When initialized for service, DNS servers running on
Windows Server 2003 apply installation settings taken either from the
boot information file, the Registry, or the Active Directory database.
You can modify these settings on the Advanced tab of the server
properties dialog box in the DNS console, as shown in Figure 1.
The server installation
settings include six server options, which are either on or off, and
three other server features with various selections for configuration. Table 1 shows the default settings for all nine
features.
Table 1.
Default DNS Installation Settings
| Property | Setting
|
|---|
| Disable Recursion | Off |
| BIND Secondaries | On |
| Fail On Load If Bad
Zone Data | Off |
| Enable Round Robin | On |
| Enable Netmask Ordering | On |
| Secure Cache Against
Pollution | On |
| Name Checking | Multibyte (UTF8) |
| Load Zone Data On
Startup | From
Active Directory And Registry |
| Enable Automatic Scavenging Of Stale Records | Off (requires
configuration when enabled) |
In most situations, these
installation defaults are acceptable and do not require modification.
However, when needed, you can use the DNS console to tune these advanced
parameters and accommodate special deployment needs and situations.
Tip
These
options are heavily tested on the 70-291 exam. Be especially familiar
with Disable Recursion, BIND Secondaries, Enable Round Robin, and Enable
Netmask Ordering. |
You can restore
these default settings at any time using the Advanced tab by clicking
Reset To Default.
To restore DNS
server default preferences, complete the following steps:
1. | Open the DNS console.
|
2. | In the
console tree, right-click the applicable DNS server, and then select
Properties.
|
3. | In the
server properties dialog box, click the Advanced tab.
|
4. | Click
Reset To Default, and then click OK.
|
The following
sections describe the available installation options in more detail.
Disable Recursion
The
Disable Recursion server option is disabled by default. Consequently,
the DNS server performs recursion to resolve client queries unless a
special client configuration overrides this default behavior. Through
recursion, the DNS server queries other servers on behalf of the
requesting client and attempts to fully resolve an FQDN. Queries
continue through iteration until the server receives an authoritative
answer for the queried name. The server then forwards this answer back
to the original requesting client.
When the Disable
Recursion option is enabled, however, the DNS Server service does not
answer the query for the client but instead provides the client with referrals, which
are resource records that allow a DNS client to perform iterative
queries to resolve an FQDN. This option might be appropriate, for
example, when clients need to resolve Internet names but the local DNS
server contains resource records only for the private namespace. Another
case in which recursion might be disabled is when, because of its
configuration or placement within a local network, a DNS server is
incapable of resolving DNS names external to the local network.
Warning
If you disable
recursion on a DNS server using the Advanced tab, you will not be able
to use forwarders on the same server, and the Forwarders tab becomes
inactive. |
BIND Secondaries
The BIND Secondaries option
is enabled by default. As a result, DNS servers running on Windows
Server 2003 do not use fast transfer format when performing a zone
transfer to secondary DNS servers based on BIND. This restriction allows
for zone transfer compatibility with older versions of BIND.
Note
BIND is a common
implementation of DNS written and ported to most available versions of
the UNIX operating system. |
Fast transfer format is an efficient means of transferring zone data
that provides data compression and allows multiple records to be
transferred per individual Transmission Control Protocol (TCP) message.
Fast zone transfer is always used among Windows-based DNS servers, so
the BIND Secondaries option does not affect communications among Windows
servers. However, only BIND versions 4.9.4 and later can handle these
fast zone transfers.
If you know your DNS
server will be performing zone transfers with DNS servers using BIND
version 4.9.4 or later, you should disable this option to allow fast
zone transfers to occur.
Note
As of this
writing, the most current version of BIND is 9.2.2. |
To enable or disable
fast transfer format during zone transfers, complete the following
steps:
1. | Open the DNS console.
|
2. | In the
console tree, select the applicable DNS server.
|
3. | From the
Action menu, select Properties.
The server properties dialog box opens.
|
4. | Click the
Advanced tab.
|
5. | In the
Server Options list, select or clear the BIND Secondaries check box, and
then click OK. (This option is enabled by default.) |
