Miscellaneous

•	Synthesize empty reverse zones for standard private IP address ranges This prevents leakage of reverse DNS requests for private IP addresses. For details see draft-ietf-dnsop-default-local-zones

•	Send NOTIFY requests to secondary servers when a primary zone is updated Enables faster synchronization of zone changes to secondary DNS servers. Not supported by older DNS server software.

•	Keep the root server list (a.k.a. "hints file") updated automatically With this option enabled, Simple DNS Plus will automatically check for root server updates. You may want to disable this if you are using an alternate root or if your server is only used on for intranet purposes.

•

Enable EDNS0. EDNS0 payload size
The original DNS specifications limits DNS request and response packets over UDP to 512 bytes (payload).
As DNS servers need to send more data (for example, as the larger IPv6 addresses are added to TLD DNS servers etc.) this limitation causes truncation and DNS servers have to switch to the much less efficient TCP protocol.
However most networks and Internet connections today support much larger UDP packets.
With this option enabled, Simple DNS Plus will indicate to other DNS servers that it is able to send and receive larger packets over UDP, and it sends larger response packets over UDP to other DNS servers that have indicated that they support it.
A value of 1280 is a good starting point for most setups, as this payload size fits within the standard ethernet packet size.
In many cases values of 4096 and higher will also be fine depending on network, routers, etc.

•

Test EDNS0 at startup to ensure that this is supported by local firewalls
Older Cisco PIX firewalls and other firewall products are known to drop DNS packets with EDNS0.
If you experience this problem please contact your firewall vendor to get a firmware update.
When this option is enabled, Simple DNS Plus will send some test EDNS0 packets at startup. If it determines that EDNS0 is not supported, it will log a warning (and Windows Event if enabled), and will then continue without EDNS0.

•

Respond to BIND version requests
Since many Internet DNS servers are running some version BIND (mainly Unix/Linux DNS server), hackers often initiate an attack by sending a special request for the BIND software version number. They can then compare the response with a list of known vulnerabilities for that particular version of the BIND software and launch the actual attack.
With this option enabled, Simple DNS Plus will respond to such BIND version requests with a text of your choice.
When this option is not enabled, Simple DNS Plus will respond to BIND versions requests with a "not implemented" error message.
A warning is always logged for BIND version requests.

•

Limit client caching time (adjust TTLs in responses to recursive requests)
Recent Windows versions have a "DNS Client" service (enabled by default) which caches DNS records locally. Other operating systems have similar features.
This option can be used to limit the time that client computers/devices cache the DNS records provided by Simple DNS Plus by setting a maximum TTL (time to live) value for DNS records in responses to these clients.
This is independent of the length of time that Simple DNS Plus might itself cache (see Options dialog / DNS / Caching section) the same DNS records and only takes effect for clients requesting recursion (not other DNS servers) and only for clients with IP addresses in the "Perform recursion for" list (see Options dialog / DNS / Recursion section).
Limiting client caching time is useful when you want to be able to enforce quick updates - for example when using black/white-lists that are frequently updated, or plug-ins that might take effect at different times (see Scheduler plug-in above).
NOTE: Microsoft Internet Explorer also caches DNS records (independent of the "DNS Client" service) for a fixed time of 30 minutes no matter what TTL is used. So updates may take up to 30 minutes no matter what unless the user restarts I.E. Other browsers also cache DNS records but typically for a shorter time.