Hi guys,

I have a bit of a random question regarding root DNS servers. Maybe it is more of an observation on how they are populated/maintained on MS DNS servers. Over the years, I have noticed that root DNS server entries on MS DNS servers are not always consistent, and can deviate over time.
1. It may be that not all root DNS servers (a.root-servers.net to m.root-servers.net) are listed in the DNS server properties screen on a server running the MS DNS server role
2. Some may be listed, but have a status of unknown
3. Some may be listed and have the IPv4 address listed twice
4. Sometimes the IPv4 and IPv6 address is listed for a few root DNS servers
5. Sometimes the IPv4 and IPv6 address is listed for all the root DNS servers
6. I have even seen the root DNS servers flip to IPv6 only, this caused an outage for the customer, who used root DNS servers in preference to forwarders for CDN reasons, but who did not have a routed IPv6 network implemented
7. The output from the PowerShell command (Get-DNSServerRootHint) differs from what is shown in the DNS Server Management console
And so on, and so forth...

I have noticed this over years of working with Windows AD / DNS, and freelancing at multiple companies. I just haven't found an answer to why the discrepancies occur, or why the entries deviate or change over time. What is the mechanism here? Does anyone out there know? I personally assume, and let's just take AD-integrated DNS (post windows 2000), that when you install a DNS server the root hints are initially populated from what is held in the object: "DC=RootDNSServers,DC=MicrosoftDNS" in the DomainDNSZones application partition. But then why are there deviations over time. In one of my test environments (AD on 2012 R2, FFL and DFL = 2012 R2, fully patched), I have noticed that the "DC=RootDNSServers" container in AD no longer holds all the root servers from "a" to "m", and this is reflected on all my DNS servers in that domain. In fact, "a" is missing, "c" is missing, "h" is missing and "m" is missing. So why are they missing? What caused those entries to disappear from the "DC=RootDNSServers" container?

I have never found the answers to these questions, I am just wondering if anyone out there has also spotted this inconsistency with root DNS server entries on MS DNS servers, and has had more luck / determination in finding the answer?

Thanks

Milo