Interface Technical Training

Changes to Windows Server 2016 Domain Name System (DNS)

With the release of Windows Server 2016 there are a few new features available.  In this blog I will provide a list of the features and a brief description of each.  Check back for links to go into deeper detail and configuration “how to” for each feature.

6 New Features in Server 2016 Domain Name System (DNS)

1. DNS Policies.

You can now control how your DNS server handles queries based on DNS Policies that can be configured for different scenarios. There are different types of policies depending on the scenario (ie. Query Resolution, Recursion, Zone Transfer, Traffic Management).

2. IPv6 Root Hints.

When you install DNS IPv6 Root Hints will be populated natively without having to update it manually.

3. Response Rate Limiting (RRL).

RRL is used to prevent DNS amplification attacks against a local DNS server.

4. DNS – Based Authentication of Named Entities (DANE)

DANE prevents man in the middle attacks on your DNS server by using TLSA (Transport Layer Security Authentication) records to tell the DNS clients what Certificate Authority (CA) the should expect a certificate from for you AD DS structure.

5. Unknown Record Support.

Non Microsoft DNS servers have records that are not directly supported by a Microsoft DNS server. You can now add records which are not explicitly supported.

6. Extended Windows PowerShell Support.

There are new PowerShell cmdlets introduced.

As you can see there are a few new features Windows Server 2016 available.  In the upcoming weeks I will be blogging deeper into each of these features.  Along with how to configure each one.

Until Next Time, RIDE SAFE!

Rick Trader
Windows Server Instructor – Interface Technical Training
Phoenix, AZ