||Simple yet Powerful
What makes Simple DNS Plus "simple" is its easy-to-use user interface and automation features.
All options and settings are available directly from the intuitive Windows user interface.
It provides wizards for common tasks such as setting up new zones, importing data, making bulk updates, etc.
You never need to mess with cryptic configuration files or registry settings.
Novice users can have their DNS server up and running correctly and securely in no time.
But make no mistake - Simple DNS Plus is a very capable and full featured DNS server, and it has plenty
of options for expert users to tweak it just the way they want.
||Authoritative and Recursive (resolver and cache) DNS server
All the DNS server features and functionality you need to host DNS for domain names,
assign domain name to computers and devices for easy access, create and delegate sub-domains,
resolve other domain names on the Internet, speed up Internet access with
centralized DNS caching, etc.
||High performance DNS server engine and user interface
Great for hosting and managing anywhere from a few domains to +100,000 domains.
The user interface is optimized to handle really large domain name portfolios.
Simple DNS Plus has options to configure all aspects of the DNS services, including many unique but important
options not found in competing products such as the ability to limit recursion by IP address.
Options are well organized and easy to manage in a central Options dialog available directly from first toolbar button
in the main program window.
Of course the software comes preconfigured with settings that are appropriate for most users.
||Remote Management / Windows Server Core (New in v. 5.2)
The Simple DNS Plus user interface can be run on a desktop computer connecting to a remote Simple DNS Plus server, making it
easy and fast to manage the server without Remote Desktop, VNC, or similar.
You can even remote manage a Simple DNS Plus service running on Windows Server Core (no GUI on server) -
||Direct support for dynamic IP clients
Simple DNS Plus supports TSIG authenticated dynamic DNS updates.
This update method is more efficient than the HTTP based and
other proprietary update methods typically used because it happens directly
via the DNS protocol.
Several dynamic IP updater applications can be used with this.
Setup tutorials are provided for DynSite and
Simple DNS Plus can also function as a dynamic DNS service for more generic HTTP based update clients
either by using the DynDNS
Service plug-in or by using a web-server front-end. ASP.NET and classic ASP sample code for this is available here.
||Full support for IDNs (internationalized domain names)
In Simple DNS Plus you can enter domain names with native characters directly (no punycode conversion needed),
and have an option to display native character or punycoded domain names anywhere in the user interface,
and quickly switch between these modes. More details...
||Full support for IPv6
Simple DNS Plus v. 5.0 has full support for IPv6 - the next Internet Protocol
It has an option to control protocol preference (IPv4 / IPv6) on dual-stack
computers, and it can even act as IPv6-to-IPv4 or IPv4-to-IPv6 forwarder.
||Easy to integrate with other applications
You can create DNS records or entire zone files from other applications or
web-sites and prompt
Simple DNS Plus to dynamically load and use this through command line options, a
simple HTTP API, and our full .NET/COM programming API.
The included help
file contains a complete description of these features.
Simple DNS Plus also allows you to connect with other applications and data from
different sources through various
plug-ins and can be
extended through an open
||100% .NET 2.0 managed code
This provides great performance - also on 64 bit computers where Simple DNS Plus
runs in native 64 bit mode.
And it is very secure because common security issues such as buffer overruns
simply cannot happen.
Simplified DNS management
||Quick Zone Wizard / Zone Templates
In one simple dialog, enter the domain name and the IP addresses of
the web and mail servers, and click OK.
That's all you need to setup a new zone.
The IP addresses can even be pre-filled with default values.
The Quick Zone Wizard is template based and you easily create
your own templates with exactly the DNS records etc. you need when setting up
now domains. Optionally add input fields and VB.NET code.
Suspending a zone allows you to temporarily stop serving data for a zone without deleting it.
This can be useful for example if you are hosting the domain name for someone else, and they forgot to pay their bill...
Suspended zones are easily recognized in the user interface with a "paused" icon and a red zone name.
When someone requests a name in a suspended zones, Simple DNS Plus can either respond as if the zone was configured at all,
or synthesize a response (redirect to a "domain suspended" web-page), or respond with a error.
||Bulk Update Wizard
Quickly and easily update thousands of zones in one quick step:
- Find and replace an IP address.
- Find and replace a host name
- Update DNS record TTL values
- Update zone e-mail servers (MX-records)
- Update zone DNS servers (NS- and SOA-records)
- Update SOA-record data fields
- Promote secondary server to primary (convert all secondary zones to primary)
- Update primary DNS server IP address for secondary zones
||Copy zone function
Quickly setup a new zone using any existing zone as a template.
This function makes it very simple to import zones from other DNS
This includes zone transfer, import zone file, import set of
zone files based on a boot file, and import a list of domain names using data from an existing zone.
||Easy IP-to-Name Mapping dialog for reverse zones
Forget "in-addr.arpa" and reversing IP address segments.
