alphaspirit - Fotolia


Windows Server 2016 networking features bolster control, security

Windows Server 2016 boasts improved load balancing and new ways to protect the data center from DoS attacks.

Windows Server 2016 networking features may not get as much attention as Docker containers or Nano Server, but admins should be aware of how new Domain Name System server and IP address management capabilities can help them gain more control over the networking environment.

The most significant DNS-related improvement is the release of the DNS policies, which allow administrators to control how a Windows DNS server responds to DNS queries. And there are countless uses for DNS policies, including the ability to redirect or block DNS queries from malicious IP addresses.

The most significant DNS-related improvement is the release of the DNS policies, which allow administrators to control how a Windows DNS server responds to DNS queries.

DNS policies can also help with load balancing. Until Window Server 2016, the only type of load balancing a Microsoft DNS server natively supported was round-robin load balancing. For example, if three web servers provide a particular service, then the administrator could use DNS round-robin load balancing to distribute inbound traffic evenly across the servers. But with this method, there is no intelligence in the balancing mechanism. DNS has no way to know if one host can handle a disproportionate volume of traffic or know if the hosts are healthy.

Directing inbound traffic to the closest data center or performing redirection based on the time of day are two other uses for DNS policies.

IPAM console gains DNS support

IP address management (IPAM) has been a part of Windows Server for several years. Larger organizations use IPAM to manage the servers that play key roles in running the IP address infrastructure. Until the release of Windows Server 2016, the IPAM console had little DNS support. The Windows Server 2012 IPAM console provides rich support for interacting with DHCP servers, but it has few options for interacting with DNS. The only options available with a DNS server are to launch the Microsoft Management Console or retrieve server data.

Microsoft added more DNS-related functionality to the Windows Server 2016 IPAM console, including the ability to create, modify and delete resource records. Microsoft also added a filtering option to let administrators examine resource records and IP addresses at the DNS-zone level. This filtering is based on an IP address inventory that is compiled from DNS host records, either manually or automatically. IPAM collects DNS zone and resource record information from a Windows DNS server that runs on Windows Server 2008 or later.

Microsoft goes cloud-heavy with Windows Server 2016

Microsoft wants sysadmins to get their heads in the clouds by packing support for containers and Azure services into Windows Server 2016.

Response rate limiting helps avoid DoS attacks

Windows Server 2016 also features a way to throttle the DNS response rate to prevent denial of service (DoS) attacks against a Windows DNS server. The feature limits the number of times per second that a DNS server will issue a response -- or an error -- to a client.

Microsoft configured the response rate limiting feature so it won't affect legitimate requests. Administrators can define whitelists based on domains or subnets to exempt them from DNS request throttling. An organization might put its internal subnets on a whitelist while imposing a rate limit for external clients to limit the effect of a DOS attack.

Next Steps

Configure a virtual router for a Hyper-V lab

Using PowerShell to manage network switches

Create a Hyper-V lab to build your skills

Dig Deeper on Enterprise infrastructure management