Configure DNS zones Flashcards
DNS
Domain Name System
DNS Servers AKA
Name Servers
Location of hosts file on Windows
Windows\System32\Drivers\etc\hosts
Which port does DNS communicate over?
TCP and UDP
port 53
FQDN
Fully qualified domain name
describes the exact relationship between a host and its DNS domain. For example, computer1.sales.microsoft.com represents an FQDN; the computer1 host is located in the sales domain, which is located in the Microsoft second-level domain, which is located in the .com top-level domain.
root zone
the top of the heirarchical tree of domain names
above the TLDs: .net, .com, .edu etc
The DNS tree can be divided into ______, each served by a DNS server.
Zones
Each zone can contain one or more ____
Domains
Resource Record (RR)
Each node, or leaf, on the DNS tree. Within zones. The domain names or subdomain names or server names of a DNS zone.
Top level domains
.com .org .edu .gov .net
.com is intended for
commercial sites
.net is intended for
Internet-related sites
.org is intended for
organization (nonprofts)
.edu is intended for
educational institutions
.gov is intended for
US gov. entities
Second level domains
Domains registered to individuals or organizations.
Like microsoft.com
host
a specific computer or other network device in a domain
example: computer1.domain.com
computer1. sales.domain.com (computer1 on the sales subdomain)
DNS client AKA
DNS resolver
This is any machine, PC or server, that attempts to resolve an address with a DNS server.
iterative query
When a DNS server does not forward requests (for which is has no answer) To another DNS server. Instead of figures it out by:
- Contacting the TLD DNS server for the IPs of the DNS server for the address’s TLD
- Contacts the address’s TLD DNS for DNS of the secondary domain.
- Contacts the secondary domain’s DNS for the proper address
Two types of zones
Primary Zone
Secondary Zone
Primary Zone
provides an authoritative, read-write copy of the zone.
Make changes here. They replicate to secondary zones.
Secondary Zone
provides an authoritative, read-only copy of the primary zone.
Changes to the primary zone replicate to secondary zone.
this is for a backup DNS server
primary name server
a server that hosts records for a primary zone
secondary name servers
a server that hosts records for a secondary zone
Two types of lookup zones
forward lookup
reverse lookup
forward lookup
contains resource records for a domain, mapping domain names to IPs
reverse lookup
used to resolved IP addresses from host names
Active Directory-integrated zones
Store DNS info in Active directory so that each DC can be a DNS. There is no primary and secondary then. It’s multi-master.
This configuration integrates multiple DNS servers setting them both to read/write, or primary name servers.
This adds redundancy.
Both servers replicate with each other
Replication scopes available for AD integrated zones
To all domain controllers
All domain controllers that are DNS servers in local domain
All domain controllers that are DNS servers in the entire forest
subdomain
child domain that is part of a parent domain and has the same domain suffix as the parent domain
delegated DNS zones
Adding subdomains to your domain, but delegating DNS to another server.
***ONLY PERFORMED WITHIN CONTIGUOUS NAMESPACE **
(Meaning they only happen to subdomains of a second level domain, or subdomains of a subdomain of a second level…etc)
stub zone
copy of a zone that contains only necessary resource records (Start of Authority (SOA), Name Server (NS), and Address/Host (A) record) in the master zone and acts as a pointer to the authoritative name server. The stub zone allows the server to forward queries to the name server that is authoritative for the master zone without going up to the root name servers and working its way down to the server.
caching-only dns server
A caching-only server does not host any zones and is not authoritative for any domain. Instead, it receives client requests, and as the DNS servers fulfill DNS queries, the server adds the information to its cache.
zone transfers
complete or partial transfer of DNS data from a zone on a DNS server to another DNS server.
3 types of zone transfers
full transfer
incremental transfer
dns notify
full zone transfer (AXFR)
copies the entire zone, is used when you first add a new DNS secondary server for an existing zone. With large zones, AXFRs can be time-consuming and resource-intensive.
incremental zone transfer (IXFR)
retrieves only resource records that have changed within a zone.
dns notify
DNS Notify method allows the primary DNS server to use a “push” mechanism to notify secondary servers that it has been updated and that the resource records need to be transferred. The DNS is not a mechanism for transferring data. Instead, it is used with AXFR and IXFR to notify a secondary server that new records are available for transfer.
First step for every client to authenticate to AD DS
Make a DNS request for the network domain controller
Location of the text-based files for every zone hosted on a given DNS server
C:\Windows\System32\DNS
Unless you implement
Active Directory-integrated zones
What’s in the AD SysVol?
Logon scripts and GPOs
What’s in the AD application database?
Data for Active Directory-integrated zones, among other things.
How to integrate AD DNS with the world’s DNS?
Add forwarders.
If your DNS server doesn’t know the answer, your DNS server will make a recursive reuqest to the DNS servers you list as forwarders. That forwarder will make an iterative request.
Recursive request
Making a single request and accepting whatever answer it recieves
Generic Forwarder
DNS servers listed in your forwarding config for your internal DNS server are who are asked, no matter what the request is.
As opposed to a conditional forwarder.
Conditional Forwarder
Set up forwarding to a DNS server for specific AD forest / DNS zones. This is perfect for mergers. Saves you time, if you already know the name server for a particular zone.
stub zone versus delegation
delegations are use whenever the namespace is contiguous from parent to child.
corp.com delegates child.corp.com
if corp.com buys sam.com. Sam.com is not contiguous. You can’t delegate. Create a stub zone
Stub zone
Contains records for a non-contiguous domain that you also own. Records are:
NS
Host Record
SOA record
SOA record
Start of authority record
Sets TTL
Sets serial number
TTL
Time to live
SOA Serial number
Update sequence numbers
Tracks changes / allows sequencing so DNS servers can tell which records are more recent in the event of a conflict.
split tunneling
internet requests don’t go through the VPN.
force tunneling
all requests go through the VPN
NRPT
Name resolution policy table
Configured via group policy
Tells the client which names (server UNC, domain names) are ‘internet names’ (should go out internet connection) and which are for the non-VPN connection for direct access
