Optimizing DNS

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

When Domain Name System (DNS) servers are initialized for service, they use server configuration settings that are taken from the parameters that are stated in a boot information file, the registry, and (possibly) zone information that is provided through Active Directory integration.

In most situations, the installation defaults are acceptable and should not require modification. However, when necessary, you can tune various parameters to accommodate special deployment needs and situations.

The following table describes advanced parameters that you can change to optimize the performance of DNS servers.

Parameter Description

Disable recursion

Determines whether or not the DNS server uses recursion. By default, the DNS Server service is enabled to use recursion.

BIND secondaries

Determines whether to use fast transfer format for transfer of a zone to DNS servers running legacy Berkeley Internet Name Domain (BIND) implementations.

By default, all Windows-based DNS servers use a fast zone transfer format. This format uses compression, and it can include multiple records per TCP message during a connected transfer. This format is also compatible with more recent BIND-based DNS servers that run versions 4.9.4 and later.

Fail on load if bad zone data

Sets the DNS server to parse files strictly.

By default, the DNS Server service logs data errors, ignores any erred data in zone files, and continues to load a zone. You can reconfigure this option by using the DNS snap-in so that the DNS Server service logs errors and fails to load a zone file containing records data that is found to contain errors.

Enable round robin

Determines whether the DNS server uses the round robin mechanism to rotate and reorder a list of resource records if multiple resource records exist of the same type that exist for a query answer.

By default, the DNS Server service uses round robin.

Enable netmask ordering

Determines whether the DNS server reorders address (A) resource records within the same resource record that is set in the server's response to a query based on the Internet Protocol (IP) address of the source of the query.

By default, the DNS Server service uses local subnet priority to reorder A resource records.

Secure cache against pollution

Determines whether the DNS server attempts to clean up responses to avoid cache pollution. This setting is enabled by default.

By default, DNS servers use a secure response option that eliminates adding unrelated resource records that are included in a referral answer to their cache. In most cases, any names that are added in referral answers are typically cached, and they help expedite the resolution of subsequent DNS queries.

With this feature, however, the server can determine that referred names are potentially polluting or insecure and then discard them. The server determines whether to cache the name that is offered in a referral on the basis of whether or not it is part of the exact, related, DNS domain name tree for which the original queried name was made.

For example, if a query is made originally for sales.wingtiptoys.com and a referral answer provides a record for a name outside the wingtiptoys.com domain name tree, such as tailspintoys.com, that name is not cached where this feature is enabled for use.

For more information about planning DNS, see Deploying Domain Name System (DNS) on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=45677).

To optimize DNS, complete the following procedures:

See Also

Other Resources

Deploying Domain Name System (DNS)