4.0, Windows 2000, and Windows Server 2003, no range limiting or zero/nonzero restrictions are applied.

<244> Section 3.1.4.1: The following table lists property names that are supported as an input to the pszOperation parameter for different versions of Windows Server.

Property name

Windows NT 4.0

Windows 2000

Windows Server 2003

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016 Technical Preview

AdditionalRecursionTimeout

X

X

X

X

X

X

AddressAnswerLimit

X

X

X

X

X

X

X

X

AdminConfigured

X

X

X

X

X

X

X

AllowCNAMEAtNS

X

X

X

X

X

X

X

AllowMsdcsLookupRetry

X

AllowReadOnlyZoneTransfer

X

X

X

X

X

AllowUpdate

X

X

X

X

X

X

X

X

AppendMsZoneTransferTag

X

X

X

X

X

X

AutoCacheUpdate

X

X

X

X

X

X

X

X

AutoConfigFileZones

X

X

X

X

X

X

AutoCreateDelegations

X

X

X

X

X

X

BindSecondaries

X

X

X

X

X

X

X

X

BootMethod

X

X

X

X

X

X

X

X

BreakOnAscFailure

X

X

X

X

X

X

CacheEmptyAuthResponses

X

X

X

X

X

X

CacheLockingPercent

X

X

X

X

DebugLevel

X

X

X

X

X

X

X

X

DefaultAgingState

X

X

X

X

X

X

X

DefaultNoRefreshInterval

X

X

X

X

X

X

X

DefaultRefreshInterval

X

X

X

X

X

X

X

DeleteOutsideGlue

X

X

X

X

X

X

X

X

DirectoryPartitionAutoEnlistInterval

X

X

X

X

X

X

DisjointNets

X

X

X

X

X

X

X

X

DsBackgroundLoadPaused

X

X

X

X

X

DsLazyUpdateInterval

X

X

X

X

X

X

DsMinimumBackgroundLoadThreads

X

X

X

X

X

DsPollingInterval

X

X

X

X

X

X

X

X

DsRemoteReplicationDelay

X

X

X

X

X

DsTombstoneInterval

X

X

X

X

X

X

X

X

EDnsCacheTimeout

X

X

X

X

X

X

EnableDirectoryPartitions

X

X

X

X

X

X

EnableDnsSec

X

X

X

X

X

X

EnableDuplicateQuerySuppression

X

X

X

X

X

EnableEDnsProbes

X

X

X

X

X

X

EnableEDnsReception

X

X

X

X

X

X

EnableForwarderReordering

X

X

X

EnableGlobalNamesSupport

X

X

X

X

X

EnableIPv6

X

X

X

X

X

X

EnableIQueryResponseGeneration

X

X

X

X

X

X

EnableOnlineSigning

X

X

X

EnablePolicies

X

EnableRegistryBoot

X

X

X

X

X

X

X

X

EnableRsoForRodc

X

X

X

X

X

EnableSendErrorSuppression

X

X

X

X

X

X

EnableUpdateForwarding

X

X

X

X

X

X

EnableVersionQuery

X

X

X

X

X

EnableWinsR

X

X

X

X

X

X

EventLogLevel

X

X

X

X

X

X

X

X

ForceDomainBehaviorVersion

X

X

X

X

X

X

ForceDsaBehaviorVersion

X

X

X

X

X

X

ForceForestBehaviorVersion

X

X

X

X

X

X

ForceRODCMode

X

X

X

X

X

ForceSoaExpire

X

X

X

X

X

X

X

X

ForceSoaMinimumTtl

X

X

X

X

X

X

X

X

ForceSoaRefresh

X

X

X

X

X

X

X

X

ForceSoaRetry

X

X

X

X

X

X

X

X

ForceSoaSerial

X

X

X

X

X

X

X

X

ForwardDelegations

X

X

X

X

X

X

X

X

ForwardingTimeout

X

X

X

X

X

X

X

X

GlobalNamesAlwaysQuerySrv

X

X

X

X

X

GlobalNamesBlockUpdates

X

X

X

X

X

GlobalNamesEnableEDnsProbes

X

X

X

X

X

GlobalNamesPreferAAAA

X

X

X

X

X

GlobalNamesQueryOrder

X

X

X

X

X

GlobalNamesSendTimeout

X

X

X

