MODULE 7

avatar
Created by
Jev

Cards (88)

  • DNS is a system that is used in TCP/IP networks for naming computers and services through user-friendly names.
  • DNS Security Extensions (DNSSEC)
    • a suite of extensions that adds security to the DNS protocol
  • Installation of the DNS Server role can be performed using Server Manager.
  • Remote Server Administration Tools
    DNS Server Tools are required to MANAGE the DNS Server role, but DO NOT have to be installed on the same server.
  • Remote Server Administration Tools
    The DNS Manager console is installed automatically when you install DNS Server unless you choose to cancel installation of Remote Server Administration Tools.
  • DNS query adaptive timeout
    • new
    • This feature enables the timeout for DNS queries to adapt based on the time required for previous queries, reducing the timeout for most queries.
  • Timeouts
    can also be increased for high-latency links, such as satellite links. (Under DNS QAT)
  • Configuration of DNS timeouts
    is enabled on a per network interface basis, and can be optimized by Windows Store apps. (Under DNS QAT)
  • DNS server non-responsive cache
    • new
    • enables the DNS client to use the best available server consistently, and to spend less time waiting for unresponsive DNS servers.
  • DNS cache improvements
    • new
    • New The DNS cache is improved to consolidate cache entries, enable more cache entries, and to permit caching of additional records.
  • DNS query coalescing
    • new
    • Multiple DNS queries for the same name are combined, resulting in only one DNS query. This optimizes client, network, and server resources.
  • DNS SQM New Improvements
    • new
    • are made to Software Quality Metrics (SQM) reporting for the DNS client. This information can be used to improve performance and reliability.
  • Events for name resolution
    • new
    • Event tracing for Windows (ETW) events are added to DNS logging. This feature will assist with troubleshooting DNS issues.
  • Parallelize A and AAAA queries
    • new
    • A and AAAA DNS queries are issued in parallel, saving time for interfaces that have both IPv6 and IPv4 addresses.
  • Per interface Winsock name resolution
    • New
    • This feature enables the GetAddrInfoEx() application programming interface (API) to issue a name query on a specific network interface.
  • Asynchronous Winsock name resolution
    • New
    • This feature enables the GetAddrInfoEx() API to issue asynchronous name resolution queries.
  • Persistent cache
    • New
    • The DNS cache is now persistent across changes that occur on the same network, including address change notifications and sleep-resume-standby state transitions.
  • Link-local multicast name resolution (LLMNR)
    • Improved
    • Outbound LLMNR queries are not sent to mobile broadband and VPN interfaces.
  • Network basic input/output system (NETBIOS)
    • Improved
    • Outbound NETBIOS queries are not sent to mobile broadband interfaces.
  • LLMNR timeout
    • Improved
    • The LLMNR query timeout has been increased to 410 msec for the 1st retry and 410 msec for the 2nd retry. The total timeout value is now 820 msec instead of 300 msec.
  • This change is to solve a problem with computers in power saving mode.
    LLMNR and NETBIOS queries are also issued in parallel, improving response times for all queries. (Under LLMNR timeout)
  • Parallel queries
    • Improved
    • LLMNR and NETBIOS are issued in parallel and optimized for IPv4 and IPv6 queries.
  • Binding order optimization
    • Improved
    • Interfaces are divided into networks to send parallel DNS queries and prefer binding order responses.
  • Protocol reordering
    • Improved
    • If a specific interface is hijacking DNS names, then for flat names on those networks LLMNR and NETBIOS queries are sent in parallel with DNS queries and the LLMNR or NETBIOS response is preferred.
  • Asynchronous DNS cache
    • Improved
    • All the queries in DNS cache service are asynchronous and response timing is optimized.
  • DNS Logging and Diagnostics
    • New
    • Enhanced DNS logging and diagnostics in Windows Server 2012 R2 and later includes DNS Audit events and DNS Analytic events.
  • DNS Logging and Diagnostics
    • New
    • Enhanced logging enables monitoring of all DNS query, response, and operational transactions.
  • Zone-level statistics
    • Improved
    • are available for different resource record types, zone transfers, and dynamic updates.
  • DNSSEC support
    • Improved
    • DNSSSEC key management and support for signed file-backed zones is improved.
  • Windows PowerShell support
    • Improved
    • New Windows PowerShell parameters are available for DNS Server.
  • Dynamic DNS Forwarders
    • New
    • DNS now maintains a list of DNS Forwarders ordered by response time, to ensure queries are sent to forwarders with quicker response time.
  • TRUE
    DNS server statistics available in Windows Server® 2012 using the Get-
    DnsServerStatistics Windows PowerShell
  • ZoneQueryStatistics: Zone query statistics provide the information about:
    • QueriesFailure: The number of queries that did not result in a successful response, for example when the response is DNS SERVER FAILURE.
    • QueriesNameError: The number of queries that resulted in an NXDOMAIN or EMPTY AUTH response.
    • QueriesReceived: The total number of queries received for the specified record type.
    • QueriesResponded: The total number of queries that resulted in a valid DNS response.
  • PART 1
    ZoneTransferStatistics: Zone transfer statistics provide the information about AXFR and IXFR transations, including:
    • RequestReceived: The total number of zone transfer requests received by the DNS Serverservice when operating as a primary server for a specific zone.
    • RequestSent: The total number of zone transfer requests sent by the DNS Serverservice when operating as a secondary server for a specific zone.
  • PART 2:
    ZoneTransferStatistics: Zone transfer statistics provide the information about AXFR and IXFR transations, including:
    • ResponseReceived: The total number of zone transfer requests received by the DNS Serverservice when operating as a secondary server for a specific zone.
    • SuccessReceived: The total number of zone transfers received by the DNS Server servicewhen operating as a secondary server for a specific zone.
    • SuccessSent: The total number of zone transfers successfully sent by the DNS Serverservice when operating as a primary server for a specific zone.
  • ZoneUpdateStatistics: Zone update statistics provide the information about:
    • DynamicUpdateReceived: The total number of dynamic update requests received by theDNS server.
    • DynamicUpdateRejected: The total number of dynamic updates rejected by the DNSserver.
  • DNSSEC support
    Enhanced support for DNSSEC includes changes to online signing for file-backed zones, and enhanced signing key management support:
  • In Windows Server 2012 R2, the Key Master role is introduced for file-backed multi-master zones.
  • DNSSEC key separation
    is accomplished by enabling generation and storage of keys on a cryptographic next-generation (CNG) compliant offline storage module.
  • Step-DnsServerSigningKeyRollover
    • This cmdlet forces a KSK rollover when waiting for a parent delegation signer (DS) update