Chapter 8 – Troubleshooting DNS

 

 

• Caching only DNS Servers

o      Reduces DNS look-up traffic across an Internet connection or a WAN.

 

• Conditional Forwarders

o      A DNS Server uses a “forwarder” for requests only if they are records in certain domains. This is useful for reducing WAN traffic when the authority for sub-domains is delegated and each location has it’s own Internet Connection.

 

• Settings Advanced Options

o      Enable Round Robin – occurs when more than one record exist for a DNS Query. The answer returned for the query alternates between the records.

o      The “secure cache against pollution” option controls how the DNS server caches look-ups. In this option, the DNS server does not cache look-up responses from “Non-Authoritative” DNS Servers. This prevents hackers from placing false information about other domains in your DNS cache.

 

• Configuring Security

o      Modifying EDNSO – A new protocol, which allows DNS Servers to send UDP packets with more than 512 bytes of information.

o      Servers that support EDNSO send an “OPRT” record before DNS look-up requests. The OPRT record gives the maximum size of DNS message that is supported by UDP

 

• Troubleshooting DNS

o      DNSLint – a command line utility that allows you to verify corrent DNS configuration. Helps to confirm that a zone is correctly configured or verify records.

 

• DNS Server logging

o      Debug logging – records packet-by-packet information about the queries that the DNS server is receivig. Should be enabled only for troubleshooting because it records a large volume of information.