X

X

GlobalNamesServerQueryInterval

X

X

X

X

X

HeapDebug

X

X

X

X

X

X

IsSlave

X

X

X

X

X

X

X

X

LameDelegationTtl

X

X

X

X

X

X

LocalNetPriority

X

X

X

X

X

X

X

X

LocalNetPriorityNetMask

X

X

X

X

X

X

LogFileMaxSize

X

X

X

X

X

X

X

LogLevel

X

X

X

X

X

X

X

X

LooseWildcarding

X

X

X

X

X

X

X

X

MaxCacheSize

X

X

X

X

X

X

MaxCacheTtl

X

X

X

X

X

X

X

X

MaximumRodcRsoAttemptsPerCycle

X

X

X

X

X

MaximumRodcRsoQueueLength

X

X

X

X

X

MaximumSignaturesScanPeriod

X

X

X

MaximumUdpPacketSize

X

X

X

X

X

X

MaxNegativeCacheTtl

X

X

X

X

X

X

X

MaxResourceRecordsInNonSecureUpdate

X

X

X

X

X

X

MaxTrustAnchorActiveRefreshInterval

X

X

X

NameCheckFlag

X

X

X

X

X

X

X

X

NoRecursion

X

X

X

X

X

X

X

X

NoUpdateDelegations

X

X

X

X

X

X

X

OpenACLOnProxyUpdates

X

X

X

X

OperationsLogLevel

X

X

X

X

X

X

OperationsLogLevel2

X

X

X

X

X

X

PublishAutonet

X

X

X

X

X

X

QuietRecvFaultInterval

X

X

X

X

X

X

X

QuietRecvLogInterval

X

X

X

X

X

X

X

RecurseToInternetRootMask

X

X

X

X

X

X

RecursionRetry

X

X

X

X

X

X

X

X

RecursionTimeout

X

X

X

X

X

X

X

X

ReloadException

X

X

X

X

X

X

RemoteIPv4RankBoost

X

X

X

X

X

RemoteIPv6RankBoost

X

X

X

X

X

RoundRobin

X

X

X

X

X

X

X

X

RpcProtocol

X

X

X

X

X

X

X

X

ScavengingInterval

X

X

X

X

X

X

X

ScopeOptionValue

X

SecureResponses

X

X

X

X

X

X

X

X

SelfTest

X

X

X

X

X

X

SendPort

X

X

X

X

X

X

X

X

SilentlyIgnoreCNameUpdateConflicts

X

X

X

X

X

X

SocketPoolSize

X

X

X

X

X

X

X

StrictFileParsing

X

X

X

X

X

X

X

X

SyncDsZoneSerial

X

X

X

X

X

X

X

TcpReceivePacketSize

X

X

X

X

X

X

UdpRecvThreadCount

X

X

X

UpdateOptions

X

X

X

X

X

X

UseSystemEventLog

X

X

X

X

X

X

X

X

Version

X

X

X

X

X

WriteAuthorityNs

X

X

X

X

X

X

X

X

XfrConnectTimeout

X

X

X

X

X

X

X

XfrThrottleMultiplier

X

X

X

X

X

X

ZoneWritebackInterval

X

X

<245> Section 3.1.4.1: The following table lists property names that are supported as an input to the pszOperation parameter for different versions of Windows.

Property name

Windows NT 4.0

Windows

Windows Server 2003

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016 Technical Preview

Forwarders

X

X

X

X

X

X

X

X

ListenAddresses

X

X

X

X

X

X

X

X

BreakOnReceiveFrom

X

X

X

X

X

X

BreakOnUpdateFrom

X

X

X

X

X

X

DomainDirectoryPartitionBaseName

X

X

X

X

X

X

DynamicForwarders

X

X

X

ForestDirectoryPartitionBaseName

X

X

X

X

X

X

LogFilePath

X

X

X

X

X

X

LogIPFilterList

X

X

X

X

X

X

ServerLevelPluginDll

X

X

X

X

X

X

GlobalQueryBlockList

X

X

X

X

X

RootTrustAnchorsURL

X

X

X

SocketPoolExcludedPortRanges

X

X

X

X

DsBackgroundPauseName

X

X

X

<246> Section 3.1.4.1: zone scopes are available only in Windows Server 2012 R2 and Windows Server 2016 Technical Preview.

