what is DNS Server

WHAT IS A DNS SERVER ?
The Domain Name System (DNS) is a standard technology for managing the names of Web sites and other Internet domains. DNS technology allows you to type names into your Web browser like compnetworking.about.com and your computer to automatically find that address on the Internet. A key element of the DNS is a worldwide collection of DNS servers. What, then, is a DNS server?


Answer: A DNS server is any computer registered to join the Domain Name System. A DNS server runs special-purpose networking software, features a public address, and contains a database of network names and addresses for other Internet hosts.
DNS Root Servers
DNS servers communicate with each other using private network protocols. All DNS servers are organized in a hierarchy. At the top level of the hierarchy, so-called root servers store the complete database of Internet domain names and their corresponding IP addresses. The Internet employs 13 root servers that have become somewhat famous for their special role. Maintained by various independent agencies, the servers are aptly named A, B, C and so on up to M. Ten of these servers reside in the United States, one in Japan, one in London, UK and one in Stockholm, Sweden.
DNS Server Hierarchy
The DNS is a distributed system, meaning that only the 13 root servers contain the complete database of domain names and IP addresses. All other DNS servers are installed at lower levels of the hierarchy and maintain only certain pieces of the overall database.
Most lower level DNS servers are owned by businesses or Internet Service Providers (ISPs). For example, Google maintains various DNS servers around the world that manage the google.com, google.co.uk, and other domains. Your ISP also maintains DNS servers as part of your Internet connection setup.
DNS networking is based on the client / server architecture. Your Web browser functions as a DNS client (also called DNS resolver) and issues requests to your Internet provider's DNS servers when navigating between Web sites.
When a DNS server receives a request not in its database (such as a geographically far away or rarely visited Web site), it temporarily transforms from a server to a DNS client. The server automatically passes that request to another DNS server or up to the next higher level in the DNS hierarchy as needed. Eventually the request arrives at a server that has the matching name and IP address in its database (all the way to the root level if necessary), and the response flows back through the chain of DNS servers to your client.
DNS Servers and Home Networking
Computers on your home network locate a DNS server through the Internet connection setup properties. Providers give their customers the public IP address(es) of primary and backup DNS servers. You can find the current IP addresses of your DNS server configuration via several methods:
· on the configuration screens of a home network router
· on the TCP/IP connection properties screens in Windows Control Panel (if configured via that method)
· from ipconfig or similar command line utility


Read more!

Microsoft Small Business Server 2003 Spam Filtering

This article takes an in-depth look at the spam filtering features provided with Microsoft SBS 2003 and how to implement them.

Unsolicited commercial email (UCE), generally known as spam, is becoming a bigger and bigger problem for each company and even home users. A lot of time has to be spent on filtering which emails are spam and which are not. So an important task of each Server Administrator who has the responsibility of the Messaging and Collaboration Server System, is to implement a good SPAM Email Filtering System.

Microsoft provides lots of features with Exchange Server 2003 Service Pack 2 to filter Spam and provides a solution to reduce the amount of time spent on filtering SPAM.

These features are included within Exchange Server 2003 and, due to this, are part of each Small Business Server 2003 Implementation within this solution.

Within this article we will now take an in-depth look at the features themselves and how to implement them.

Connection Level Protection

Protecting against SPAM at the connection level has been the best defense for years, because this means that SPAM will never enter the company’s network. This feature does nothing more than evaluate incoming SMTP connections for potential SPAM. If the connection SMTP host is a well known Spammer, the connection can be dropped.

Exchange itself provides two ways for connection level SPAM protection.

IP Connection Filtering

IP Connection filtering is a configurable setting within Exchange Server 2003 that can totally block SMTP connections based on IP-Addresses. This is a rudimentary method of protection because the connection filtering lists need to be administered manually. In addition to this you can allow special explict SMTP connections.

Figure 1: IP-Address Filtering

Real-Time Block Lists

With Exchange Server 2003, you will have a new and more dynamic way of providing connection level protection. This feature is called Real-Time Block Lists. These lists are known as SPAM sources, open relays or part of an IP range. But these lists should not include STMP hosts which are the same as a provider’s dial-up connection. This would lead to thousands of emails sent by dial-up users being rejected.

Block List providers are 3rd party organizations that collect IP addresses of internet SMTP domains. When a host initiates an SMTP session with a subscriber of a block list service, the subscriber issues a DNS query to the block list provider’s DNS Server with the sender’s host IP address. The block list server then checks whether the connecting host is on the block list or not.

