Aleksandar's computer workshop

Let's see what Aleksandar was fixing today.
My findings, tips & tricks related to computers, internet, programming and other stuff I was working with.

How to move Windows DNS Server zones to another Windows DNS server

If you are looking to transfer an entier DNS Server including Active Directory settings and things like that, you may better use DNSDump.cmd script from here: http://www.reskit.net/DNS/dnsdump.cm_

Just to migrate the zones, simply do following:

1. On the DNS server that is currently hosting the DNS zone(s), change any Active Directory-integrated zones to standard primary. This action creates the zone files that are needed for the destination DNS server.
2. Stop the DNS Server service on both DNS servers.
3. Manually copy the entire contents (subfolders included) of the %SystemRoot%\System32\DNS folder from the source server to the destination server.
4. On the current (old, source) DNS server, start Registry Editor (Regedit.exe).
5. Locate and click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Zones
6. Export the Zones entry to a registry file.
7. Locate and click the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones
8. Export the Zones entry to a registry file.
9. On the destination (new) DNS server, double-click each registry file to import the Zones subkeys into the registry.
10. Bring the current DNS server down and transfer its IP address to the destination DNS server.
11. On the destination DNS server, start the DNS Server service. To initiate the registration of the server's A and PTR resource records, run the following command at a command prompt: ipconfig /registerdns
12. If this server is also a domain controller, stop and restart the Net Logon service to register the Service (SRV) records, or run the following command at a command prompt: netdiag /fix
13. The standard zones that were previously Active Directory-integrated can be converted back to Active Directory-integrated on the replacement DNS server if it is a domain controller.
14. Verify that the SOA resource records on each zone contains the correct name for the primary server and that the NS resource records for the zone(s) are correct.

Using NSLOOKUP for DNS Server diagnosis

Nslookup.exe is a command-line administrative tool for testing and troubleshooting DNS servers (also known as name servers).

To use Nslookup.exe, please note the following: 

  • The TCP/IP protocol must be installed on the computer running Nslookup.exe 
  • At least one DNS server must be specified when you run the IPCONFIG /ALL command from a command prompt.
  • Nslookup will always devolve the name from the current context. If you fail to fully qualify a name query (that is, use trailing dot), the query will be appended to the current context. For example, the current DNS settings are att.com and a query is performed on www.microsoft.com; the first query will go out as www.microsoft.com.att.com because of the query being unqualified. This behavior may be inconsistent with other vendor's versions of Nslookup, and this article is presented to clarify the behavior of Microsoft Windows NT Nslookup.exe 
  • If you have implemented the use of the search list in the Domain Suffix Search Order defined on the DNS tab of the Microsoft TCP/IP Properties page, devolution will not occur. The query will be appended to the domain suffixes specified in the list. To avoid using the search list, always use a Fully Qualified Domain Name (that is, add the trailing dot to the name).


Nslookup.exe can be run in two modes: interactive and noninteractive. Noninteractive mode is useful when only a single piece of data needs to be returned. The syntax for noninteractive mode is:

nslookup [-option] [hostname] [server]

For example to check all MX records (email servers) for GSMBLOG.COM domain you have to type this:

nslookup -type=mx gsmblog.com

 and it will return something like this:

Server:  speedtouch.lan
Address:  192.168.0.254

Non-authoritative answer:
gsmblog.com     MX preference = 10, mail exchanger = mail.gsmblog.com

mail.gsmblog.com        internet address = 194.30.175.198

Or to validate the SPF (TXT) record you can use this command:

nslookup -type=txt gsmblog.com

it will return this:

Server:  speedtouch.lan
Address:  192.168.0.254

Non-authoritative answer:
gsmblog.com     text =

        "v=spf1 ip4:194.30.175.0/24 a mx -all"

More details:

http://support.microsoft.com/kb/200525

http://www.windowsnetworking.com/articles_tutorials/Using-NSLOOKUP-DNS-Server-diagnosis.html