3.1.1.1.1 DNS Server Integer Properties

Article
08/11/2021

The following properties are 32-bit integers. The term "Boolean" means that a value of 0x00000000 indicates that the stated property is false, and any nonzero value indicates that the stated property is true. All properties are writable unless stated otherwise. The type ID for these properties is DNSSRV_TYPEID_NAME_AND_PARAM, listed in section 2.2.1.1.1. Property values on reset or load SHOULD be verified to be within the property's allowable range, except when the value is zero and the zero value is allowed. If the value is outside the range, or if the value is zero and the zero value is not allowed, the server SHOULD <117> return an error.

AddressAnswerLimit: The maximum number of records that the DNS server will include in a DNS response message. If this value is set to 0x00000000, the DNS server MUST NOT enforce any artificial limit on number of records in a response, and if a response becomes larger than the DNS UDP packet size, the truncation bit MUST be set (see [RFC1035]). The value SHOULD be limited to the range from 0x00000005 to 0x0000001C, inclusive, or the value 0x00000000, but it MAY be any value. The default value MUST be 0x00000000, and the value of zero MUST be allowed.

AdminConfigured: A Boolean value indicating whether the server has been configured by an administrator. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000000, and the value of zero MUST be allowed and treated literally.<118>

AllowCNAMEAtNS: A Boolean value indicating whether the server will permit the target domain names of NS records to resolve to CNAME records. If true, this pattern of DNS records will be allowed; otherwise, the DNS server will return errors when encountering this pattern of DNS records while resolving queries. The value SHOULD <119> be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000001, and the value of zero MUST be allowed and treated literally.

AllowUpdate: A Boolean value indicating whether the server will permit any DNS update operations. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000001, and the value of zero MUST be allowed and treated literally.

AutoCacheUpdate: A Boolean value indicating whether the server writes updated delegation information to persistent storage when it determines that newer information is available. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000000, and the value of zero MUST be allowed and treated literally.

AutoConfigFileZones: The type of zones for which SOA and NS records will be automatically configured with the DNS server's local host name as the primary DNS server for the zone when the zone is loaded from file. This property MUST be set to any combination of the following values. If the property value is zero, no automatic configuration will be performed for any zone. The value's range MUST be unlimited. The default value SHOULD be 0x00000001, and the value of zero MUST be allowed and treated literally.<120>

Value	Meaning
0x00000001 ZONE_AUTO_CONFIG_UPDATE	Perform automatic configuration of zones that have a value of "AllowUpdate" not equal to zero.
0x00000002 ZONE_AUTO_CONFIG_STATIC	Perform automatic configuration of zones that have a value of "AllowUpdate" equal to zero.

Value

Meaning

0x00000001

ZONE_AUTO_CONFIG_UPDATE

Perform automatic configuration of zones that have a value of "AllowUpdate" not equal to zero.

0x00000002

ZONE_AUTO_CONFIG_STATIC

Perform automatic configuration of zones that have a value of "AllowUpdate" equal to zero.

BindSecondaries: A Boolean value indicating whether the server will permit send DNS zone transfer response messages with more than one record in each response if the zone transfer request did not have the characters "MS" appended to it. If true, the DNS server will include only one record in each response if the zone transfer request did not have the characters "MS" appended to it. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000000, and the value of zero MUST be allowed and treated literally.<121>

BootMethod: The DNS_BOOT_METHODS (section 2.2.4.1.1) value corresponding to the DNS server's boot method. The value SHOULD be limited to the range from 0x00000000 to 0x00000003, inclusive, but it MAY be any value. The default value MUST be 0x00000000, and the value of zero MUST be allowed and treated literally.

DebugLevel: The DNS server MUST ignore any value that is set for this property.

DefaultAgingState: A Boolean value that will be used as the default Aging (section 3.1.1.2.1) property value on new zones. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000000, and the value of zero MUST be allowed and treated literally.<122>

DefaultNoRefreshInterval: A value, in hours, that will be used as the default NoRefreshInterval (section 3.1.1.2.1) property value on new zones. The value SHOULD be limited to the range from 0x00000000 to 0x00002238 (1 year), inclusive, but it MAY be any value. The default value MUST be 0x000000A8 (7 days), and the value of zero MUST be allowed and treated literally.<123>

DefaultRefreshInterval: A value in hours that will be used as the default RefreshInterval (section 3.1.1.2.1) property value on new zones. The value SHOULD be limited to the range from 0x00000000 to 0x00002238 (1 year), inclusive, but it MAY be any value. The default value MUST be 0x000000A8 (7 days), and the value of zero MUST be allowed and treated literally.<124>

DeleteOutsideGlue: A Boolean value indicating whether the DNS server will delete DNS glue records found outside a delegated subzone when reading records from persistent storage. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000000, and the value of zero MUST be allowed and treated literally.

DisjointNets: This is a Boolean value property. The DNS server MUST ignore any value that is set for this property.

DsLazyUpdateInterval: A value, in seconds, indicating how frequently the DNS server will submit updates to the directory server without specifying the LDAP_SERVER_LAZY_COMMIT_OID control ([MS-ADTS] section 3.1.1.3.4.1.7) while processing DNS dynamic update requests. This control instructs the directory server that it can sacrifice durability guarantees on updates to improve performance and is meant to improve DNS server update performance. This control MUST only be sent by the DNS server to the directory server attached to an LDAP update initiated by the DNS server in response to a DNS dynamic update request. If the value is nonzero, LDAP updates performed while processing DNS dynamic update requests MUST NOT specify the LDAP_SERVER_LAZY_COMMIT_OID control, if a period of fewer than DsLazyUpdateInterval seconds has passed since the last LDAP update specifying this control. If a period of time greater than DsLazyUpdateInterval seconds passes in which the DNS server does not perform an LDAP update specifying this control, the DNS server MUST specify this control on the next update. The value SHOULD be limited to the range from 0x00000000 to 0x0000003c. The default value MUST be 0x00000003, and the value zero MUST be treated as indicating that the DNS server MUST NOT specify the LDAP_SERVER_LAZY_COMMIT_OID control while processing any DNS dynamic update requests.<125>