To enable this feature you have to install Exchange Server 2003 Service Pack 2 because, in earlier versions of Exchange Server 2003, only the connection host was relevant and not the sending host, which meant that firewalls or SMTP hosts in between could be Spammers. This has been achieved by providing perimeter IP lists and an internal IP range configuration in Exchange System Manager.

Figure 2: Block List Filtering (1)

Figure 3: Block List Filtering (2)

Figure 4: Block List Filtering (3)

Figure 5: Block List Filtering (4)

Protocol Level Protection

Protocol level protection against SPAM is another way of filtering spam in the next layer of defense at the SMTP protocol level. The SMTP traffic between sending and receiving hosts is analyzed to verify that the sender and the recipient are allowed hosts.

Recipient and Sender Blocking

The first way of providing protocol level protection is to define individual senders or domains from who you do not want to accept messages (also known as white and black lists). Exchange Server 2003 can be configured to block blank sender addresses and filter recipients who are not in the Active Directory too.

This blocking method prevents the directory harvesting attack (DHA). Within this attack, the Exchange Server itself responds to RFC2821 RCPT TO: commands are passed in search of valid IP addresses. When it detects an email that is sent to a non-existing recipient, Exchange returns an “Unknown user”. Spammers now have the chance to sell valid email addresses or use them as recipients for unsolicited mail. This threat can be mitigated by using the tarpitting method, which is provided by Windows Server 2003 Service Pack 1. This feature allows the administrator to insert a configurable delay before returning an SMTP protocol response.

Figure 6: Sender Filtering

Figure 7: Recipient Filtering

Sender ID

One of the newest additions to Exchange Server 2003 anti-spam features is Sender ID filtering which comes with Exchange Server 2003 Service Pack 2. Sender ID attempts to verify that the sending host is approved to send messages from the SMTP domain.

There are two parts that need to be available for Sender ID to work. The first is a well-known DNS record known as sender policy framework. It defines which servers are allowed to send SMTP from this domain. The other one is an SMTP host that supports Sender ID.

Sender ID filtering can greatly reduce UCEs if the sending domains have SPF records registered in DNS, but all domains which do not have SPF records might encounter problems.

Figure 8: Sender-ID Filtering

Content Level Protection

The next option for filtering emails for SPAM is by using content level protection. This means that we can now analyze the message content looking for common clues that may indicate unsolicited email.

Exchange Intelligent Message Filter

With Exchange Server 2003 Service Pack 2, Microsoft provided a content filter called Exchange Intelligent Message Filter. It is based on patented machine-learning technology from Microsoft Research. This Smart Screen technology is already in use by MSN, Microsoft Hotmail and Microsoft Office Outlook 2003, and is called Junk Email Filtering.

Intelligent Message Filter was designed to categorize between SPAM and non-SPAM based on the characteristics of each email message.

After IMF adds a Spam Confidence Level (SCL) to the message, it then evaluates two configured thresholds:

• Gateway blocking > messages can be archived, deleted, rejected or nothing can be done
• Store junk email configuration > move emails to junk mail folder

IMF can provide anti-phishing filtering, too. It can be configured in detail using the “Custom Weighting” feature which is implemented by an XML file called MSExchange.UceContentFilter.xml and has to be saved in the same directory as the .dll and .dat files of your Exchange Server. IMF can be updated using Windows Server Update Services (WSUS).

Figure 9: Intelligent Message Filtering

Outlook 2003 and Outlook Web Access Junk E-Mail

The last step to filter Spam is to clean your Outlook client itself by using an anti-SPAM feature called Junk-Email Filtering. At first it collects the SCL information from IMF. In addition it has its own filtering feature where each user can configure their own white and black lists for SPAM.

Read more!

Exchange Server 2007 SPAM filtering features without using Exchange Server 2007 Edge Server

Using Exchange Server 2007 SPAM filtering features without using Exchange Server 2007 Edge Server Role.
Exchange Server 2007 SPAM filtering features without using Exchange Server 2007 Edge Server

Introduction

Many Exchange Server administrators know how to use features from Exchange Server 2003 which will not be available by default, if they do not use Exchange Server 2007 Edge Server Role as message hygiene server in the DMZ. This feature is only available within that role by default but can be enabled on each Exchange Server 2007 running Hub Transport Role. In this article we will have a look how to enable and configure this feature.

Activating AntiSpamAgent Feature

Adding this functionality to your Hub Transport servers is a pretty simple process. First, launch the Exchange Management Shell. In the Scripts folder that was created, you will find a PowerShell script to install the Anti-spam agents. After you run this command, you will need to restart your transport service and restart the Exchange Management Console. The script we need to run is called install-AntiSpamAgents.ps1.

