Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

MCITP 70-640 > DNS > Flashcards

DNS Flashcards

1
Q

DNS Facts

A

The Domain Name System (DNS) is a hierarchical, distributed database that maps logical host names to IP addresses. With DNS, users reference computers using logical hostnames, and those hostnames are translated to IP addresses using DNS. A DNS server is responsible for performing this service on a TCP/IP network. You should know the following facts about DNS:

  • A DNS server holds a database of hostnames and their corresponding IP addresses. Clients query the DNS server to get the IP address of a given host.
  • Prior to using DNS servers, name resolution used a static file, called the HOSTS file, saved on each host computer. The HOSTS file is still used, but is typically only used in the absence of a DNS server.
  • The DNS hierarchy is made up of the following components:
    • . (dot) domain (also called the root domain)
    • Top Level Domains (TLDs) (.com, .edu, .gov)
    • Second-level and additional domains
    • Hosts
  • A fully qualified domain name (FQDN) includes the host name and the name of all domains back to root.
  • DNS is a distributed database because no one server holds all of the DNS information. Instead, multiple servers hold portions of the data.
    • Each division of the database is held in a zone database file.
    • Zones typically contain one or more domains, although additional servers might hold information for child domains.
    • DNS servers hold zone files and process name resolution requests from client systems.
  • A forward lookup uses the host name (or the FQDN) to find the IP address. A reverse lookup uses the IP address to find the host name (or FQDN).
  • Entries for hostnames, IP addresses, and other information in the zone database are stored in records.
    • The A record maps a host name to an IP address and is used for forward lookups.
    • The PTR record maps an IP address to a host name and is used for reverse lookups.
    • The CNAME record provides an alternate name (an alias) for a host.
    • The SRV record identifies a service, such as an Active Directory domain controller.
  • Records in the DNS database are created manually, or dynamically using Dynamic DNS (DDNS). With DDNS, hosts automatically register and update their corresponding records with the DNS server.
  • When a client computer needs to find the IP address for a host name, the following process is used:
  1. The client examines its HOSTS file for the IP address.
  2. If the IP address is not in the HOSTS file, it examines its local DNS cache for the IP address.
  3. If the IP address is not in the cache, the client sends the request to a DNS server.
  • When a DNS server receives a name resolution request from a client, the following process is used:
  1. The DNS server examines its local DNS cache for the IP address. Note: The DNS server cache is not the same as the client cache. A Windows 2008 server has a DNS client cache, but this cache is not used to respond to client requests.
  2. If the IP address is not in the server cache, it checks its HOSTS file.
  3. If the information is not in the HOSTS file, the server checks any zones for which it is authoritative. An authoritative server is a DNS server that has a full, complete copy of all the records for a particular zone.
  4. If the server does not host the zones for the requested information, it uses one of the following processes:
  • If configured for forwarding, the DNS server forwards the name resolution request to another DNS server. The DNS server waits for a response from the other DNS server.
  • If configured for recursion (also called referral), the DNS server queries root domain servers, top-level domain servers, and other DNS servers in an iterative manner until it finds the DNS server that hosts the target domain. For example, to resolve the host name www.microsoft.com:
  1. The server queries a root server for the .com server.
  2. It then queries the .com server for the microsoft.com server.
  3. It then queries the microsoft.com DNS server for the www host information.
  4. After the information is found or received from another server, the DNS server returns the result to the client, and places the information in its server cache.
    * A caching-only DNS server has no zone information; it is not authoritative for any domains. It uses information in its server cache, or forwarding or recursion, to respond to client queries.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

DNS Installation Facts

A

You should know the following facts about DNS installation in Windows Server 2008:

  • To install DNS in Windows Server 2008, you must be a member of the Domain Admins group.
  • You can install DNS on any version of Windows Server 2008 except for the Windows Server 2008 Web Server edition.
  • You must assign the DNS server a static (or fixed) IP address.
  • To install DNS on a server, use Server Manager and add the DNS role. To add the DNS role from a command prompt (or on Server Core), run:start /w ocsetup DNS-Server-Core-Role
  • Run the oclist command to get a list of services (including DNS) installed on a server.
  • Windows secondary servers can transfer data from non-Windows master servers, and vice versa, as long as the BIND versions are compatible. In some cases, Windows adds non-standard records or information to zone databases that make them incompatible with non-Windows DNS servers, especially servers running older versions of DNS.
  • Use the DNS snap-in or the dnscmd command to manage DNS.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Type of Zones

A
  • A forward lookup zone provides hostname-to-IP address resolution. Clients query the DNS server with the hostname, and receive the IP address in return.
  • A reverse lookup zone provides IP address-to-hostname resolution. Clients query the DNS server with the IP address, and receive the hostname in return.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Primary Zone

A

The primary zone is the master copy of a zone database.

  • The primary zone is the only writeable copy of the zone database.
  • Changes to the zone can only be made to the primary zone.
  • The server that holds the primary zone is called a primary server.
  • Each zone can have only a single primary zone server.
  • Zone data is stored in a text file.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Secondary Zone

A

A secondary zone is a read-only copy of the zone database.

  • Changes cannot be made to the records in a secondary zone.
  • A server that holds a secondary zone is called a secondary server.
  • Secondary servers copy zone data from other servers through a process called zone transfer.
  • Secondary servers can copy zone data from the primary server or other secondary servers.
  • Zone data is stored in a text file.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Active Directory-integrated zone

A

An Active Directory-integrated zone holds zone data in Active Directory instead of a text file.

  • Active Directory-integrated zones are multi-master zones, meaning that changes to the zone information can be made by multiple servers. Multiple servers hold read-write copies of the zone data.
  • Only DNS servers that are domain controllers can host Active Directory-integrated zones.
  • Storing zone data in Active Directory provides automatic replication, fault tolerance, and distributed administration of DNS data.
  • Replication of zone data occurs during Active Directory replication and is secured by Kerberos.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Stub Zone

A

A stub zone is a zone with only a partial copy of the zone database.

  • The stub zone only contains information about the name servers that are authoritative for the zone; it does not contain information for other hosts.
  • A stub zone is not authoritative for the zone; its purpose is to identify the name servers that can be contacted for full zone information.
  • The stub zone is dynamic, meaning that it will keep the list of name servers for the zone updated automatically.
  • Use a stub zone to forward name requests based on zones while keeping name server lists updated automatically.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

GlobalNames Zone

A

The GlobalNames zone is a special zone in the DNS database that is used for single-label name resolution. Use the GlobalNames zone to:

  • Allow clients to use simple host names without domain information for name resolution. For example, to contact a server named web1.corp.us.westsim.private, users could simply enter the single-label name web1.
  • Allow DNS clients to contact NetBIOS-only hosts without the need for a WINS server.
  • Allow IPv6-only hosts to contact NetBIOS hosts (IPv6 does not support the use of WINS).

Be aware of the following when using the GlobalNames zone:

  • When users enter a single-label name, the client computer first tries to resolve the name using DNS and the search suffix configuration. If that process fails, the GlobalNames zone is checked (if it exists).
  • Using the GlobalNames zone does not require any changes to client machines.
  • Dynamic updates are not supported on the GlobalNames zone. You must manually create each record in the GlobalNames zone.
  • Use the GlobalNames zone to replace WINS servers on your network only when you have a small number of hosts that do not support DNS. For a large number of NetBIOS-only hosts, or to support dynamic registration of single-label names, continue to use a WINS server.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Zone Configuration Facts

A

Be aware of the following when using Active Directory-integrated zones:

