DNS Server Improvements in Windows Server 2012 and Windows server 2008R2
1) Cache-only DNS servers
All DNS servers cache answers to queries they receive from outside their own zone of authority.
A cache-only DNS server obtains all DNS information from other DNS servers.
It does not store host information in domain files and does not perform zone transfers.
A cache-only DNS server must have at least one root server or forwarder listed, or it cannot resolve domain names. It stores the answer to each query in its cache for later use. A cache-only DNS server is not authoritative for any zone
2) Socket Pooling in DNS Server
The socket pool enables a DNS server to use source port randomization when issuing DNS queries. This
provides enhanced security against cache poisoning attacks. The socket pool is enabled with default settings
on computers that have installed Security Update MS08-037
3) Cache Locking in DNS Server
Cache locking is a new feature available if your DNS server is running Windows Server 2008 R2. When you
enable cache locking, the DNS server will not allow cached records to be overwritten for the duration of the
time to live (TTL) value. Cache locking provides for enhanced security against cache poisoning attacks. You
can also customize the settings used for cache locking.
1) Cache-only DNS servers
All DNS servers cache answers to queries they receive from outside their own zone of authority.
A cache-only DNS server obtains all DNS information from other DNS servers.
It does not store host information in domain files and does not perform zone transfers.
A cache-only DNS server must have at least one root server or forwarder listed, or it cannot resolve domain names. It stores the answer to each query in its cache for later use. A cache-only DNS server is not authoritative for any zone
2) Socket Pooling in DNS Server
The socket pool enables a DNS server to use source port randomization when issuing DNS queries. This
provides enhanced security against cache poisoning attacks. The socket pool is enabled with default settings
on computers that have installed Security Update MS08-037
3) Cache Locking in DNS Server
Cache locking is a new feature available if your DNS server is running Windows Server 2008 R2. When you
enable cache locking, the DNS server will not allow cached records to be overwritten for the duration of the
time to live (TTL) value. Cache locking provides for enhanced security against cache poisoning attacks. You
can also customize the settings used for cache locking.
