Configuring advanced settings of DNS server

The Advanced page of a DNS server’s property sheet allows you to set several advanced options that control the way the server functions. To configure the following settings, open the DNS console, right-click the server, choose Properties, and click the Advanced tab:

1) Disable Recursion: Select this option to prevent the server from performing recursive queries. With this option selected the server replies with referrals instead of recursively querying until a resolution is reached.

2) BIND Secondaries: To optimize zone transfer speed, Windows Server 2008 DNS servers (by default) use compression and submit multiple resource records in a single TCP message whenever performing zone transfers. This method is compatible with servers running BIND (Berkeley Internet Name Domain) version 4.9.4 and later, but is incompatible with earlier versions of BIND. To optimize performance, leave this option deselected if your server is not going to be performing zone transfers with these earlier systems. Select this option to have the Windows Server 2008 DNS server to perform slower, uncompressed zone transfers to ensure compatibility with these older systems.

3) Fail on Load if Bad Zone Data: The Windows Server 2008 DNS service, by default, continues to load a zone even when it detects errors in the zone data, logging the errors but not failing. Select this option if you want the DNS service to stop loading the zone when the zone data contains errors.

4) Enable Round Robin: The Windows Server 2008 DNS service, by default, rotates and re-orders a list of host records if a given host name is related with multiple IP addresses. This round-robin behavior permits an administrator to perform load balancing, directing traffic to multiple computers with the same host name but different IP addresses (such as multiple servers hosting www.mcity.us). With this option selected, the server responds to queries with each address in turn. Deselect this option if you want to disable round-robin and have the server return the first match in the zone.

5) Enable Netmask Ordering: If a given zone includes multiple host records that map the same host name to multiple IP addresses, the Windows Server 2008 DNS service can order the response list according to the IP address of the client. Windows Server 2008 DNS checks the IP address of the client against the addresses of the host records and if a record falls in the client’s subnet, the DNS service places that host record first in the list. This directs the client to the requested host that is closest and typically fastest for the client to access, which is very important for Active Directory services. This option is selected by default. Deselect this option to prevent the DNS service from reordering responses based on subnet. Netmask ordering succeeds round-robin ordering, although round-robin is used for secondary sorting if enabled, and it is useful where subnets are in different geographical locations.

6) Secure Cache Against Pollution: The Windows 2003 DNS service does not add unrelated resource records added in a referral from another DNS server to the Windows Server 2008 server’s cache. It caches referrals which may not match the queried host name, however, such as caching a referral for www.sillycity.com if querying for www.mcity.us. Selecting this option prevents the DNS service from caching nonrelated referrals.

7) Name Checking: Internet host names were originally limited to alphanumeric characters and hyphens. Although this limitation was maintained after DNS was developed, it caused a problem in some situations, particularly for supporting international character sets. This option controls how the DNS service performs name checking. By default, Windows Server 2008 uses the UTF8 (Unicode Transformation Format) character set, which gives the broadest and least restrictive character set support. Select Strict if you need to limit names to the standard format. Use Non-RFC to permit names that do not follow the RFC 1123 specification. Use Multi-byte to recognize characters other than ASCII, including Unicode.

8) Load Zone Data on Startup: By default, the Windows Server 2008 DNS service loads zone data from the Active Directory (for AD-integrated zones) and from the registry. You can configure the server to load only from the registry or from a BIND 4 boot file. This latter option allows you to essentially duplicate a BIND server under Windows Server 2008, importing all the zone data. Notice that the boot file—typically called Named.boot—must use the BIND 4 format, rather than the newer BIND 8 format.

9) Enable Automatic Scavenging of Stale Records: Stale records typically are those that point to hosts no longer on the network. Accumulation of old records can lead to decreased storage space, degradation of server performance, incorrect name-to-address resolution, and no capability for a host to have the DNS service create its resource record (through Dynamic DNS). Scavenging, which is turned off by default, enables the DNS server to use timestamps and other properties to determine when a resource record is stale and automatically remove it from the zone. Records added automatically through DDNS are subject to scavenging, as is any record manually added with a timestamp that you have modified from its default of zero. Resource records with a time stamp of zero are not subject to scavenging. Select this option and configure the related scavenging period. Notice that scavenging must be enabled for individual zones in their properties as well.

10) Reset to Default: Select this option to reconfigure all advanced settings to their defaults.

Advertisements

About jaihunt
Working as Technical consultant in Windows technologies

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: