Chapter 4: Active Directory Domain Name System Flashcards
What are the best practices for integrating AD with existing DNS?
- It is required to install a DNS role in each domain controller. This way the domain controller does not have to depend on another server to resolve DNS queries. Also, we do not need to move zones or servers.
- Configure each regional domain controller to host the DNS zone related to their own domain. This is also to reduce the dependencies.
- Replicate the zone containing AD forest-wide locator records to all the DNS servers. This helps replication partners to find each other and also to find global catalog servers.
Define “disjoint naming space”
Domain members can end up with two DNS names because of disjointed domain name within a forest
How is “disjoint naming space” prevented?
Configure the forest root domain controller to host AD forest DNS zone
What are considerations when using “disjoint naming space”?
- Even though Windows operating systems support disjoint namespace, we need to confirm if the applications can support disjoint namespace configuration.
- The disjoint namespace suffix should not match another forest or domain name that required a “trust.” This will not work as the routing fails.
- We need to use group policies or DHCP service parameters to set the DNS suffix search order to optimize the name resolution.
- Applications (especially custom-made) must be tested for compatibility issues. Use a lab environment for testing and also if possible confirm with the vendor before the disjoint namespace implementation.
Define a service record
SRV records are used to specify the location of a service inside an infrastructure
Describe a “primary zone”
A read/write container that contains a master copy of the DNS records for a domain
Define the master DNS server
The first server to host the standard primary zone
Where does the primary zone store it records?
In a data file located in the c:\windows\system32\DNS folder
Describe a “secondary zone”
Keeps a read-only copy of a primary zone
Describe a “stub zone”
A read-only copy of a master zone but contains only SOA and NS
records
Describe a “reverse lookup zone”
Holds PTR records
Describe a “conditional forwarder”
Forwards DNS queries to external DNS servers when it can’t resolve them internally
What are the 5 DNS policies introduced in Server 2016/2022?
- Geo-location based DNS routing
- DNS load balancing
- Time-based DNS response
- Split-Brain DNS
- DNS query filtering
Define “Geo-location based DNS routing” or “DNS load balancing”, or “Time-based DNS response”
Load balancing DNS queries to specific location, IP range, or based on time of day
Define “Split-brain DNS”
Maintains two versions of a single zone, one for internal users and one for external users
Define “DNS query filtering”
DNS policies to filter queries based on the client subnet, server interface IP address, transport protocol, internet protocol, FQDN, query type, and time of day
Define “DNS zone transfers”
Process of copying a zone file from a primary DNS server to secondary; Replicate DNS databases across multiple DNS servers
What are the two types of zone transfers?
Asynchronous Full Transfer Zone (AXFR)
Describe “Asynchronous Full Transfer Zone (AXFR)”
When setting up a new zone, the system will replicate a full copy of the zone file from the master server
Describe “Incremental Zone Transfer (IXFR)”
After the initial full zone transfer, the system will only replicate the records that have been modified
Describe “DNS delegation”
A record in a parent zone that lists a name server that is authoritative for the zone in a subdomain; Parent zone DNS indicates to DNS resolvers that it has delegated the authority for a DNS subzone