DsPollingInterval: The interval, in seconds, at which the DNS server will check the directory service for new or changed DNS zones and records. The value SHOULD be limited to the range from 0x0000001E to 0x00000E10, inclusive, but it MAY be any value. The default value SHOULD be 0x000000B4 (3 minutes), and the value of zero SHOULD be treated as a flag value for the default, but it MAY be allowed and treated literally. Any time a DNS server acting as the primary server for the zone successfully transfers a copy of the zone to a remote DNS server, the DNS server acting as primary MUST copy the zone serial number from the zone transfer response to the zone's Last Transferred Zone Serial Number (section 3.1.1). This value MUST be stored in local non-persistent storage and MUST NOT be replicated to any other DNS server. During polling, if the serial number on a DNS record read from the directory server is higher than the current zone serial number, the current zone serial number MUST be set to the value found in the DNS record. If the DNS server is configured to allow zone transfer for the zone and the current zone serial number is equal to the Last Transferred Zone Serial Number, and if changes to any DNS records for the zone are found during polling where the serial number found in the DNS record is less than or equal to the current zone serial number, the DNS server MUST increment the zone serial number using serial number arithmetic [RFC1982]. If the DNS server is not configured to allow zone transfers for the zone the server MUST NOT increment the zone serial number if DNS records are found during polling where the serial number found in the DNS record is less than or equal to the current zone serial number.<126>

DsTombstoneInterval: The age at which tombstone objects in the directory service will be deleted. The value SHOULD be limited to the range from 0x0003F480 (3 days) to 0x0049D400 (8 weeks), inclusive, but it MAY be any value. The default value SHOULD be 0x00127500 (14 days), and the value of zero SHOULD be treated as a flag value for the default, but it MAY be allowed and treated literally. Every day at 2:00 AM local time the DNS server MUST conduct a search of all zones stored in the directory server for nodes which have the dnsTombstoned attribute set to TRUE and an EntombedTime (section 2.2.2.2.4.23) value greater than DsTombstoneInterval seconds in the past (convert seconds to 100-nanosecond intervals for comparison). Any such nodes MUST be permanently deleted from the directory server <127>

EnableRegistryBoot: A value which, if present in local persistent configuration at boot time, indicates that the DNS server MUST rewrite the value of the BootMethod property (as described in DNS_BOOT_METHODS 2.2.4.1.1), and then delete the value of EnableRegistryBoot from local persistent configuration. The value of this property MUST be processed before the value of the BootMethod property. The DNS server MUST NOT allow this property to be set using the DNS Server Management Protocol. If the value of this property is locally set to 0x00000000, the DNS server MUST change the value of the BootMethod property to BOOT_METHOD_FILE (see section 2.2.4.1.1). If the value of this property is locally set to 0xFFFFFFFF, the DNS server MUST change the value of the BootMethod property to BOOT_METHOD_UNINITIALIZED (see section 2.2.4.1.1). If this property is locally set to any other value (for example 0X00000001), the DNS server MUST change the value of the BootMethod property to BOOT_METHOD_REGISTRY (see section 2.2.4.1.1). The value's range MUST be unlimited. The default value MUST be 0xFFFFFFFF, and the value zero MUST be allowed and treated literally.

EventLogLevel: All events whose type (as specified in DNS_EVENTLOG_TYPES (section 2.2.9.1.2)), is less than or equal to Eventloglevel, will be written to the event log. The value SHOULD be limited to the range from 0x00000000 to 0x00000007 inclusive, but it MAY be any value. The default value MUST be 0x00000004. Note that a value of EventLogLevel in the range from 0x00000004 to 0x00000007, inclusive, will result in all types of event being written to the event log.

ForceSoaSerial: User-specified value to use for the SOA serial number field [RFC1035] in any new SOA record, or 0x00000000 not to force a user-specified value and to instead use the value 0x00000001 as the default SOA serial number value. The value's range MUST be unlimited. The default value MUST be 0x00000000.

ForceSoaExpire: User-specified value to use for the SOA expire field [RFC1035] in any new SOA record, or 0x00000000 not to force a user-specified value and to instead use 0x00015180 as the default SOA expire field value. The value's range MUST be unlimited. The default value MUST be 0x00000000.

ForceSoaRetry: User-specified value to use for the SOA retry field [RFC1035] in any new SOA record, or 0x00000000 not to force a user-specified value and to instead use the value 0x00000258 as the default SOA retry field value. The value's range MUST be unlimited. The default value MUST be 0x00000000.

ForceSoaRefresh: User-specified value to use for the SOA refresh field [RFC1035] in any new SOA record, or 0x00000000 not to force a user-specified value and to instead use the value 0x00000384 as the default SOA refresh field value. The value's range MUST be unlimited. The default value MUST be 0x00000000.

ForceSoaMinimumTtl: User-specified value to use for the SOA minimum TTL field [RFC1035] in any new SOA record, or 0x00000000 not to force a user-specified value and to instead use the value 0x00000E10 as the default SOA minimum TTL field value. The value's range MUST be unlimited. The default value MUST be 0x00000000.

ForwardDelegations: A Boolean value indicating how the DNS server will handle forwarding and delegations. If set to true, the DNS server MUST use forwarders instead of a cached delegation when both are available. Otherwise, the DNS server MUST use a cached delegation instead of forwarders when both are available. The value SHOULD be limited to the range from 0x00000000 to 0x00000001 inclusive, but it MAY be any value. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.

ForwardingTimeout: The number of seconds that the DNS server will wait for a response when sending a query to a forwarder before assuming that no response will ever be received. The value SHOULD be limited to the range from 0x00000001 to 0x0000000F, inclusive, but it MAY be any value. The default value SHOULD be 0x00000003, and the value zero SHOULD be treated as a flag value for the default, but it MAY be allowed and treated literally.<128>

IsSlave: A Boolean value indicating whether the DNS server will use normal recursion to resolve queries if all forwarders are unavailable. If true, the DNS server MUST NOT use normal recursion if all forwarders are unavailable. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.

LocalNetPriority: A Boolean value indicating how the DNS server will order IP address records. If true, the DNS server MUST order answer records such that all of those containing IP addresses within the same subnet, when LocalNetPriorityNewMask is applied, as that of the IP address of the client that submitted the query, and are placed first. Also, the server SHOULD randomly order that initial set of answer records with same-subnet IP addresses. If false, the DNS server MUST not reorder answer records in the order that they were retrieved from the database. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value SHOULD be 0x00000001, and the value zero MUST be allowed and treated literally.<129>

LogFileMaxSize: The maximum size, in bytes, of the DNS server log file. When the file reaches this size, the DNS server MUST delete the log file and create a new log file. The value's range MUST be unlimited. The default value SHOULD be 0x1DCD6500 (500 MB), and the value zero MUST be allowed and treated literally.<130>

LogLevel: The type of information that the DNS server will write to the DNS server log file in DNS_LOG_LEVELS (section 2.2.9.1.1) format. The value's range MUST be unlimited. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.<131>

LooseWildcarding: A Boolean value indicating the type of algorithm that the DNS server will use to locate a wildcard node when using a DNS wildcard record [RFC1034] to answer a query. If true, the DNS server will use the first node it encounters with a record of the same type as the query type. Otherwise, the DNS server will use the first node it encounters that has records of any type. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.

MaxCacheTtl: The maximum time duration, in seconds, for which the DNS server can cache a resource record obtained from a remote server as a successful query response. The value SHOULD be limited to the range from 0x00000000 to 0x00278D00 (30 days), inclusive, but it MAY be any value. The default value MUST be 0x00015180 (1 day), and the value zero MUST be allowed and treated literally.

MaxNegativeCacheTtl: The maximum time duration, in seconds, for which the DNS server can cache a name error or an empty authoritative response, obtained from a remote server as an unsuccessful query response in its cache (see [RFC2308]). The value SHOULD be limited to the range from 0x00000000 to 0x00278D00 (30 days), inclusive, but it MAY be any value. The default value MUST be 0x00000384 (15 minutes), and the value zero MUST be allowed and treated literally.<132>

MaxTrustAnchorActiveRefreshInterval: The maximum time duration, in seconds, for which the DNS server will wait between active refreshes. If an active refresh fails, the retry time MUST be no more than one-tenth of this value. See the calculation of the queryInterval and retryTime values in [RFC5011]. The value MUST be limited to the range 0x00000E10 (1 hour) to 0x0013C680 (15 days), inclusive. The default value MUST be 0x0013C680 (15 days).<133>

NameCheckFlag: The DNS_NAME_CHECK_FLAGS (section 2.2.4.1.2) value corresponding to the level of name checking performed by the DNS server. The value SHOULD be limited to the range from 0x00000000 to 0x00000003, inclusive, but it MAY be any value. The default value SHOULD be 0x00000002 (DNS_ALLOW_MULTIBYTE_NAMES), and the value zero MUST be allowed and treated literally.<134>

NoRecursion: A Boolean value indicating whether the DNS server will perform any recursion. If true, the DNS server MUST NOT recurse and will only answer queries for authoritative data.

NoUpdateDelegations: A Boolean value indicating whether the DNS server will accept DNS updates to delegation records of type NS. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value SHOULD be 0x00000000, and the value zero MUST be allowed and treated literally.<135>

PublishAutonet: A Boolean value indicating whether the DNS server will publish local IPv4 addresses in the 169.254.x.x subnet as IPv4 addresses for the local machine's domain name. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.<136>

QuietRecvFaultInterval: A property used to debug reception of UDP traffic for a recursive query. This property is the minimum time interval, in seconds, starting when the server begins waiting for the query to arrive on the network, after which the server MAY log a debug message indicating that the server is to stop running. If the value is zero or is less than the value of QuietRecvLogInterval, then the value of QuietRecvLogInterval MUST be used. If the value is greater than or equal to the value of QuietRecvLogInterval, then the literal value of QuietRecvFaultInterval MUST be used. The value's range MUST be unlimited. The default value MUST be 0x00000000. The server MAY ignore this property.<137>

QuietRecvLogInterval: A property used to debug reception of UDP traffic for a recursive query. This property is the minimum time interval, in seconds, starting when the server begins waiting for the query to arrive on the network, or when the server logs an eponymous debug message for the query, after which the server MUST log a debug message indicating that the server is still waiting to receive network traffic. If the value is zero, logging associated with the two QuietRecv properties MUST be disabled, and the QuietRecvFaultInterval property MUST be ignored. If the value is non-zero, logging associated with the two QuietRecv properties MUST be enabled, and the QuietRecvFaultInterval property MUST NOT be ignored. The value's range MUST be unlimited. The default value MUST be 0x00000000. The server MAY ignore this property.<138>

RecursionRetry: The time interval, in seconds, for which the DNS server waits before it retries a recursive query to a remote DNS server for which it did not receive a response. The value SHOULD be limited to the range from 0x00000001 to 0x0000000F, inclusive, but it MAY be any value. The default value MUST be 0x00000003, and the value zero SHOULD be treated as a flag value for the default, but it MAY be allowed and treated literally.

RecursionTimeout: The time interval, in seconds, for which the DNS server waits for a recursive query response from a remote DNS server. The value SHOULD be limited to the range from 0x00000001 to 0x0000000F, inclusive, but it MAY be any value. The default value SHOULD be 0x00000008, and the value zero SHOULD be treated as a flag value for the default, but it MAY be allowed and treated literally.<139>

ReloadException: A Boolean value indicating whether the DNS server will perform an internal restart if an unexpected fatal error is encountered. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value SHOULD be 0x00000000, and the value zero MUST be allowed and treated literally.<140>

RoundRobin: A Boolean value indicating whether the DNS server will dynamically reorder records in responses to attempt to provide load balancing. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000001, and the value zero MUST be allowed and treated literally.

RpcProtocol: The DNS_RPC_PROTOCOLS (section 2.2.1.1.2) value corresponding to the RPC protocols to which the DNS server will respond. If this value is set to 0x00000000, the DNS server MUST NOT respond to RPC requests for any protocol. The value's range MUST be unlimited, for example, from 0x00000000 to 0xFFFFFFFF. The default value SHOULD be 0x00000005.<141>

SecureResponses: A Boolean value indicating whether the DNS server is configured to cache only those records that are in the same subtree as the name in the original query. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value SHOULD be 0x00000001, and the value zero MUST be allowed and treated literally.<142>

SendPort: The port number to use as the source port when sending UDP queries to a remote DNS server. If set to zero, the DNS server MUST allow the stack to select a random port. The value's range MUST be unlimited. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.

ScavengingInterval: The time interval, in hours, between which the DNS server will schedule DNS stale record scavenging. The value SHOULD be limited to the range from 0x00000000 to 0x00002238, inclusive. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated as a flag to disable scavenging. If the value is non-zero and a StartScavenging operation is initiated, the value is ignored and scavenging begins immediately.<143>

SocketPoolSize: The number of UDP sockets per address family that the DNS server will use for sending remote queries. The value MUST be limited to the range from 0x00000000 to 0x00002710, inclusive. The default value MUST be 0x000009C4, and the value zero MUST be allowed and treated literally.<144>

StrictFileParsing: A Boolean value indicating whether the DNS server will treat errors encountered while reading zones from a file as fatal. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value SHOULD be 0x00000000, and the value zero MUST be allowed and treated literally.