<247> Section 3.1.4.1:  Windows Server attempts to back up the log file to the "%SYSTEMROOT%\System32\dns\backup\" directory.

<248> Section 3.1.4.1: If ForceDomainBehaviorVersion (section 3.1.1.1.1) indicates a domain behavior version of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 Technical Preview, root hints MUST be written to the DNS domain partition. Otherwise, root hints MUST be written to the default application directory partition.

<249> Section 3.1.4.1: If ForceDomainBehaviorVersion (section 3.1.1.1.1) indicates a domain behavior version of Windows NT or Windows 2000, stub and forwarder zones MUST NOT be created in the default application directory partition. If this partition is specified during ZoneCreate, the server MUST return a failure.

<250> Section 3.1.4.1: Windows 2000 does not support this operation.

<251> Section 3.1.4.1: Windows 2000 and Windows Server 2003 do not support RODCs and do not process the msDS-NC-RO-Replica-Locations.

<252> Section 3.1.4.1: Windows 2000 and Windows Server 2003 do not support RODCs and do not process the msDS-NC-RO-Replica-Locations.

<253> Section 3.1.4.1: Windows 2000 does not support this operation. Windows Server 2003 takes a DWORD value for pData input parameter.

<254> Section 3.1.4.1: Windows 2000 and Windows Server 2003 do not support this operation.

<255> Section 3.1.4.1: Windows 2000 and Windows Server 2003 do not support this operation.

<256> Section 3.1.4.1: Windows 2000 and Windows Server 2003 do not support this operation.

<257> Section 3.1.4.1: If ForceDomainBehaviorVersion (section 3.1.1.1.1) indicates a domain behavior version of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 Technical Preview root hints MUST be written to the DNS domain partition. Otherwise, root hints MUST be written to the default application directory partition.

<258> Section 3.1.4.1:  Windows stores the log file relative to the "%SystemRoot%\System32" directory, if the path or filename given is not absolute.

<259> Section 3.1.4.1: Windows NT 4.0 does not support invocation of the "Netlogon" protocol implementation.

<260> Section 3.1.4.1: Aging is not supported on Windows NT Server 4.0.

<261> Section 3.1.4.1: The following table lists the property names that are supported as input for the "ResetDwordProperty" operation when pszZone is not NULL, for different versions of Windows.

Property name

Windows NT 4.0

Windows

Windows Server 2003

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016 Technical Preview

AllowUpdate

X

X

X

X

X

X

X

X

SecureSecondaries

X

X

X

X

X

X

X

X

NotifyLevel

X

X

X

X

X

X

X

LogUpdates

X

X

X

X

X

X

X

X

NoRefreshInterval

X

X

X

X

X

X

X

RefreshInterval

X

X

X

X

X

X

X

Aging

X

X

X

X

X

X

X

ForwarderSlave

X

X

X

X

X

X

ForwarderTimeout

X

X

X

X

X

X

Unicode

X

X

DsRecordAlgorithms

X

X

X

DNSKEYRecordSetTTL

X

X

X

DsRecordSetTTL

X

X

X

IsKeymaster

X

X

X

IsSigned

X

X

X

MaintainTrustAnchor

X

X

X

NSEC3HashAlgorithm

X

X

X

NSEC3Iterations

X

X

X

NSEC3OptOut

X

X

X

NSEC3RandomSaltLength

X

X

X

ParentHasSecureDelegation

X

X

X

PropagationTime

X

X

X

RFC5011KeyRollovers

X

X

X

SecureDelegationPollingPeriod

X

X

X

SignatureInceptionOffset

X

X

X

SignWithNSEC3

X

X

X

PluginEnabled

X

X

<262> Section 3.1.4.1: The following table lists property names that are supported as an input to the pszOperation parameter for different versions of Windows Server.

