Windows DNS Server Settings

This video will look at the settings found in Microsoft DNS server. These settings allow you to fine tune the results given by Microsoft DNS server to the clients.

Download the PDF handout

This demonstration is done with Windows 8 with remote Server Administration Tools (RSAT) installed. See on how to install.

1. To open DNS manager, open charms by moving the mouse to the top right of the screen and then select the search option. For the search option select Administrative Tools. Once Administrative Tools is open, select the icon for DNS to open the DNS manager.
2. When DNS manager opens, it will prompt you for the DNS server to administer. If it does not, it will display the last used DNS server when the DNS manager was opened last. If the DNS server that you want to manage is not listed, right click on DNS at the top and select the option “Connect to DNS server”.
3. In order to get to the DNS server settings, right click the DNS server in DNS manager and select the option properties. The settings of the DNS server are found on the advanced tab. To configure the settings in here, it is just a matter of ticking or un-ticking the option that you want.

Disable recursion (also disable forwarders)
This option prevents the DNS server contacting other DNS servers when it is not able to resolve the DNS request itself from the zone files on the DNS server or from its cache. If a DNS server on your network is not required to resolve DNS requests for clients by contacting other DNS servers, this option should be ticked. By ticking this option this helps keep the DNS server more secure from DOS attacks, or denial of service attacks. A denial of service attack is when an attacker floods a DNS server with requests and thus prevents it from answering legitimate requests. Like any other server on the network, to keep it more secure you should disable services or settings that are not required to make the server more secure and less vulnerable to attack.

Enable Bind Secondaries
If the DNS server is replicating with Berkeley Internet Name Domain (BIND) DNS servers this option will increase the compatibility with those servers. What it does is it disables some of the compression options used in replicating. The reality is, these options have been supported in BIND since version 4.94 which was released in the late 90’s. Unless you are replicating with a very old Linux or Unix DNS server there should not be the need to ever enable this option. Since it changes the replication compression options, it effectively increases the amount of replication data required and thus should only be switched on if you are experiencing problems.

Fail on load if bad zone data
If this option is ticked, if there are an errors detected in the zone file it will not be loaded. In most cases you would not enable this option as this would prevent the DNS server from answering queries for this DNS zone if any errors were in the file for any reason. If you are more worried that data is accurate rather than the DNS server answering requests, tick this option.

Description to long for YouTube. Please see the following link for the rest of the description.


See or for our always free training videos. This is only one video from the many free courses available on YouTube.

“Disable Recursion on the DNS Server”
“Bind Secondaries”
“Tuning advanced server parameters”
“Configuring round robin”
“Description of the DNS Server Secure Cache Against Pollution setting”

windows server


Alice AUSTIN is studying Cisco Systems Engineering. He has passion with both hardware and software and writes articles and reviews for many IT websites.

Leave a Reply

Your email address will not be published. Required fields are marked *