Advanced DNS Server Options

Disable Recursion—Prevents the DNS server from forwarding queriesto other DNS servers. Select this check box on a DNS server that onlyprovides resolution services to other DNS servers, because unauthorizedusers can use recursion to overload a DNS server’s resources and therebydeny the DNS Server service to legitimate users.

BIND Secondaries—During zone transfer, DNS servers normally utilizea fast transfer method that involves compression. If UNIX servers runninga version of Berkeley Internet Name Domain (BIND) prior to 4.9.4 arepresent, zone transfers will not work. These servers use a slower uncompresseddata transfer method. To enable zone transfer to these servers,select this check box.

Fail on Load if Bad Zone Data—When selected, DNS servers will notload zone data that contains certain types of errors. The DNS service checksname data using the method selected in the Name Checking drop-downlist on this tab.

Enable Round Robin—Round robin is a load-balancing mechanism usedby DNS servers to distribute name resolution activity among all availableDNS servers. If multiple A or AAAA resource records are found in a DNSquery (for example, on a multihomed computer), round robin sequencesthese resource records in repeated queries for the same computer.

Enable Netmask Ordering—Prioritizes local subnets so that when aclient queries for a host name mapped to multiple IP addresses, the DNSserver preferentially returns an IP address located on the same subnet asthe requesting client.

Secure Cache against Pollution—Cache pollution takes place whenDNS query responses contain malicious items received from nonauthoritativeservers. This option prevents attackers from adding such resourcerecords to the DNS cache. The DNS servers ignore resource records fordomain names outside the domain to which the query was originallydirected. For example, if you sent a query for and a referral provided a name such as, the latter name would not becached when this option was enabled.

