Shulou(Shulou.com)06/02 Report--

Windows Server 2016 network features may not receive as much attention as Docker containers or Nano Server, but administrators should understand how the new domain name system server and IP address management features can help them gain more control over the network environment.

The most important improvement related to DNS is the release of the DNS policy, which allows administrators to control how the Windows DNS server responds to DNS queries. DNS policies have numerous uses, including the ability to redirect from malicious IP addresses or block DNS queries.

DNS policies can also help with load balancing. Prior to Window Server 2016, the only type of load balancing Microsoft DNS server natively supported was circular load balancing. For example, if three Web servers provide specific services, administrators can use DNS round robin load balancing to distribute inbound traffic evenly among the servers. But with this approach, there is no intelligence in the balancing mechanism. DNS cannot know whether a host can handle a disproportionate amount of traffic or whether a host is healthy.

Redirecting inbound traffic to the nearest data center or performing redirects based on the time of day are two other uses of DNS policies.

IPAM console gets DNS support

IP address Management (IPAM) has been part of Windows Server for many years. Larger organizations use IPAM to manage servers that play a key role in running the IP address infrastructure. Before the release of Windows Server 2016, there was little DNS support for the IPAM console. The Windows Server 2012 IPAM console provides rich support for interacting with DHCP servers, but it has few options for interacting with DNS. The only option available to the DNS server is to start the Microsoft management console or retrieve server data.

Microsoft has added more DNS-related features to the Windows Server 2016 IPAM console, including the ability to create, modify, and delete resource records. Microsoft also adds a filtering option that allows administrators to check resource records and IP addresses at the DNS zone level. This filtering is based on a list of IP addresses compiled (manually or automatically) from DNS host records. IPAM collects DNS zone and resource record information from Windows DNS servers running on Windows Server 2008 or later.

Response rate limits help avoid DoS

Windows Server 2016 also provides a way to limit DNS response rates to prevent denial of service (DoS) against Windows DNS servers. This feature limits the number of responses (or errors) that the DNS server can send to the client per second.

Microsoft is configured with response rate limiting, so legitimate requests are not affected. Administrators can define whitelists based on domains or subnets to avoid being restricted by DNS requests. An organization may place its internal subnets on a whitelist while imposing rate limits on external clients to limit the impact of DOS.

Welcome to the official account of Wechat: Xiao Wen study Society.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.