What’s new in DNS service in Windows Server 2012
New functionality in DNS Server for Windows Server 2012 includes the following.
- DNS Security Extensions (DNSSEC) support is extended to include online signing and automated key management. For more information about DNSSEC, see Overview of DNSSEC. Specific enhancements to DNSSEC include:
- Support for Active Directory-integrated DNS scenarios including DNS dynamic updates in DNSSEC signed zones.
- Support for updated DNSSEC standards, including NSEC3 and RSA/SHA-2.
- Automated trust anchor distribution through Active Directory.
- Automated trust anchor rollover support per RFC 5011.
- Updated user interface with deployment and management wizards.
- Validation of records signed with updated DNSSEC standards (NSEC3, RSA/SHA-2).
- Easy extraction of the root trust anchor.
- DNS configuration and management is greatly enhanced with Windows PowerShell, including:
- Parity with the user interface and dnscmd.exe.
- DNS Server role installation/removal using Windows PowerShell.
- Windows PowerShell client query with DNSSEC validation results.
- Server configuration is enabled for computers running older operating systems.
New functionality in the DNS Client service for Windows Server 2012 and Windows 8 includes the following.
- Link-local multicast name resolution (LLMNR): Outbound LLMNR queries are not sent to mobile broadband and VPN interfaces.
- Network basic input/output system (NETBIOS): Outbound NETBIOS queries are not sent to mobile broadband interfaces.
- LLMNR timeout: The LLMNR query timeout has been increased to 410 msec for the 1st retry and 410 msec for the 2nd retry. The total timeout value is now 820 msec instead of 300 msec. This change is to solve a problem with computers in power saving mode. LLMNR and NETBIOS queries are also issued in parallel, improving response times for all queries.
- Parallel queries: LLMNR and NETBIOS are issued in parallel and optimized for IPv4 and IPv6 queries.
- Binding order optimization: Interfaces are divided into networks to send parallel DNS queries and prefer binding order responses.
- Protocol reordering: If a specific interface is hijacking DNS names, then for flat names on those networks LLMNR and NETBIOS queries are sent in parallel with DNS queries and the LLMNR or NETBIOS response is preferred.
- Asynchronous DNS cache: All the queries in DNS cache service are asynchronous and response timing is optimized.
Latest posts by Ravi Chopra (see all)
- Entra ID (Azure Active Directory): Migration and Integration Guide - 20 December 2024
- Active Directory Federation Services (ADFS): Implementation Guide - 16 December 2024
- Active Directory Backup and Recovery Strategy: Comprehensive Guide - 11 December 2024