Server Admin I Unit 5 DNS

Question 1

single-label name

Answer 1

network ID that doesn’t use prefixes or suffixes; commonly the host name

Question 2

HOSTS File

Answer 2

static file on each Windows based client that is used for DNS name resolution

Question 3

When to use HOSTS file (4)

Answer 3

• provide single-label name resolution
• map a hostname to an IP address that is different from the one provided by DNS server.
• provide name resolution outside of local subnet without DNS server

Question 4

Cons to using HOSTS

Answer 4

• requires configuration on each host; impractical outside of small setups
• query will not be sent to DNS server if mapping is in HOSTS file

Question 5

Link-Local Multicast Name Resolution

Answer 5

LLMNR

Allows clients to find hosts on local suben without DNS or broadcasts

Windows Server 2008 and Vista

Question 6

What kind of name resolution does LLMNR enable (2)

Answer 6

• hostname to IP address

- IP address to hostname

Question 7

Where does LLMNR operate on the network

Answer 7

Link local only (local subnet)

Question 8

When is LLMNR used as a default

Answer 8

When DNS name resolution fails

Question 9

DNS Suffix Search List

Answer 9

used to locate computers with single label names in a domain other than the one your computer is in.

Question 10

Where can DNS Suffix Search List be changed. (2)

Answer 10

• Net Adapter properties

- Best changed in DNS Suffix List using Group Policy

Question 11

DNS Devolution

Answer 11

Active Directory behavior which allows a client computer from a child namespace to access resources in the parent namespace without the need for a fully qualified domain name (FQDN)

Question 12

How does devolution work

Answer 12

tries to append the parent DNS name as it goes up tree until resolved or until the devolution level is hit

Question 13

devolution level

Answer 13

specifies the # of labels or size of the parent domain where devolution will stop

ex: westsim.com ( 2 labels) corp.westsim.com (3) labels

Question 14

Global Names Zone

Answer 14

Zone in DNS db use for single-label name resolution within a domain

Question 15

When is Global Names Zone used (3)

Answer 15

• allow clients to use simple host names without domain information for name resolution
• allow DNS clients to contact NetBIOS (only hosts without need for a WINS server)
• allow IPv6 only hosts to contact NetBIOS (IPv6 does not support WINS)

Question 16

New Server 2012 traffic reduction functionalities(2)

Answer 16

• LLMNR outbound queries not sent to mobile broadband & VPN devices
• NetBIOS outbound queries not sent to mobile broadband interfaces

Question 17

New Server 2012 response time reduction functionalties (2)

Answer 17

• LLMNR & NetBIOS queries sent at same time & optimized for IPv4/6 queries
• LLMNR & NetBIOS queries are sent at same time as DNS queries when a network interface is hijacking DNS names

Question 18

Domain Name System

Answer 18

DNS

Server is usually used in place of system.

hierarchical distributed db used to translate hostnames to IP address and vice verse

Question 19

Fully Qualified Domain Name

Answer 19

FQDN

includes hostname and all domains back to root.

Question 20

root domain (2)

Answer 20

the originating domain in a network indicated by a . (dot) at the end of the FQDN

normally not shown in FQDN

Question 21

top-level domains

Answer 21

• domain that directly precedes the root domain

- .com, .edu, .gov all are tld examples

Question 22

second-level domains

Answer 22

• domain that directly precedes the top-level domain

Question 23

sub level domains

Answer 23

• also called subdomains

- additional domains that directly precede second level or other sub level domains

Question 24

forward lookup

Answer 24

hostname/FQDN to IP address resolution

Question 25

reverse lookup

Answer 25

IP address to hostname/FQDN address resolution

Question 26

authoritative server

Answer 26

DNS server with full complete copy of database for a particular zone

Question 27

referral

Answer 27

process by which DNS servers querie one another to solve DNS requests

Question 28

recursion

Answer 28

process a DNS server or host uses root name servers & subsequent servers to perform name resolution

Question 29

iterative

Answer 29

DNS server requests information from other DNS servers & maintains responsibility for resolution

Question 30

delegation

Answer 30

DNS server hands responsibility for request to another DNS server

Question 31

Location of HOSTS file

Answer 31

c:\windows\system32\drivers\etc

Question 32

What to do when a entry cannot be removed from DNS cache.

