DNS server configuration notes

Resolvers / recursive servers

Our recursive DNS servers handle most DNS queries from end-user devices in the University.

They support encrypted DNS-over-TLS and DNS-over-HTTPS.

Running your own DNS server

We have a sample BIND configuration for stealth secondary servers that includes some general advice on running BIND in Cambridge. There are a few notes on configuring DNSSEC validation and testing DNSSEC validation.

The main UIS help site has DNS configuration guidelines for Windows Server and Active Directory.

Authoritative servers

Our authoritative DNS servers publish the DNS for cam.ac.uk and our other domains to the world. We have a number of on-site and off-site DNS servers used by the UIS, by other institutions in Cambridge that manage their own DNS, and by friendly organizations elsewhere. Updates from the IP Register database are published hourly at 53 minutes past the hour.