With the "IP-to-Name Mapping", you simply type the corresponding host name
next to each IP address represented by the reverse zone.
An "auto scan" function can scan all forward zones for A-records and
automatically create matching reverse records.
||"Zone Groups" for easy managements of large domain portfolios
You can arrange zones in custom groups, or by primary/secondary status.
||Automatic creation of reverse DNS records
Automatically create/update reverse DNS when an A-record (or AAAA-record) is added
Powerful DNS features
||Automate secondary DNS servers
A secondary Simple DNS Plus server can be configured as a
"super slave" server, meaning that all updates on the primary
server are automatically transferred to the secondary. This includes
creating and deleting zones.
(On other DNS server, you have to create and delete zones on both
primary and secondary servers).
Everything is completely automated - when changes are made in the
Record Editor, Simple DNS Plus immediately notifies secondary
servers and a Zone Transfer is initiated.
Simple DNS Plus can also be configured as a standard secondary DNS server,
and will then automatically check for updates on the primary server.
As everything else in Simple DNS Plus, Zone Transfers are
implemented according to the DNS standards (RFCs), and so it is 100%
compatible with other standard DNS servers.
Simple DNS Plus has a plug-in system for fetching DNS data from various outside sources
and providing additional functionality.
The standard Simple DNS Plus installation comes with these plug-ins:
- DHCP Server - automatically assign IP addresses to local computers and devices
- Domain Blacklist - redirects DNS requests for domain names on a blacklist
- DynDNS Service - run your own "DynDNS" service (just like dyndns.com, no-ip.com, tzo.com, etc.)
- Fixed Host Name - serves a fixed host name (New in v. 5.2)
- Fixed IP address - serves a fixed IP address (New in v. 5.2)
- Hosts file - serve host records from a standard hosts file
- HTTP Redirector - redirects HTTP requests for specified host names
- Ignore DNS Request - instructs Simple DNS Plus to ignore (not answer) DNS requests (New in v. 5.2)
- MS SQL Server - database host record lookups
- MS SQL Server Plus - database lookups
- Regular Expressions - "advanced wildcards"
- Skip - skip other plug-in instances when processing DNS requests (New in v. 5.2)
- Weighted Round Robin - control traffic distribution.
Additional plug-ins available for download:
- Clone Response - clone DNS records from a zone (New in v. 5.2)
- DNS Blacklist - host DNS blacklists (DNSBL / RBL).
- GeoDNS - provides different data depending on client country (New in v. 5.2)
- MySQL Server - database lookups.
- MyIP - returns clients own IP address.
- TCP Forwarder - simple TCP port forwarding (New in v. 5.2)
- CYBERsitter - blocks bad web-sites.
The plug-in system is open for users and 3rd parties to
develop their own plug-ins (.NET 2.0 based).
||NAT IP alias conversion
In DNS responses to LAN clients only, this function changes A-records which are pointing to a public IP address of the NAT router to point to the corresponding private IP address of a local server.
This way, for example HTTP requests from LAN clients for local web-sites will go directly to the local web-server instead of via the NAT router (which often does not work).
||Round Robin load distribution option
If you have multiple web servers (or other Internet servers),
containing identical content, Simple DNS Plus can automatically
distribute connection loads across the servers using Round Robin.
Round Robin works on a rotating basis in that one server IP address
is handed out, then moves to the back of the list; the next server
IP address is handed out, then it moves to the end of the list; and
so on, depending on the number of servers being used.
||Support for standard dynamic updates
Windows clients (Me/2000 and later) can automatically register themselves in the DNS database.
(IP address permission list per zone).
This includes support for SRV-records used by Microsoft Active
||Incremental Zone Transfers
A history of individual record updates (DHCP, dynamic update, HTTP
updates) is recorded, so secondary DNS servers don't need to zone
transfer the entire zone each time there is a change.
This saves both CPU cycles and bandwidth.
||DNSSEC hosting / signing (New in v. 5.2)
Simple DNS Plus can host DNSSEC signed zones and includes GUI tools for DNSSEC key management and zone signing.
Similar to digital signatures for e-mails, DNSSEC authenticates that a set of DNS records originate from an authorized sender (DNS server) using private/public key cryptography.
||Option to redirect abusers (synthesize DNS records for unauthorized users)
When someone (unauthorized) from the Internet tries to resolve outside domain names via your DNS server, Simple DNS Plus can respond with synthesized (false) DNS records, for example to redirect that person to a signup web-page or similar.
This feature is also useful when someone is incorrectly pointing their domain registration to your DNS server - for example an ISP customer who has cancelled their account but not changed the domain registration.
||Supports wildcard records ( *.domain-name ) for ALL record types.