Property name

Windows NT 4.0

Windows 2000

Windows Server 2003

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016 Technical Preview

Masters

X

X

X

X

X

X

X

X

Secondaries

X

X

X

X

X

X

X

X

TypeReset

X

X

X

X

X

X

X

X

DatabaseFile

X

X

X

X

X

X

X

X

AllowAutoNS

X

X

X

X

X

X

X

ScavengeServers

X

X

X

X

X

X

X

BreakOnNameUpdate

X

X

X

X

X

X

ChangeDP

X

X

X

X

X

X

LocalMasters

X

X

X

X

X

X

NotifyList

Keymaster

X

X

X

NSEC3UserSalt

X

X

X

NSEC3CurrentSalt

X

X

X

<263> Section 3.1.4.1: If ForceDomainBehaviorVersion (section 3.1.1.1.1) indicates a domain behavior version of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 Technical Preview root hints MUST be written to the DNS domain partition. Otherwise, root hints MUST be written to the default application directory partition.

<264> Section 3.1.4.1: If ForceDomainBehaviorVersion (section 3.1.1.1.1) indicates a domain behavior version of Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 Technical Preview root hints MUST be written to the DNS domain partition. Otherwise, root hints MUST be written to the default application directory partition.

<265> Section 3.1.4.1: If ForceDomainBehaviorVersion (section 3.1.1.1.1) indicates a domain behavior version of Windows NT or Windows 2000, the server MUST also verify that either the specified zone is not a stub or forwarder zone, or the destination application directory partition is not the default application directory partition. Otherwise, the server MUST return a failure.

<266> Section 3.1.4.1: Windows 2000 does not implement this operation and therefore will return a failure.

<267> Section 3.1.4.1: If ForceDomainBehaviorVersion (section 3.1.1.1.1) indicates a domain behavior version of Windows, root hints MUST be written to the DNS domain partition. Otherwise, root hints MUST be written to the default application directory partition.

<268> Section 3.1.4.2:  The following table lists various DNSSRV_TYPEID_SERVER_INFO values returned by R_DnsSrvQuery(), R_DnsSrvQuery2() methods, for different versions of Windows Server.

dwClientVersion

Windows 2000

Windows Server 2003

Windows Server 2008

Windows Server 2012 

Windows Server 2012 R2

Windows Server 2016 Technical Preview

0x00000000

DNSSRV_TYPEID_SERVER_INFO_W2K

DNSSRV_TYPEID_SERVER_INFO_W2K

DNSSRV_TYPEID_SERVER_INFO_W2K

DNSSRV_TYPEID_SERVER_INFO_W2K

DNSSRV_TYPEID_SERVER_INFO_W2K

DNSSRV_TYPEID_SERVER_INFO_W2K

0x00060000

DNSSRV_TYPEID_SERVER_INFO_W2K

DNSSRV_TYPEID_SERVER_INFO_DOTNET

DNSSRV_TYPEID_SERVER_INFO_DOTNET

DNSSRV_TYPEID_SERVER_INFO_DOTNET

DNSSRV_TYPEID_SERVER_INFO_DOTNET

DNSSRV_TYPEID_SERVER_INFO_DOTNET

0x00070000

DNSSRV_TYPEID_SERVER_INFO_W2K

DNSSRV_TYPEID_SERVER_INFO_DOTNET

DNSSRV_TYPEID_SERVER_INFO

DNSSRV_TYPEID_SERVER_INFO

DNSSRV_TYPEID_SERVER_INFO

DNSSRV_TYPEID_SERVER_INFO

<269> Section 3.1.4.2: Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview set the dwLocalNetPriorityNetMask field of DNS_RPC_SERVER_INFO to zero, regardless of the effective value of dwLocalNetPriorityNetMask.

<270> Section 3.1.4.2: Windows 2000 uses DNSSRV_TYPEID_ZONE_W2K. Windows Server 2003 uses DNSSRV_TYPEID_ZONE.

<271> Section 3.1.4.2: Windows 2000 uses DNSSRV_TYPEID_ZONE_INFO_W2K. Windows Server 2003 uses DNSSRV_TYPEID_ZONE_INFO_DOTNET.

