Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
52 Cards in this Set
- Front
- Back
|
Zones
|
Zones are the databases in which DNS data is stored
|
|
|
dnscmd /clearcache
|
clears the server cache;
|
|
|
dnscmd /enumdirectorypartitions
|
shows the application directory partitions
available on the local server |
|
|
dnscmd /info
|
provides a basic overview of
the DNS server confguration |
|
|
dcdiag /test:replications
|
Test replication in the AD
|
|
|
repadmin /showrepl
|
Show replication partners
|
|
|
Primary Zone
|
A primary zone provides original read-write source data that allows the local DNS server to answer DNS queries authoritatively
|
|
|
zone is stored in a file instead of Active Directory
|
the primary zone file is named zone_name.dns
located in the %systemroot%\System32\Dns folder on the server. |
|
|
Secondary Zones
|
A secondary zone provides an authoritative, read-only copy of a primary zone or another secondary zone
|
|
|
masters
|
The source zones from which secondary zones acquire their information
|
|
|
Stub Zones
|
A stub zone is similar to a secondary zone, but it contains only those resource records necessary to identify the authoritative DNS servers for the master zone
keep an updated list of the name servers available in a delegated child zone |
|
|
Advante of the Active Directory Zone
|
data is automatically replicated through Active Directory in a manner determined by the settings
you choose on the Active Directory Zone Replication Scope page |
|
|
standard zone stores
|
a standard zone stores its data in a text
fle on the local DNS server |
|
|
forward lookup
|
In forward lookup zones, DNS servers map fully qualifed domain names (FQDNs) to
IP addresses. |
|
|
What are the server requirements for storing a zone in Active Directory?
|
The DNS server needs to be a domain controller
|
|
|
When you create a new zone, two types of records required for the zone
|
Start of Authority (SOA)
NS record signifying the name of the server or servers authoritative for the zone. |
|
|
Start of Authority (SOA) Records
|
When a DNS server loads a zone, it uses the SOA resource record to determine basic and
authoritative properties for the zone. These settings also determine how often zone transfers |
|
|
The Serial Number text box on the Start Of Authority
|
This number increases each time a resource
record changes |
|
|
SOA query
|
the secondary servers query the master server intermittently for the serial number of the
zone. |
|
|
Refresh Interval
|
The value you confgure in the Refresh Interval text box determines
how long a secondary DNS server waits before querying the master server for a zone renewal |
|
|
Retry Interval
|
The value you confgure in the Retry Interval text box determines
how long a secondary server waits before retrying a failed zone transfer. |
|
|
Expires After
|
The value you confgure in the Expires After text box determines the
length of time that a secondary server, without any contact with its master server, continues to answer queries from DNS clients. |
|
|
minimum (Default) TTL
|
The value you confgure in the Minimum (Default) TTL text
box determines the default Time to Live (TTL) that is applied to all resource records in the zone. |
|
|
TTL For This Record
|
The value you confgure in this text box determines the TTL of
the present SOA resource record. |
|
|
Name Server Records
|
A name server (NS) record specifes a server that is authoritative for a given zone.
|
|
|
The mail exchanger (MX) resource record
|
The mail exchanger (MX) resource record is used by SMTP (mail) agents to locate other SMTP
servers in a remote domain, typically for the purpose of routing mail to that domain. |
|
|
refresh interval
|
The refresh interval is the time after the no-refresh
interval during which time stamp refreshes are accepted and resource records are not scavenged. After the no-refresh and refresh intervals expire, records can be scavenged from the zone. |
|
|
What kind of zones do not automatically perform time stamping on dynamically
created resource records? |
Standard zones
|
|
|
GlobalNames Zone
|
a new feature that enables all DNS
clients in an Active Directory forest to use single-label name tags such as “Mail” to connect to specifc server resources located anywhere in the forest |
|
|
Deploying a globalNames Zone
|
he GlobalNames zone is compatible only with DNS servers running Windows Server 2008
and Windows Server 2008 R2. |
|
|
Enable GlobalNames zone support
|
dnscmd . /confi g /enablegl obal namessupport 1
|
|
|
Why would you use a globalNames zone?
|
To facilitate the resolution of single-label computer names in a large network.
|
|
|
Partition in dns
|
A partition is a data structure in Active Directory that distinguishes data for different replication
purposes. |
|
|
To All Dns servers In This Forest
|
This option stores the new zone in the ForestDnsZones
partition. Every domain controller in the entire forest and on which the DNS Server role is installed will receive a copy of the zone. |
|
|
To All Dns servers In This Domain
|
This option stores the new zone in the DomainDnsZones partition. Every domain controller in the local domain and on which the DNS
Server role is installed will receive a copy of the zone. |
|
|
To All Domain Controllers In This Domain
|
This option stores the zone in the domain
partition. Every domain controller in the local domain will receive a copy of the zone, regardless of whether the DNS Server role is installed on that domain controller. |
|
|
To All Domain Controllers specifed In The scope of This Directory Partition
|
This
option stores the zone in the user-created application directory partition specifed in the associated drop-down list box. For a domain controller to fall within the scope of such a directory partition, you must manually enlist that domain controller in the partition. |
|
|
RE-CREATIng DomAInDnsZonEs AnD FoREsTDnsZonEs
|
If either of the default application directory partitions is deleted or damaged, you can
re-create them in DNS Manager by right-clicking the server node and choosing Create Default Application Directory Partitions. |
|
|
Creating Custom Application Directory Partitions
|
dnscmd servername /createdirectorypartition FQDN
dnscmd servername /enlistdirectorypartition FQDN |
|
|
Creating Custom Application Directory Partitions
|
dnscmd server1 /createdi rectorypartiti on DNSpartitionA.contoso. com
dnscmd server2 /enl istdi rectorypartiti on DNSpartitionA.contoso. com |
|
|
Zone Transfer Initiation
|
When the refresh interval of the primary zone’s SOA resource record expires
When a server hosting a secondary zone boots up When a change occurs in the confguration of the primary zone and this primary zone is confgured to notify a secondary zone of zone updates |
|
|
Manually updating a Secondary Zone
|
Reload
Transfer from Master Transfer new copy of zone from Master |
|
|
To delegate a zone
|
To delegate a zone is to create a new zone for a subdomain within a DNS namespace and
relinquish authority of that new zone. |
|
|
When to Delegate Zones
|
DNS delegations are automatically used to separate parent and child AD DS domains
in a single forest. |
|
|
stub zone
|
stub zone is a copy of a zone that contains only the most basic records
in the master zone. The purpose of a stub zone is to enable the local DNS server to forward queries to the name servers authoritative for the master zone |
|
|
You can use stub zones to do the following:
|
Keep delegated zone information current
Improve name resolution |
|
|
True or False: you can perform a delegation only from a parent zone to a child zone.
|
True
|
|
|
Why does a stub zone improve name resolution when it is implemented across domains in a large forest or other DNS namespace?
|
A stub zone provides a DNS server with the names of servers that are authoritative
for a given zone. |
|
|
Trust anchors
|
Trust anchors are used with DNSSEC to establish trust relationships between DNS servers.
|
|
|
What is the name of the record that contains a hash of the public key in a
delegated subdomain? |
A DS record
|
|
|
key rollover
|
This process of updating keys and digital signatures is also called key rollover
|
|
|
The following two methods can be used for key rollover:
|
Prepublished rollover
Double signature rollover |