If you are hosting many sub-domains on the same servers, this
feature can be a real time saver.
||Alias zones (zone file sharing)
Two or more zones can share the same data file making it very easy
to manage a large number of zones based on the same data. Change one
zone, and all the alias zones are instantly updated as well.
||Redirect DNS requests for non-existing domains (NXDOMAIN)
Typically when you open a non-existing domain name in a web-browser,
you either get an error page, or you are redirected to some search
web-site controlled by the web-browser company (or DNS registry).
This of course happens all the time because of misspellings and bad
links on web-sites.
Now you can take advantage of those failed requests (from any client
configured to use your DNS server) by redirecting them to your
web-server instead of giving this traffic to the browser companies.
||Domain specific DNS forwarding (a.k.a. "conditional
You can use forwarding to different DNS servers for different domain
This is helpful for example if you wish to be able to resolve both
Internet domain names as well as a private domain name hosted on
another internal DNS server.
||Extended DNS forwarding
You can use this unique option if you need to forward incoming
requests from the Internet for certain domains names to another
internal DNS server.
||Automatic SPF records - help fight spam and phishing scams
Simple DNS Plus can now automatically synthesize SPF records for all local
zones making it easy to setup and maintain SPF protection for your domains.
For more on SPF see
||Standard "Master File" format
Simple DNS Plus uses the standard file format defined in the
RFCs, and can use standard files from other DNS implementations
including different UNIX and Bind DNS servers.
||Microsoft Active Directory compatibility
Simple DNS Plus supports both the required RFC2782 (SRV records) and
RFC2136 (DNS Update), and integrates nicely with Microsoft Active Directory.
Strong security features
||Protects against DNS spoofing (a.k.a. "cache poisoning")
"DNS spoofing" is a term used for malicious cache
poisoning where forged data is placed in the cache of DNS server.
Spoofing attacks can result in serious security problems, for example
causing users to be directed to wrong Internet sites or e-mail being
routed to non-authorized mail servers.
Simple DNS Plus automatically protects against this in several ways:
- It automatically filters out any response received which does not match a sent request.
- All records in received DNS answers are checked for authority, and records for which the
answering DNS server does not have authority are ignored.
- It uses random requests IDs.
- It sends outbound DNS requests from random port numbers
(a.k.a. "port randomization").
- It queues identical requests to prevent "birthday attacks".
- It has an option to "Ignore responses not coming from the IP address that request was sent to".
- It has an option to "Ignore responses which do not echo the request question section".
||Restrict recursion by client IP address
You can specify exactly which clients (by IP address / subnet)
that you want the server to perform recursion for.
||Response Filtering stops "DNS rebinding attacks"
Web-browsers generally allow any script, Java object, Flash object, etc. to communicate via HTTP / TCP with
the server that served a web-page for as long as that web-page is open in the browser.
This is controlled by the host name specified in the web-page URL.
A "DNS rebinding attack" is done by having the DNS record for the host name time out very quickly
(low TTL and other tricks) and then serve a new IP address for the host name in response to the next DNS request
The new IP address would be the private/local IP address of an intranet server or device at your location.
Now with a bit of scripting, the attacker can in effect use your browser as a gateway to your entire intranet
- completely bypassing your firewall.
The same type attack may also be possible with other Internet applications that rely on host names for security.
Browser companies are taking steps to prevent this in new browser versions, but it is much more efficient and
secure to stop this type of attack at the DNS level by filtering out any private/local IP addresses in DNS
responses from outside DNS servers.
||"Stealth DNS" option
A hacker may use a software utility known as a "DNS port scanner" to
search for potential targets. This software sends dummy DNS requests to a
range of IP addresses on different service ports simply to register
which addresses/ports respond.
Any addresses/ports that responded will then be probed further for
Simple DNS Plus has a special "stealth" option which makes it
invisible to such DNS port scanners, by not responding to a DNS request
unless it is for data in local zones or originates from a client
||Secure Zone Transfers (New in v. 5.2)
Avoid revealing all your server addresses and other potentially sensitive data by limiting who
can zone transfer your zones.
Simple DNS Plus supports secure zone transfer (TSIG authenticated).
Both zone transfer requests and responses are authenticated so this provides protection in two ways;
it prevents unauthorized transfers (only people / servers with the correct key can transfer), and it
ensures data integrity on secondary servers (not possible to spoof / inject false data during transfers).
Zone transfers can also be limited by IP address for cases where the secondary DNS server does not support TSIG signed zone transfers (less secure but much better than letting anyone zone tranfer your data).
||IP address blocking
Ignore packets from known offenders, and automatically add anyone
making too many requests to quickly (DoS attack) to the list.
