Simple DNS Plus. Version Copyright JH Software

(1)

Copyright © 1999-2005 JH Software

Simple DNS Plus

Version 4.00

(2)

Part I Welcome

4 Part II How to...

4

... 4 1 Get started

... 5 2 Host a domain name

... 6 3 Setup primary / secondary

... 7 4 Secure you server

... 10 5 Read the log

... 13 6 Integrate with other applications

... 14 7 Use HTTP commands

... 15 8 Use command line options

... 16 9 Configure advanced options

... 19 10 Use "warning.bat"

Part III User Interface

21

... 21 1 Main window

... 23 Views

... 24 IP Address Blocking dialog

... 24 IP Address Blocking Rule dialog

... 25 Options dialog ... 25 General ... 26 DNS - Requests ... 26 DNS - Recursion ... 27 DNS - Forwarding ... 27 DNS - Caching ... 27 DNS - Security ... 29 DNS - Records ... 29 DNS - Zone Transfers ... 30 DNS - Master/Slave ... 30 DNS - NAT IP alias ... 31 DHCP ... 31 DHCP Scope dialog ... 32 HTTP API ... 32 Logging - Log Details

... 33 Logging - Log files

... 34 2 DNS Look Up window

... 34 3 DNS Cache Snapshot window

... 35 4 DNS Records window ... 36 Zone Properties ... 37 Record Properties ... 37 New Zone Wizard

... 38 Quick Domain Wizard

(3)

... 39 Bulk Update Wizard

... 40 Reverse Zone Wizard

... 40 Import Wizard

... 41 TSIG Dynamic Updates

Part IV Definitions

41

... 41 1 Hosts file ... 42 2 DNS Caching ... 42 3 TTL (Time To Live) ... 43 4 Root DNS records ... 44 5 DNS Recursion ... 44 6 DNS Forwarding ... 45 7 Round Robin ... 46 8 Zones ... 46 9 Zone Transfers ... 47 10 Reverse Zone / in-addr.arpa

... 49 11 Dynamic DNS updates

... 49 12 DHCP

Part V Common DNS Record Types

50

... 50 1 A (Host Address) ... 51 2 CNAME (Alias) ... 51 3 MX (Mail Server) ... 52 4 NS (DNS Server) ... 52 5 PTR (Reverse) ... 53 6 SOA (Zone Properties)

Part VI Other DNS Record Types

54

... 54 1 A6 ... 54 2 AAAA ... 54 3 AFSDB ... 55 4 ATMA ... 55 5 DNAME ... 55 6 HINFO ... 55 7 ISDN ... 56 8 LOC ... 56 9 MB, MG, MINFO, MR ... 57 10 NAPTR ... 57 11 NSAP ... 57 12 RP ... 58 13 RT Copyright © 1999-2005 JH Software

(4)

... 58 14 SRV ... 59 15 TXT ... 59 16 X25

Index

60

(5)

1 Welcome

Thanks to the DNS system we surf the Internet using names such as www.simpledns.com instead of impossible to remember IP addresses.

DNS servers translate these domain names into machine readable IP-addresses needed to locate the requested web-server on the Internet.

With Simple DNS Plus you can hosts your own domain names, or simply speed up Internet access with DNS caching .

Simple DNS Plus is also a DHCP server , it comes with a DNS Look Up tool , and many other features.

You can find answers to frequently asked questions at: http://www.simpledns.com/faq.asp

If you have any questions or comments, please don't hesitate to contact us at: [email protected].

Select a topic on the left to get started.

2 How to...

2.1 Get started

The first step after installing Simple DNS Plus is to configure the computers on the local network (including the one it is installed on) to use the now local DNS server instead of the ISP's DNS server. This is done under the computer's Network TCP/IP properties by assigning the IP address of the computer running Simple DNS Plus as the DNS server.

The exact setup is slightly different for each Windows version - illustrations are provided at

http://www.simpledns.com/tutor/config_win.asp

Local computers (except the one running Simple DNS Plus) can also be configured automatically using the DHCP function.

We also recommend disabling the "DNS Client" service on any local computer running Windows 2000, XP, or 2003 including the computer with Simple DNS Plus. See

http://www.simpledns.com/tutor/dnsclientsvc.asp

Next make sure Simple DNS Plus is running, and test the configuration by opening a web-page such as www.simpledns.com.

To ensure that you are not getting a copy cached by the browser, first empty out the browser cache (delete "Temporary Internet Files") and close all instances of the browser.

And if you are using Windows 2000, XP, or 2003 and still have the "DNS Client" service running, type "IPCONFIG /flushdns" at a command prompt to ensure that no DNS data is cached by this service. If you got to the web-site, everything is now working correctly.

You should also be seeing some activity in Simple DNS Plus (performance graph or the request counter on the status bar ).

If you are new to DNS, it might be helpful to examine the log files to get an idea how DNS requests are processed.

This initial setup (without hosting any domain names) is often referred to as a "caching only DNS

42 49 34 49 23 21 10

(6)

server".

If you run Simple DNS Plus for a while, you should begin to notice an improvement in the time it takes to access web-pages - especially when you return to one you have visited previously.

This is caching - your computers no longer have to access an external DNS server every time you open a web-page.

Next step is to start hosting your own domain names .

2.2 Host a domain name

With Simple DNS Plus you can host DNS for your own domain names (and/or for others). First a domain name must the registered on the Internet.

You can use the "WHOIS" look up function in Simple DNS Plus to find an available domain name. There's a growing number of companies (registrars) and resellers offering domain name registration for ".com", ".net", and ".org" domain names.

For country specific names (such as ".uk") the choice is often limited to a single registrar. See the complete list of registrars at http://www.icann.org

When registering a domain name (or modifying a registration), you have to specify which DNS servers will be responsible for the domain name (also referred to as "host records" - or NS-records ). Here you need to specify your own DNS server(s) - by name - such as "ns1.yourname.com".

If you are already hosting other domain names you can use the existing "ns..." name for your server(s). Otherwise you may have to first create these "host records" ("ns1.yourname.com" = IP address). With some registrars you can do this as part of the domain name registration, others have a separate process for this.

When in doubt, contact your registrar for details.

It usually takes 24 to 72 hours for a new domain name and changes to become fully active on the Internet.

You can configure your domain name in Simple DNS Plus even before you have registered it and use it yourself, but other people on the Internet won't be able to access it before it is registered and active. Next you need to configure the domain in Simple DNS Plus.

From the main window , click the "Records" button.

The first time you do this, you may be prompted to enter "Domain name of this DNS server" and "Administrator's e-mail address" using the Options dialog . This data is used as defaults for some of the DNS records automatically created by Simple DNS Plus.