Figure 1: Activating AntiSpamAgent Feature

After restarting the Exchange Transport Service, we have a new tab in Exchange Management Console available which will look like this:

Figure 2: The Anti-Spam Tab of Exchange Management Console

Note:

We will now take a closer look into each feature of Anti-Spam:

• Content Filtering
• IP Allow List
• IP Allow List Providers
• IP Block List
• IP Block List Providers
• Recipient Filtering
• Sender Filtering
• Sender ID
• Sender Reputation

Content Filtering

The Content Filter agents works with spam confidence level rating. This rating is a number from 0-9 for each message; a high SCL will mean that it is most likely spam. You can configure the agent according to the message ratings to:

• Delete the message
• Reject the message
• Quarantine the message

You can also customize this filter using your own custom words and configure exceptions if you wish.

IP Allow List

With this feature you are able to configure which IP addresses are allowed to successfully connect to your Exchange Server. So, if you probably have a dedicated mail relay server in your DMZ, you can add its IP addresses so that your server will not accept connections from other servers anymore.

IP Allow List Providers

In general, you are unable to configure your own “IP Allow Lists” without making mistakes that will lead to problems receiving emails from your customers or any other business partners. Therefore, you should contact a public IP allow list provider which does the work for you. This would mean that you will have more quality in this service and a higher business value.

IP Block Lists

This feature gives you the possibility to configure IP addresses that are not allowed to connect to your server. Contrary to “IP Allow Lists”, this feature provides a black list and not a white one.

IP Block List Providers

“IP Block List Providers” have been known in the past as “Blacklist Providers” too. Their task is to publish lists from servers / IP addresses that are spamming. If you want to read more about this, click here.

Recipient Filtering

If you need to block emails to specific internal users or domains, this feature is the one you will need. You can configure this feature and then add the appropriate addresses or SMTP domains to your black list. Another interesting feature is that it allows you to set up the configuration so that only you will accept emails from recipients that are included in your global address lists.

Sender Filtering

If you need to block specific domains or external email addresses, you will have to use this feature. You can configure a black list of what sender addresses or domains you will accept or not.

Sender ID

The Sender ID agent relies on the RECEIVED Simple Mail Transfer Protocol (SMTP) header and a query to the sending system's domain name system (DNS) service to determine what action, if any, to take on an inbound message. This feature is relatively new and relies on the need of a specific DNS setting.

Sender ID is intended to combat the impersonation of sender and domain also called spoofing. A spoofed mail is an e-mail message that has a sending address that was modified to appear as if it originates from a sender other than the actual sender of the message. Spoofed mails typically contain a FROM in the header of a message that claims to originate from a dedicated organization.

The Sender ID evaluation process generates a Sender ID status for each message. The Sender ID status is used to evaluate the SCL rating for that message. This status can have one of the following settings:

• Pass - IP address is included the permitted set
• Neutral - Published Sender ID data is explicitly inconclusive.
• Soft fail - IP address may be in the not permitted set.
• Fail - IP address is in the not permitted set.
• None - No published data in DNS.
• TempError - transient error occurred, such as an unavailable DNS server
• PermError - unrecoverable error occured, such as the record format error

The Sender ID status is added to email metadata and is then converted to a MAPI property. The Junk E-mail filter in Microsoft Office Outlook uses the MAPI property during the generation of the spam confidence level (SCL) value.

You can configure this feature to act as the following:

• Stamp the status
• Reject
• Delete

Additional information on how to setup your Sender-ID setting in your public DNS can be found here.

Sender Reputation

Sender Reputation is a new Exchange Server 2007 anti-spam functionality that is intended to block messages based on many characteristics.

The calculation of the Sender Reputation Level is based on the following information:

• HELO/EHLO analysis
• Reverse DNS lookup
• Analysis of SCL
• Sender open proxy test

Sender reputation weighs each of these statistics and calculates an SRL for each sender. The SRL is a number between 0 and 9. You can then configure what to do with the message in one of the following ways:

• Reject
• Delete and archive
• Accept and mark as blocked sender

Conclusion

As you have seen in this article, Exchange Server 2007 provides a lot of features to increase anti-spam functionality on each Exchange Server box. If you do not use a dedicated Exchange Edge Server, you can add this functionality to Exchange Server 2007 Hub Transport as described above. If you define a configuration for your specific server design, you will not have to add third party software to meet your basic business needs.

If you decide to have more than the described functions above, you should think of implementing Microsoft ForeFront Security for Exchange Servers.

Read more!