Share via


What's New in DNS in Windows Server 2008

Applies To: Windows Server 2008

Domain Name System (DNS) is a system that is used in TCP/IP networks for naming computers and network services that is organized into a hierarchy of domains. DNS naming locates computers and services through user-friendly names. When a user enters a DNS name in an application, DNS services can resolve the name to other information that is associated with the name, such as an IP address.

Windows ServerĀ® 2008 provides a number of enhancements to the DNS Server service that improve how DNS performs. For details about these changes, see DNS Server Role.

Overview of the Improvements in DNS

The DNS Server role in Windows Server 2008 contains four new or enhanced features that improve the performance of the DNS Server service or give it new abilities:

  • Background zone loading: DNS servers that host large DNS zones that are stored in Active Directory Domain Services (AD DS) are able to respond to client queries more quickly when they restart because zone data is now loaded in the background.

  • IP version 6 (IPv6) support: The DNS Server service now fully supports the longer addresses of the IPv6 specification.

  • Support for read-only domain controllers (RODCs): The DNS Server role in Windows Server 2008 provides primary read-only zones on RODCs.

  • Global single names: The GlobalNames zone provides single-label name resolution for large enterprise networks that do not deploy Windows Internet Name Service (WINS). The GlobalNames zone is useful when using DNS name suffixes to provide single-label name resolution is not practical.

  • Global query block list: Clients of such protocols as the Web Proxy Auto-Discovery Protocol (WPAD) and the Intra-site Automatic Tunnel Addressing Protocol (ISATAP) that rely on DNS name resolution to resolve well-known host names are vulnerable to malicious users who use dynamic update to register host computers that pose as legitimate servers. The DNS Server role in Windows Server 2008 provides a global query block list that can help reduce this vulnerability.