DNS

Question 1

Define Root Domain

Answer 1

Top level of the DNS namespace hierarchy

Defined by a .

Question 2

What are the queries a DNS client can make to a DNS server

Answer 2

Recursive
Iterative
Reverse lookup

Question 3

Examples of Top Level Domains

Answer 3

.com .edu .gov .us .ca .biz .info

Question 4

What are Second Level Domains

Answer 4

below TLD

limit of 127 subdomains under second level domains

Question 5

Max length of FQDN

Answer 5

255 char

Question 6

Define FQDN

Answer 6

Fully qualified domain name

Composed of hostname, an organization’s domain name and the Internet top-level domain name

Question 7

What are the types of DNS queries

Answer 7

Recursive
Iterative
Reverse Lookup

Question 8

What are Recursive queries

Answer 8

Name server receiving this query must respond with IP for a name or an error stating data of requested type doesn’t exist or domain name specified doesn’t exist

Name server cannot refer client to another name server. It will send iterative queries out to other names servers until the answer is found or return error if none exists

Question 9

What is an Iterative query

Answer 9

Name server provides best answer it has whether its the answer or another name server that may know

Clients cannot make iterative queries

Question 10

What is a DNS Zone

Answer 10

A contiguous portion of a DNS namespace managed by one or more servers

Zones defined by who looks after maintaining the records that they contain

Question 11

What are Reverse Lookup Queries

Answer 11

client sends IP address to DNS server and it responds with hostname

Question 12

What domain is used with reverse lookup queries

Answer 12

in-addr.arpa for IPv4

IP6.ARPA for IPv6

Question 13

How should an IP in a reverse lookup query be written

Answer 13

In reverse

Domain names become more specific right to left while IP address become more specific left to right

Question 14

What does the ICANN/IANA do

Answer 14

Keep database that contains names of registered domains and DNS servers that server these domains

Question 15

What is a HOSTS file

Answer 15

Flat database that contains static mappings for IP addresses to domain names

Question 16

What does a top level domain need from a company to register an Internet domain name

Answer 16

IP of at least two DNS servers that are authoritative for that domain

Question 17

Why do many organizations limit host names to 15 characters

Answer 17

NetBIOS names are derived from first 15 characters of the hostnmae

Question 18

What are root servers

Answer 18

The 13 DNS server names in the root domain managed by ICANN

Question 19

What are the ways to install DNS

Answer 19

Add Roles and Features
Can be installed when installing AD DS
With Powershell

Question 20

How to install DNS using Powershell

Answer 20

Add-WindowsFeature DNS

Question 21

How to install DNS and AD DS using powershell

Answer 21

Add-WindowsFeature AD-Domain-Services
Import-module ADDSDeployment
Install-ADDSDomainController -InstallDns -DomainName "corp.contoso.com "

Question 22

What is an Authoritative Server

Answer 22

DNS server that is main source of information regarding the IP addresses contained within a zone

Question 23

What is a zone transfer

Answer 23

Replication between DNS servers

Question 24

What are the different types of Zones

Answer 24

Primary
Secondary
Stub
Active Directory Integrated
GlobalNames

Question 25

What is a Primary Zone

Answer 25

Master copy of zone data hosted on a DNS server that is the primary source of info for records found in this zone

Question 26

What is a Master Server

Answer 26

DNS server that is authoritative for a zone and is able to directly update zone data
Hosts the primary zone data

Question 27

Where is the zone data stored

Answer 27

On the master server in %systemroot%\system32\DNS\zone\name.dns

Stored here only if zone data is not integrated with AD DS

Question 28

What is a Secondary Zone

Answer 28

Additional copy of the DNS zone data hosted on a DNS server that is a secondary source for this zone information

Used for redundancy and load balancing

Question 29

What is a Secondary Server

Answer 29

DNS server that hosts the secondary zone

Obtains zone information from the Master server in the corresponding primary zone

DNS server can host multiple zone files that can be a mixture of primary and secondary zones

Secondary zone can act as a master zone for another secondary zone

Question 30

What is a Stub Zone

Answer 30

Zone that contains only source information about master servers for its zones only

DNS server hosting this zone obtains its information from a primary or secondary server

Question 31

Purpose of a Stub Zone

Answer 31

Used in parent domain to enable parent to keep up to date with name servers in sub domains and vice versa

