2008 R2 ADS Vocabulary - Session 2 Flashcards
DNS is a network service
which is used to resolve computer names to Internet Protocol (IP) addresses
The DNS server stores DNS records in the form of
of a distributed database
The DNS server receives queries that contain system names
, and resolves these queries to IP addresses using a process known as name resolution.
In Windows Server networks, the DNS server service can be integrated with
AD DS role.
, DNS data is stored in and replicated through the
Active Directory (AD), providing AD DS with a mechanism to easily locate domain controllers and ensuring secure multi-master replication of zone data.
When a Windows-based Dynamic Host Configuration Protocol (DHCP) service is implemented in the network, it automatically
directs all DHCP clients and servers to register their names and corresponding IP addresses with the DNS server.
(DHCP)
Dynamic Host Configuration Protocol
A DNS zone represents
one or more contiguous DNS domains of the DNS namespace. It is used to delegate authority and to facilitate the administration of data associated with a namespace.
A server known as the (DNS) authoritative server is used to
store all the information relating to a particular zone. The same DNS server can be authoritative for a number of DNS zones.
The procedure for transferring data from an authoritative server to a secondary server is known as
a zone transfer.
Windows Server 2008 R2 supports the following types of DNS zones
- Primary zone
- Secondary zone
- AD integrated zones
- Stub zone
New features of the DNS server in Windows Server 2008 R2 include support for the following:
- The DNAME Resource Record
- Read-Only Domain Controllers (RODC5)
- Use of Internet Protocol version 6 (IPv6)
- The GlobalNames Zone
Other key features of the Windows Server 2008 R2 DNS server are as follows:
- Integration with Microsoft Networking Services such as WINS, AD DS, and DHCP
- RFC-Compliant Dynamic Updates (clients add their own records to DNS)
- DNS zones that are integrated with AD DS support secure dynamic updates
- Global Query Block List
Advanced DNS Features
Forwarding
Root hints
Server scavenging
Forwarding (DNS)
• The DNS server first tries to resolve a DNS client’s query using the data available in the local network. If no such data exists locally,
, the server forwards the query to a DNS server in an external network. You can configure a DNS server to forward all the queries it receives from client machines, instead of performing the name resolution itself.
• Forwarders are responsible for handling all the
External traffic in a network because they forward all queries that need to be resolved to external DNS servers
All the DNS servers in a network forward unresolved queries
to forwarders.
• Conditional forwarders are forwarders configured
to forward queries for specific domain names to external DNS servers. You use conditional forwarders to resolve queries between two organizations.
Root hints
are queries that enable a server to respond to requests from servers of unknown domains or domains higher than the server that receives the request.
• A DNS server used as a forwarder is automatically located by other servers in the local network. However, you need to use root hints
to resolve the names of external DNS servers through the Internet root servers.
• A file named—————- implements root hints for the DNS server service.
Cache.dns
Cache.dns is stored on the server
in the following location:%
systemroot%\System32\Dns.
The DNS and resource records for the host are also a part of the
Cache.dns file
• In a private network, you can use records that are similar to the Cache.dns file to point to
to internal root DNS servers.
Server scavenging
• In Windows Server 2008 R2, the server scavenging feature is used to
to remove old records from the zone data on a DNS server.
Scavenging removes stale records (records that have exceeded their refresh periods) from the zone data.
• The DNS server stamps all records with the date and time at which they are added, and uses a process known as aging to determine whether a record exceeds the refresh time period specified for it.
• You can configure server settings to periodically repeat scavenging to
free the zones from stale data
A DNS lookup is a process for
converting the IP address of a computer into its host domain name, and vice versa
A forward lookup zone is used to
to resolve domain names to their IP addresses.
A reverse lookup zone is used to
to identify the domain name corresponding to an IP address.
In a reverse lookup query,
a client sends a request to a DNS server for a pointer (PTR) resource record that corresponds to the IP address of a host.
• You can add a forward lookup zone using
the DNS Manager or the dnscmd command-line utility.
• You can add a reverse lookup zone using the
DNS Manager or the dnscmd command-line utility
• During the creation of either of these zones, you also specify whether
the zone is AD integrated and its replication scope.
If the zone is AD integrated then you can also
configure secure dynamic updates.
