Tuning Advanced Server Options
When
initialized for service, DNS servers running on Windows Server 2003
apply installation settings taken either from the boot information
file, the Registry, or the Active Directory database. You can modify
these settings on the Advanced tab of the server properties dialog box
in the DNS console, as shown in Figure 1.
The
server installation settings include six server options, which are
either on or off, and three other server features with various
selections for configuration. Table 1 shows the defaults settings for all nine features.
Table 1. Default DNS Installation Settings
| Property | Setting |
|---|
| Disable Recursion | Off |
| BIND Secondaries | On |
| Fail On Load If Bad Zone Data | Off |
| Enable Round Robin | On |
| Enable Netmask Ordering | On |
| Secure Cache Against Pollution | On |
| Name Checking | Multibyte (UTF8) |
| Load Zone Data On Startup | From Active Directory And Registry |
| Enable Automatic Scavenging Of Stale Records | Off (requires configuration when enabled) |
In
most situations, these installation defaults are acceptable and do not
require modification. However, when needed, you can use the DNS console
to tune these advanced parameters and accommodate special deployment
needs and situations.
You can restore these default settings at any time using the Advanced tab by clicking Reset To Default.
The following sections describe the available installation options in more detail.
Disable Recursion
The
Disable Recursion server option is disabled by default. Consequently,
the DNS server performs recursion to resolve client queries unless a
special client configuration overrides this default behavior. Through
recursion, the DNS server queries other servers on behalf of the
requesting client and attempts to fully resolve an FQDN. Queries
continue through iteration until the server receives an authoritative
answer for the queried name. The server then forwards this answer back
to the original requesting client.
When
the Disable Recursion option is enabled, however, the DNS Server
service does not answer the query for the client but instead provides
the client with referrals, which are
resource records that allow a DNS client to perform iterative queries
to resolve an FQDN. This option might be appropriate, for example, when
clients need to resolve Internet names but the local DNS server
contains resource records only for the private namespace. Another case
in which recursion might be disabled is when, because of its
configuration or placement within a local network, a DNS server is
incapable of resolving DNS names external to the local network.
Warning
If
you disable recursion on a DNS server using the Advanced tab, you will
not be able to use forwarders on the same server, and the Forwarders
tab becomes inactive. |
BIND Secondaries
The
BIND Secondaries option is enabled by default. As a result, DNS servers
running on Windows Server 2003 do not use fast transfer format when
performing a zone transfer to secondary DNS servers based on BIND. This
restriction allows for zone transfer compatibility with older versions
of BIND.
Note
BIND is a common implementation of DNS written and ported to most available versions of the UNIX operating system. |
Fast transfer format
is an efficient means of transferring zone data that provides data
compression and allows multiple records to be transferred per
individual Transmission Control Protocol (TCP) message. Fast zone
transfer is always used among Windowsbased DNS servers, so the BIND
Secondaries option does not affect communications among Windows
servers. However, only BIND versions 4.9.4 and later can handle these
fast zone transfers.
If you know your DNS
server will be performing zone transfers with DNS servers using BIND
version 4.9.4 or later, you should disable this option to allow fast
zone transfers to occur.
Note
As of this writing, the most current version of BIND is 9.2.2. |
Fail On Load If Bad Zone Data
By
default, the Fail On Load If Bad Zone Data option is disabled. As a
result, a DNS server running on Windows Server 2003 loads a zone even
when it determines that errors exist in the zone’s database file.
Errors are logged, but the zone load still proceeds. After the zone
loads, the DNS server can attempt to answer queries for the zone in
question.
When you enable this option,
however, the DNS server does not load a zone when the server determines
that errors exist in the zone’s database file.
Enable Netmask Ordering
The
Enable Netmask Ordering option is selected by default. This default
setting ensures that, in response to a request to resolve a single
computer name matching multiple host (A) resource records, DNS servers
in Windows Server 2003 first return to the client any IP address that
is in the same subnet as the client.
Note
Multihomed
computers typically have registered multiple host (A) resource records
for the same host name. When a client attempts to resolve the host name
of a multihomed computer by contacting a DNS server, the DNS server
returns to the client a response list or answer list
containing all the resource records matching the client query. Upon
receiving the response list from the DNS server, a DNS client attempts
to contact the target host with the first IP address in the response
list. If this attempt fails, the client then attempts to contact the
second IP address, and so on. The Enable Netmask Ordering option and
the Enable Round Robin option are both used to change the order of
resource records returned in this response list. |