<272> Section 3.1.4.2: Windows Server 2003 does not support the "Version" property with this operation.

<273> Section 3.1.4.2: Windows 2000 and Windows Server 2003 use DNSSRV_TYPEID_IPARRAY and IP4_ARRAY.

<274> Section 3.1.4.2: All Windows Server versions incorrectly set pdwTypeId to DNSSRV_TYPEID_DWORD, and truncate ppData to DWORD size when R_DnssrvQuery is called with pszOperation set to "ListenAddresses" or "Forwarders". Windows Server 2003 does not support the "Forwarders" and "ListenAddresses" properties here

<275> Section 3.1.4.2: All Windows Server versions that have the "DsBackgroundPauseName" property incorrectly set pdwTypeId to DNSSRV_TYPEID_DWORD, and truncate ppData to DWORD size when R_DnssrvQuery is called with pszOperation set to "DsBackgroundPauseName".

<276> Section 3.1.4.2: Windows 2000 and Windows Server 2003 use DNSSRV_TYPEID_IPARRAY and IP4_ARRAY.

<277> Section 3.1.4.3:  The following pszOperations values are implemented in Windows Server 2016 Technical Preview only.

  • EnumerateClientSubnetRecord

  • GetClientSubnetRecord

  • EnumeratePolicy

  • GetPolicy

The following pszOperations values are implemented only in Windows Server 2012 R2 and Windows Server 2016 Technical Preview.

  • ExportZoneSigningSettings

  • ImportZoneSigningSettings

  • EnumZoneScopes

  • ZoneStatistics

The following pszOperations values are implemented only in Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.

  • ModifyZoneSigningKeyDescriptor

  • EnumZoneSigningKeyDescriptors

  • GetZoneSigningKeyDescriptorState

  • SetZoneSigningKeyDescriptorState

  • ValidateZoneSigningParameters

  • EnumerateKeyStorageProviders

  • EnumerateTrustPoints

  • EnumerateTrustAnchors

<278> Section 3.1.4.3: This operation is supported in Windows Server 2012 R2 with [MSKB-2919355] and Windows Server 2016 Technical Preview and is reserved for future use.

<279> Section 3.1.4.5: Windows 2000 does not support this operation. No version of Windows Server supports the DNS_TYPE_LOC for this operation.

<280> Section 3.1.4.5: Windows 2000, Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview do not support updates or deletions of the DNS_TYPE_ZERO, DNS_TYPE_LOC, and DNS_TYPE_ALL types.

<281> Section 3.1.4.5: Windows 2000 does not allow additions with pszZoneName "..Cache" and treats pszZoneName NULL as "..RootHints". Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview treat pszZoneName NULL and pszZoneName "..Cache" as pszZoneName "..RootHints".

<282> Section 3.1.4.7: Windows 2000 does not support this operation.

<283> Section 3.1.4.9: Windows 2000 does not support this operation.

<284> Section 3.1.4.10: Windows 2000 does not support this operation. No version of Windows Server supports the DNS_TYPE_LOC for this operation.

<285> Section 3.1.4.11: The RPC method R_DnssrvUpdateRecord3 is available only in Windows Server 2012 R2 and Windows Server 2016 Technical Preview.

<286> Section 3.1.4.12: The RPC method R_DnssrvEnumRecords3 is available only in Windows Server 2012 R2 and Windows Server 2016 Technical Preview.

<287> Section 3.1.4.13: The RPC method R_DnssrvOperation3 is available only in Windows Server 2012 R2 and Windows Server 2016 Technical Preview.

<288> Section 3.1.4.13: This operation is supported in Windows Server 2012 R2 with [MSKB-2919355] and Windows Server 2016 Technical Preview. It is reserved for future use.

<289> Section 3.1.4.14: The RPC method R_DnssrvQuery3 is available only in Windows Server 2012 R2 and Windows Server 2016 Technical Preview.

<290> Section 3.1.4.14: This operation is supported in Windows Server 2012 R2 and Windows Server 2016 Technical Preview with [MSKB-2919355] and is reserved for future use.

Show:
© 2015 Microsoft