SyncDsZoneSerial: The conditions under which the DNS server immediately commits uncommitted zone serial numbers to persistent storage. The value SHOULD be limited to the range from 0x00000000 to 0x00000004, inclusive, but it MAY be any value. The default value SHOULD be 0x00000002, and the value zero MUST be allowed and treated literally.<145>

Value	Meaning
0x00000000 ZONE_SERIAL_SYNC_OFF	Never force immediate commit of serial number to persistent storage.
0x00000001 ZONE_SERIAL_SYNC_SHUTDOWN	Force immediate commit of uncommitted serial numbers to persistent storage when the DNS server is shut down.
0x00000002 ZONE_SERIAL_SYNC_XFER	Force immediate commit of uncommitted serial numbers to persistent storage when the DNS server is shut down or when an uncommitted serial number is advertised during zone transfer.
0x00000003 ZONE_SERIAL_SYNC_VIEW	Force immediate commit of uncommitted serial numbers to persistent storage when the DNS server is shut down or when an uncommitted serial number is advertised during zone transfer or when a zone has been loaded or when a zone has been read from Active Directory.<146>
0x00000004 ZONE_SERIAL_SYNC_READ	Force immediate commit of uncommitted serial numbers to persistent storage when the DNS server is shut down or when an uncommitted serial number is advertised during zone transfer or when a zone has been loaded or when a zone has been read from Active Directory.

UpdateOptions: The possible zone update settings on the DNS server. Each bit that follows can be used to enable a specific update processing rule to modify the default DNS server update processing behavior. The value's range MUST be unlimited. The default value MUST be 0x0000030F (DNS_DEFAULT_UPDATE_OPTIONS), and the value zero MUST be allowed and treated literally.<147>

The following values are used to disable dynamic updates for non-secure zones.

Value	Meaning
0x00000001 UPDATE_NO_SOA	Disable for SOA records.
0x00000002 UPDATE_NO_ROOT_NS	Disable for root name servers.
0x00000004 UPDATE_NO_DELEGATION_NS	Disable for name servers of delegated zones.
0x00000008 UPDATE_NO_SERVER_HOST	Disable for address records in the DNS server's own host record.

The following values are used to disable dynamic updates for secure zones.

Value	Meaning
0x00000100 UPDATE_SECURE_NO_SOA	Disable for SOA records.
0x00000200 UPDATE_SECURE_NO_ROOT_NS	Disable for root name-servers.
0x00000400 UPDATE_SECURE_NO_DELEGATION_NS	Disable for name-servers of delegated zones.
0x00000800 UPDATE_SECURE_NO_SERVER_HOST	Disable for address records in the DNS server's own host-record.
0x01000000 UPDATE_NO_DS_PEERS	Disable for directory server peers for the DNS server.

Other possible values (regardless of zone type) are as follows.

Value	Meaning
0x00000000 UPDATE_ANY	Server allows dynamic updates for all record types.
0x0000030F DNS_DEFAULT_UPDATE_OPTIONS	Disable all dynamic updates, except for SOA and NS updates for secure zones.
0x01000000 UPDATE_NO_DS_PEERS	Disable relay of server's address record update to remote DNS servers for non-secure zones.

Value

Meaning

0x00000000

UPDATE_ANY

Server allows dynamic updates for all record types.

0x0000030F

DNS_DEFAULT_UPDATE_OPTIONS

Disable all dynamic updates, except for SOA and NS updates for secure zones.

0x01000000

UPDATE_NO_DS_PEERS

Disable relay of server's address record update to remote DNS servers for non-secure zones.

UseSystemEventLog: A Boolean value indicating whether the DNS server will write event logs to a repository that is global for the entire system or to a repository that is specific to the DNS server. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.

Version: A read-only 32-bit integer containing the DNS server version in DNSSRV_VERSION (section 2.2.4.2.1) format. This property is read-only.

XfrConnectTimeout: The value, in seconds, that the DNS server will wait, for any DNS TCP connection to a remote DNS server to be established, before assuming that the remote DNS server will not respond. The value SHOULD be limited to the range from 0x00000005 to 0x00000078, inclusive, but it MAY be any value. The default value MUST be 0x0000001E, and the value zero MUST be treated as a flag value for the default.<148>

WriteAuthorityNs: A Boolean value indicating whether the DNS server will include NS records for the root of a zone in DNS responses that are answered using authoritative zone data. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be unlimited. The default value MUST be 0x00000000, and the value zero MUST be allowed.<149>

AdditionalRecursionTimeout: The time interval, in seconds, for which the DNS server waits while recursing to obtain resource records for use in the additional section of DNS responses from a remote DNS server. The value SHOULD be limited to the range from 0x00000000 to 0x0000000F, inclusive, but it MAY be any value. The default value SHOULD be 0x00000004, and the value zero SHOULD be treated as a flag value for the default, but it MAY be allowed and treated literally.<150>

AppendMsZoneTransferTag: A Boolean value indicating whether the DNS server will indicate to the remote DNS servers that it supports multiple DNS records in each zone transfer response message by appending the characters "MS" at the end of zone transfer requests. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value SHOULD be 0x00000000, and the value zero MUST be allowed and treated literally.<151>

AutoCreateDelegations: The possible settings for automatic delegation creation for new zones on the DNS server. The value SHOULD be limited to the range from 0x00000000 to 0x00000002, inclusive, but it MAY be any value. The default value SHOULD be 0x00000002 (DNS_ACD_ONLY_IF_NO_DELEGATION_IN_PARENT), and the value zero MUST be allowed and treated literally.<152>

Value	Meaning
0x00000000 DNS_ACD_DONT_CREATE	The server does not create delegations automatically.
0x00000001 DNS_ACD_ALWAYS_CREATE	The server always creates delegations automatically.
0x00000002 DNS_ACD_ONLY_IF_NO_ DELEGATION_IN_PARENT	The server creates a new delegation in the parent zone only if there is no existing delegation present for the zone.

Value

Meaning

0x00000000

DNS_ACD_DONT_CREATE

The server does not create delegations automatically.

0x00000001

DNS_ACD_ALWAYS_CREATE

The server always creates delegations automatically.

0x00000002

DNS_ACD_ONLY_IF_NO_

DELEGATION_IN_PARENT

The server creates a new delegation in the parent zone only if there is no existing delegation present for the zone.

