In case you have been living under a rock for the past month you have most likely heard about the DNS cache exploit recently discovered by Dan Kaminsky.  This might be one of the most severe flaws discovered as it was cross platform affecting everything from Windows to Linux, UNIX, Cisco IOS etc....  It was so big in fact that all the ...

Securing the cache against pollution helps to prevent spoofed DNS records from polluting the cache. This is an important setting on external DNS servers and I even recommend it for internal DNS servers. Securing your DNS servers from cache pollution is rather straight-forward. Open up Administrative Tools, and then click DNS to open the DNS ...

As with any standard, there are specifications on what is allowed and what is not allowed. DNS is a standard and as such has certain restrictions on DNS names. When creating a DNS name, you should be aware of these limitations to prevent any problems from forming and causing issue on your network. The first thing to understand is that not all ...

We all know DNS is important to web browsing, Active Directory and so much more. However, I am often receive emails asking questions about DNS issues and the answers almost always lead back to how DNS lookups work. Understanding how DNS resolves names to IP addresses is crucial to troubleshooting DNS related issues. The first and most obvious step ...

Windows DNS is pretty straightforward to install and setup, but occasionally issues occur that require investigation. By enabling DNS debug logging, you can log all DNS related actions such as zone transfers, DNS queries and resource record updates. Configuring DNS Debug logging can be done from the command line using DNSCmd.exe or from the GUI. ...

NSLookup is a powerful troubleshooting tool that administrators can use to determine DNS related problems. I am often asked about errors that occur when using NSLookup. Seeing as troubleshooting the troubleshooting tool will only extend the time it takes to resolve the problem I have documented so of the errors you may encounter with NSLookup and ...

DNS is a hierarchical naming system. A DNS name includes the names of all of the DNS namespaces that it belongs to. The DNS namespace is made up of a number of components. The DNS namespace starts with a root domain. The root domain is a logical domain that has no name and is represented by a dot (.) The root domain holds all top-level domains ...

There are a variety of differnt DNS Resource Records. What are they and when do you use one or the other? Keep reading! When working with Active Directory there are certain record types you need to be familiar with.Start of Authority (SOA) records are used to identify the primary name server for the domain. This record also sets such parameters as ...

Maintenance, its boring, repetitive, and often forgotten. The old adage ''If it ain't broke, don't fix it'' is followed by too many administrators but preventitive maintenance can help you discover minor problems and allow you to fix them before they snowball into major issues! There are some simple maintenance tasks that you can perform on a ...

When using Windows 2003 and Exchange 2003, there is an issue that can occur when you attempt to resolve certain Domain Name System (DNS) query responses through a firewall. When DNS queries are passed through a firewall they are inspected (this depends on your firewall). DNS query packets may be blockedif they are larger than 512 bytes. When ...

Windows 2003 introduced a new type of DNS zone called a Stub Zone. A Stub Zone is a zone that it obtains its resource records from other name servers. A stub zone is like a secondary zone, however it is read-only so administrators can't manually add, remove, or modify resource records on it. Stub zones only contain the following types of DNS ...

Sender Policy Framework (SPF) is a type of DNS record created to help stop Spam. A lot of anti-spam filters include a filter to look for SPF records and if they are forged, block the messages. The easiest way to describe SPF is to call it a reverse MX record. To create an SPF record on a Windows DNS server is pretty easy, and if you run BIND, its ...

Split DNS! What is it and when should you use it? Split DNS is a method of splitting (duh!) your DNS zone when you use the same domain name for your internal and external domains. In an unsplit DNS setup, you have a single DNS zone for domain.com. All the resource records for internal and external servers are included in one zone. You publish your ...

One of the few services in Windows Server 2003 that can be completly managed by the command line is the DNS Server service. The DNS Server service can be installed, configured, managed, repaired and removed all using a set of command line tools included in the base OS. Install/Uninstall Create an answer file with the following text in notepad: ...

Windows Server 2003 DNS includes a new feature called conditional forwarders. Conditional forwarders are used to forward queries for a specific domain name to a set of DNS servers for that domain. Normally a DNS server forwards all queries it cannot resolve locally to a forwarder, however, Windows Server 2003 DNS servers can be configured to ...