Export (0) Print
Expand All
8 out of 11 rated this helpful - Rate this topic

What's New in DNS Server in Windows Server 2012 R2

Published: June 24, 2013

Updated: June 24, 2013

Applies To: Windows Server 2012 R2



This topic provides information about new and changed functionality in the DNS Server service in Windows Server 2012 R2. For information about the DNS Client service or the DNS Server service in other versions of Windows Server, see What's New in DNS.

New functionality in DNS Server for Windows Server 2012 R2 includes the following.

 

Feature/functionality New or improved Description

Enhanced zone level statistics

Improved

Zone level statistics are available for different resource record types, zone transfers, and dynamic updates.

Enhanced DNSSEC support

Improved

DNSSSEC key management and support for signed file-backed zones is improved.

Enhanced Windows PowerShell support

Improved

New Windows PowerShell parameters are available for DNS Server.

DNS server statistics available in Windows Server® 2012 using the Get-DnsServerStatistics Windows PowerShell cmdlet are: CacheStatistics, DatabaseStatistics, DnssecStatistics, DsStatistics, ErrorStatistics, MasterStatistics, MemoryStatistics, NetBiosStatistics, PacketStatistics, PrivateStatistics, Query2Statistics, QueryStatistics, RecordStatistics, RecursionStatistics, SecondaryStatistics, SecurityStatistics, TimeoutStatistics, TimeStatistics, UpdateStatistics, and WinsStatistics.

In Windows Server 2012 R2, the following additional statistics are available:

  • ZoneQueryStatistics: Zone query statistics provide the information about:

    • QueriesFailure: The number of queries that did not result in a successful response, for example when the response is DNS SERVER FAILURE.

    • QueriesNameError: The number of queries that resulted in an NXDOMAIN or EMPTY AUTH response.

    • QueriesReceived: The total number of queries received for the specified record type.

    • QueriesResponded: The total number of queries that resulted in a valid DNS response.

    Query information is provided for the following resource record types: A, AAAA, PTR, CNAME, MX, AFSDB, ATMA, DHCID, DNAME, HINFO, ISDN, MG (Mail Group), MB (Mail Box), MINFO (Mail Box Information), NAPTR (Naming Authority Pointer), NXT (Next Domain), KEY (Public Key), MR (Renamed Mailbox), RP (Responsible Person), RT (Route Through), SRV (Service Location), SIG (Signature), TXT (Text), WKS (Well Known Services), X.25, DNSKEY, DS, NS, SOA.

  • ZoneTransferStatistics: Zone transfer statistics provide the information about AXFR and IXFR transations, including:

    • RequestReceived: The total number of zone transfer requests received by the DNS Serverservice when operating as a primary server for a specific zone.

    • RequestSent: The total number of zone transfer requests sent by the DNS Serverservice when operating as a secondary server for a specific zone.

    • ResponseReceived: The total number of zone transfer requests received by the DNS Serverservice when operating as a secondary server for a specific zone.

    • SuccessReceived: The total number of zone transfers received by the DNS Server servicewhen operating as a secondary server for a specific zone.

    • SuccessSent: The total number of zone transfers successfully sent by the DNS Serverservice when operating as a primary server for a specific zone.

  • ZoneUpdateStatistics: Zone update statistics provide the information about:

    • DynamicUpdateReceived: The total number of dynamic update requests received by theDNS server.

    • DynamicUpdateRejected: The total number of dynamic updates rejected by the DNSserver.

To get zone level statistics, type the following commands at an elevated Windows PowerShell prompt.

PS C:\> $statistics = Get-DnsServerStatistics –ZoneName contoso.com
$statistics.ZoneQueryStatistics
$statistics.ZoneTransferStatistics
$statistics.ZoneUpdateStatistics

Enhanced support for DNSSEC includes changes to online signing for file-backed zones, and enhanced signing key management support:

  1. In Windows Server 2012 R2, the Key Master role is introduced for file-backed multi-master zones.

    noteNote
    The Key Master is an authoritative DNS server that generates and manages signing keys for a zone that is protected with DNSSEC. The Key Master role was introduced in Windows Server 2012 for Active Directory-integrated zones. For more information, see Overview of DNSSEC.

  2. DNSSEC is enhanced to enable isolation of the key management process from primary DNS servers which are not the key masters of a zone. The entire process of signing key generation, storage, rollover, retirement, and deletion can be initiated only from the Key Master while the other primary servers can continue the zone signing by accessing these keys.

    DNSSEC key separation is accomplished by enabling generation and storage of keys on a cryptographic next-generation (CNG) compliant offline storage module.

The following new Windows PowerShell cmdlets and parameters are introduced in Windows Server 2012 R2:

  1. Step-DnsServerSigningKeyRollover: This cmdlet forces a KSK rollover when waiting for a parent delegation signer (DS) update. If a server hosting a securely delegated zone is unable to check if the DS record in parent is updated, this parameter enables you to force a rollover. It is expected that the DS record has been manually updated in the parent.

  2. Add-DnsServerTrustAnchor -Root: The Root parameter set enables you to retrieve trust anchors from the URL specified in RootTrustAnchorsURL property of the DNS server. This cmdlet has the following alias: Retrieve-DnsServerRootTrustAnchor.

  3. RootTrustAnchorsURL: The Get-DnsServerSetting and Set-DnsServerSetting cmdlets are extended to add a new output string of RootTrustAnchorURL.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.