BreakOnAscFailure: A Boolean value indicating whether the DNS server will execute a debug break if an error is encountered during security negotiation for secure updates. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.<153>

CacheEmptyAuthResponses: A Boolean value indicating if the DNS server will store empty authoritative responses [RFC2308] in the cache. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000001, and the value zero MUST be allowed and treated literally.<154>

DirectoryPartitionAutoEnlistInterval: The interval, in seconds, at which the DNS server will attempt to enlist itself in the DNS domain partition and DNS forest partition if it is not already enlisted. The value SHOULD be limited to the range from 0x00000E10 (1 hour) to 0x00ED4E00 (180 days), inclusive, but it MAY be any value. The default value MUST be 0x00015180 (1 day), and the value zero SHOULD be treated as a flag value for the default, but it MAY be allowed and treated literally.<155>

DisableAutoReverseZones: A Boolean value indicating whether the DNS server will disable the automatic server boot-time creation of three authoritative reverse lookup zones (0.in-addr.arpa, 127.in-addr.arpa, and 255.in-addr.arpa). The value SHOULD be limited to the range from 0x00000000 to 0x00000001, inclusive, but it MAY be any value. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.

EDnsCacheTimeout: The interval, in seconds, for which the DNS server will cache the remote DNS server support of EDNS [RFC2671]. The value SHOULD be limited to the range from 0x0000000A to 0x00015180 (1 day), inclusive, but it MAY be any value. The default value SHOULD be 0x00000384 (15 minutes), and the value zero SHOULD be treated as a flag value for the default, but it MAY be allowed and treated literally.<156>

EnableDirectoryPartitions: A Boolean value indicating whether the DNS server will support application directory partitions. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000001, and the value zero MUST be allowed and treated literally.<157>

EnableDnsSec: A Boolean value indicating whether the DNS server will perform additional query processing for secure DNS records, as specified in [RFC4033], [RFC4034], and [RFC4035]. The value SHOULD be limited to a range of 0x00000000 to 0x00000001, inclusive, but it MAY be any value. The default value MUST be 0x00000001 and the value zero MUST be allowed and treated literally.<158>

EnableEDnsProbes: A Boolean value indicating whether the DNS server will include EDNS [RFC2671] records in remote queries (with the possible exception of queries sent to a remote Global Names Zone (GNZ); see "GlobalNamesEnableEDnsProbes" later in this section). The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value SHOULD be 0x00000001, and the value zero MUST be allowed and treated literally.<159>

EnableEDnsReception: A Boolean value indicating whether the DNS server will accept queries that contain an EDNS [RFC2671] record. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000001, and the value zero MUST be allowed and treated literally.<160>

EnableIPv6: A Boolean value indicating whether the DNS server will listen on local IPv6 addresses. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value SHOULD be 0x00000001, and the value zero MUST be allowed and treated literally.<161>

EnableForwarderReordering: A Boolean value indicating whether the DNS server will perform forwarder list reordering of the DynamicForwarders list (section 3.1.1.1.2) at run time. The value MUST be limited to 0x00000000 and 0x00000001. The default value MUST be 0x00000001, and the value zero MUST be allowed and treated literally.<162>

EnableIQueryResponseGeneration: A Boolean value indicating whether the DNS server will fabricate IQUERY responses ([RFC1035]). If set to true, the DNS server MUST fabricate IQUERY responses when it receives queries of type IQUERY. Otherwise, the DNS server will return an error when such queries are received. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.<163>

EnableOnlineSigning: A Boolean value indicating whether the DNS server will sign directory server-integrated zones when these zones are loaded or when records in a zone are added, removed, or modified. The value also indicates whether signing new zones will be permitted. The value MUST be limited to 0x00000000 and 0x00000001. The default value MUST be 0x00000001, and the value zero MUST be allowed and treated literally.<164>

EnableSendErrorSuppression: A Boolean value indicating whether the DNS server will attempt to suppress large volumes of DNS error responses sent to remote IP addresses that are attempting to attack the DNS server. The value SHOULD <165> be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000001, and the value zero MUST be allowed and treated literally.

EnableUpdateForwarding: A Boolean value indicating whether the DNS server will forward updates received for secondary zones to the primary DNS server for the zone. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.<166>

EnablePolicies: A Boolean value indicating whether the DNS server uses DNS Policy during a DNS Operation. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000001, and the value zero MUST be allowed and treated literally.

EnableWinsR: A Boolean value indicating whether the DNS server will perform NetBIOS name resolution in order to map IP addresses to machine names while processing queries in zones where WINS-R information has been configured. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000001, and the value zero MUST be allowed and treated literally.<167>

ForceDsaBehaviorVersion: The minimum value to use as the behavior version of the local directory server, or 0xFFFFFFFF. Values for this property MUST be limited to those specified in "msDS-Behavior-Version: DC Functional Level", [MS-ADTS] (section 6.1.4.4), in addition to 0xFFFFFFFF, which MUST be the default value. The DNS server reads the msDS-BehaviorVersion attribute of the local directory server's nTDSDSA object ([MS-ADTS] section 6.1.1.2.2.1.2.1.1) and compares it with this property. If the value read from the directory server is greater than the specified ForceDsaBehaviorVersion, or if ForceDsaBehaviorVersion is 0xFFFFFFFF, this property is set to the value read from the directory server. This property SHOULD be returned by the DNS server in the dwDsDsaVersion field of the DNS_RPC_SERVER_INFO structure (section 2.2.4.2.2) when processing the ServerInfo operation of the R_DnssrvQuery method (section 3.1.4.2).

ForceDomainBehaviorVersion: The minimum value to use as the behavior version of the domain, or 0xFFFFFFFF. Values for this property MUST be limited to those specified in "msDS-Behavior-Version: Domain NC Functional Level", [MS-ADTS] (section 6.1.4.4), in addition to 0xFFFFFFFF, which MUST be the default value. The DNS server reads the msDS-BehaviorVersion attribute of the domain's crossRef object and compares it with this property. If the value read from the directory server is greater than the specified ForceDomainBehaviorVersion, or if ForceDomainBehaviorVersion is 0xFFFFFFFF, this property is set to the value read from the directory server. This property SHOULD be returned by the DNS server in the dwDsDomainVersion field of the DNS_RPC_SERVER_INFO structure (section 2.2.4.2.2) when processing the ServerInfo operation of the R_DnssrvQuery method (section 3.1.4.2)

ForceForestBehaviorVersion: The minimum value to use as the behavior version of the forest, or 0xFFFFFFFF. Values for this property MUST be limited to those specified in "msDS-Behavior-Version: Forest Functional Level", [MS-ADTS] section 6.1.4.4, in addition to 0xFFFFFFFF, which MUST be the default value. The DNS server reads the msDS-BehaviorVersion attribute of the forest's crossRefContainer object and compares it with this property. If the value read from the directory server is greater than the specified ForceForestBehaviorVersion, or if ForceForestBehaviorVersion is 0xFFFFFFFF, this property is set to the value read from the directory server. This property SHOULD be returned by the DNS server in the dwDsForestVersion field of the DNS_RPC_SERVER_INFO structure (section 2.2.4.2.2) when processing the 2.2.4.2.2 operation of the R_DnssrvQuery method (section 2.2.4.2.2

HeapDebug: A Boolean value indicating whether the DNS server will execute a debug break when internal memory corruption is detected. The value SHOULD be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.<168>

LameDelegationTtl: The number of seconds that MUST elapse before the DNS server requeries DNS servers of the parent zone when a lame delegation is encountered. The value SHOULD <169> be limited to the range from 0x00000000 to 0x00278D00 (30 days), inclusive, but it MAY be any value. The default value SHOULD be 0x00000000, and the value zero MUST be allowed and treated literally.

