CVE-2015-7547 and Windows DNS

Microsoft is aware of the CVE-2015-7547  Remote Execute Vulnerability for Linux in GNU C Library.  If we determine there is any impact to our devices and services, we’ll take the necessary action. Till now there is no known impact on Microsoft DNS clients. Vulnerability Summary The glibc DNS client side resolver is vulnerable to a stack-based…


How to Deploy Windows DNS Server on Nano Server

Windows Server 2016 Technical Preview offers a new installation option: Nano Server. Nano Server is a remotely administered server operating system optimized for private clouds and datacenters. It is similar to Windows Server in Server Core mode, but significantly smaller, has no local logon capability, and only supports 64-bit applications, tools, and agents. It takes…


Network Forensics with Windows DNS Analytical Logging

(Co Authored by Rob Mead (Microsoft Threat Intelligence Center), Kumar Ashutosh and Vithalprasad Gaitonde (Windows DNS Server) Overview DNS queries and responses are a key data source used by network defenders in support of incident response as well as intrusion discovery. If these transactions are collected for processing and analytics in a big data system,…


DDI survey

Folks, We, the networking team at Microsoft, want to engage with you to make our products serve you better. For this we are conducting a survey to know more about the DNS, DHCP and IP address analytics scenarios that you have in your organization. It will be great if you can complete the following survey:


Load balancing DNS servers using DHCP Server Policies

This blog is authored by Ken Johnson, Senior Premier Field Engineer, Microsoft. DNS is one of the critical services needed for accessing network resources.  Response time of the DNS server is critical to the speed and performance of relying services.  These two blogs have the timeout information and DNS client behavior explained in detail (DNS…


A Description of the DNS Dynamic Update Message Format

Dynamic update enables DNS client computer to register and dynamically update their resource records with a DNS server whenever changes occur. This reduces the need for manual administration of zone records, especially for clients that frequently move or change locations and use DHCP to obtain an IP address. The DNS Client and Server services support…


Selective Recursion Control Using DNS Server Policies

Certain deployments may require the same DNS server to perform recursive name resolution for the internal clients apart from acting as authoritative nameserver for For this, the recursion has to be enabled on the DNS server. But as the DNS server is also listening to the external queries, the recursion is also enabled for…


Upward Referral Responses from Authoritative DNS Servers

One of the widely debated behaviour of an authoritative name servers is the nature of the response it sends back when asked for a FQDN for which it is non-authoritative. Till 2012R2 Windows DNS servers, which have recursion disabled on them have responded back with a upward referral response with a list of root name…


DNS Management in IPAM

In Windows Server 2016, management of DNS properties have been significantly enhanced in IPAM. In 2012 R2, IPAM used to discover DNS zone information and monitored availability of DNS zones. In the new version, administrators can now manage DNS zones, conditional forwarders and resource records across multiple DNS servers using IPAM. DNS Data Collection IPAM…


Split-Brain DNS in Active Directory Environment Using DNS Policies

In Windows Server 2016 Technical Preview 3, the DNS policies support has been extended to Active Directory backed zones. Active Directory integration inherently provides multi-master high availability capabilities to the DNS server. In earlier blogs, we had seen how to configure DNS server policies for different scenarios on file backed DNS zones. But as many…