Forwarders and Root Hints
You can reduce the workload on a DNS server by configuring it to answer requests related to local hosts and to forward requests for external domain names to an external DNS server. A DNS server that forwards queries for external resolution is known as a forwarder.
Two types of queries are processed by DNS forwarding servers
- Recursive Queries
* Iterative Queries
• Recursive Queries
are sent by the DNS client to the DNS server. In a recursive query, either the DNS client receives an error message such as “sorry, name not found” or it receives an exact answer for the IP address that it sends to the DNS server. If the DNS server is able to resolve the client query, it sends the resolved IP address to the client. If it cannot resolve a recursive query, it changes the recursive query to an iterative query by searching its list of forwarders and sending iterative queries to each of them.
• Iterative Queries are queries
where the DNS server is asked either to resolve a query or to make a best guess referral to a DNS server that may be able to resolve it.
Conditional forwarding means
the DNS server forwards queries to different forwarders according to the specific domain names that must be resolved.
When the DNS server receives a query, it first
searches its zone data and cache to resolve the query. If the search does not yield any result, the DNS server compares the domain name in the query with its list of domain name conditions:
If the search does not yield any result, the DNS server compares the domain name in the query with its list of domain name conditions:
- If it finds a matching condition, the query is forwarded to the IP address of the forwarder corresponding to the domain name.
- If no matching condition is found, the DNS server attempts to resolve the query using standard recursion.
- Root hints are used by a DNS server to resolve queries if forwarders are unavailable to it. In some DNS environments, root hints are used in place of forwarders. The difference is that a DNS server using forwarding will request recursion, whereas a DNS server using root hints will attempt to resolve a query recursively itself.
Configuring Root Hints
on a DNS server, first open the DNS Manager and then select the root hints tab in server properties. This tab allows you to add a new root hint, remove a root hint, edit an existing root hint, or copy root hints from another server.
Server Aging and Scavenging
Unmanaged decayed resource records can result in problems such as the following:
• Unnecessarily long zone transfers
• Degradation of the performance and response time of the DNS server
• Possible IP conflicts
Configure aging and scavenging for a DNS server using the
DNS Manager console or the command line.
Aging and scavenging are disabled by
default
To use the aging and scavenging features,
enable the operations on the zone, at the DNS server, or manually by individual record.
The scavenging and aging operations use the
the timestamps on resource records to determine when the records must be removed.
A DNS server sets the data time value to start scavenging on a per zone basis when
- Users enable dynamic updates for the zone
- A primary zone that is enabled to use scavenging is loaded by a DNS server
- A DNS server starts
- A zone resumes its service after it has been paused
- The administrator manually activates the Scavenge stale resource records function
When setting aging and scavenging properties, you need to specify the
duration for which the server must not refresh its records. This prevents unnecessary updates to existing records, thereby reducing replication traffic.
You also need to set the refresh interval at which the server must refresh its records. The refresh interval is the (DNS Scavenging)
period needed between when a no-refresh interval expires and when a record is considered stale.
Configuring Zone Delegation
Zone delegation involves
delegating authority for a particular subdomain to a different zone, either on the same DNS server or on another DNS server. It is what enables you to divide a DNS server into one or more zones. New zones can be distributed and replicated on other DNS servers to meet the requirements of an organization.
In addition, zone delegation helps
distribute the load of traffic among various servers, improves DNS name resolution performance, and creates a fault tolerant environment.
Zone delegation is configured using the
DNS Manager console.
Round Robin and Recursion
Using the DNS Round Robin technique, a DNS server
rotates the DNS records for each incoming DNS request so that successive visitors are directed to different web servers. This option is enabled by default in Windows Server 2008 R2.
Although Round Robin DNS is easy to implement, it has some drawbacks:
- It does not offer any failover functionality
- It does not control the order in which connections are rotated
- Attackers may exploit the process of DNS recursion to damage a network using an amplifier attack
CONFIGURE ZONES
A zone is a
contiguous portion of a domain of the DNS namespace
There are three types of zones:
primary, secondary, and stub.
The DDNS is an important part of the AD because the domain controller of the AD
registers its service location resource records, which are used to locate AD domain controllers, in DNS to enable other computers in a forest or a domain to search for these records.
Dynamic Domain Name System
(DDNS)