LocalNetPriorityNetMask: A value that specifies the network mask the DNS server uses to sort IPv4 addresses. A value of 0xFFFFFFFF indicates that the DNS server MUST use traditional IPv4 network mask for the address. Any other value is a network mask, in host byte order that the DNS server MUST use to retrieve network masks from IP addresses for sorting purposes. The value's range MUST be unlimited. The default value MUST be 0x000000FF, and the value zero MUST be allowed and treated literally.<170>

MaxCacheSize: The maximum size of memory, in kilobytes, that the DNS server can use to store DNS data in the cache. The value SHOULD <171> be limited to the range from 0x000001F4 to 0xFFFFFFFF, inclusive, or 0x00000000, but it MAY be any value. The default value SHOULD be 0x00000000, which MUST be allowed and treated as a flag value for no limit on maximum size of memory. If the value is nonzero, the DNS server SHOULD treat this as a soft limit, allowing it to be exceeded for limited durations, and also attempt to limit cache memory to 90 percent of this value.

MaximumSignatureScanPeriod: The maximum time, in seconds, before which the server SHOULD <172> scan all signed zones for a signature refresh. The value MUST be limited to the range 0x00000E10 (1 hour) to 0x00278D00 (30 days), inclusive. The default value MUST be 0x00015180 (1 day), and the value zero MUST be allowed and treated literally.

MaxResourceRecordsInNonSecureUpdate: The maximum number of resource records that the DNS server accepts in a single DNS update request. The value SHOULD <173> be limited to the range from 0x0000000A to 0x00000078, inclusive, but it can be any value. The default value SHOULD be 0x0000001E, and the value zero SHOULD be treated as a flag value for the default, but it MAY be allowed and treated literally.

OperationsLogLevel: The operations (in addition to those specified by OperationsLogLevel2) that are logged to the DNS server log file using any combination of the values that follow. The value's range MUST be unlimited. The default value SHOULD <174> be 0x00000000, and the value zero MUST be allowed and treated literally.

Value	Meaning
0x00000001 DNSLOG_WRITE_THROUGH	The server saves operational logging information to persistent storage.
0x00000010 DNSLOG_EVENT	The server logs event logging information to the log file.
0x00000020 DNSLOG_INIT	The server logs operational logging information to the log file for server start and stop activities.
0x00002000 DNSLOG_DSPOLL	The server logs operational logging information to the log file for activities related to loading a zone from the directory server.
0x00004000 DNSLOG_DSWRITE	The server logs operational logging information to the log file for activities related to writing zone data to the directory server.
0x00020000 DNSLOG_TOMBSTN	The server logs operational logging information to the log file for activities related to updating tombstoned nodes.
0x00100000 DNSLOG_LOOKUP	The server logs operational logging information to the log file for local resource lookup activities.
0x00200000 DNSLOG_RECURSE	The server logs operational logging information to the log file for activities performed during recursive query lookup.
0x00400000 DNSLOG_REMOTE	The server logs operational logging information to the log file for activities related to interaction with remote name servers.

OperationsLogLevel2: The operations (in addition to those specified by OperationsLogLevel) that are logged to the DNS server log file using any combination of the values that follow. The value's range MUST be unlimited. The default value SHOULD <175> be 0x00000000, and the value zero MUST be allowed and treated literally.

Value	Meaning
0x01000000 DNSLOG_PLUGIN	The server logs operational logging information to the log file for activities related to interaction with plug-in DLLs.

Value

Meaning

0x01000000

DNSLOG_PLUGIN

The server logs operational logging information to the log file for activities related to interaction with plug-in DLLs.

MaximumUdpPacketSize: The maximum UDP packet size, in bytes, that the DNS server SHOULD <176> accept. The value MUST be limited to 0x00000200 to 0x00004000. The server MUST return an error if an attempt is made to change the value of this property through this protocol. This property SHOULD only be changed by modifying the value in persistent storage.

RecurseToInternetRootMask: The DNS server MUST ignore any value set for this property.

SelfTest: A mask value indicating whether data consistency checking is performed once, each time the service starts. If the check fails, the server posts an event log warning. If the least significant bit (regardless of other bits) of this value is one, the DNS server verifies for each active and update-allowing primary zone, that the IP address records are present in the zone for the zone's SOA record's master server. If the least significant bit (regardless of other bits) of this value is zero, no data consistency checking will be performed. The value's range MUST be from 0x00000000 to 0xFFFFFFFF, inclusive. The default value MUST be 0xFFFFFFFF.

SilentlyIgnoreCNameUpdateConflicts: A Boolean value indicating whether the DNS server will ignore CNAME conflicts during DNS update processing. The value SHOULD <177> be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.

ScopeOptionValue: An integer value that determines a name in a name value pair that the DNS server looks for in the OPT record of an incoming query. This is also the name of a name value pair that a resolver DNS server writes to the OPT RR of a DNS query for which it recurses. The value SHOULD be limited to the range from 0x00000008 to 0x0000FFFF excluding the range values, but it MAY be any value. If it is any value other than the range, the DNS server sets it to 0x0000FF98. If the value is not set or set to 0, the DNS server disables this behavior.

TcpReceivePacketSize: The maximum TCP packet size, in bytes, that the DNS server SHOULD <178> accept. The value MUST be limited to the range from 0x00004000 to 0x00010000, inclusive. Values outside of this range MUST cause the server to return an error. The default value MUST be 0x00010000.

XfrThrottleMultiplier: The multiple used to determine how long the DNS server SHOULD <179> refuse zone transfer requests after a successful zone transfer has been completed. The total time for which a zone will refuse another zone transfer request at the end of a successful zone transfer is computed as this value multiplied by the number of seconds required for the zone transfer that just completed. The server SHOULD refuse zone transfer requests for no more than ten minutes. The value SHOULD be limited to the range from 0x00000000 to 0x00000064, inclusive, but it MAY be any value. The default value MUST be 0x0000000A, and the value zero MUST be allowed and treated literally.