Enter the DNS server name (such as "ns1.yourname.com") and an e-mail address (for example [email protected]").

You should now be in the DNS Records window .

This is where you work with your domain names and records.

The easiest way to configure a new domain name is through the Quick Domain Wizard (click the "Quick" button).

Simply enter the domain name, and the IP addresses of your web, mail, and FTP servers (all optional). Once you have done this, close the DNS Records window , and your domain name is ready to go! Depending on your requirements and possibly requirements from the registrar, you may also need to setup a secondary DNS server .

42 5 34 52 21 25 35 38 35 6

(7)

2.3 Setup primary / secondary

You have a probably heard or seen the terms "primary DNS server" and "secondary DNS server". Actually a DNS server (the computer/software) is not specifically "primary" or "secondary". A DNS server can be primary for one zone (domain) and secondary for another.

The original DNS specifications require that each domain name is served by at least 2 DNS server for redundancy.

This may seem a little silly - especially if you run your DNS, web, and mail servers all on the same machine - if this machine goes down, it doesn't really matter that the backup DNS server still works. But many registrars (companies that register domain names) still do require this

This requirement has since been somewhat relaxed, and depending which registrar you use, you may only need to specify one DNS server.

Please note: registrars requiring 2 DNS servers sometimes refer to these as "primary" and "secondary".

This has absolutely nothing to do with the actual primary/secondary functionality, and it doesn't matter in which order you enter your DNS servers for the domain name. This is just a list of servers, and there could be 1, 2, or any number of DNS servers listed for a domain name.

By definition, a primary DNS server holds the "master copy" of the data for a zone , and secondary servers have copies of this data which they synchronize with the primary through zone transfers at intervals or when prompted by the primary.

Only one DNS server should be configured as primary for a zone , but you can have any number of secondary servers for redundancy.

Both primary and secondary servers for a zone serve exactly the same data to clients. Because of this you could easily "simulate" a secondary server on a single computer with 2 IP addresses.

Simply configure the zone (as primary), and the server will function as both the primary (on one IP address) and secondary (on the other IP address).

The recommended practice is to configure the primary and secondary DNS servers on separate machines, on separate Internet connections, and in separate geographic locations. All for the purpose of redundancy.

Many do this by making a "swap" deal with someone else: "be secondary for me, and I'll be secondary for you".

Many new "broadband" Internet connections (such as cable modems and DSL) only come with one IP address, so this setup is often used not so much because of redundancy, but because the registrar requires two DNS servers (with separate IP addresses).

When using separated primary and secondary DNS servers, zone transfers are used to synchronize the secondary servers.

With other DNS server software, a zone must initially be created on both the primary and secondary servers (creating individual DNS records and any following changes to a zone need only be done on the primary server).

However, Simple DNS Plus has a unique option to automatically create and remove zones on secondary servers whenever you do this on the primary.

We call this a master/slave pair and is configured through the Options dialog (DNS Master/Slave section).

Both servers must be running Simple DNS Plus (no other DNS servers we know of currently support this)

The secondary server must be listed as a "slave" on the primary server, and the primary server must be listed as a "master" on the secondary.

One Simple DNS Plus server can be master and/or slave for any number of servers.

46 46 46 46 46 46 46 25

(8)

To create the zone on the primary server, you can use the Quick Domain Wizard (make sure to specify the name and IP address of the secondary DNS server).

If you are not using the master/slave setup, or if your primary server is not running Simple DNS Plus, you will also need to create the zone on the secondary server.

Use the New Zone function, select the "Secondary Zone" option, and specify the zone name and the IP address of the primary DNS server.

Once a zone is configured on both primary and secondary servers, zone transfers should automatically occur when needed.

To verify, use the Look Up function against the secondary server, or check the records on the secondary server through the DNS Records window .

You can later change the primary/secondary status using the Zone Properties dialog . The Zone Properties dialog "zone transfers" tab can be used to secure the zone, so only authorized secondary servers are allowed to request zone transfer .

2.4 Secure you server

As with all types of Internet servers, DNS servers are also targeted by hackers.

The implications can be quite serious, but the good news is that you can protect yourself better by running Simple DNS Plus compared to trusting your ISP's DNS servers.

There are several security issues with DNS, but Simple DNS Plus addresses them all:

DNS Spoofing

DNS Spoofing is the act of "injecting" false data into the cache of a DNS server causing it to serve this false data to its clients.

Hackers may do this simply to prevent someone from accessing the Internet (making a DNS server appear to malfunction), but intentions can be much more malicious and the effects far more serious. For example by "injecting" false MX-records (Mail exchange), a hacker could actually rroute mails intended for a company's client or vendor to himself. If the hacker also forwards (relays) the e-mails to the correct destination, this might continue undetected for as long as the hacker cares. Or with an "injected" A-record (for example www.bank.com = IP 1.2.3.4) and a cloned web-site for www.bank.com, a hacker could get your pin code, password, credit card number etc.

There are two methods a hacker can use to do this:

1) Sending additional false records in a standard DNS response.

You can prevent Simple DNS Plus from accepting these false records by enabling the "Prevent DNS spoofing" security option (See Options dialog / DNS Security section).

This is an option only because it can slow down resolving external domain names a bit.

2) Some DNS servers use consecutive request ID numbers, making it possible for a hacker to "guess" the next ID and then impersonate another server.

Simple DNS Plus uses random request ID numbers, so this is not an issue.

Port Scanners

A hacker may use a software utility known as a "port scanner" to search for potential targets. This software sends dummy requests to a range of IP addresses on different service ports simply to register which addresses/ports respond.

Any addresses/ports that responded will then be probed further for possible vulnerabilities.

Simple DNS Plus has a special "stealth" option which makes it invisible to such port scanners, by not

46 38 46 37 46 34 35 36 36 7 46 42 51 50 27

(9)

responding to a DNS request unless it is for data in local zones or originates from a client offered recursion.

See Options dialog / DNS Recursion section.

Many of these port scanners and other hacking utilities are known to send network packets originating from port zero.

A normal DNS client or server would never do this, so such a packet is a strong indication that a hacker is at work.

Simple DNS Plus can detect this and ignore such packets to avoid attracting further attention from the hacker.

See Options dialog / DNS Security section / "Ignore UDP packets originating from port zero".

Telnet connections

Hackers sometimes use a simple telnet client to connect to open server TCP ports, to see if they can get some type of response or perhaps crash the server by sending it junk data.

