Options dialog - DNS - Miscellaneous
(Main window -> Options button -> DNS / Miscellaneous section)
Copyright © 1999-2008 JH Software ApS
Options dialog - DNS - Miscellaneous |
Simple DNS Plus v. 5.1 Copyright © 1999-2008 JH Software ApS |
|
| • | Synthesize empty reverse zones for standard private IP address ranges This prevents leakage of reverse DNS requests for private IP addresses. For details see draft-ietf-dnsop-default-local-zones |
| • | Send NOTIFY requests to secondary servers when a primary zone is updated Enables faster synchronization of zone changes to secondary DNS servers. Not supported by older DNS server software. |
| • | Keep the root server list (a.k.a. "hints file") updated automatically With this option enabled, Simple DNS Plus will automatically check for root server updates. You may want to disable this if you are using an alternate root or if your server is only used on for intranet purposes. |
| • | Enable EDNS0. EDNS0 payload size The original DNS specifications limits DNS request and response packets over UDP to 512 bytes (payload). As DNS servers need to send more data (for example, as the larger IPv6 addresses are added to TLD DNS servers etc.) this limitation causes truncation and DNS servers have to switch to the much less efficient TCP protocol. However most networks and Internet connections today support much larger UDP packets. With this option enabled, Simple DNS Plus will indicate to other DNS servers that it is able to send and receive larger packets over UDP, and it sends larger response packets over UDP to other DNS servers that have indicated that they support it. A value of 1280 is a good starting point for most setups, as this payload size fits within the standard ethernet packet size. In many cases values of 4096 and higher will also be fine depending on network, routers, etc. |
| • | Test EDNS0 at startup to ensure that this is supported by local firewalls Older Cisco PIX firewalls and other firewall products are known to drop DNS packets with EDNS0. If you experience this problem please contact your firewall vendor to get a firmware update. When this option is enabled, Simple DNS Plus will send some test EDNS0 packets at startup. If it determines that EDNS0 is not supported, it will log a warning (and Windows Event if enabled), and will then continue without EDNS0. |
| • | Respond to BIND version requests Since many Internet DNS servers are running some version BIND (mainly Unix/Linux DNS server), hackers often initiate an attack by sending a special request for the BIND software version number. They can then compare the response with a list of known vulnerabilities for that particular version of the BIND software and launch the actual attack. With this option enabled, Simple DNS Plus will respond to such BIND version requests with a text of your choice. When this option is not enabled, Simple DNS Plus will respond to BIND versions requests with a "not implemented" error message. A warning is always logged for BIND version requests. |