1.4 Domain Name Systems Flashcards
What does DNS stand for?
Domain Name System
What are the two software components used in Windows Server 2008 DNS?
- DNS server
- DNS client (or resolver)
Why is DNS important for network users?
It maps user-friendly alphanumeric names to numeric IP addresses.
What layer of the TCP/IP reference model does DNS operate in?
Application layer
What is the default name resolution service in a Windows Server 2008 network?
Windows Server 2008 DNS
What is the role of the DNS Client service in Windows Server 2008?
It contacts a DNS server to resolve a network host name to an IP address.
How does Active Directory Domain Services (AD DS) utilize DNS?
It uses DNS to locate domain controllers for authentication and other operations.
What is the difference between DNS and WINS?
DNS is hierarchical while WINS is a flat namespace.
What does DHCP provide for Windows Server 2008 DNS?
Default support to register and update information for legacy DHCP clients in DNS zones.
What does a Domain Name System (DNS) do?
Translates a domain name to an IP address.
What are the types of DNS records?
- NS record (name server)
- MX record (mail exchange)
- A record (address)
- CNAME (canonical)
True or False: DNS servers can cache mappings.
True
What is a fully qualified domain name (FQDN)?
It uniquely identifies a host’s position within the DNS hierarchical tree.
What is the top of the DNS domain name hierarchy called?
Root domain
What type of domain is ‘microsoft.com’ considered?
Second-level domain
What is the purpose of a Start of Authority (SOA) record?
It identifies a primary DNS name server for the zone.
Fill in the blank: The DNS database consists of ______.
resource records (RRs)
What are common types of DNS resource records?
- A
- NS
- MX
- CNAME
What is the primary function of the DNS server?
To resolve domain names to IP addresses.
What can introduce delays when accessing a DNS server?
The need to contact the DNS server and potential propagation delays.
What are DNS top-level domains (TLDs)?
They indicate the type of organization or country/region.
True or False: DNS management is simple and straightforward.
False
What is the main disadvantage of DNS?
It can be complex to manage and is vulnerable to DDoS attacks.
What RFCs are foundational for DNS?
- RFC 1034
- RFC 1035
What is a subdomain?
Additional names derived from a registered second-level domain.
How does DNS support hierarchical names?
It allows registration of various data types in addition to host name-to-IP address mapping.
What does a CNAME record do?
Points a name to another name or to an A record.
What is the root domain of a DNS zone?
The specific domain name that anchors a zone.
What does a DNS server need to be considered authoritative for a name?
It must load the zone containing that name.
What is the first record in any zone file?
Start of Authority (SOA) RR.
What does the SOA RR identify?
A primary DNS name server for the zone.
What is DNS delegation?
Assigning responsibility for a portion of a DNS namespace to a different DNS server.
What resource record represents DNS delegation?
NS resource record.
What are the primary reasons to delegate a DNS namespace?
- Need to delegate management to multiple organizations.
- Need to distribute load among DNS servers.
- Need to allow for a host’s organizational affiliation.
How does a DNS server facilitate delegation?
By using NS RRs to identify DNS servers for each zone.
What types of zones can represent the same portion of the DNS namespace?
- Primary
- Secondary
- Stub
What is a primary zone in DNS?
A zone where all updates for records are made.
What is a secondary zone?
A read-only copy of the primary zone.
What is a stub zone?
A read-only copy of the primary zone containing only the resource records identifying authoritative DNS servers.
What is zone transfer?
The process of replicating a zone file to multiple DNS servers.
What is the role of the master DNS server in zone transfer?
It is the source of the zone information during a transfer.
What are the two types of zone file replication?
- Full zone transfer (AXFR)
- Incremental zone transfer (IXFR)
What is a recursive DNS query?
A query that forces a DNS server to respond with either a failure or success response.
What is an iterative DNS query?
A query where the DNS server responds with the best local information it has.
What is the Time-to-Live (TTL) in a resource record?
The length of time used by DNS servers to cache information before expiring it.
What happens if the TTL is set too short?
Increased utilization of DNS servers and network traffic.
What is the impact of setting the TTL to zero?
Significant impact on DNS server performance due to constant querying for expired data.
What type of updates does Windows Server 2008 support for the DNS database?
Both static and dynamic updates.
What does the DNS Client service architecture illustrate?