Improved name resolution by enabling DNS server to rapidly locate stub zone’s list of name servers without need for querying other servers to locate appropriate DNS server

Simplify administration of DNS by enabling distribution of list of authoritative DNS servers throughout large enterprise network without need for hosting a large number of secondary zones

Question 32

Which zone is not possible with an Active Directory integrated zone

Answer 32

Secondary Zone

All DCs replicate information to each other and acts as master servers so no secondary zone needed

Question 33

Is zone transfer needed in an Active Directory integrated zone

Answer 33

No because DNS data is replicated with other AD DS directory partitions between DCs

Question 34

What happens if a DNS server hosted outside of AD DS fails

Answer 34

No possible to update its data

Unable to promote secondary DNS zone to primary

Question 35

What are some benefits of using an Active Directory integrated Zone? (3)

Answer 35

Fault tolerant.

Each writable domain controller acts as a master server and enables updates to all zones in which they are authoritative. No separate DNS zone transfer topology needed

Enhanced security, can configure dynamic updates to be secured

Question 36

What is a GlobalNames Zone

Answer 36

A primary zone used to enable single-lable name resolution

Used to provide backwards compatibility for WINS

Question 37

What is the minimum requirement for using GlobalNames Zone

Answer 37

DNS server must be 2008 or higher

Question 38

How do you limit the interfaces which DNS server listens for queries

Answer 38

Go the the Interfaces tab in DNS properties

Select or deselect specific IPs to be enabled on the server

Question 39

Why would a DNS server use an external forwarder

Answer 39

Reduce its processing load and network bandwidth

Protect internal DNS servers access from unauthorized Internet users

Question 40

What is a DNS forwarder

Answer 40

Relay DNS request from one server to another when the first server unable to process the request

Question 41

Steps on how does Forwarding protect internal DNS servers from unauthorized Internet users

Answer 41

1. Client request for FQDN on zone where its preferred DNS server no authoritative on (ie. www.google.com)
2. Local DNS server receives request but only has zone infor for the internal local domain. It forwards the request to external server (forwarder)
3. DNS server finds IP of an external DNS server and forwards the request
4. Forwarder attempts to resolve FQDN. If it can’t it forwards request to another forwarder to use iterative query
5. When forwarder is able to resolve FQDN, it returns result to the internal DNS server by way of intermediate forwarders which then returns results to a client

Question 42

How to specify external forwarders

Answer 42

Properties of DNS Server>Forwarders tab
Click edit and then add IP of the forwader
Modify sequence in which forwarders are contacted with up and down command

Question 43

Powershell command for adding Forwarder

Answer 43

Add-DNSServerForwarder -IPAddress 205.59.247.45

Question 44

In what order will a DNS Server look to resolve a query

Answer 44

1. Primary Zone
2. Secondary Zone
3. Cache

Question 45

Why would you want to disable recursion on a DNS server

Answer 45

Allow a DNS server provide resolution services only to other DNS servers because unauthorized users can use recursion to overload a DNS server’s resources to deny services

Question 46

How to disable Recursion on a DNS server

Answer 46

Go to properties of DNS server and go to advance tab

Make sure recursion tab is unchecked.

Question 47

Why would you enable to advanced feature ‘Enable BIND secondaries’

Answer 47

DNS servers normally use fast transfer that involves compression during zone transfers. UNIX servers running BIND version under 4.9.4 doesn support this compression

Question 48

What does the advance feature ‘Fail on load of bad zone data’ do

Answer 48

DNS server will not load zone data that contains certain types of errors. Checks name data using method selected in the Name Checking drop down in the advance tab of server properties

Question 49

What does enabling the advance DNS feature ‘Enable round robin’ do

Answer 49

Enable round robin for use with multiple records for the same host

Question 50

What does the DNS advance setting ‘Enable netmask ordering’ do

Answer 50

Prioritizes local subnets so when client queries for for host name mapped to multiple IP addresses, the DNs server preferentially returns IP address located on same subnet as requesting client

Question 51

What does advance DNS setting ‘Secure cache against pollution’ do

Answer 51

Prevent attackers from DNS spoofing by ignoring resource records for domain names outside the domain to which the query was originally directed

Question 52

What does the advance DNS setting ‘Enable DNSSEC validation for remote responses’ do

Answer 52

Reduce risk of DNS exploits by using digital signatures to validate DNS repsonses