0/1 Lessons

Course Introduction

• 10min

0 / 2 lessons complete

DNS Basics

• 1hr 16min

0 / 8 lessons complete

DNS Resource Records

• 46min

0 / 5 lessons complete

DNS Zones

• 3hr 41min

0 / 12 lessons complete

DNS Delegation

• 50min

0 / 4 lessons complete

DNS Security Techniques

• 36min

0 / 5 lessons complete

Advanced DNS Topics

• 22min

0 / 5 lessons complete

DNS Security (DNSSEC)

• 1hr 16min

0 / 6 lessons complete

DNS Policies

• 54min

0 / 6 lessons complete

PowerShell for DNS

• 1hr 27min

0 / 6 lessons complete

Troubleshooting DNS Issues - Troubleshooting Tools

• 1hr 39min

0 / 8 lessons complete


Q&A (0)

Notes (0)

Resources (0)

Saving Progress...


There are no resources for this lesson.

Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.

Create note

This lecture is an overview of the 6 New DNS Features in Windows Server 2016.

DNS Policies.

You can now control how your DNS server handles queries, based upon DNS Policies that can be configured for different scenarios. For example, DNS responses can be based upon the clients IP address (location) The time of day, and several other parameters. DNS policies enable load balancing, split-brain DNS, and other scenarios.  

IPv6 Root Hints.

You can use the native IPV6 root hints support to perform internet name resolution using IPV6 root servers. By default, the DNS Server service implements root hints using a file, named Cache.dns, stored in the C:\Windows\System32\DNS folder on the DNS server.   

Response Rate Limiting (or RRL).

RRL is used to prevent DNS amplification attacks or denial of service attacks. Where the DNS server is inundated with thousands of requests leaving DNS inoperable.  

DANE) DNS Based Authentication of Named Entities 

DANE prevents man-in-the-middle attacks on your DNS server by using TLSA or

(Transport Layer Security Authentication) records to tell the DNS clients what Certificate Authority (CA) they should expect a certificate from. Thus eliminating the opportunity for a hacker to corrupt the DNS cache and injecting their own CA and pointing the client or server to their own website.

Unknown Record Support.

Non-Microsoft DNS servers have records that are not directly supported by a Microsoft DNS server. You can now add records which are not explicitly supported.

Extended Windows PowerShell Support.

There are 27 new PowerShell cmdlets introduced in Windows 2016 Server.

5 1 vote
Lesson Rating
Notify of
profile avatar
Inline Feedbacks
View all comments