Information Technology Reference
In-Depth Information
Version 4 (IPv4) was the common version of TCP/IP. The release of TCP/IP version 6
(IPv6) has solved the lack-of-IP-addresses problem. IPv4 addresses are 32 bits long, but
IPv6 addresses are 128 bits in length. The longer lengths allow for a much greater number
of globally unique TCP/IP addresses.
Microsoft Windows Server 2012 R2 DNS has built-in support to accommodate both
IPv4 and IPv6 address records. (DNS records are explained later in this chapter.) DHCP
can also issue IPv6 addresses, which lets administrators allow DHCP to register the client
with DNS, or the IPv6 client can register their address with the DNS server.
Support for Read-Only Domain Controllers
Windows Server 2008 introduced a new type of domain controller called the
read-only
domain controller (RODC)
. This is a full copy of the Active Directory database
without the ability to write to Active Directory. The RODC gives an organization the
ability to install a domain controller in a location (onsite or offsite) where security is a
concern.
Microsoft Windows Server 2012 R2 DNS has implemented a type of zone to help
support an RODC. A primary read-only zone allows a DNS server to receive a copy of the
application partition (including ForestDNSZones and DomainDNSZones) that DNS uses.
This allows DNS to support an RODC because DNS now has a full copy of all DNS zones
stored in Active Directory.
A primary, read-only zone is just what it says—a read-only zone; so to make any
changes to it, you have to change the primary zones located on the Active Directory
Integrated DNS server.
DNS Socket Pools
If your server is running Windows Server 2012 R2, you will be able to take advantage
of DNS socket pools.
DNS socket pools
allow source port randomization to protect against
DNS cache-poisoning attacks.
If you choose to use source port randomization, when the DNS service starts, the
DNS server will randomly pick a source port from a pool of available sockets. This is an
advantage because, instead of DNS using a well-known source port when issuing queries,
the DNS server uses a random port selected from the socket pool. This helps guard against
attacks because a hacker must correctly access the source port of the DNS query. The
socket pool is automatically enabled in DNS with the default settings.
When using the DNS Socket Pool, the default size of the DNS socket pool is 2,500.
When configuring the socket pool, you have the ability to choose a size value from 0 to
10,000. The larger the value, the greater the protection you will have against DNS spoofing
attacks. If you decide to configure your socket pool size with a zero value, only a single
socket for remote DNS queries will be used.
Search WWH ::
Custom Search