Simple DNS Plus can often detects such connections, close them down, and log the event. Some Internet protocols (including HTTP, SMTP, and POP3) are transmitted in clear text and experienced users can communicate directly with such servers with a simple telnet client. However the DNS protocol is transmitted in binary format and cannot be accessed like that. See Options dialog / DNS Security section / "Detect and close Telnet connections.".

Zone Transfers

Zone transfers are intended for use by secondary DNS servers to synchronize with their primary server.

But you can also request a zone transfer using a number of different tools (like the Look Up function in Simple DNS Plus), which will basically list all the records contained in a zone . This is great for troubleshooting, but you may not want to expose all the data in your zones to strangers like this.

Hackers could use this to find out what other servers you are running - and with this information launch other types of attacks.

Zone transfers also require considerably more bandwidth and CPU cycles compared to regular DNS requests.

You can specify which IP addresses are allowed to request zone transfers for each zone in the Zone Properties dialog under the "Zone Transfers" tab, and in the Options dialog / Zone

transfers section.

DNS Recursion

Internet users (other than your own users) may try to take advantage of your DNS server.

For example if someone feels that their ISP's DNS server is too slow - they might just use another one - like yours.

New Internet users quickly learn this "trick" through chat groups etc., and it actually happens quite often.

Many ISPs and companies "offer" this service free of charge without even realizing it. This of course consumes additional bandwidth and CPU cycles.

If you do not host any domain names, you could prevent this simply by blocking incoming DNS

requests on your firewall, or configure Simple DNS Plus to only listen for DNS requests on a private IP address (see Options dialog / DNS requests section).

However, if you are hosting one or more domain names, you must allow other DNS servers access to your DNS servers.

The difference between Internet users and other DNS servers is "recursion ".

Client applications (users) need the DNS server to perform recursion (fully resolve domain names into IP addresses), whereas other DNS servers perform the recursion themselves.

26 27 27 46 46 34 46 46 46 46 46 36 29 26 44 44 44

(10)

By specifying only the IP addresses of your own users in the Options dialog / DNS Recursion section, you can effectively block "foreign" users, and at the same time allow other DNS servers to send requests for the domain names your are hosting.

Denial of service (DOS)

This is a very simple (yet effective) method of "hacking".

By sending your servers an extreme amount of requests and basically using up all your bandwidth or processing power, a hacker can effectively prevent users and customers from accessing your services. Simple DNS Plus has an IP Address Blocking function, which can automatically detect such attacks (specifically directed against the DNS server), and ignore the traffic.

The traffic will still use some of your bandwidth, but Simple DNS Plus won't send replies (which would increase the problem) and won't use up the processing power of the machine it is running on.

Another variant of "DOS" is establishing a lot of TCP connections using up all the resources of the target system.

Simple DNS Plus has an option to limit the maximum number of simultaneous inbound TCP connections (Options dialog / DNS Security section).

DOS attacks are difficult to prevent completely, but if the hacker doesn't succeed in bringing down your systems, he might just look elsewhere.

BIND version requests

Since many Internet DNS servers are running BIND (a Unix DNS server), hackers often initiate an attack by sending a special request for the BIND software version number.

They can then compare the response with a list of known vulnerabilities for that particular BIND version and launch the actual attack.

Simple DNS Plus can be configured to respond to these BIND version requests with a text string of your choice (for example: "Sorry - no BIND vulnerabilities here!") by enabling the "Respond to BIND version requests" option in the Options dialog / DNS security section.

A warning is always logged for BIND version requests.

On Windows NT/2000/XP/2003, you can test by entering the following at a command prompt:

NSLOOKUP -class=CHAOS -type=TXT version.bind <dns-server-ip-address>

DNS Forwarding

When you enable forwarding , you basically inherit any security issues of the DNS servers you are forwarding to.

So make sure those DNS servers are also configured securely - or don't forward to them.

Dynamic DNS updates / IP spoofing

If your Simple DNS Plus server is accessible from the Internet, and you enable standard dynamic updates for any zone (in the zone properties dialog) make sure to specify that only local IP addresses are allowed to send update requests, and that your router or firewall filters out any spoofed IP packets coming from the Internet claiming to be from those IP addresses.

Most routers by default filter out any inbound IP packets claiming to be from the standard private IP address ranges (192.168.x.x / 172.16.x.x / 10.x.x.x).

If this is not filtered by the router, a hacker may be able impersonate a trusted local computer by spoofing the origin IP address of the DNS packets, giving him access to change your DNS records. If you want to receive dynamic updates across the Internet, make sure to use TSIG authenticated updates only (DNS Records Windows -> Tools menu -> TSIG dynamic updates).

Failover

Unlike most other Internet server types/protocols, DNS actually has failover functionality built into the protocol itself.

If you have 2 or more DNS servers hosting the same domain name and one of those DNS servers are down, other DNS servers will automatically try all of your DNS servers in turn until they get a response. The only requirement for this to work is that all your DNS servers are listed in the domain registration

26 24 27 27 44 44 49 36 49 35

(11)

for each domain name.

It is easy to run one or more secondary DNS servers with Simple DNS Plus using the Master/Slave functionality - see Options dialog / DNS - Master/Slave section.

To failover protect other services (such as your web-site), you can use Simple Failover - see

http://www.simplefailover.com

2.5 Read the log

You can open log files created by Simple DNS Plus with notepad, or watch the most recent log entries using the Active Log View .

Log lines starting with "->" are details for a previous line.

In addition to the logs, you can receive notification for warning and error message via network messages, e-mail, or otherwise by using the warning.bat feature.

Writing log files to disk can be activated in the Options dialog / Log files section. The following explains the errors, warnings, and header messages you might see:

*** Error: Could not start DNS service [on <ip-address>] (Error <n>)

This usually means that another DNS server or another program is occupying the DNS port (53) on the same computer.

Can also occur when using "Internet Connection Sharing".

For more information, please see http://www.simpledns.com/faq.asp#errport

Once you have corrected the problem, use "Start server" from the File menu.

*** Error: Could not start DHCP service on <ip-address> (Error <n>)

This usually means that another DHCP server or another program is occupying the DHCP server port (67) on the same computer.

Can also occur when using "Internet Connection Sharing".

Once you have corrected the problem, use "Start server" from the File menu.

*** Error: Could not start HTTP service on port <port-number> (Error <n>)

This means that the HTTP port is occupied by another program or possibly another instance of Simple DNS Plus.

You may need to change the port number used for HTTP in the Options dialog / HTTP API section.

*** Error: Could not open zone file: <file-name>

Another program may be accessing the zone file (in the "data" subdirectory).

*** Error: Could not update 'boot' file for zone <zone-name>

Another program may be accessing the 'boot' file (in the "data" subdirectory).

