The next two sections are Host Overrides and Domain Overrides. Host Overrides allows you to configure a specific hostname to resolve differently than it otherwise would with the DNS servers being used by the DNS forwarder. This can be used for split DNS configurations; it also provides one possible way of blocking access to certain sites (although the user could always defeat this measure by simply entering the correct IP address of the target domain).

Domain Overrides is similar, except that it allows you to specify a different DNS server to use when resolving a specific domain. This can be useful in certain scenarios; for example, if you have a Windows Active Directory configuration  and DNS queries for Active Directory, servers must be directed to Active Directory's DNS server.

The next tab is Advanced Settings. We will not cover all the settings that are configurable in this section, but here are some of the more interesting settings:

• Prefetch DNS Key Support: Enabling this option causes DNS keys to be fetched earlier in the validation process, thus lowering the latency of requests (but increasing CPU usage).
• Message Cache Size: This controls the size of the message cache, which stores DNS response codes and validation statuses. The default size is 4 MB.
• Experimental Bit 0x20 Support: The small bit size (16 bits) of a DNS transaction ID makes it a frequent target for forgery, which creates a security risk. One of the ways of improving the security of DNS transactions is to randomize the 0x20 bit in an ASCII letter of a question name. For example, the names www.mydomain.com and WWW.MYDOMAIN.COM will be treated the same by a requester, but could be treated as unequal by a responder. It can thus serve as a sort of covert encryption channel and make DNS transactions more secure.