Configure the Global Query Block List
Updated: October 7, 2009
Applies To: Windows Server 2008 R2
The block list feature was introduced with the DNS server role in Windows ServerĀ® 2008, and helps prevent accidental or malicious registration of host names that can affect critical applications on your network. For a detailed description of the global query block list, see Windows Server 2008 Technical Overviews (https://go.microsoft.com/fwlink/?LinkId=165900) and Managing the Global Query Block List (https://go.microsoft.com/fwlink/?LinkId=165768).
Use the following procedures to view or modify the global query block list on a DNS server.
Important
All DNS servers that are authoritative for a zone must be configured with the same block list to ensure consistent results. The block list is a per-server setting and is not replicated between servers. By default, the block list contains entries for wpad and isatap.
Membership in Administrators, or equivalent, is the minimum required to complete these procedures. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
To enable or disable the global query block list
Open an elevated command prompt.
Type the following command, and then press ENTER:
dnscmd [<ServerName>] /config /enableglobalqueryblocklist 0|1
Value | Description |
---|---|
dnscmd |
The command-line tool for managing DNS servers. |
<ServerName> |
Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.) or omit the host name. |
/config |
Required. Modifies the configuration of the DNS server. |
/enableglobalqueryblocklist |
Required. Specifies that the command enables or disables the global query block list. |
0|1 |
Specifies whether to enable or disable the global query block list. If you want the DNS Server service to ignore queries for the names in the block list, you set the value of the command to 1. If you want to disable the global query block list, you set the value to 0. |
To view the global query block list
Open an elevated command prompt.
Type the following command, and then press ENTER:
dnscmd [<ServerName>] /info /globalqueryblocklist
Value | Description |
---|---|
dnscmd |
The command-line tool for managing DNS servers. |
<ServerName> |
Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.) or omit the host name. |
/info |
Required. Specifies that the command is to return information only. |
/globalqueryblocklist |
Required. Specifies that the command applies to the global query block list. |
To update the global query block list
Open an elevated command prompt.
Type the following command, and then press ENTER:
dnscmd [<ServerName>] /config /globalqueryblocklist [<name> [<name>]...]
Value | Description | ||
---|---|---|---|
dnscmd |
The command-line tool for managing DNS servers. |
||
<ServerName> |
Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.)or omit the host name. |
||
/config |
Required. Modifies the configuration of the DNS server. |
||
/globalqueryblocklist |
Required. Specifies that the command applies to the global query block list. |
||
<name> |
Specifies the host names that are to be inserted into the global query block list. Separate multiple names with blank spaces.
|
Additional considerations
To determine whether the global query block list is enabled, type the following command at a command prompt:
dnscmd <ServerName> /info /enableglobalqueryblocklist
If the command returns a value of 1, the global query block list is enabled. If the command returns a value of 0, the global query block list is not enabled.