*** Error: Could not save zone file: <file-name> (Error <n> <error-description>)

Another program may be accessing the zone file (in the "data" subdirectory), the harddisk may be full, or something else is preventing Simple DNS Plus write access to the file.

*** Warning: UDP packet from <ip-address> port zero ignored

See the "Port Scanners" section in How to secure your server .

*** Warning: IP address <ip-address> blocked (more than <n> requests per second)

See the "Denial of service" section in How to secure your server .

*** Warning: Request from <ip-address> for BIND version - possible hack attempt

See the "BIND version requests" section in How to secure your server .

30 23 19 33 49 32 7 7 7

(12)

*** Warning: TCP connection from <ip-address> closed - Telnet detected

See the "Telnet connections" section in How to secure your server .

*** TCP connection request rejected - maximum connections (<n>) reached

See the "Denial of service (DOS)" section in How to secure your server .

*** Warning: Lame delegation for <domain-name> on <dns-server> (<ip-address>)

A "Lame delegation" is when a DNS server, which is listed in the domain registration for a domain, is not configured with any data for that domain.

"Lame delegation" sometimes happen because someone has registered a domain but only has one or no DNS servers, so they simply specify some random DNS servers to act as place-holders, even though none of these servers have a zone defined for the domain in question. Hence the domain is "lame" without a leg to stand on.

If you see this message about your own server ("this server"), you should take steps to correct this immediately.

If the domain-name in question is not yours, do a WHOIS look up to determine the owner, and contact them to change it immediately (they are causing additional traffic on your Internet connection and additional processing for your DNS server ).

If the domain-name is yours - add the zone to your server immediately.

*** Warning: Notify request not sent to <server-name> for <zone-name> - Could not resolve IP address

Changes were made to a primary zone on this server, but the server could not notify (see zone transfers ) a secondary DNS server.

This typically means that no A-record is available for the DNS server name specified in the NS-record for the secondary DNS server.

*** Warning: [<server-name>] [<ip-address>] did not respond to Notify request for <zone-name>

Changes were made to a primary zone on this server, but the server did not get any response when trying to notify a secondary DNS server.

This typically means that the secondary server is down, or there is some type of network problem.

*** Warning: Failed to Zone Transfer <zone-name> from <ip-address> (<error-description>)

This server (secondary) could not complete a zone transfer from the primary DNS server. This could be caused by general network problems or security settings on the primary server. The server will continuously retry the zone transfer.

*** Warning: Forward server <ip-address> does not offer recursion

One of the forward DNS servers specified in the Options dialog does not offer recursion . Select a different forward DNS server, or disable forwarding (not needed in most cases).

*** Warning: Error [opening]/[writing] to [raw] log file (<error-description>)

There was a problem writing a log file to disk. The server has temporarily stopped writing to this log file, and will attempt to open the file again in 5 minutes.

*** Error: Application error: <error-description>

In the unlikely event that you should see this error message, please contact [email protected] immediately for assistance.

-> Header: Format Error

Means that the binary structure of a DNS request or reply was not formatted correctly.

This could be caused by network problems, a malfunctioning DNS server, or another TCP/IP program wrongly using port 53.

-> Header: Server Failure

7 7 34 37 46 50 52 46 7 25 44

(13)

Usually means that some DNS server did not respond or that no NS-record (or associated A-record ) existed for a domain name.

Often follows the "*** Warning: Lame delegation..." message (see above). This could also be caused by network connectivity problems.

-> Header: Name does not exist!

Means that the domain name specified in the request does not exist.

If you know that the domain names does in fact exist, make sure you don't have a <root> zone in the DNS Records window , and make sure the root file is intact (you can copy the original

"named.root" file from the Simple DNS Plus directory to the "data" sub-directory).

-> Header: Not implemented

Means that the DNS server queried does not support the query type or record type.

There are many experimental DNS query and record types, and most of these never become generally accepted.

Most DNS server implementations support at least the A , CNAME , MX , NS , PTR and SOA record types.

-> Header: Refused

The queried DNS server refuses to respond - usually due to local security settings.

This most often happens in connection with zone transfers - make sure the primary DNS server allows the secondary servers to zone transfer (see Zone Properties dialog ).

-> Header: Name exists when it should not

This header is returned in a response to a dynamic update request.

The update could not be completed because the prerequisites of the update request were not met.

-> Header: Record set exists when it should not

-> Header: Record set that should exist does not

-> Header: Server not authoritative for zone

The update could not be completed because the server responding is not configured with the zone specified in the update request.

-> Header: Name not contained in zone

The update could not be completed because the update name is not contained within the zone specified in the update request.

-> Header: Invalid transaction signature (BADSIG)

This header is returned in a response to a TSIG signed dynamic update request.

The update could not be completed because the TSIG signature in the update request was invalid.

-> Header: Unknown transaction signature key or algorithm (BADKEY)

The update could not be completed because the server responding is not configured with the TSIG key or signature algorithm used in the update request for the update name.

-> Header: Transaction signature time stamp does not match server time (BADTIME)

The update could not be completed because the time stamp in the TSIG signature did not match the

52 50 35 43 50 51 51 52 52 53 7 46 36

(14)

server's time (not within the requested "fudge" interval).

2.6 Integrate with other applications

You can generate zone and record data for Simple DNS Plus from other applications.

DNS record data is stored in standard "zone files" (simple text files), located in the "data" directory under the directory where Simple DNS Plus is installed. A standard "boot file" lists all the zones with type, name, and file name.

To examine the file layout, you can open the files generated by Simple DNS Plus with notepad (See

RFC1035 for exact specifications).

Each zone has its own zone file - by default named "<zone-name>.dns". The boot file is named "boot".

Each time Simple DNS Plus is restarted, or the "Reload DNS Records" is selected from the Tools Menu, the boot file and all zone files will be re-loaded.

There are several options for making Simple DNS Plus load new zone files "on the fly":

HTTP commands

Simple DNS Plus can be prompted to perform a number of function through HTTP - either directly from a browser, or any other program that can communicate through HTTP.

See How to use HTTP commands .

Command line / UDP

You can "tell" Simple DNS Plus to reload one or all zone files whenever it is required by using one of the command line options .

Or you can do the same through TCP/IP from your own application.

The "sdnsplus.ini" file contains a "ReloadPort" line. You can control Simple DNS Plus by sending TCP/IP message via UDP to this port number on IP address 127.0.0.1:

reload As command line "-R" option - same parameters unload As command line "-U" option - same parameters clear As command line "-C" option - same parameters tsigkeys As command line "-K" option - same parameters udzone As command line "-Z" option - same parameters

".new" Zone File extensions

You can create new or updated zone files in the "data" directory (under the directory where Simple DNS Plus is installed) with a ".new" extension (instead of ".dns"), and have Simple DNS Plus automatically scan for and load these file.

