There is a bug in Windows Server 2008 R2 causing a "Bad DNS Packet" error when you try to setup (or promote) Active Directory using Simple DNS Plus and other non-MS DNS servers.The problem is described in MS KB 977158 - see http://support.microsoft.com/kb/977158/EN-USThe solution is to install the mentioned Windows hotfix. However the MS KB article only links to the IA64 version of the hotfix - not the X64 version which most people need. You can get a copy of the X64 version from...
It has come to our attention that more e-mail servers are now performing SPF checks on the SMTP session HELO/EHLO greeting host name (in addition to checking the domain name part of the sender's e-mail address).Therefore always make sure that your e-mail server is configured to use a correct host name (like "mail.example.com") in the HELO/EHLO greeting, and that an A- and/or AAAA-record exists for this host name in DNS.Also, when using the "Automatic SPF" feature in Simple DNS Plus...
A new command line tool which converts Simple DNS Plus raw request log files (.sdraw files) into the standard W3C Extended log file format (as typically produced by IIS, Apache, and other web-servers) is now available.Note that DNS request (and the .sdraw log files) do not contain HTTP header information such as referrers, browser info, full URLs, etc. So while you can process the resulting W3C log files with various web-log analyzer programs, this does not replace web-logs. Rather it...
The upcoming Simple DNS Plus v. 5.2 supports secure zone transfer (TSIG authenticated). Both zone transfer requests and responses are authenticated, so this provides protection in two ways; it prevents unauthorized transfers (only people / servers with the correct key can transfer), and it ensures data integrity on secondary servers (not possible to spoof / inject false data during transfers).In the Zone Properties dialog, you can now specify the TSIG key(s) which are allowed to...
The upcoming Simple DNS Plus v. 5.2 supports remote management, so that you can use the normal Simple DNS Plus user interface on a remote computer. This is much faster and uses much less bandwidth compared to accessing a remote server via Remote Desktop, VNC, or similar. Traffic between the server and the remote GUI is highly optimized and secure. Authentication uses SHA-1 challenge/response to prevent password sniffing, all data transferred is encrypted, and larger data chunks (such as...
Today the .gov top level domain (U.S. government) was DNSSEC signed. As per "OMB Memo 08-23", all U.S. government agencies must DNSSEC sign their DNS zones (ending with .gov) before the end of 2009.Federal agencies using Simple DNS Plus will be able to DNSSEC sign their zones in the upcoming Simple DNS Plus v. 5.2 (beta version available now). For details see: - How to DNSSEC sign a zone with Simple DNS PlusUsing the DNS Look Up tool in Simple DNS Plus 5.2, we can see that the...
Because of continued reports about DNS amplification / DDoS attacks (DNS requests for NS-records for <root> from spoofed IP addresses), we have added a new option in Simple DNS Plus to make it easy to deal with these requests and keep them out of the log.In the Simple DNS Plus Options dialog / DNS / Miscellanuous section, there is now a new "Ignore all DNS requests for <root>" option:And the statistics (available through the HTTP API) has a new counter for this:This new option is...
The upcoming Simple DNS Plus v. 5.2 supports hosting DNSSEC signed zones and has built-in functions for managing DNSSEC keys and for signing zones - all in a user friendly GUI of course.What is DNSSEC?Similar to digital signatures for e-mails, DNSSEC authenticates that a set of DNS records originate from an authorized sender (DNS server) using private/public key cryptography. The main purpose of this is to protect DNS against falsified information (a.k.a. DNS spoofing). DNSSEC does...
Added January 31th 2009: We have just added a new option in Simple DNS Plus to ignore root requests (and not log them) - click here for details. Hopefully this will make it easier to deal with this attack.Added January 30th 2009: We do NOT recommend blocking the sender's IP address on your firewall, with IPSec, or anything else at the IP address level - that is exactly what the attacker wants you to do (we are seeing an alarming number of suggestion on how to do that). By blocking...
Trouble logging in? Simply enter your email address OR username in order to reset your password.
For faster and more reliable delivery, add support@simpledns.plus to your trusted senders list in your email software.