Miscellaneous

•	Enable Round Robin (rotate DNS records in responses) When this option is enabled and multiple records of the same type are defined for the same name, Simple DNS Plus automatically rotates these records in responses (See Round Robin).

•

Always include NS referral in DNS responses from local zones
For most purposes is not necessary to include these extra NS-records in DNS responses, and we generally recommend leaving this option off to reduce network packet sizes and CPU usage.
However certain DNS analyzers (software / websites) may claim that your server is not configured correctly without these records.
Also certain ccTLD registrars may require these extra records when they test your DNS servers in connection with a domain name registration.
To satisfy such analyzers and registrars, simply enable this option temporarily, and then disable it again to improve performance when done.

•	Refuse DNS requests for record type "ANY" DNS requests for record type "ANY" will list all DNS records (of any type) for the requested name. Enabling this option will make the server respond to such requests with a "Refused" error message.

•	Synthesize empty reverse zones for standard private IP address ranges This prevents leakage of reverse DNS requests for private IP addresses. For details see draft-ietf-dnsop-default-local-zones

•

Only accept DNS responses from the IP address that request was sent to
This can help prevent DNS spoofing. See How to secure your server.
This is only an option because some multi-homed DNS servers may not respond from the same IP address as the DNS request was sent to, making it is impossible to resolve domains hosted by such a DNS server if this was not optional. This is however pretty rare and we generally recommend enabling this option.

•	Send NOTIFY requests to secondary servers when a primary zone is updated Enables faster synchronization of zone changes to secondary DNS servers. Not supported by older DNS server software.

•	Keep the root server list (a.k.a. "hints file") updated automatically With this option enabled, Simple DNS Plus will automatically check for root server updates. You may want to disable this if you are using an alternate root or if your server is only used on for intranet purposes.

•

Specify EDNS0 payload size (bytes)
The original DNS specifications limits DNS request and response packets over UDP to 512 bytes (payload).
As DNS servers need to send more data (for example, as the larger IPv6 addresses are added to TLD DNS servers etc.) this limitation causes truncation and DNS servers have to switch to the much less efficient TCP protocol.
However most networks and Internet connections today support much larger UDP packets.
With this option enabled, Simple DNS Plus will indicate to other DNS servers that it is able to receive larger packets over UDP, and it sends larger response packets over UDP to other DNS servers that have indicated that they support it.
A value of 1280 is a good starting point for most setups, as this payload size fits within the standard ethernet packet size.
In many cases values of 4096 and higher will also be fine depending on network, routers, etc.
WARNING: Certain older firewall products are known to drop DNS packets with EDNS0 enabled. If you experience problems with this please contact your firewall vendor to get a firmware update.

•

Respond to BIND version requests
Since many Internet DNS servers are running some version BIND (mainly Unix/Linux DNS server), hackers often initiate an attack by sending a special request for the BIND software version number. They can then compare the response with a list of known vulnerabilities for that particular version of the BIND software and launch the actual attack.
With this option enabled, Simple DNS Plus will respond to such BIND version requests with a text string of your choice.
When this option is not enabled, Simple DNS Plus will respond to BIND versions requests with a "not implemented" error message.
A warning is always logged for BIND version requests.