Answer 32

Check to see if entry is listed in HOSTS file; will not erase as long as it exists in HOSTS

Question 33

Client Side DNS Name Resolution (3)

Answer 33

1. Entries in the HOSTS file are preloaded into cache.
2. Client examines its local DNS cache for IP address
3. If IP address is not in cache, client sends a DNS request to DNS server

Question 34

Server Side DNS Name Resolution (6)

Answer 34

1. DNS name resolution request is received by DNS server.
2. DNS server checks its local cache for IP address
3. If name is not resolved & server is authoritative , DNS server responds using information in zone hosted on its server. Forwards if configured for forwarding or conditional forwarding.
4. If DNS server cannot forward or if forwarding fails; server uses its root hints file (aka cache.dns)
5. Root DNS server responds with address of TLD or other DNS server.
6. DNS server forwards request to higher level DNS server which can respond with variety of IP addresses

Question 35

root hints

Answer 35

• aka cache.dns
• list of known root DNS servers
• www.Root-Servers.org
• forwarding overrules root hints

Question 36

Reverse Lookup Zones

Answer 36

IPs to FQDNs/hostnames

• writes IPs in reverse.
  
  • 192.168.1.1 &raquo_space;»» 1.168.192 in-addr.arpa

Question 37

Primary Zone (4)

Answer 37

• Zone which contains master copy of zone database
• Read/Write zone
• Each zone can have only one primary.
• Permission to have a copy of a zone should be set in primary zone

Question 38

Secondary Zone (3)

Answer 38

• Read only copy of zone db
• zone transfers based on serial # of SOA record.
• zone transfers are always intiated by secondary zone, but can be requested by primary

Question 39

Start of Authority

Answer 39

• SOA record
• 1st record created for a zone.
• identifies the zone and primary server for zone
• SOA serial is incremented counter ; increments whenever a change is made to SOA
• Includes email address of adminstrator responsible for DNS domain

Question 40

Triggers for Zone Transfers (2)

Answer 40

• Refresh Interval

- DNS notify

Question 41

Refresh Interval

Answer 41

Specifies the amount of time between requests for SOA record of primary zone.

Question 42

DNS Notify(2)

Answer 42

• lists servers to be notified

- primary server notifies secondary that a change has been made; secondary then intiates zone transfer.

Question 43

Are Zone Transfers Secure(2)

Answer 43

• No
• Zone data is stored and transfered as clear text.
• Use IPSec or Active Directory Integrated Zone to secure

Question 44

Active Directory Integrated Zone(4)

Answer 44

ADI

• DNS Zone contained within a Domain Controller (Active Directory)
• Multi-master zones
• Zone data replicated during AD replication
• Zone transfers are secured with AD encryption automatically

Question 45

Active Directory Scopes (4)

Answer 45

• specifies which DC’s have copies of zone data
• All DC’s - even if DNS is not running
• All DC in domain with DNS installed.
• All DC in forest with DNS installed.

Question 46

Name Server Record(2)

Answer 46

NS

• record identifies all name servers that can do name resolution for the zone
• contains entries for primary and all secondary servers on zone

Question 47

A Record(3)

Answer 47

• host record
• forward lookups
• maps an IPv4 (32) DNS host name to IP address

Question 48

AAAA Record(3)

Answer 48

• Quad- A
• forward lookups
• maps IPv6 (128 bit) DNS host name to IP address

Question 49

Pointer Record(5)

Answer 49

• PTR
• Reverse lookup zone
• Maps IP address to hostname by pointing to correct (A) or (AAAA) record
• IPv4 records are created in (in-addr.arpa) namespace
• IPv6 records are created in in6.arpa

