Configure DNS zones

Question 1

DNS

Answer 1

Domain Name System

Question 2

DNS Servers AKA

Answer 2

Name Servers

Question 3

Location of hosts file on Windows

Answer 3

Windows\System32\Drivers\etc\hosts

Question 4

Which port does DNS communicate over?

Answer 4

TCP and UDP

port 53

Question 5

FQDN

Answer 5

Fully qualified domain name

describes the exact relationship between a host and its DNS domain. For example, computer1.sales.microsoft.com represents an FQDN; the computer1 host is located in the sales domain, which is located in the Microsoft second-level domain, which is located in the .com top-level domain.

Question 6

root zone

Answer 6

the top of the heirarchical tree of domain names

above the TLDs: .net, .com, .edu etc

Question 7

The DNS tree can be divided into ______, each served by a DNS server.

Answer 7

Zones

Question 8

Each zone can contain one or more ____

Answer 8

Domains

Question 9

Resource Record (RR)

Answer 9

Each node, or leaf, on the DNS tree. Within zones. The domain names or subdomain names or server names of a DNS zone.

Question 10

Top level domains

Answer 10

.com
.org
.edu
.gov
.net

Question 11

.com is intended for

Answer 11

commercial sites

Question 12

.net is intended for

Answer 12

Internet-related sites

Question 13

.org is intended for

Answer 13

organization (nonprofts)

Question 14

.edu is intended for

Answer 14

educational institutions

Question 15

.gov is intended for

Answer 15

US gov. entities

Question 16

Second level domains

Answer 16

Domains registered to individuals or organizations.

Like microsoft.com

Question 17

host

Answer 17

a specific computer or other network device in a domain

example: computer1.domain.com
computer1. sales.domain.com (computer1 on the sales subdomain)

Question 18

DNS client AKA

Answer 18

DNS resolver

This is any machine, PC or server, that attempts to resolve an address with a DNS server.

Question 19

iterative query

Answer 19

When a DNS server does not forward requests (for which is has no answer) To another DNS server. Instead of figures it out by:

1. Contacting the TLD DNS server for the IPs of the DNS server for the address’s TLD
2. Contacts the address’s TLD DNS for DNS of the secondary domain.
3. Contacts the secondary domain’s DNS for the proper address

Question 20

Two types of zones

Answer 20

Primary Zone

Secondary Zone

Question 21

Primary Zone

Answer 21

provides an authoritative, read-write copy of the zone.

Make changes here. They replicate to secondary zones.

Question 22

Secondary Zone

Answer 22

provides an authoritative, read-only copy of the primary zone.

Changes to the primary zone replicate to secondary zone.

this is for a backup DNS server

Question 23

primary name server

Answer 23

a server that hosts records for a primary zone

Question 24

secondary name servers

Answer 24

a server that hosts records for a secondary zone

Question 25

Two types of lookup zones

Answer 25

forward lookup

reverse lookup

Question 26

forward lookup

Answer 26

contains resource records for a domain, mapping domain names to IPs

Question 27

reverse lookup

Answer 27

used to resolved IP addresses from host names

Question 28

Active Directory-integrated zones

Answer 28

Store DNS info in Active directory so that each DC can be a DNS. There is no primary and secondary then. It’s multi-master.

This configuration integrates multiple DNS servers setting them both to read/write, or primary name servers.

This adds redundancy.

Both servers replicate with each other

Question 29

Replication scopes available for AD integrated zones

Answer 29

To all domain controllers

All domain controllers that are DNS servers in local domain

All domain controllers that are DNS servers in the entire forest

Question 30

subdomain

Answer 30

child domain that is part of a parent domain and has the same domain suffix as the parent domain

Question 31

delegated DNS zones

Answer 31

Adding subdomains to your domain, but delegating DNS to another server.

***ONLY PERFORMED WITHIN CONTIGUOUS NAMESPACE **

(Meaning they only happen to subdomains of a second level domain, or subdomains of a subdomain of a second level…etc)

Question 32

stub zone

Answer 32

copy of a zone that contains only necessary resource records (Start of Authority (SOA), Name Server (NS), and Address/Host (A) record) in the master zone and acts as a pointer to the authoritative name server. The stub zone allows the server to forward queries to the name server that is authoritative for the master zone without going up to the root name servers and working its way down to the server.

Question 33

caching-only dns server

Answer 33

A caching-only server does not host any zones and is not authoritative for any domain. Instead, it receives client requests, and as the DNS servers fulfill DNS queries, the server adds the information to its cache.

Question 34

zone transfers

Answer 34

complete or partial transfer of DNS data from a zone on a DNS server to another DNS server.

Question 35

3 types of zone transfers

Answer 35

full transfer
incremental transfer
dns notify

Question 36

full zone transfer (AXFR)

Answer 36

copies the entire zone, is used when you first add a new DNS secondary server for an existing zone. With large zones, AXFRs can be time-consuming and resource-intensive.

Question 37

incremental zone transfer (IXFR)

Answer 37

retrieves only resource records that have changed within a zone.

Question 38

dns notify

Answer 38

DNS Notify method allows the primary DNS server to use a “push” mechanism to notify secondary servers that it has been updated and that the resource records need to be transferred. The DNS is not a mechanism for transferring data. Instead, it is used with AXFR and IXFR to notify a secondary server that new records are available for transfer.

Question 39

First step for every client to authenticate to AD DS

Answer 39

Make a DNS request for the network domain controller

Question 40

Location of the text-based files for every zone hosted on a given DNS server

Answer 40

C:\Windows\System32\DNS

Unless you implement
Active Directory-integrated zones

Question 41

What’s in the AD SysVol?

Answer 41

Logon scripts and GPOs

Question 42

What’s in the AD application database?

Answer 42

Data for Active Directory-integrated zones, among other things.

Question 43

How to integrate AD DNS with the world’s DNS?

Answer 43

Add forwarders.

If your DNS server doesn’t know the answer, your DNS server will make a recursive reuqest to the DNS servers you list as forwarders. That forwarder will make an iterative request.

Question 44

Recursive request

Answer 44

Making a single request and accepting whatever answer it recieves

Question 45

Generic Forwarder

Answer 45

DNS servers listed in your forwarding config for your internal DNS server are who are asked, no matter what the request is.

As opposed to a conditional forwarder.

Question 46

Conditional Forwarder

Answer 46

Set up forwarding to a DNS server for specific AD forest / DNS zones. This is perfect for mergers. Saves you time, if you already know the name server for a particular zone.

Question 47

stub zone versus delegation

Answer 47

delegations are use whenever the namespace is contiguous from parent to child.

corp.com delegates child.corp.com

if corp.com buys sam.com. Sam.com is not contiguous. You can’t delegate. Create a stub zone

Question 48

Stub zone

Answer 48

Contains records for a non-contiguous domain that you also own. Records are:

NS
Host Record
SOA record

Question 49

SOA record

Answer 49

Start of authority record

Sets TTL
Sets serial number

Question 50

TTL

Answer 50

Time to live

Question 51

SOA Serial number

Answer 51

Update sequence numbers

Tracks changes / allows sequencing so DNS servers can tell which records are more recent in the event of a conflict.

Question 52

split tunneling

Answer 52

internet requests don’t go through the VPN.

Question 53

force tunneling

Answer 53

all requests go through the VPN

Question 54

NRPT

Answer 54

Name resolution policy table
Configured via group policy

Tells the client which names (server UNC, domain names) are ‘internet names’ (should go out internet connection) and which are for the non-VPN connection for direct access