  • Only one server can hold the primary zone file. To place zone data on multiple servers, configure secondary servers.
  • Windows stores standard zone data in the %windir%\System32\Dns directory. The file is a text file with .dns added to the zone name.
  • Use the DNS snap-in or the dnscmd command to manage zones and records.
  • You can also edit the zone database file directly with a text editor. However, after making changes, you must reload the zone data. Using the snap-in or dnscmd prevents errors in the file and automatically reloads the database after each change.
  • You can only manage Active Directory-integrated zones with the DNS console or dnscmd. There is no text file that you can manually edit.
  • Primary and Active Directory-integrated zones support dynamic updates. Use an Active Directory-integrated zone to use secure dynamic updates.
  • Zone information is replicated automatically with Active Directory replication. Zone data is replicated based on the replication scope:

**All domain controllers in this domain DNS zone **

  • data in Active Directory is replicated to all domain controllers, even those not running DNS. Use this option if you need to support Active Directory-integrated zones running on Windows 2000 domain controllers.

All DNS servers in this domain DNS zone

  • data in Active Directory is replicated to all DNS servers that are also domain controllers within the current domain. This is the default DNS zone replication setting for Server 2003 and 2008. It replicates zone data to the DomainDNSZones partition.

All DNS servers in this forest DNS zone

  • data in Active Directory is replicated to all DNS servers that are also domain controllers within the forest. This provides the broadest replication scope because it replicates zone data to the ForestDNSZones partition. Use this option when you have very important records that need to be available throughout the forest.

Application partition Using an application partition, you select the specific domain controllers to which Active Directory-integrated zone data is replicated. To use an application partition:

  1. Create the application partition using ntdsutil or dnscmd.
  2. Add domain controllers to the application partition scope.
  3. Configure the zone to use the configured application partition.

Use an application partition to customize which domain controllers receive the DNS data. For example, you can use this option to prevent DNS zone data from being replicated to a branch office domain controller that uses a slow WAN-link connection to the main office.

*

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Zone Configuration facts Part 2

A

Note: The broader the replication scope, the greater the network traffic created by replication.

  • You can configure a secondary server to replicate from an Active Directory-integrated zone. You cannot use a primary zone and an Active Directory-integrated zone together.
  • Reverse lookup zones hold PTR (pointer) records. The PTR record maps the IP address to an A record.
  • A reverse lookup zone can be a primary zone, a secondary zone, or an Active Directory integrated zone.
  • When you create the reverse lookup zone, you specify whether the zone is an IPv4 or IPv6 zone. The zone name uses the network portion of the IP address as follows:

IPv4 For an IPv4 zone:
Reverse the order of the decimal octets in the network ID.
Append in-addr.arpa to the zone name.
For example, the reverse lookup zone for network 216.222.14.0/24 would be: 14.222.216.in-addr.arpa

IPv6 For an IPv6 zone:
Reverse each hexadecimal number in the prefix, separating each digit with a period.
Append ip6.arpa to the zone name.
For example, the reverse lookup zone for network 1234:5678:ABCD:FF21::/64 becomes: 1.2.f.f.d.c.b.a.8.7.6.5.4.3.2.1.ip6.arpa

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Record Type SOA (Start of Authority)

A

The first record in any DNS database file is the SOA. It defines the general parameters for the DNS zone, and it is assigned to the DNS server hosting the primary copy of a zone. There is only one SOA record, and it is the first record in the zone database file. The SOA record includes parameters such as the authoritative server and the zone file serial number.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Record Type NS (Name Server)

A

The NS resource record identifies all name servers that can perform name resolution for the zone. Typically, there is an entry for the primary server and all secondary servers for the zone (all authoritative DNS servers).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A (host address)

A

The A record maps an IPv4 (32-bit) DNS host name to an IP address. This is the most common resource record type.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AAAA (quad-A) record

A

The AAAA record maps an IPv6 (128-bit) DNS host name to an IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

MX (Mail Exchanger) record

A

The MX record identifies servers that can be used to deliver e-mail.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

CNAME (canonical name) record

A

The CNAME record provides alternate names (or aliases) to hosts that already have a host record. Using a single A record with multiple CNAME records means that when the IP address changes, only the one A record needs to be modified.
Common uses of a CNAME record include:

Adding the alias of www for Web servers. Users typically contact the Web server using a name like www.westsim.com instead of using the actual server name.
Associating a server with the domain name itself. For example, create a CNAME record with a blank name to allow a specific host to be identified with the domain name (such as westsim.com).

17
Q

DNAME (Domain Alias)

A

The DNAME record provides alternate names (or aliases) to domains that already have a host record

18
Q

SRV (service locator)

A

The SRV record is used by Windows Server 2008 to register network services. This allows clients to find services (such as domain controllers) through DNS. Windows 2008 automatically creates these records as needed and during domain controller installation.

19
Q

PTR (pointer) record

A

In a reverse lookup zone, the PTR record maps an IP address to a host name (i.e. “points” to an A record). Where IPv4 PTR records are created in the in-addr.arpa namespace, reverse lookup zones for IPv6 addresses should be created in the ip6.arpa namespace.

(Note: When you manually create an A record, you can choose to create the corresponding PTR record at the same time. Creating the PTR record will fail if the reverse lookup zone does not exist.)

20
Q

WINS and WINS-R resource records

A

Add these records to a zone when you want to allow DNS to use WINS resolution. The WINS resource record allows DNS queries that fail to resolve to be forwarded to the WINS servers in the WINS resource record. The WINS-R resource record allows the resolution of a reverse query that is not resolvable through DNS.

21
Q

Zone Transfer Facts

A

Replication of zone data between primary and secondary zones takes place through zone transfers. You should know the following facts about zone transfers:

  • Each secondary server is pointed to one or more master servers. A master server is the server from which the secondary copies the zone data. The master server can be the primary server or another secondary server.
  • The zone serial number keeps track of changes to the zone. When you make changes to the zone, the serial number is incremented.
  • Zone transfers can copy all records or only changed records:
    • A full zone transfer (AXFR) copies all of the zone data with each zone transfer.
    • A partial (or incremental) zone transfer (IXFR) copies only the changed records. This is the default method on Windows Server 2008.
  • By default, zone transfer in Windows Server 2008 is disabled for security reasons. To use zone transfers, manually enable the feature in the DNS settings in Server Manager.
  • You can restrict the servers to which zone transfers are allowed. There are two ways of doing this:
    • Allow zone transfers only to servers that are listed as name servers.
    • Allow zone transfers only to servers you specifically identify.
  • Zone transfer is always initiated by a secondary server.
    • The secondary server contacts the master server and compares the serial number on the master with the serial number in its copy.
    • If the serial number on the master is greater, the secondary initiates zone transfer.
    • If the serial number is the same (or lower) on the master, no zone transfer takes place.
  • Windows DNS servers support the use of DNS Notify. With DNS Notify, master servers are configured with a list of slave DNS servers.
    • When a change takes place, the master notifies the slave servers that the zone has changed.
    • The secondary server then initiates zone transfer, first checking the serial number, then requesting changes.
    • You can allow notification for all name servers, or only for listed servers.
  • You can improve DNS performance by placing multiple DNS servers on your network. For example, you can place a secondary server on the other side of a WAN link to reduce WAN traffic caused by name resolution. However, zone replication traffic must still cross the WAN link.
  • A caching only server runs DNS but has no zones configured. Use a caching only server to improve performance while eliminating zone transfers.
  • An Active Directory-integrated zone stores DNS information in Active Directory rather than in a zone file. Zone information is copied automatically when Active Directory replicates.
  • If a zone is Active Directory-integrated and has no secondary servers, you can disable zone transfers. Zone data will continue to be replicated through Active Directory.
  • Active Directory replication traffic is automatically secured. To secure zone transfers to secondary servers, use IPsec between servers
22
Q

refresh zone data manually

Using the DNSCMD

A
  • *Reload Dnscmd /ReloadZone** The server reloads zone data from its local copy (it reads the data back in from the zone file on the hard disk).
  • *Transfer from Master Dnscmd /Refresh** Initiates a normal zone transfer. The DNS server compares its version number with the version of the zone master. If the version numbers are the same, no zone transfer takes place.
  • *Reload from Master N/A** The DNS server dumps its copy of the data and reloads the entire data from the master server.
23
Q

Fowarders Facts

A

A forwarder is a DNS server that can be used by another DNS server to resolve queries for records that cannot be resolved through the cache, Hosts file, or from zones hosted on the DNS server. For example, if a DNS server hosts the westsim.com and eastsim.com domains, but receives a query for a host in the northsim.com domain, the DNS server can forward that request to one of the servers configured on its Forwarders list.

When using forwarders, the server sends requests for all non-authoritative zones to the listed server(s).

24
Q

methods to control the server’s use of forwarders

A
  • *Secondary zone** Because a DNS server uses authoritative zones to respond to queries before it uses forwarders, you can eliminate the need for a forwarder for a specific zone by adding a secondary zone to the server. However, using a secondary zone means that the server must perform zone transfers of all records in the zone. In some cases, you might not want to add more zones to the server, or do not want the extra traffic caused by zone transfers.
  • *Stub zone** A stub zone is a zone with only a partial copy of the zone database. The stub zone holds only the following records:
  • The SOA record for the zone.
  • NS records for all authoritative DNS servers for the zone (primary and secondary).
  • A records (also called glue records) for authoritative name servers identified in the NS records.

Keep in mind the following when using stub zones:

  • A stub zone is not authoritative for the zone; its purpose is to identify the name servers that can be contacted for full zone information.
  • The stub zone is dynamic, meaning that it will keep its records synchronized with the master zone database.
  • Zone transfer traffic is limited in that only the SOA, NS, and glue A records must be kept up-to-date.
  • Use a stub zone to forward name requests based on zones while keeping name server lists updated automatically.

Conditional forwarder A conditional forwarder is a forwarder that is used for a specific domain. While forwarders are used for all unresolvable queries, a conditional forwarder is used only for unknown hosts within a specified domain.

  • A conditional forwarder is used before a regular forwarder. In other words, if a query matches the domain identified by a conditional forwarder, the query is sent to the conditional forwarder DNS server. If the query does not match any conditional forwarder, the regular Forwarders list is used instead.
  • Conditional forwarder configuration is static. You manually identify the DNS server to which queries for that domain are forwarded. If the DNS server changes, you must manually update the conditional forwarder list.
  • For non-domain controllers, conditional forwarders must be configured on each DNS server. For domain controllers that are DNS servers, you can store the list of domains and forwarders in Active Directory. Configure the replication scope to identify to which domain controllers the list is replicated.
  • Use a conditional forwarder to eliminate all zone transfer traffic, or in conditions where you are not allowed to transfer data from a zone (for example when zone transfers are disabled on the master zone, or when the zone is outside of your administrative control).

Disable recursion Recursion is the process by which a DNS server or host uses root name servers and subsequent servers to perform name resolution. Many DNS servers perform recursion. Most client computers do not perform recursion, rather they submit a DNS request to the DNS server and wait for a complete response.
You can disable recursion in the DNS Manager by editing the server properties. On the Advanced tab, select the Disable recursion (also disables forwarders) check box. As the setting indicates, with recursion disabled the server will not use forwarders.

25
Q

Zone Delegation Facts

A

Zone delegation allows you to divide your DNS namespace into separate zones. You may decide to do this for the following reasons:

  • Ease the administrative burden by giving management responsibilities to another location or department.
  • Distribute DNS traffic over various servers, improving name resolution and fault tolerance at the same time.
  • Extend the namespace by adding subdomains.

To delegate a zone:

  • On the DNS server that holds the parent zone, create a new delegation. The delegation identifies the name of the subdomain, and contains the NS and A records for the DNS server that is authoritative for the zone.
  • On the DNS server that will hold the child domain, create a new primary or Active Directory-integrated zone. In addition, you would typically configure the DNS server with the delegated zone with a secondary zone, forwarder, or conditional forwarder for the parent zone.
26
Q

GlobalNames Zone Configuration Facts

A

The GlobalNames zone is a special zone in the DNS database that is used for single-label name resolution. Use the GlobalNames zone to:

  • Allow clients to use simple host names without domain information for name resolution. For example, to contact a server named web1.corp.us.westsim.private, users could simply enter the single-label name web1.
  • Allow DNS clients to contact NetBIOS-only hosts without the need for a WINS server.
  • Allow IPv6-only hosts to contact NetBIOS hosts (IPv6 does not support the use of WINS).
  • Replace WINS servers on your network when you have a small number of hosts that do not support DNS. For a large number of NetBIOS-only hosts, or to support dynamic registration of single-label names, continue to use a WINS server.