Name resolution and update operations.
What does the DNS Server service architecture illustrate?
Administration tools and the Windows Management Instrumentation (WMI) interface.
What does DNS stand for?
Domain Name Service
What is the primary purpose of DNS?
To identify resources on networks
In what year was the Domain Name System introduced?
November 1983
At which OSI layer does DNS operate?
Application layer
What port does DNS use?
53
Which RFCs define the DNS protocol?
- RFC 1034
- RFC 1035
What is the primary function of the Domain Name System?
To translate domain names to numerical IP addresses
What is a DNS name server?
A server that stores the DNS records for a domain
What types of records are commonly stored in the DNS database?
- SOA
- A and AAAA
- MX
- NS
- PTR
- CNAME
What does SOA stand for in DNS records?
Start of Authority
True or False: DNS is intended to be a general-purpose database.
False
What does DNSSEC stand for?
Domain Name System Security Extensions
What protocol did the Domain Name System originally use for transport?
User Datagram Protocol (UDP)
How does the DNS function as a ‘phone book’ for the Internet?
By translating human-friendly hostnames into IP addresses
What is the maximum length of a full domain name in DNS?
253 characters
What is the root zone in the DNS structure?
The top of the domain name hierarchy
What is the LDH rule in domain names?
Labels may only contain letters, digits, and hyphen
What system allows for the use of non-ASCII characters in domain names?
Internationalizing Domain Names in Applications (IDNA)
What is the role of authoritative name servers?
To provide definitive answers to DNS queries
What are the two types of authoritative name servers?
- Primary server
- Secondary server
What is a ‘lame delegation’ in DNS?
When a name server is designated as authoritative for a domain it does not have data for
What is the process called when a DNS resolver queries multiple servers to obtain an answer?
Iterative resolution
What is the purpose of caching in DNS?
To improve efficiency and reduce traffic on root servers
What does the AA bit in DNS responses indicate?
The server is providing authoritative answers
Fill in the blank: The DNS database is conventionally stored in a _______.
zone file
Who developed the first ARPANET directory?
Elizabeth Feinler
What is the function of the WHOIS directory?
To retrieve information about resources, contacts, and entities
What are the top-level domains (TLDs) in DNS?
The right-most labels in domain names, such as .com or .edu
What is the role of the Internet Engineering Task Force in the context of DNS?
To publish specifications for DNS protocols
What does the term ‘zone’ refer to in DNS?
A subdomain under the administrative control of a name server
How many levels can the tree of domain subdivisions have?
Up to 127 levels
What is the role of root name servers in the DNS?
Root name servers are involved in only a relatively small fraction of all requests.
What are recursive and caching name servers used for?
To improve efficiency, reduce DNS traffic, and increase performance in end-user applications.
What is the purpose of DNS cache servers?
They store DNS query results for a period of time determined by the time-to-live (TTL) of the domain name record.
What is a DNS resolver?
The client side of the DNS responsible for initiating and sequencing queries for resource resolution.
Define a non-recursive query.
A query where a DNS resolver queries a DNS server that provides a record without querying other servers.
What is a recursive query?
A query where a DNS resolver queries a single DNS server that may query other servers on behalf of the requester.
What is the difference between iterative and recursive queries?
In iterative queries, each server refers the client to the next server until resolved, while recursive queries are fully resolved by one server.
What are glue records?
Records that provide the IP address of an authoritative name server mentioned in a delegation to break circular dependencies.
How does record caching work in DNS?
It stores results of name resolution locally with a time to live (TTL) to reduce load on DNS servers.
What is a reverse DNS lookup?
A query of the DNS for domain names when the IP address is known.
What is the format for storing IP addresses in reverse lookups for IPv4?
IP addresses are stored in reverse-ordered octet representation in PTR records under in-addr.arpa.
What happens if a DNS resolver does not find a record?
It may cache the negative result based on the TTL of the SOA record.
What is the typical structure of a DNS message?
Each DNS message consists of a header and four sections: question, answer, authority, and additional.
What is the significance of the TTL in DNS records?
TTL indicates how long the information remains valid before needing to be refreshed.
What are some common DNS record types?
- A
- AAAA
- MX
- TXT
What is dynamic DNS (DDNS)?
It updates a DNS server with a client IP address on-the-fly.
True or False: The DNS protocol uses different formats for queries and responses.