UdpRecvThreadCount: The number of receive threads handling incoming UDP traffic that the server SHOULD <180> run simultaneously. The value MUST be limited to the range 0x00000000 to 0x00000800, inclusive. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated as the count of processors in the machine.

VirtualizationInstanceOptionValue: An integer value that determines a name in a name value pair that the DNS server looks for in the OPT record of an incoming query. This value helps the DNS server determine which virtualization instance it does the lookup in. If the virtualization instance present in this name value pair is not found, the DNS server does not return any error. Instead, it does the lookup in the zones hosted in the default partition (zones that are created without giving any virtualization instance name).

The value SHOULD <181> be limited to the range from 0x00000008 to 0x0000FFFF excluding the range values, but can be any value. If it is any value other than the range, the DNS server sets it to 0x0000FF9C. If the value is not set or is set to zero, the DNS server disables this behavior.

The DNS server SHOULD <182> also support the following properties.

AllowMsdcsLookupRetry: A Boolean value indicating whether the DNS server will attempt to retry failed lookup operations in the immediate parent of the zone where the lookup was originally performed. This lookup retry MUST only be applied if the name of the zone where the lookup was originally performed began with the string "_msdcs" and the immediate parent of the zone where the lookup was originally performed is present on the DNS server. The value's range MUST be limited to 0x00000000 and 0x00000001. The default value SHOULD be 0x00000001, and the value zero MUST be allowed and treated literally.<183>

AllowReadOnlyZoneTransfer: A Boolean value indicating whether the DNS server will allow zone transfers for zones that are stored in the directory server when the directory server does not support write operations. The value MUST be limited to 0x00000000 and 0x00000001. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.

DsBackgroundLoadPaused: A Boolean value indicating whether the DNS server is enabled to pause background loading of information from directory server if a node is found with same node-name same as pointed to by DsBackgroundPauseName. The value MUST be limited to 0x00000000 and 0x00000001. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.<184>

DsMinimumBackgroundLoadThreads: The minimum number of background threads that the DNS server will use to load zone data from the directory service. The value MUST be limited to the range from 0x00000000 to 0x00000005, inclusive. If the value is 0x00000000, then the DNS server MUST NOT start background threads to load zone data from the directory service. The default value MUST be 0x00000001, and the value zero MUST be treated as allowed.

DsRemoteReplicationDelay: The minimum interval, in seconds, that the DNS server waits between the time it determines that a single object has changed on a remote directory server and the time it attempts to replicate the single object change. The value MUST be limited to the range from 0x00000005 to 0x00000E10, inclusive. The default value MUST be 0x0000001E, and the value zero MUST be treated as a flag value for the default.

EnableDuplicateQuerySuppression: A Boolean value indicating whether the DNS server will not send remote queries when there is already a remote query with the same name and query type outstanding. The value MUST be limited to 0x00000000 and 0x00000001. The default value MUST be 0x00000001, and the value zero MUST be allowed and treated literally.

EnableGlobalNamesSupport: A Boolean value indicating whether the DNS server will use any GNZ data while responding to DNS queries and updates. The value MUST be limited to 0x00000000 and 0x00000001. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.

EnableVersionQuery: This property controls what version information the DNS server will respond with when a DNS query with class set to CHAOS and type set to TXT is received. The value's range MUST be limited to the values in the following table. The default value SHOULD be 0x00000000.<185>

Value	Meaning
0x00000000 DNS_VERSION_QUERY_OFF	No version information will be returned.
0x00000001 DNS_VERSION_QUERY_FULL	The server responds with major operating system version, minor operating system version, and operating system revision.
0x00000002 DNS_VERSION_QUERY_MINIMAL	The server responds with major operating system version and minor operating system version.

Value

Meaning

0x00000000

DNS_VERSION_QUERY_OFF

No version information will be returned.

0x00000001

DNS_VERSION_QUERY_FULL

The server responds with major operating system version, minor operating system version, and operating system revision.

0x00000002

DNS_VERSION_QUERY_MINIMAL

The server responds with major operating system version and minor operating system version.

EnableRsoForRodc: A Boolean value indicating whether the DNS server will attempt to replicate single updated DNS objects from remote directory servers ahead of normally scheduled replication when operating on a directory server that does not support write operations. The value MUST be limited to 0x00000000 and 0x00000001, but it MAY be any value. The default value SHOULD be 0x00000001, and the value zero MUST be allowed and treated literally.

ForceRODCMode: A Boolean value indicating whether the DNS server will always operate as if the directory server does not support write operations. If TRUE, the DNS server MUST operate as if the directory server does not support write operations; otherwise, the DNS server MUST query the directory server to determine whether it supports write operations. The value MUST be limited to 0x00000000 and 0x00000001. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.<186>

GlobalNamesAlwaysQuerySrv: A Boolean value that indicates, when FALSE, that the DNS server will attempt to use GNZ service records (SRV records named "_globalnames._msdcs.<forestroot>") from the server's cache when updating the list of remote DNS servers hosting a GNZ, or when TRUE, that the server MUST always attempt a remote DNS query for such records. The value MUST be ignored if the server hosts a GNZ. The value MUST be limited to 0x00000000 and 0x00000001. The default value MUST be 0x00000000, and the value zero MUST be allowed.

GlobalNamesBlockUpdates: A Boolean value indicating whether the DNS server will block updates in authoritative zones if they are for FQDNs that would collide with labels found in the GNZ. If the value of this property is 0x00000000, then a check for this collision MUST NOT be performed.

To test whether a name collides with a name present in the GNZ, the DNS server MUST extract the relative portion of the name that is being updated by removing the rightmost labels which comprise the zone name, and then perform a case-insensitive search in the locally hosted GNZ for a name matching the remaining labels. If a match for these labels is found in the locally hosted GNZ and the value of this property is 0x00000001 then the update MUST be blocked.

The value MUST be limited to 0x00000000 and 0x00000001. The default value MUST be 0x00000001, and the value zero MUST be allowed.

GlobalNamesEnableEDnsProbes: A Boolean value indicating whether the DNS server will honor the EnableEDnsProbes Boolean value for a remote GNZ. A value of TRUE indicates that the server MUST attempt to use EDNS for queries sent to a remote GNZ if the Boolean value of EnableEDnsProbes is also TRUE, and otherwise MUST NOT attempt to use EDNS for such queries. A value of FALSE indicates that the server MUST NOT attempt to use EDNS for queries sent to a remote GNZ, regardless of the value of EnableEDnsProbes. The value MUST be limited to 0x00000000 and 0x00000001. The default value MUST be 0x00000001, and the value zero MUST be allowed.

