Chapter 2

Question 1

Two primary Zones

Answer 1

File based zones and active directory - integrated DNS zones

Question 2

Primary Zone

Answer 2

Only zone type that can be edited or updated. This is bc the data in the zone is the original source of data for all domain in the zone. Updates to primary zone are mady by the DNS server that is authoritative for specific primary zone.

Question 3

AD - Integrated Zone

Answer 3

Saves zone data in the active directory database Advantages are more security and automatic replication of zone data between DNS servers.

Question 4

Secondary zone

Answer 4

Read-only copy of primary zone. To configure a secondary zone, you must know the IP address of the master DNS server. Stub zone AKA secondary zone

Question 5

Stub zone

Answer 5

Special type of secondary zone in which only NS and A records of DNS servers are present. It keeps delegated zone info current, improves name resolution by enabling DNS server to preforms recursion using stub zone lists of name servers, simplifies DNS administration.

Question 6

File base zone types

Answer 6

Primary zone, secondary zone, stub zone have commonalities. All hosted on standalone server without using Active directory and zone data is stored in a local zone file.

Question 7

AXFR

Answer 7

Transfer of the complete zone. Happens only during initial configuration of a secondary DNS server.

Question 8

IXFR

Answer 8

Incremental zone transfer of zone data. Only changes on a primary DNS server are transferred to secondary DNS server.

Question 9

ForestDNSZones

Answer 9

Is a default Active Directory Partition. The msdcs zone saves its zone data by default in the ForestDNSZ one Partition. Any zone data saved in that partition is replicated to all domain controllers in the forest.

Question 10

DomainDNSZones

Answer 10

DomainDNSZones is a default Active Directory partition used to replicate zone data to all domain cotrollers in a domain.

Question 11

Application Directory Partition

Answer 11

Can be used as a custom partition to save DNS data and to replicate this data only to specific domain controllers. Administrator can individually define the name of the partition, replication scope, and enlisted domain controllers.

Question 12

KSK

Answer 12

Signing key. For DNSSEC, this key validates the DNSKEY record. KSK signs the public ZSK key.

Question 13

ZSK

Answer 13

Zone signing key pair. Each zone in DNSSEC has a ZSK, which is the private portion of the key that digitally signs records in the zone.

Question 14

Trust Anchors

Answer 14

Recursive or forwarding DNS server recognizes that the zone supports NSSEC if it has a DNSKEY, also called a trust anchor, for that zone. DNSKEY and KS resource records are also called trust anchors.

Question 15

msdcs zone

Answer 15

Automatically created during the installation of a DNS server. It is reserved for registering records for Microsoft domain controllers.

Question 16

GlobalNames Zone

Answer 16

Use GlobalNames zone if you plan to retire WINS or if you need single-label name resolution

Question 17

Zone transfer

Answer 17

Is the process of transferring zone data from a primary DNS server to one or more secondary DNS server. On a windows server 2016 DNS primary DNS server, zone transfer is disabled by default. Network traffic of zone transfer is not encrypted by default.

Question 18

DNS server transfer policies

Answer 18

DNS server transfer policies are a new possiblility with Windows Server 2016. With these policies, you can specify whether to deny or ignore zone transfers based on different criteria.

Question 19

Zone-level Statistics

Answer 19

Zone-level statistics give DNS server-level statistics to track sage or monitor DNS server performance.

Question 20

Scaveging

Answer 20

Scavenging is a DNS server mechanism to clean up and remove stale resource records based on time stamps..

Question 21

TLSA Record

Answer 21

TLSA DNS resource record (RR) associates a TLS server certificate association

Question 22

Unknown record support

Answer 22

As of windows server 2016, previously unknown resource recored types (such as TLSA records) are supported. Now you can add the unsupported record types into the windows DNS server zones in the binary on-wire Format.

Question 23

DNS Analytical Logging

Answer 23

DNS analytical logs are not enabled by default. They typically affect only DNS server performance at very high DNS query rates.

Question 24

To list all zones on the local DNS server

Answer 24

Use Get-DNSServerZone Powershell

Question 25

To list all info about a foward lookup zone

Answer 25

Use Get-DNSServerZone -Name pearson.com | FL *

Question 26

List all info about reverse lookup zone

Answer 26

Get-DNSServerZone -Name perason.com | FL *