Be aware of the following when managing the GlobalNames zone:

  • If you use the GlobalNames zone, all authoritative DNS servers must run Windows Server 2008. Servers that are not authoritative can run any operating system.
  • To configure the GlobalNames zone:
  1. Delete any zones that are currently named GlobalNames.
  2. Run the dnscmd <servername> /config /enableglobalnamessupport 1 command to enable support for GlobalNames zones. You must run this command on every server that hosts a GlobalNames zone.
  3. Create a zone on the DNS server named GlobalNames.
  4. Create CNAME records in the GlobalNames zone that point to A records in other zones. Note: Dynamic updates are not supported on the GlobalNames zone. You must manually create each record in the GlobalNames zone.
  • Microsoft recommends that the GlobalNames zone be an Active Directory-integrated zone.
  • Within the GlobalNames zone, all names must be globally unique (throughout the entire organization). The GlobalNames zone has a forest-wide replication scope to ensure that single-label names are unique across the forest.
  • You can extend the GlobalNames zone to multiple forests by using the SRV (service locator) resource record to publish the location of the GlobalNames zone. Active Directory-integration is required when deploying the GlobalNames zone across forests.
  • Using the GlobalNames zone does not require any changes to client machines.
27
Q

Root Hint Facts

A

Root hints are pointers to top level DNS servers on the Internet.

  • The Cache.dns file holds the 13 root hint addresses for the Internet root servers. The Cache.dns file can be found in two locations:
    • %SystemRoot%\system32\dns\Cache.dns (the copy in use)
    • %SystemRoot%\system32\dns\backup\Cache.dns (the copy reserved in the backup location)
  • The Cache.dns file normally lists the NS (name server) and A (host name) records for the Internet root servers. You can change this file to list the records for your own internal root DNS servers if you are using DNS on a private network.
  • You can configure root hints through the properties of a DNS server or by configuring the DNS server’s Cache.dns file. If the server is configured to load data from Active Directory, you must configure root hints using the DNS snap-in because the local Cache.dns is not used (the root hints data is stored in Active Directory).
  • The root zone is at the top of the DNS hierarchy, and is named . (dot).
  • If you have a root zone configured on a DNS server, the server will act as a root zone server. A DNS server configured as a root zone server will never use the root hints file (Cache.dns). It considers itself authoritative. Consequently, the server won’t access the Internet to forward DNS queries.
  • If you want the DNS server to access the Internet, delete the root zone in the DNS console.
28
Q

DNS Round Robin Facts

A

Round robin is a local balancing mechanism used by DNS servers to share and distribute network resource loads. To configure DNS round robin, do the following:

  • On the DNS server, edit the server properties and enable the Enable round robin option on the Advanced tab (this setting is enabled by default).
  • Configure two (or more) servers, each with a different IP address.
  • On the DNS server, create A records that map the same DNS name to each of the different server IP addresses. This allows the DNS server to respond to clients by sending them to any one of the machines while leaving the appearance that a single machine is responding to all clients.
  • Note: Round robin is a static method for load balancing. If one of the servers in the round robin configuration fails, DNS still sends requests to that failed server.
29
Q

Application Directory Partitions Facts

A

An application directory partition is a portion of the directory namespace that is replicated only to specific domain controllers. You should know the following facts about application directory partitions:

  • Application directory partitions can be targeted to replicate to specific domain controllers, which limits and controls the scope of replication, allowing you to control domain replication traffic.
  • Directory partitions can reduce calls to global catalog servers.
  • Applications that require application directory partitions generally create the appropriate partitions themselves. However, members of the Domain Admins or Enterprise Admins group can manually create and manage application directory partitions.
  • To use an application directory partition, use the following process:
  1. Create the application directory partition. For example, you can use one of the following tools:
    dnscmd /CreateDirectoryPartition
    ntdsutil with the create nc command
  2. Enlist domain controllers in the partition. This stores a copy of the partition data on the domain controller. Use dnscmd /EnlistDirectoryPartition to add the server to the directory partition. Note: When you create the partition, the server you use to create the partition automatically hosts the partition. Use this command to add extra domain controllers.

Configure the application to use the directory partition. For example, on a DNS server, you can select the replication scope for the zone to replicate only within the specified partition.

30
Q

Background zone loading (DNS Features)

A

A DNS server with large Active Directory-integrated zones can take a long time to retrieve data from the directory service during startup. While the DNS server is starting, it is unable to respond to queries until the zones are fully loaded. DNS servers running Windows Server 2008 mitigate this problem by implementing background zone loading, in which the DNS server loads zone data from AD DS (Active Directory Domain Services) in the background while the server restarts.
Background zone loading allows the DNS server to respond to queries while loading zone data. This can occur because zone loading is done by separate threads. If a request comes in for an unloaded node, the DNS server responds by finding and updating that node’s data. As the DNS server starts, it does the following:

  • Enumerates the zones that it needs to load.
  • Loads root hints (either from files or AD DS storage).
  • Loads zones stored in files (rather than in AD DS).
  • Responds to DNS queries and RPCs (Remote Procedure Calls).
  • Starts threads to load zones from AD DS.
31
Q

Read-only Domain Controller (RODC) (DNS Feature)

A

A Read-Only Domain Controller (RODC) is an additional domain controller for a domain that hosts read-only partitions of the Active Directory database. This replica is optimal for deployment in:

  • Perimeter networks.
  • Any location in which a domain controller is deployed primarily to support an application that requires directory access.
  • Branch locations in organizations that have:
    • Low-level security facilities for storing data related to the domain controller.
    • Few users.
    • Poor physical security.
    • Relatively poor network bandwidth to a hubsite.
    • Little local IT knowledge.
  • Scenarios where local storage of all domain passwords is considered a primary threat, such as in an application-facing role or in an extranet.
32
Q

IPv6 (Dns Feature)

A

DNS Support Windows Server 2008 provides support for IPv6 and the AAAA host resource records.

33
Q

Domain controller search (DC Locator) (Dns feature)

A

Windows Vista and Server 2008 are optimized to search for domain controllers, even when logged on. This allows them to create a better connection should the opportunity arise.

34
Q

Link-Local Multicast Name Resolution (LLMNR) (Dns Feature)

A

LLMNR is a name resolution protocol that provides peer-to-peer name resolution when DNS is unavailable. LLMNR uses multicast messages (also known as multicast DNS) to create client connections. LLMNR is also supported on Windows Vista and Server 2008 and is enabled by default. It can be disabled by adding a registry setting to each client.
You can use LLMNR to create ad hoc networks, or to find hosts on the local subnet without the use of a DNS server. LLMNR replaces the NetBIOS broadcast capabilities, but requires LLMNR-capable hosts.

35
Q

GlobalNames Zone (Dns feature)

A

The GlobalNames zone is a special zone in the DNS database that is used for single-label name resolution. Use the GlobalNames zone to:

  • Allow clients to use simple host names without domain information for name resolution. For example, to contact a server named web1.corp.us.westsim.private, users could simply enter the single-label name web1.
  • Allow DNS clients to contact NetBIOS-only hosts without the need for a WINS server.
  • Allow IPv6-only hosts to contact NetBIOS hosts (IPv6 does not support the use of WINS).
36
Q

Aging and Scavenging Facts

A

Dynamic updating can cause your zones to become overloaded with unnecessary resource records. If a computer disconnects improperly from the network (as is often the case when you allow mobile users and computers on your network), the host (A) resource record it registered may not be removed. It is for reasons such as this that DNS records have a Time to Live (TTL) value. When a record exceeds its TTL, it becomes stale. Large numbers of stale records can cause long zone transfers and name resolution problems. Stale records can also degrade DNS server performance. A stale record may also prevent a computer from using a DNS domain name.