GlobalNamesPreferAAAA: A Boolean value indicating whether the DNS server will prefer type AAAA address records to type A records when sending queries to a remote DNS server that is hosting a GNZ. If the value is 0x00000000 then queries to a remote DNS server hosting a GNZ MUST be sent using IPv4 if any IPv4 addresses for the remote DNS server name can be found. If no IPv4 addresses are found for the remote DNS server name, then IPv6 addresses MUST be used. If the value of this property is 0x00000001, then IPv6 addresses for the remote DNS server MUST be used, and IPv4 addresses MUST NOT be used unless no IPv6 addresses can be found. The value MUST be limited to 0x00000000 and 0x00000001. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.

GlobalNamesQueryOrder: A Boolean value indicating whether the DNS server will prefer GNZ or authoritative zone data when determining what data to use to answer queries. If TRUE, the DNS server MUST prefer authoritative zone data; otherwise, the DNS server MUST prefer GNZ data. The value MUST be limited to 0x00000000 and 0x00000001. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.

GlobalNamesSendTimeout: The number of seconds the DNS server will wait when sending a query to a remote GNZ before assuming that no answer will ever be received. The value MUST be limited to the range from 0x00000001 to 0x0000000F, inclusive. The default value MUST be 0x00000003, and the value zero MUST be treated as a flag value for the default.

GlobalNamesServerQueryInterval: The maximum interval, in seconds, between queries to refresh the set of remote DNS servers hosting the GNZ. The value MUST be limited to the range from 0x0000003C (60 seconds) to 0x00278D00 (30 days), inclusive. The default value MUST be 0x00005460 (6 hours), and the value zero MUST be treated as a flag value for the default.

RemoteIPv4RankBoost: A value to add to all IPv4 addresses for remote DNS servers when selecting between IPv4 and IPv6 remote DNS server addresses. The value MUST be limited to the range from 0x00000000 to 0x0000000A, inclusive. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.

RemoteIPv6RankBoost: A value to add to all IPv6 addresses for remote DNS servers when selecting between IPv4 and IPv6 remote DNS server addresses. The value MUST be limited to the range from 0x00000000 to 0x0000000A, inclusive. The default value MUST be 0x00000000, and the value zero MUST be allowed and treated literally.

MaximumRodcRsoAttemptsPerCycle: The maximum number of queued single object replication operations that are attempted during each five minute interval of DNS server operation. The value MUST be limited to the range from 0x00000000 to 0x000F4240, inclusive. The default value MUST be 0x00000064, and the value 0x00000000 MUST be allowed and treated as no limitation on the number of queued single object replication operations.

MaximumRodcRsoQueueLength: The maximum number of single object replication operations that can be queued at any given time by the DNS server. The value MUST be limited to the range from 0x00000000 to 0x000F4240, inclusive. If the value is 0x00000000 the DNS server MUST NOT enforce an upper bound on the number of single object replication operations queued at any given time. The default value MUST be 0x0000012C, and the value zero MUST be allowed.

EnableGlobalQueryBlockList: A Boolean value indicating whether the DNS server blocks queries in locally hosted primary zones that match entries in the GlobalQueryBlockList property (see section 3.1.1.1.4). If the value of this property is 0x00000001, when answering a query using a locally hosted primary zone the DNS server MUST check to see if the relative portion of the query name matches any value in the GlobalQueryBlockList property. If a match is found the DNS server MUST return a name error response instead of a positive answer. The DNS server MUST NOT apply this algorithm to the name of the zone. The block list MUST only be applied to records within each zone. The DNS server MUST NOT perform this check if the value of the EnableGlobalQueryBlockList property is 0x00000000. The value MUST be limited to 0x00000000 and 0x00000001. The default value MUST be 0x00000001, and the value zero MUST be allowed and treated literally.<187>

The DNS server SHOULD <188> also support the following properties.

OpenACLOnProxyUpdates: A Boolean value indicating whether the DNS server allows sharing of DNS records with the DnsUpdateProxy group (for more information see [MSDOCS-DnsUpdateProxyGp]) when processing updates in secure zones that are stored in the directory service. During secure dynamic update [RFC3645] negotiation, the DNS server SHOULD check whether DNS records exist in the zone under the name specified in the update request, [RFC2136]. If so, the server SHOULD check the client credentials against the access control lists associated with the existing records in the directory service (see [MS-ADTS] section 5.1.3), before allowing the requested records to be created or modified. If there are no records for the update request name, DNS server SHOULD create records requested by the client, and associate those records with the client's credentials. If OpenACLOnProxyUpdates is set to TRUE, when a member of the DnsUpdateProxy group updates a DNS resource record for which that member has write access, the record access control lists SHOULD be adjusted to grant write privileges to all clients with credentials. The value of OpenACLOnProxyUpdates MUST be limited to 0x00000000 and 0x00000001. The default value MUST be 0x00000001, and the value zero MUST be allowed and treated literally.

CacheLockingPercent: The percentage of the original time-to-live value for which all cache entries from non-authoritative responses MUST be locked and MUST NOT be overwritten by data found in subsequent non-authoritative responses. Locked cache entries MUST still be considered for removal from the cache if the soft limit of the maximum cache size is reached (see the MaxCacheSize property, described previously in this section). The value MUST be limited to the range from 0x00000000 to 0x00000064, inclusive. The default value MUST be 0x00000064, and the value zero MUST be allowed and treated literally.

ZoneWritebackInterval: The interval at which the data for a file backed zone is periodically synced to its data file in persistent storage, in case the in-memory copy of the zone is not yet committed to the data file. <189> The values can range from 1 minute to 1 week (7*24*60). When ZoneWritebackInterval is set to a value of 0, the automatic flushing of zone data to the data file is disabled. This setting applies to all zone scopes present on the zone as well.

EnablePolicies: A Boolean value that indicates whether the DNS Policies configured on the DNS server are to be applied on DNS Operations. If the value of the property is 0x00000000, then all policies at the server level and zone level are considered disabled and are not applied. Otherwise, the policies are considered enabled.

EnableServerPolicies: A Boolean value that indicates whether the DNS server-level Policies configured on the DNS server are to be applied on DNS Operations. If the value of the property is 0x00000000, then all policies at the server level only are considered disabled and are not applied. Otherwise, the policies are considered enabled. If the EnablePolicies property value is 0x00000000, then server-level policies are disabled regardless of the EnableServerPolicies setting. If the EnablePolicies property value is anything other than 0x00000000, then the EnableServerPolicies settings apply.

3.1.1.1.1 DNS Server Integer Properties

Additional resources