You can specify how long an IP address block should be in effect,
and you can enter comments for each block, for example about why an IP
address was blocked or should not be blocked for easy reference.
Quick and easy diagnostics
||DNS Look Up tool - including WHOIS
Great for testing your installation and troubleshooting all
kinds of network problems.
With the "WHOIS" feature, you can check the
details (such as name, address and phone) on the owners of a domain
name or IP address.
||Check Internet Delegations wizard (New in v. 5.2)
Lets you automatically test if the NS and SOA records in your local zone data
match the actual current delegations on the Internet. This can be very useful both to check
for errors and to make sure that you still own the domain names that you think you do.
It could also be used for example by ISPs to see if any customers have left them (changed their DNS to another provider).
||Cache snapshot viewer
Browse the current DNS cache with this intuitive explorer style tool.
||See what's going on behind the scenes - live
The Simple DNS Plus "Active Log View" shows who's requesting what,
and how the answers are found in real time.
Everything translated into human readable text.
This is great for troubleshooting all kinds of network problems.
If you are trying to learn how DNS works, this can be a real helper.
||Detailed log files
Simple DNS Plus optionally writes all DNS queries and answers to a log file which you can then analyze at your
||Remote logging to Syslog server
Log data can be sent to a remote syslog server using the standard syslog protocol (RFC3164).
This can be useful centralize logging and/or take advantage of various alerting features of syslog server software.
||Raw log files for incoming request data
This can be used analyze DNS request traffic for security review or for example to compile usage statistics for domain names, customers, etc.
||Windows Performance Counters (New in v. 5.2)
Simple DNS Plus supplies 9 different performance counters which can be graphed with the Windows Performance Monitor and polled by other programs such as SNMP tools.
||Animated Tray Bar Icon.
Simple DNS Plus optionally resides in the tray-bar (next to the clock), so
it is out of the way, but always within a click's reach.
The Tray Bar Icon lights up whenever Simple DNS Plus is processing
requests, so you will know even when the program is minimized.
DNS record types and RFCs
||Standard DNS record types supported
A, A6, AAAA, AFSDB, ATMA, CNAME, DHCID, DNAME, DNSKEY, DS, HINFO, ISDN, LOC, MB, MG, MINFO, MR, MX, NAPTR, NS, NSAP,
NSEC, NSEC3, NSEC3PARAM, PTR, RP, RRSIG, RT, SOA, SPF, SRV, TXT, and X25
||RFCs and drafts supported
RFC1034 Domain Names - Concepts and Facilities.
RFC1035 Domain Names - Implementation and Specification.
RFC1183 New DNS RR Definitions
RFC1706 DNS NSAP Resource Records
RFC1876 Location Information in the DNS (LOC)
RFC1912 Common DNS Operational and Configuration Errors
RFC1995 Incremental Zone Transfer in DNS
RFC1996 A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)
RFC2136 Dynamic Updates in the Domain Name System (DNS UPDATE)
RFC2181 Clarifications to the DNS Specification
RFC2308 Negative Caching of DNS Queries (DNS NCACHE)
RFC2317 Classless IN-ADDR.ARPA delegation
RFC2671 Extension Mechanisms for DNS (EDNS0)
RFC2672 Non-Terminal DNS Name Redirection
RFC2782 A DNS RR for specifying the location of services (DNS SRV)
RFC2845 Secret Key Transaction Authentication for DNS (TSIG)
RFC2874 DNS Extensions to Support IPv6 Address Aggregation and Renumbering
RFC3225Indicating Resolver Support of DNSSEC (New in v. 5.2)
RFC3403 Dynamic Delegation Discovery System (DDDS) (NAPTR records)
RFC3492 Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA)
RFC3596 DNS Extensions to support IP version 6
RFC3597 Handling of Unknown DNS Resource Record (RR) Types
RFC4033 DNS Security Introduction and Requirements (New in v. 5.2)
RFC4034 Resource Records for the DNS Security Extensions (New in v. 5.2)
RFC4035 Protocol Modifications for the DNS Security Extensions (New in v. 5.2)
RFC4408 Sender Policy Framework (SPF)
RFC4635 HMAC SHA TSIG Algorithm Identifiers (New in v. 5.2)
RFC4641 DNSSEC Operational Practices (New in v. 5.2)
RFC4701 A DNS Resource Record (RR) for Encoding Dynamic Host Configuration Protocol (DHCP) Information (DHCID RR) (New in v. 5.2)
RFC5155 DNS Security (DNSSEC) Hashed Authenticated Denial of Existence (New in v. 5.2)
RFC5452 DNS Resilience against Forged Answers
draft-ietf-dnsop-default-local-zones Locally-served DNS Zones
RFC2131 Dynamic Host Configuration Protocol
RFC2132 DHCP Options and BOOTP Vendor Extensions