DNS Flashcards
Define Root Domain
Top level of the DNS namespace hierarchy
Defined by a .
What are the queries a DNS client can make to a DNS server
Recursive
Iterative
Reverse lookup
Examples of Top Level Domains
.com .edu .gov .us .ca .biz .info
What are Second Level Domains
below TLD
limit of 127 subdomains under second level domains
Max length of FQDN
255 char
Define FQDN
Fully qualified domain name
Composed of hostname, an organization’s domain name and the Internet top-level domain name
What are the types of DNS queries
Recursive
Iterative
Reverse Lookup
What are Recursive queries
Name server receiving this query must respond with IP for a name or an error stating data of requested type doesn’t exist or domain name specified doesn’t exist
Name server cannot refer client to another name server. It will send iterative queries out to other names servers until the answer is found or return error if none exists
What is an Iterative query
Name server provides best answer it has whether its the answer or another name server that may know
Clients cannot make iterative queries
What is a DNS Zone
A contiguous portion of a DNS namespace managed by one or more servers
Zones defined by who looks after maintaining the records that they contain
What are Reverse Lookup Queries
client sends IP address to DNS server and it responds with hostname
What domain is used with reverse lookup queries
in-addr.arpa for IPv4
IP6.ARPA for IPv6
How should an IP in a reverse lookup query be written
In reverse
Domain names become more specific right to left while IP address become more specific left to right
What does the ICANN/IANA do
Keep database that contains names of registered domains and DNS servers that server these domains
What is a HOSTS file
Flat database that contains static mappings for IP addresses to domain names
What does a top level domain need from a company to register an Internet domain name
IP of at least two DNS servers that are authoritative for that domain
Why do many organizations limit host names to 15 characters
NetBIOS names are derived from first 15 characters of the hostnmae
What are root servers
The 13 DNS server names in the root domain managed by ICANN
What are the ways to install DNS
Add Roles and Features
Can be installed when installing AD DS
With Powershell
How to install DNS using Powershell
Add-WindowsFeature DNS
How to install DNS and AD DS using powershell
Add-WindowsFeature AD-Domain-Services Import-module ADDSDeployment Install-ADDSDomainController -InstallDns -DomainName "corp.contoso.com "
What is an Authoritative Server
DNS server that is main source of information regarding the IP addresses contained within a zone
What is a zone transfer
Replication between DNS servers
What are the different types of Zones
Primary Secondary Stub Active Directory Integrated GlobalNames
What is a Primary Zone
Master copy of zone data hosted on a DNS server that is the primary source of info for records found in this zone
What is a Master Server
DNS server that is authoritative for a zone and is able to directly update zone data
Hosts the primary zone data
Where is the zone data stored
On the master server in %systemroot%\system32\DNS\zone\name.dns
Stored here only if zone data is not integrated with AD DS
What is a Secondary Zone
Additional copy of the DNS zone data hosted on a DNS server that is a secondary source for this zone information
Used for redundancy and load balancing
What is a Secondary Server
DNS server that hosts the secondary zone
Obtains zone information from the Master server in the corresponding primary zone
DNS server can host multiple zone files that can be a mixture of primary and secondary zones
Secondary zone can act as a master zone for another secondary zone
What is a Stub Zone
Zone that contains only source information about master servers for its zones only
DNS server hosting this zone obtains its information from a primary or secondary server
Purpose of a Stub Zone
Used in parent domain to enable parent to keep up to date with name servers in sub domains and vice versa
Improved name resolution by enabling DNS server to rapidly locate stub zone’s list of name servers without need for querying other servers to locate appropriate DNS server
Simplify administration of DNS by enabling distribution of list of authoritative DNS servers throughout large enterprise network without need for hosting a large number of secondary zones
Which zone is not possible with an Active Directory integrated zone
Secondary Zone
All DCs replicate information to each other and acts as master servers so no secondary zone needed
Is zone transfer needed in an Active Directory integrated zone
No because DNS data is replicated with other AD DS directory partitions between DCs
What happens if a DNS server hosted outside of AD DS fails
No possible to update its data
Unable to promote secondary DNS zone to primary
What are some benefits of using an Active Directory integrated Zone? (3)
Fault tolerant.
Each writable domain controller acts as a master server and enables updates to all zones in which they are authoritative. No separate DNS zone transfer topology needed
Enhanced security, can configure dynamic updates to be secured
What is a GlobalNames Zone
A primary zone used to enable single-lable name resolution
Used to provide backwards compatibility for WINS
What is the minimum requirement for using GlobalNames Zone
DNS server must be 2008 or higher
How do you limit the interfaces which DNS server listens for queries
Go the the Interfaces tab in DNS properties
Select or deselect specific IPs to be enabled on the server
Why would a DNS server use an external forwarder
Reduce its processing load and network bandwidth
Protect internal DNS servers access from unauthorized Internet users
What is a DNS forwarder
Relay DNS request from one server to another when the first server unable to process the request
Steps on how does Forwarding protect internal DNS servers from unauthorized Internet users
- Client request for FQDN on zone where its preferred DNS server no authoritative on (ie. www.google.com)
- Local DNS server receives request but only has zone infor for the internal local domain. It forwards the request to external server (forwarder)
- DNS server finds IP of an external DNS server and forwards the request
- Forwarder attempts to resolve FQDN. If it can’t it forwards request to another forwarder to use iterative query
- When forwarder is able to resolve FQDN, it returns result to the internal DNS server by way of intermediate forwarders which then returns results to a client
How to specify external forwarders
Properties of DNS Server>Forwarders tab
Click edit and then add IP of the forwader
Modify sequence in which forwarders are contacted with up and down command
Powershell command for adding Forwarder
Add-DNSServerForwarder -IPAddress 205.59.247.45
In what order will a DNS Server look to resolve a query
- Primary Zone
- Secondary Zone
- Cache
Why would you want to disable recursion on a DNS server
Allow a DNS server provide resolution services only to other DNS servers because unauthorized users can use recursion to overload a DNS server’s resources to deny services
How to disable Recursion on a DNS server
Go to properties of DNS server and go to advance tab
Make sure recursion tab is unchecked.
Why would you enable to advanced feature ‘Enable BIND secondaries’
DNS servers normally use fast transfer that involves compression during zone transfers. UNIX servers running BIND version under 4.9.4 doesn support this compression
What does the advance feature ‘Fail on load of bad zone data’ do
DNS server will not load zone data that contains certain types of errors. Checks name data using method selected in the Name Checking drop down in the advance tab of server properties
What does enabling the advance DNS feature ‘Enable round robin’ do
Enable round robin for use with multiple records for the same host
What does the DNS advance setting ‘Enable netmask ordering’ do
Prioritizes local subnets so when client queries for for host name mapped to multiple IP addresses, the DNs server preferentially returns IP address located on same subnet as requesting client
What does advance DNS setting ‘Secure cache against pollution’ do
Prevent attackers from DNS spoofing by ignoring resource records for domain names outside the domain to which the query was originally directed
What does the advance DNS setting ‘Enable DNSSEC validation for remote responses’ do
Reduce risk of DNS exploits by using digital signatures to validate DNS repsonses