To enable this, you must first edit the "sdnsplus.ini" file and change the "NewScan" setting to the minute interval to scan for ".new" files (whole numbers only), and restart the program.

When Simple DNS Plus discovers a ".new" file, it will first delete any ".dns" files with the same name, then rename the ".new" file and reload the zone.

Make sure to increment the SOA-record serial number when updating existing zones through this

46 46 14 15 16 53

(15)

method.

Calling the DNS Look Up tool from other applications

The Simple DNS Plus DNS Look Up tool/window is a COM object which can be called from any script or application supporting COM objects.

For example, using VBScript it can be called like this:

Set luObj = CreateObject("sdnslookup.lookupobj") luObj.lookup "domain.com", "A"

There is only one object/class "sdnslookup.lookupobj", and there is only one method "lookup". The "lookup" method takes two parameters where the first is the domain name or IP address to look up, and the second is the type of lookup to perform (A, MX, WHOIS, etc.).

The first parameter is mandatory, and the second parameter is optional (defaults to "A"). The "lookup" method displays the DNS Look Up window and performs the requested lookup. This functionality is for GUI applications only - no data is returned from the "lookup" method call. A small utility and supporting files for integration this into the Internet Explorer selection context menu is included with the Simple DNS Plus installation in the "ie-context" sub-directory.

A tutorial of how to add a WHOIS button to Outlook 2003 using this functionality is available online at

http://www.simpledns.com/tutor/outlook-whois.asp

2.7 Use HTTP commands

Simple DNS Plus can be prompted to perform different actions through HTTP - either directly from a browser, or any other program that can communicate through HTTP.

This functionality is not intended as a direct user interface, but rather a way to communicate with Simple DNS Plus from other applications over the network (for example ASP script pages running on IIS).

By default, Simple DNS Plus listens for HTTP requests on IP address 127.0.0.1 port 8053. With this default configuration, you can open a web-page listing the available commands in your browser using http://127.0.0.1:8053

Port 8053 is used to avoid conflicts with any web server software using the standard port 80 on the same machine.

Please note that only the same computer can connect to IP 127.0.0.1, so if you need to access this from another computer, you will need to configure Simple DNS Plus to listen on a different IP address. You can change these setting in the Options dialog / HTTP API section .

Simple DNS Plus accepts both HTTP "GET" and "POST" requests - use whichever is more convenient.

When using "GET", all fields and values must be part of the URL.

When using "POST", all fields and values must be in the message (none in the URL).

The response will either be a text document ("text/plain" mime type) containing the result, an error 404 for unrecognized commands, or error 406 for requests that could no be performed.

The request document/path name must be one of the commands described below.

For example to list the contents of the zone file for simpledns.com, you could use the following (with GET):

http://127.0.0.1:8053/getzone?zone=simpledns.com

(16)

Commands:

· status

Returns server status and request counters in text format.

· clearcache

Clears the DNS cache.

· reloadall

Reloads all zone data from disk.

· zonelist

Returns a list of all zone names on the server (separated by <CRLF>).

Optionally include the field "listtype", being either "simple" (the default), "primary" (primary zones only), "secondary" (secondary zones only), or "extended".

Optionally specify a numeric ID in the field "zonegroup" matching a group ID in the "editrecs.ini" file to limit the list to a single zone group.

· getzone

Returns the text of a zone file.

Specify the zone name in the field "zone".

· loadzone

Reloads an existing zone from disk. Specify the zone name in the field "zone".

· removezone

Removes an existing zone from the server. Specify the zone name in the field "zone".

· updatehost

Updates, creates, or deletes an A-record (host address). A parent zone must already exist for the host name. Specify the host name in the field "host".

Specify an IP address in the field "data".

If no data (IP address) is specified, the record is deleted.

· updatezone

Updates or creates a new zone on the server. Specify the zone name in the field "zone".

Specify the zone data in the field "data" (formatted as a standard zone file). For secondary zones, specify the primary server IP address in the field "masterip".

Optionally specify a numeric ID in the field "zonegroup" matching a group ID in the "editrecs.ini" file. Make sure to increment the SOA-record serial number when using this command.

2.8 Use command line options

When Simple DNS Plus is running, you can use the following command line (Dos Prompt) options: (Make sure you run these from the directory where Simple DNS Plus is installed)

SDNSPLUS -R

Reloads all records including the hosts file and root records.

SDNSPLUS -R zone-name file-name

Loads or re-loads a specific zone .

The file-name is only required if this is a new zone.

53

41 43 46

(17)

For loading individual zones we recommend using the more flexible -Z option instead.

SDNSPLUS -Z z:zone-name f:file-name p:primary-ip g:group-id

Loads, re-loads, and/or updates the status of a specific zone . The f:file-name parameter is only required if this is a new zone. The p:primary-ip parameter is only required if this is a secondary zone.

The g:group-id is optional and refers to the numeric zone group ID which can be found in the "editrecs.ini" file.

SDNSPLUS -U zone-name

Unloads / removes a zone .

SDNSPLUS -C

Removes all records from the cache.

Same as selecting "Clear Cache" from the Tools menu.

SDNSPLUS -K

Reloads the TSIG keys (the "tsigkeys.ini" file)

2.9 Configure advanced options

The "sdnsplus.ini" file and the individual zone files can specify several advanced options not available from the graphical interfaces. You can edit these files manually with notepad.

Generally it is not necessary to change any of these settings from their defaults.

"sdnsplus.ini" file

Located in the directory where Simple DNS Plus is installed.

You need to stop Simple DNS Plus before changing this file, and then restart when done.

[Main]

DNSListenPort=<number>

Specifies the TCP/IP port that Simple DNS Plus listens for DNS requests on.

This should almost always be set to 53 (the default), but it is possible to use a different port number for example to work with a proxy program.

Default: 53

DNSFromPort=<number>

Specifies the port that Simple DNS Plus sends outgoing UDP requests from - and responses are returned to.

The default (0) means that it should select any available port number above 1023.

However, using this option it is possible to fix this port which can be useful when using a firewall. This option is not used for zone transfers (TCP connections).

Default: 0

AutoUpdateRoot=<yes/no>

With this option enabled, Simple DNS Plus will automatically check for root server updates. You may want to disable this if you are using an alternate root or if your server is only used on for intranet purposes.

Default: Yes

NewScan=<number>

Interval in minutes to scan data directory for files with ".new" extensions. See How to integrate with other applications .

Not present by default.

46

16 16

43

(18)

ErrorFileDump=<Yes/No>

If an error occurs in the Simple DNS Plus program, it will attempt to create a "support.txt" file (to e-mail us for debugging).

This option specifies if the support.txt file should include the major configuration files. Default: Yes

WarningBat=<Yes/No>

With this option enabled, Simple DNS Plus will execute the DOS batch file whenever an error or warning condition is detected.

See How to use "warning.bat" for details. Default: No

DelOnlyZones=<list of zones separated by spaces>

This option lists zones which are to be treated as "delegation-only-zones" - meaning they should only contain delegations, and no data of their own.

When a DNS response, which is not a delegation, is received from a server responsible for one of these zones, the response will be converted into an "NXDOMAIN" error response.

Default: blank

DelOnlyAllTop=<Yes/No>

When enabled (=Yes) all top level zones (single segment / no dots) such as "com" and "net" are treated as delegation-only-zones (See above).

Please note that this does not include second level zones such as "co.uk" which would have to be added to the "DelOnlyZones" option above.

Default: No

DelOnlyExclude=<list of zones separated by spaces>

This option lists top level zones which are to be excluded when the "DelOnlyAllTop" setting is enabled (see above).

Default: blank

[Opt-General]

ServiceName=<text string> ServiceDesc=<text string>

The Windows Service name and description.

You may need to change this if running more than one instance of Simple DNS Plus on the same computer.

The ServiceName can be used in "Net Start" and "Net Stop" commands. Default: sdnsplus / Simple DNS Plus

[Opt-Requests] ShowAddIP=<Yes/No>

When enabled, "Add IP address" controls are added to the "Listen for DNS requests on" IP list in the Options dialog. This makes it possible to configure Simple DNS Plus to listen for DNS requests on local IP addresses which were not automatically detected (a problem on some Windows Server 2003 installations).

Default on Windows Server 2003 and later: Yes Default on earlier Windows versions: No

AutoCNAME=<Yes/No>

When enabled, all CNAME-Records will be translated into "normal" records.

For example if "www.xyz.com" has a CNAME-record pointing to "abc.com", and the A-record for "abc.com" is 1.2.3.4, a request for A-records for "www.xyz.com" will return A-record "www.xyz.com" = 1.2.3.4.

This is useful for certain client programs (including a widely used e-mail server) that don't understand CNAME-records.

Please note this is not correct DNS server behavior, and should only be used if you have a program

19

(19)

that does not understand CNAME-records. Default: No

MinTimeOut=<number>

Specifies the minimum period of time (in seconds) during which Simple DNS Plus will continue resending the same DNS request to other DNS servers.

With this setting at the default value of 0 (zero), client DNS requests will time-out after all authoritative DNS servers have been queried 3 times without a response.

In dial-up configurations, this may not leave enough time for the network connection to be established, and so Simple DNS Plus will return a "server failure" response to the client - and the client's application may fail.

This can be avoided by setting a sufficient minimum time-out interval here.

This option forces Simple DNS Plus to do additional processing, so for optimal performance, only use it if you experience problems with requests timing out before a connection is established.

The maximum value for this setting is 30 (seconds). Default: 0

[Opt-Recursion]

NraNaaTXT=<text string>

This option overrides the default text of the TXT-record that is sent along with synthesized records to clients which are not offered recursion.

Only applicable if the "Respond with synthesized DNS records" option is selected in the Options dialog / DNS recursion section.

Default: not present

[Opt-Caching]

CacheTTLMinimum=<number>

This option specifies the minimum period of time DNS records are cached.

A value higher than zero may improve response time and reduce DNS traffic, but will likely cause problems with many domain names that rely on frequent DNS updates.

"cnn.com" is one example of a well-known larger web site, which depends on low TTL values to enable quick changes to their web site (they currently use DNS TTL values of 5 minutes).

Also, many small web-sites today depend on low TTL values because they run on ADSL or cable connections with dynamic IP addresses, and therefore require frequent DNS updates (when their IP address changes).

We generally do not recommend using this setting. Default: 0

[Opt-Records] PermTTLMin=<number>

A minimum TTL applied to all records in local zones (primary and secondary). Default: 0

NXDomTXT=<text string>

This option overrides the default text of the TXT-record that is sent along with synthesized records in NXDOMAIN Redirect responses (see Options dialog / DNS records section).

Default: not present

HostsReverse=<Yes/No>

When Simple DNS Plus is configured to use a hosts file and this option is enabled, PTR-records will automatically be generated from the data in the hosts file in addition to A- and CNAME-records. Default: Yes

[Opt-DHCP]

DHCPNS2=<IP address list>

26

29

(20)

Use to specify secondary DNS servers for DHCP clients.

(The first/primary is always the IP address of the Simple DNS Plus server) Empty by default.

DHCPWINS=<IP address list>

Use to specify WINS server addresses for DHCP clients. Empty by default.

DHCPNBDD=<IP address list>

Use to specify NBDD server addresses for DHCP clients. Empty by default.

DHCPNODE=<number>

Use to specify NetBIOS node type for DHCP clients. 1=b-node, 2=p=node, 4=m-node, 8=h-node.

Empty by default.

DHCPScope=<text string>

Use to specify the NetBIOS scope ID for DHCP clients. Empty by default.

[Secondary-Zones] MinimumRefresh=<number> MinimumRetry=<number> MinimumExpire=<number>

Minimum values (seconds) for SOA records in secondary zones. Can be used to limit the number of refresh and zone transfer requests.

Recommended if you don't control the primary DNS server for the secondary zones you host. All are zero by default.

UseIXFR=<Yes/No>

Use to specify if IXFR (incremental zone transfers) should be used to synchronize secondary zones on this server with their primary server.

If your primary DNS server uses older DNS server software which does not support IXFR, it may be necessary or more efficient to disable this setting.

Default: Yes

Zone files

These files are located in the "data" subdirectory and have ".dns" extensions. You need to reload records (Tools menu) after changing these files.

The following settings must be located before any records in the zone.

;$NoNotify

If present, Notify requests will not be sent to secondary or slave servers for this zone.

;$MinimumTTL <number>

Overrides any lower TTL specified in the file - and the "PermTTLMin" setting in the "sdnsplus.ini" file (see above).

2.10 Use "warning.bat"

Simple DNS Plus can execute the DOS batch file "warning.bat" from the directory where Simple DNS Plus is installed each time it detects an error/warning condition.

To enable this, set the "WarningBat" option in the "sdnsplus.ini " file to "=Yes".

When run, "warning.bat" is passed a set of 2 parameters (an event ID and a description) from the following list:

(21)

Event ID Description

101 Error: Could not start DNS service [on <ip-address>] (Error <n>) 102 Error: Could not start DHCP service on <ip-address> (Error <n>) 103 Error: could not start HTTP service on port <port-number> (Error <n>) 201 Error: Could not open zone file: <file-name>

202 Error: Could not update 'boot' file for zone: <zone-name>

203 Error: Could not save zone file: <file-name> (Error <n> <error-description>) 301 Warning: UDP packet from <ip-address> port zero ignored

302 Warning: IP address <ip-address> blocked (more than <n> requests per second) 303 Warning: Request from <ip-address> for BIND version - possible hack attempt 304 Warning: TCP connection from <ip-address> closed - Telnet detected

305 Warning: TCP connection request rejected - maximum connections (<n>) reached 401 Warning: Lame delegation for <zone-name> on this server (<ip-address>)

501 Warning: Notify request not sent to <server-name> for <zone-name> - Could not resolve IP address

502 Warning: [<server-name>] [<ip-address>] did not respond to Notify request for <zone-name>

503 Warning: Failed to Zone Transfer <zone-name> from <ip-address> (<error-description>) 601 Warning: Forward server <ip-address> does not offer recursion

701 Warning: Error opening log file [<error-description>] 702 Warning: Error writing to log file [<error-description>] 703 Warning: Error opening raw log file [<error-description>] 704 Warning: Error writing to raw log file [<error-description>] 999 Error: Application error: [<error-description>]

These parameters can be accessed in the batch file as %1 (the event ID) and %2 (the description). For example to send a network alert to the administrator, the "warning.bat" file could look like this:

NET SEND administrator "SDNSPLUS: %2"

If you only wanted to know about "Lame delegation on this server" warnings:

IF NOT %1==401 EXIT

NET SEND administrator "SDNSPLUS: %2"

Or you could pass one or both parameters to a VBScript or JavaScript:

WSCRIPT warning.vbs %1 ""%2""

As an example, a VBScript file used to send an e-mail might look like this (assuming Simple DNS Plus runs on a computer with IIS including SMTP installed):

EventID=WScript.Arguments(0) EventDesc=WScript.Arguments(1)

Set MailObj=CreateObject("CDONTS.NewMail")

MailObj.From="""Simple DNS Plus"" <[email protected]>" MailObj.To="<[email protected]>"

MailObj.Subject="Message from Simple DNS Plus" MailObj.Body="Event ID: " & EventID & vbcrlf & _ "Description: " & EventDesc & vbcrlf MailObj.Send

(22)

3 User Interface

The Simple DNS Plus user interface consists of 4 primary modules: Main window

DNS Look Up window

DNS Cache Snapshot window DNS Records window

Each of these 4 modules run in separate processes which can function independently of the others, and each appear separately in the Windows task bar.

Except for the Main window, these modules can also be accessed without the Simple DNS Plus server itself is running.

Each module has a number of functions and dialogs which are described in the following sections.

3.1 Main window

The main window consists of a Menu , a Tool Bar , a Status Bar , and different optional Views .

Menu · File Menu

· Pause / Start server

Use to temporarily pause and re-start the DNS and DHCP services.

· Shutdown Simple DNS Plus

Shuts down Simple DNS Plus.

· View Menu · Tool Bar

Toggles the Tool Bar on / off.

· Status Bar

Toggles the Status Bar on / off.

· Performance Graph

Shows the Performance Graph View .

· Active Log

Shows the Active Log View .

· DHCP Leases

Shows the DHCP Leases View .

· Tools Menu

· Enter License Key...

Select this function when you have purchased a Simple DNS Plus license (at

http://www.simpledns.com/purchase.asp) to enter your license key. This will remove the

21 34 34 35 21 21 21 23 21 21 23 23 23

(23)

evaluation time restriction.

· Edit DNS Records...

Opens the DNS Records window.

· IP Address Blocking...

Opens the IP Address Blocking dialog.

· Reload DNS Records

Immediately reloads all DNS records including the hosts file and root records . Use if manual changes have been made to any of the configuration files.

· Clear DNS Cache

Unloads all cached records.

One possible use is if you want to track through the log the exact path to finding an external domain name from the root down.

· DNS Look Up...

Opens the DNS Look Up tool window.

· DNS Cache Snapshot...

Opens the Cache Snapshot Viewer window.

· Active Log Snapshot...

Use this function if the Active Log View is scrolling to fast or you need to copy text from the log.

· Options

Opens the Options dialog.

· Window Menu

· Clear Active Log (only available if Active Log view is shown). Clears the Active Log window.

· Tabbed documents

Enables/disables tabbed layout of View windows.

· Tile / Cascade / Window selections

Functions to organize/select the view windows.

· Help Menu

· Contents and index

Opens this help file

· Online support

Opens the JH Software support web page in your default browser.

· Check for updates

Checks if you are running the most recent version of Simple DNS Plus.

· Support File

Generates a file "support.txt" in the directory where Simple DNS Plus is installed. This file contains various information about your setup and the state of Simple DNS Plus on your

35 24 41 43 42 34 34 23 25

(24)

computer which can be helpful for trouble shooting by JH Software support staff.

· About Simple DNS Plus

Displays the Simple DNS Plus version number and license status.

Tool Bar

· Look Up Button

Opens the DNS Look Up tool.

· Cache Button

Opens the Cache Snapshot Viewer .

· Records Button

Opens the DNS Records dialog.

· Help Button

Opens this help file.

Status Bar

The Status Bar consists of three sections:

· Status

Show current server status - and if running, the total up-time.

· Requests

Total number of requests received.

· Cache

Number of DNS records currently in the cache including root records, and hosts file records.

3.1.1 Views

There are three different "views" available. Use the View menu to activate them.

You can have multiple Views open at the same time and they can be resized with the mouse or using the "Window" menu.

Performance Graph

Shows a graph of the number of requests received per second during the last minute.

Active Log

Shows current log activity.

The level of detail and number of lines displayed can be customized through the Options dialog. See How to read the log .

If the log windows is scrolling too fast or you need to copy text from the log, use the "Active Log Snapshot" function from the Tools menu (or press F9).

Please note that the Active Log does use a considerable amount of resources, so on a busy server we recommend closing View when not required.

DHCP Leases

Shows all active DHCP leases with each computer's name, IP-address, Hardware address, and when its lease expires.

34 34 35 43 41 25 10 49

(25)

The columns can be sorted by clicking the column headers.

To manually delete a DHCP lease, right click on the lease and select "Delete" from the pop-up menu. In order to prevent IP-address conflicts (two or more computers having the same address), it is very important that the computer for the deleted lease is also rebooted or removed from the network. Generally, it is not necessary to delete leases manually, as computers automatically release their leases when shut down properly.

Older Apple/Mac clients and other devices which do not supply a computer name in the DHCP request will show with their hardware address as the name.

To rename these, right click on the lease and select "Rename". The new name will be associated with the client's hardware address, and remembered as long as you run Simple DNS Plus even if the IP address changes.

3.1.2 IP Address Blocking dialog

Someone sending an extreme number of DNS requests in rapid succession may be a hacker trying to crash the server or prevent others from using the service.

You can use the functions in this dialog to automatically or manually block such hackers or IP addresses which for any reason run amok sending you DNS requests.

Please note that this feature does not block traffic other than DNS requests - to block any other type traffic use a firewall.

· Auto block

· Automatically block IP addresses which send to many DNS requests too quickly

Use to enable/disable automatic blocking

· Maximum DNS requests per second

When an IP address sends more than this number of DNS requests in one second, it will be automatically be blocked (a "Blocked" rule will be added to list below) and further requests from this IP address are ignored.

A typical workstation computer should not send more than 10-25 requests in one second, but we recommend you set this value to at least 30 so that no legitimate clients get blocked.

· Block

Specify for how long automatic blocks should last (when/if the automatically added "Blocked" rule should expire).

· IP Address Blocking Rules

List of current blocking rules.

Use the "Add" / "Edit" buttons to enter rule details in the IP Address Blocking Rule dialog , and use the "Remove" button to remove a rule.

There are two types of rules; "Blocked" and "Trusted".

DNS requests from "Blocked" IP addresses will simply be ignored.

"Trusted" IP addresses will not be blocked automatically even if they exceed the "Maximum DNS requests per second" setting above.

3.1.3 Options dialog

The Options dialog has the following sections:

· General · DNS · Requests · Recursion · Forwarding · Caching · Security · Records · Zone Transfers · Master/Slave · NAT/LAN IP · DHCP · HTTP API · Logging · Log details · Log files

Note: Additional advanced options can be specified in the "sdnsplus.ini" file.

3.1.3.1 General

· General

· Domain Name of this DNS server

Used as the default primary DNS server name when creating new zones (for the SOA-record and NS-record ).

This is typically something like "ns1.yourname.com", but can be any domain name you want.

25 26 26 27 27 27 29 29 30 30 31 32 32 33 16 46 53 52

(27)

This name is also displayed in the title bar of the Main Screen, and as a "Tool Tip" for the tray bar icon for easy reference.

· Administrator's e-mail address

Used as the default "responsible person" when creating new zones (for the SOA-record ). The standard for this is the "hostmaster" user name - such as "[email protected]".

· Start Up

· Run as Windows Service (not available on Windows 95/98/Me)

When checked, Simple DNS Plus will run as a Windows Service, being available even when no-one is logged into the system.

· Run in background at Windows start up / log on

When checked, Simple DNS Plus will start as soon as Windows is started or when a user logs on.

· Show icon in the Windows taskbar notification area

When checked, Simple DNS Plus will be represented by a small icon in the tray bar (lower right hand corner of screen next to clock).

3.1.3.2 DNS - Requests

· DNS Requests

· Listen for DNS requests on

Select the IP addresses on which the DNS service will be available.

· DNS Responses

· Optimize responses (only include NS referrals when needed)

Most DNS servers send a lot of extra "additional" information in DNS responses which is never needed by clients or other servers. This can waste both CPU cycles and bandwidth.

With this option enabled, Simple DNS Plus responds with relevant "additional" data only. Some DNS analyzers (software / websites) may claim that your server is not configured correctly (does not provide root records) when this is enabled. Technically this is not an error, but the analyzers expect those records simply because that's what most other DNS servers provide.

To satisfy such analyzers, simply disable this option, and then enable it again to improve performance when done analyzing.

· Use Round Robin (rotate DNS records in responses)

When this option is enabled and multiple records of the same type are defined for the same name, Simple DNS Plus automatically rotates these records in responses (See Round Robin ).

3.1.3.3 DNS - Recursion

· Perform DNS recursion (resolve non-local domain names)

Specify which IP addresses should be offered recursion .

Use the Subnet Mask to specify a range of IP addresses; 255.255.255.255 means one IP address only, 255.255.255.0 means all IP addresses matching the first 3 segments etc.

· When a DNS request is received from an IP address not included above, and the request is

46 53

45

(28)

for a non-local domain name

Select one of the following options to specify how Simple DNS Plus should respond to such requests:

· Respond with DNS records from cache and local hosts file (default)

Any data already cached or in the hosts file will be provided.

· Respond with a "Refused" error message

Using this option, you specifically inform the client that you will not perform any recursion for them or provide any data for the requested domain name.

· Do not respond (stealth DNS)

Using this option, simple port scanning will not reveal that you are running a DNS server. This may make you a less interesting target for hackers.

· Respond with synthesized DNS records

Using this option, you can redirect the client to a sign up page, or to a page informing the client that he is using a wrong DNS server.

3.1.3.4 DNS - Forwarding

· DNS Forwarding (external resolution)

See DNS Forwarding for details

3.1.3.5 DNS - Caching

· Cache DNS records received in responses from other DNS servers

Use this option the enable/disable caching

· Maximum cache time

By default, records are removed from the cache based on the TTL received from the original DNS server.

This options specifies the maximum amount of time cached DNS records should be kept.

· Maximum cache size

You can use this option to limit the amount of memory Simple DNS Plus will use for caching.

· Reload DNS cache at startup

If this option is checked, all cached records are written to disk when Simple DNS Plus is closed (including when the computer is shut down correctly).

When Simple DNS Plus is later restarted, it will reload the cache recalculating the records' TTLs based on the time the program was closed.

Simple DNS Plus. Version Copyright JH Software

Copyright © 1999-2005 JH Software

Simple DNS Plus

Version 4.00

Table of Contents

Part I Welcome

4

Part II How to...

4

Part III User Interface

21

Part IV Definitions

41

Part V Common DNS Record Types

50

Part VI Other DNS Record Types

54

Index

60

1

Welcome

2

How to...

2.1

Get started

2.2

Host a domain name

2.3

Setup primary / secondary

2.4

Secure you server

2.5

Read the log

2.6

Integrate with other applications

2.7

Use HTTP commands

2.8

Use command line options

2.9

Configure advanced options

2.10

Use "warning.bat"

3

User Interface

3.1

Main window

3.1.1

Views

3.1.2

IP Address Blocking dialog

3.1.3

Options dialog