Windows Server 2016 DNS Improvements

by | Mar 29, 2017 | Infrastructure | 0 comments

There have been some nice improvements to Windows 2016 networking. While not as flashy as some of the other changes, such as Nano Server or storage replicas, the new DNS features can help secure your server.

DNS Policies

DNS policies can be created to tell DNS how to handle incoming requests. Here are only a few of them:

  • Application high availability – DNS clients are redirected to the healthiest endpoint for a given application, i.e. a website.
  • Traffic Management – DNS clients are redirected to the closest datacenter.
  • Split Brain DNS – DNS records are split into different Zone Scopes, and DNS clients receive a response based on whether they are internal or external clients.
  • Time of day based redirection – DNS clients can be redirected to datacenters based on the time of the day, great for International companies.

Policies are created hand-in-hand with subnets. Subnets help direct clients to the closest datacenter or server for their subnet. Great for multinational or national companies that would like to direct users to a localized web site or other resources.

IPAM has DNS support

Windows Server 2016 now supports discovery of file-based, domain-joined DNS servers in an AD forest or in a trusted forest. IPAM allows you to, when you view an IP address in the IP Address Inventory, have the option in the Details View to see all the DNS resource records associated with the IP address.

They have also added the following features:

  • DNS zones and resource records collection (other than those pertaining to DNSSEC) from DNS servers running Windows Server 2008 or later.
  • Configure (create, modify, and delete) properties and operations on all types of Resource Records (other than those pertaining to DNSSEC).
  • Configure (create, modify, delete) properties and operations on all types of DNS zones (including Primary Secondary, and Stub zones).
  • Triggered tasks on secondary and stub zones, regardless if they are forward or reverse lookup zones. For example, tasks such as Transfer from Master or Transfer new copy of zone from Master.
  • Role-based access control for the supported DNS configuration (DNS records and DNS zones).
  • Conditional forwarders collection and configuration (create, delete, edit).

Windows Server 2016 also features a way to throttle the DNS response rate to prevent denial of service (DoS) attacks against a Windows DNS server. The feature limits the number of times per second that a DNS server will issue a response — or an error — to a client.

More and more security is being built into the Windows server environment. These features can help make any technology department sleep just a little bit easier at night.

Need more information? Please contact us at We are happy to help you achieve your goals.