False
What is the function of MX records in DNS?
They provide a mapping between a domain and a mail exchanger.
Fill in the blank: A _______ is a combination of the name server and IP address.
glue record
What are authoritative name servers?
Servers that provide DNS records for which they are responsible.
How does a DNS resolver handle requests?
It checks its cache first, then queries designated DNS servers if the answer is not found.
What is the function of the identification field in a DNS message header?
It matches responses with queries.
What is DNSSEC?
A security extension for DNS that adds support for cryptographically signed responses
DNSSEC helps protect against certain types of attacks such as DNS cache poisoning.
What is the purpose of the TYPE field in a Resource Record (RR)?
Indicates the format of the data and its intended use
Examples include A records for IPv4 addresses, NS records for name servers, and MX records for mail servers.
What does the CLASS field in a Resource Record specify?
The class code of the record, typically set to IN for Internet
Other classes include Chaos (CH) and Hesiod (HS).
What are wildcard DNS records?
Records that specify names starting with an asterisk, *, to match multiple subdomains
They generate resource records within a DNS zone by substituting whole labels.
What is the function of the UPDATE DNS opcode?
Used to add or remove resource records dynamically from a zone database
Useful for registering network clients in DNS when they become available.
What transport protocols does DNS use?
User Datagram Protocol (UDP) and Transmission Control Protocol (TCP)
UDP is used for queries, while TCP is used for larger responses and zone transfers.
What is DNS over TLS (DoT)?
An IETF standard for encrypted DNS using TLS to protect the entire connection
DoT servers listen on TCP port 853.
What does DNS over HTTPS (DoH) do?
Tunnels DNS query data over HTTPS, which transports HTTP over TLS
It uses TCP port 443 to appear similar to web traffic.
What are the privacy properties of DNS over QUIC (DoQ)?
Similar to DoT with latency characteristics of classic DNS over UDP
RFC 9250 describes this method.
What is DNSCrypt?
A protocol that introduces DNS encryption on the downstream side of recursive resolvers
Clients encrypt query payloads using servers’ public keys.
What is DNS cache poisoning?
A vulnerability where false data is distributed to caching resolvers
This can redirect legitimate requests to malicious hosts.
What is an IDN homograph attack?
A type of spoofing where visually similar characters can mislead users
For example, paypal.com vs paypa1.com.
What is DNSMessenger?
A cyber attack technique that uses DNS to communicate with malware
It exploits DNS TXT records to send commands to infected systems.
What are the main approaches to counter privacy issues with DNS?
- VPNs
- Tor
- Proxies and public DNS servers
These methods aim to protect user privacy from local ISP surveillance.
Who oversees domain name registration?
The Internet Corporation for Assigned Names and Numbers (ICANN)
ICANN accredits domain name registrars and oversees the name and number systems of the Internet.
What is a registrant in the context of domain names?
A person or organization that requests domain registration
Registrant information is published using the WHOIS protocol.
What is a thick registry approach in domain name registration?
A model where WHOIS data is maintained in central registries
Most Generic top-level domain (gTLD) registries have adopted this approach.
What is the maximum TTL for a Resource Record?
About 68 years (2^31 - 1 seconds)
TTL stands for time-to-live and indicates how long a record is valid.
What does DENIC stand for?
German NIC
DENIC is the central registry for the .de domain in Germany.
What is the thick registry approach?
Keeping WHOIS data in central registries instead of registrar databases
Adopted by most Generic top-level domain (gTLD) registries since about 2001.
Which top-level domains use a thin registry model?
COM and NET
In this model, basic WHOIS data is held by the domain registry.
What basic WHOIS data is held by domain registries like GoDaddy and VeriSign?
Registrar and name servers
This information is part of the thin registry model for COM and NET domains.
What is the role of the Public Interest Registry?
Exclusively manages the ORG domain
ORG domain registrants use this registry specifically.
What are network information centers (NIC)?
Organizations that function as both registries and registrars
They provide access to WHOIS datasets in addition to registering domain names.
What is a registry-registrar model?
A method where the registry manages the domain name database and relationships with registrars
Used by top-level domain registries for COM, NET, and ORG.
In the registry-registrar model, who are the customers of the registrar?
Registrants (users of a domain name)
Sometimes includes additional subcontracting of resellers.