Question 50

in-addr.arpa

Answer 50

namespace used to designate IPv4 reverse lookup

Question 51

in6.arpa

Answer 51

namespace used to designate IPv6 reverse lookup

Question 52

Canonical Name Record(2)

Answer 52

• CNAME
• provides aliases to hosts that already have an (A) record
• enables server to be id’d by a different name in DNS

Question 53

Mail Exchange Record(3)

Answer 53

• MX
• id’s servers available to receive Simple Mail Transfer Protocol (SMTP)
• lower priority value = more preferential server

Question 54

Service Locator Record(4)

Answer 54

• SRV
• indicates resources that perform a particular service
• allows clients to find services via DNS
• Windows creates automatically as needed

Question 55

WINS / WINS-R Record(3)

Answer 55

• added to zone when you want DNS to use WINS
• id’s WIN servers to forward failed DNS requests
• allows resolution of a reverse query unresolvable by DNS

Question 56

Sender Policy Frameword(4)

Answer 56

• SPF
• id’s authorized mail servers
• created using TXT records
• DNS uses SPF to verify the host sending email is authorized to use DNS names

Question 57

Server Manager Path for Common Records

Answer 57

Server Manager>>
    Tools>>
         DNS (Manager)>>
              >>
                  DC>>
                       Rt Click | >> List of Common Records

Question 58

Server Properties Path

Answer 58

DNS Manager&raquo_space;
Server»
Properties

Question 59

Interfaces Server Properties

Answer 59

• id’s the IPs DNS will use to listen for DNS queries

Question 60

Forwarders Server Properties

Answer 60

• id’s DNS servers that queries are sent to when locak DNS is not authoritative

Question 61

Root Hints Server Properties

Answer 61

• id’s root servers on the Internet

Question 62

Debug Logging Server Properties

Answer 62

• sets detailed logging parameters for adv. troubleshooting

Question 63

Event Logging Server Properties(2)

Answer 63

• specifies events to be logged

- options: No Events, Errors Only, Errors and Warnings, All Events

Question 64

Monitoring Server Properties (2)

Answer 64

• runs a simple or recursive query against DNS server

- recursive query tests forwarding

Question 65

Security Server Properties

Answer 65

• set permissions for users or groups to modify DNS server.

Question 66

Disable Recursion

Answer 66

• Advanced Server Property

- disables forwarding & local DNS client

Question 67

Enable BIND secondaries

Answer 67

• Advanced Server Property

- allows MS DNS to talk to UNIX DNS

Question 68

Fail on load if bad data

Answer 68

• Advanced Server Property

- prevents zone data from loading if it is bad or corrupt

Question 69

Enable Round Robin

Answer 69

• Advanced Server Property

- enables cycling through records when there are multiple records of same type w/same name

Question 70

Enable netmask ordering

Answer 70

• Advanced Server Property
• provides requester with record that most closely matches the requester’s IP when there are multiple records of same type w/same name.

Question 71

Secure Cache Against Pollution

Answer 71

• Advanced Server Property

- protects cache by not updating when a request sent to 1 domain results in response from another domain.

Question 72

Enable DNSSEC validation for remote responses.

Answer 72

• Advanced Server Property
• clients with Win7 & greater
• allows DBS servers to digitally sign records it sends to clients
• clients use signature to verify DNS record was not altered in transit

Question 73

Enabling automatic scavenging of stale records

Answer 73

• Advanced Server Property
• removes records that haven’t been updated within specified period of time.
• must be set on server and zone
• uses non-refresh interval and refresh interval

Question 74

non-refresh interval

Answer 74

• time periods where DNS updates are not allowed
• occurs prior to refresh
• interval between last record refreshed and earliest time when it can be refreshed again

Question 75

refresh interval

Answer 75

• time period interval at which DNS gets updated
• occurs after non-refresh
• refresh starts= records begin getting refreshed
• refresh ends = DNS scavenges un-refreshed records
• non-refresh begins anew