DNS Server Properties – Pugazh Network

DNS Server Properties:
1. Interfaces (used when we have multiple NICs)

2. Forwarders

3. Root Hints

4. Security

5. Monitoring

6. Event logging

7. Debug logging

8. Advanced

1. Interfaces:

Useful when our system has multiple NICs and the DNS can listen to the queries from all available NICs
Offers load balancing

2. Forwarders:

If the query is not resolvable by the local DNS it is being forwarded to another DNS server for name resolution

Configuring Forwarding:

On DC
Create a primary zone with a host
On Member server
Open DNS – properties
Forwarders
Add the DC’s IP (DNS1’s IP)

Verification:
On Member server
Start – run cmd – ping www.Zonename.com

Advanced:
Disable recursion

BIND secondary (Berkeley internet naming domain)

Fail on load if bad zone data

Enable round robin

Enable netmask ordering

Secure cache against pollution

Disable recursion: By default, this is disabled i.e., recursion is enabled

BIND secondary: useful when we have older BIND servers (ex. UNIX) as secondaries BIND is a standard followed by DNS.
All UNIX based machines older version used BIND servers as DNS. Ex. BIND version 4.0 series.
Useful when our network has old BIND version based DNS servers with new BIND versions like 9.1.2, to provide zone transfer at a faster rate to BIND secondary.
Faster zone transfer is possible by transferring multiple zones at a time besides compression.

Fail on Load if bad zone data:
If the secondary zone comes across stale records or unwanted records the zone will not be loaded if we check this box.

Enable Round Robin (RR):

Useful when the DNS has multiple NICs to listen to the queries all NICs. If the query is not resolvable by one NIC it can be listened by another NIC

Enable net mask ordering:
Secure cache against pollution: By default, the cache DNS information is secured against pollution.
In windows\system32\DNS\cache.dns

3. Root Hints:

Root hints provide the root server’s information
there are totally 13 root servers throughout the world.

2003 server can be configured as root server. Once configured as root sever disable forwarders and root hints.
Root servers zone name is always represented by a dot. (.)

Configuring a root server:
On DC
Open DNS
Right click on FLZ – new zone –
Primary – next – specify the root name as dot (.)
Next – zone file – allow both-Next – finish

* we should notice that forwarders & root servers are disabled.

4. Security:

We can add sub administrator for administrator and set permission on these administrators.

5. Monitoring: Used for troubleshooting DNS.

6. Event logging: Used for maintaining events occurred pertaining to DNS can be
19 Errors only
20 Errors & warnings
21 All events (by default)

7. Debug Logging:

To assist with debugging we can record the packets sent and received by the DNS server to a log file. Debug logging is disabled by default.