Scavenging is controlled through a combination of DNS server and zone properties.

Note: Scavenging is only configured on primary zones. After you enable scavenging on a zone, the zone file cannot be used on another DNS server.

Be aware of the following when configuring scavenging:

  • Each DNS record has a default refresh setting. The record will attempt to refresh itself based on this interval. The default for an A record is 7 days.
  • The no-refresh interval for the zone should be set with a value that is equal to (or less than) the longest record refresh interval.
  • The refresh interval for the zone should be set to a value that is longer than the longest record refresh interval. If not, some records might be deleted before the record attempts to refresh itself.
  • The difference between zone scavenging and server scavenging is that zone scavenging is applied to a single zone where server scavenging is applied to an entire server.
37
Q

Zone properties On the zone (Scavenging)

A

enable scavenging and configure the following settings:

  • The no-refresh interval is the time between the record’s last refresh and when it can next be refreshed. By default, this setting is 7 days. This means that for seven days, DNS ignores a record’s attempt to re-register itself, keeping replication to a minimum. During this period of time, a record is considered valid and cannot be refreshed.
  • The refresh interval identifies a period of time when a record can be refreshed. The refresh interval begins when the no-refresh interval ends. During the refresh interval, a record can be refreshed and is not considered stale until this interval of time expires. A resource record is not scavenged until the refresh interval expires. The default refresh interval is 7 days.

You can configure zone scavenging settings for all zones by right-clicking the server and selecting Set Aging/Scavenging for all zones.

38
Q

DNS server properties

A

Scavenging must be initiated to actually remove any records that have not been refreshed since the refresh interval has expired. To initiate scavenging:

  • Manually initiate it by right-clicking the server and selecting Scavenge Stale Resource Records.
  • Enable automatic scavenging by editing the server properties. On the Advanced tab, select Enable automatic scavenging of stale records. The default is for scavenging to run once a day.
39
Q

Debug Logging Facts

A

Debug logging allows you to log the packets sent and received by a DNS server. Debug logging is disabled by default, and because it is resource intensive, you should only activate it temporarily when you need more specific detailed information about server performance.

To configure debug logging, use the Debug Logging tab in the DNS server properties dialog.

Packet direction This option allows you to log packets that are either sent or received or both using two options:

  • Use the Outgoing setting to log packets sent.
  • Use the Incoming setting to log packets received.

Packet contents This option allows you to log packets based on their contents. You have the following options:

  • Use the Queries/Transfers setting to log packets that contain standard query or transfer data.
  • Use the Updates setting to log packets that contain dynamic updates.
  • Use the Notifications setting to log packets that contain notifications.
  • *Transport protocol** This option allows you to log packets based on the protocol used to transport the packet. You can select UDP or TCP or both.
  • *Packet type** This option allows you to log packets that are either Response packets (characterized by a QR bit set to 0 in the DNS message header) or Request packets (characterized by a QR bit set to 1 in the DNS message header).

Other options This option has the following settings:

  • Use the Details setting to log the packet contents in addition to the summary information.
  • Use the Filter packets by IP address to log packets sent from a specific IP address, or packets sent to a specific IP address.

File path and name This option allows you to specify the log file name and location. For example:

  • The file name dns.log saves the log file as systemroot\System32\DNS\dns.log.
  • The path temp\dns.log saves the log file as systemroot\temp\dns.log.

Maximum size (bytes) This option allows you to specify the maximum size you wish the log file to reach. When the log file reaches its maximum size, the DNS server overwrites the oldest packet information with new packet information. If you do not specify a log size, the log file can take up large amounts of disk space.

MCITP 70-640 (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions