CVE-2015-7547 and Windows DNS

Microsoft is aware of the CVE-2015-7547  Remote Execute Vulnerability for Linux in GNU C Library.  If we determine there is any impact to our devices and services, we’ll take the necessary action. Till now there is no known impact on Microsoft DNS clients. Vulnerability Summary The glibc DNS client side resolver is vulnerable to a stack-based…

0

Load balancing DNS servers using DHCP Server Policies

This blog is authored by Ken Johnson, Senior Premier Field Engineer, Microsoft. DNS is one of the critical services needed for accessing network resources.  Response time of the DNS server is critical to the speed and performance of relying services.  These two blogs have the timeout information and DNS client behavior explained in detail (DNS…

1

A Description of the DNS Dynamic Update Message Format

Dynamic update enables DNS client computer to register and dynamically update their resource records with a DNS server whenever changes occur. This reduces the need for manual administration of zone records, especially for clients that frequently move or change locations and use DHCP to obtain an IP address. The DNS Client and Server services support…

2

Selective Recursion Control Using DNS Server Policies

Certain deployments may require the same DNS server to perform recursive name resolution for the internal clients apart from acting as authoritative nameserver for contoso.com. For this, the recursion has to be enabled on the DNS server. But as the DNS server is also listening to the external queries, the recursion is also enabled for…

1

Upward Referral Responses from Authoritative DNS Servers

One of the widely debated behaviour of an authoritative name servers is the nature of the response it sends back when asked for a FQDN for which it is non-authoritative. Till 2012R2 Windows DNS servers, which have recursion disabled on them have responded back with a upward referral response with a list of root name…

1

Split-Brain DNS in Active Directory Environment Using DNS Policies

In Windows Server 2016 Technical Preview 3, the DNS policies support has been extended to Active Directory backed zones. Active Directory integration inherently provides multi-master high availability capabilities to the DNS server. In earlier blogs, we had seen how to configure DNS server policies for different scenarios on file backed DNS zones. But as many…

2

Response Rate Limiting in Windows DNS Server

RRL, or Response Rate Limiting, tries to extenuate the DNS amplification attacks. In a DNS amplification attack, the attackers forge the IP address of the victim network and send a lot of queries to the DNS servers. The traditional DNS server responds back to all the queries it receives and as a result the victim network…

6