Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
64 Cards in this Set
- Front
- Back
Who assigns top-level domains?
|
ICANN
|
|
What are the three types of DNS queries?
|
Recursive, iterative, and inverse
|
|
What is an iterative query?
|
A DNS query where the DNS server is expected to return the best answer based on information in its own database
|
|
What is a recursive query?
|
A DNS query where the DNS server is expected to return either the answer or an error, even if it has to query other DNS servers to find the answer
|
|
What are the three options for DDNS secure updating?
|
none, nonsecure and secure, secure only
|
|
What is nonsecure DNS updating?
|
Where any computer can update a DNS table
|
|
What is secure DNS updating?
|
DNS queries AD to verify that an updater has a valid computer account
|
|
What is an inverse query?
|
A DNS query using PTR records to look up a hostname based on the IP address
|
|
What type of record does an inverse query use?
|
PTR records
|
|
What domain is used for inverse queries?
|
in.addr.arpa
|
|
How is in.addr.arpa arranged?
|
by IP address in reverse octet order
|
|
What does TTL specify?
|
How long a record may be cached
|
|
What is a negative cache TTL?
|
the amount of time to cache the fact that a record doesn't exist
|
|
What type of DNS query looks up hostnames based on IP address?
|
an inverse query
|
|
What filename extension do primary DNS zone files have?
|
.dns
|
|
What are two advantages of secondary DNS zones?
|
fault tolerance and load reduction
|
|
When choosing a DNS zone type, how do you specify an Active Directory-integrated zone?
|
check "Store the Zone in Active Directory" on the Zone Type screen
|
|
What server requirements exist for creating an AD-integrated zone?
|
The DNS server must be a writable DC
|
|
What do stub zones do?
|
Identify the authoritative DNS server for a zone
|
|
What three types of records can a stub zone contain?
|
Name Server (NS), Start of Authority (SOA), and glue Host (A) records
|
|
What do GlobalName Zones do?
|
map single-label names (CNAME) to FQDN's
|
|
Are GlobalName Zones dynamic?
|
no
|
|
What are the 2 types of zone transfers?
|
full zone transfers (AFXR) and incremental zone transfers (IXFR)
|
|
When do secondary DNS zones initiate incremental zone transfers?
|
When the refresh interval expires or the server reboots
|
|
What is DNS Notify?
|
the mechanism for notifying secondary DNS servers that a change has occurred
|
|
What does Background Zone Loading do?
|
loads AD zone data immediately when a DNS server restarts
|
|
What zone type was implemented to support using RODC's as DNS servers?
|
Primary Read-Only zones
|
|
What do DNS socket pools do?
|
allow source port randomization to protect against DNS cache poisoning
|
|
What technology was created to help prevent DNS cache poisoning?
|
DNS socket pools
|
|
What is DNS cache locking?
|
design that prevents cached records from being overwritten for a percentage of the record's TTL (default 100%)
|
|
What does DNSSEC do?
|
uses zone signing to secure resource records
|
|
Does DNSSEC sign entire zones, or individual records?
|
individual records
|
|
What are the digital signatures produced by DNSSEC called?
|
RRSIGs
|
|
What are trust anchors?
|
preconfigured public keys linked to a DNS zone
|
|
Where are trust anchors stored in an AD-integrated DNS zone?
|
in the directory partition of the forest
|
|
Where are trust anchors stored on a standalone DNS server?
|
in TrustAnchors.dns
|
|
What powershell command will retrieve trust anchors?
|
get-dnsservertrustanchor
|
|
What OS's can act as DNSSEC clients?
|
Windows 7 and above
|
|
What is DNS devolution?
|
DNS clients don't need to provide the full FQDN to search the parent namespace
|
|
What system is netmask ordering a part of?
|
round robin
|
|
What does netmask ordering do?
|
returns the host address on the same subnet as the resolver for a service
|
|
What does an SOA do?
|
identifies the general parameters of a DNS zone, including authoritative server
|
|
How is round robin configured in DNS?
|
add multiple A records with same hostname but different IP addresses
|
|
What is WINS forward lookup?
|
DNS passes queries it can't resolve to WINS for resolution
|
|
How are delegated zones configured?
|
place a delegation record in other zones for each delegated zone pointing to the authoritative server
|
|
What are the 2 types of DNS forwarding?
|
external and conditional
|
|
When are dynamic DNS records removed by the DNS client?
|
When the client shuts down cleanly
|
|
What determines if a DNS record is considered stale?
|
The scavenging interval
|
|
What determines when stale records are removed?
|
the cleanup interval
|
|
What DNS server tab has tools to test DNS?
|
Monitoring
|
|
What tab can be used to monitor inbound/outbound DNS traffic?
|
Debug Logging
|
|
What should you do if a simple query fails?
|
check to make sure zone 1.0.0.127.in-addr.arpa exists
|
|
What should you do if a recursive query fails?
|
check root hints and root servers
|
|
What are the two modes for nslookup?
|
standalone (single command) and interactive (multiple commands)
|
|
What does DNSLint /d do?
|
diagnoses "lame delegation"
|
|
What does DNSLint /ql do?
|
verifies a user-defined set of DNS records on multiple servers
|
|
What does DNSLint /ad do?
|
Verifies DNS records related to AD replication
|
|
What needs to be done to allow a zone transfer to a BIND DNS server?
|
enable BIND Secondaries on the Microsoft DNS server
|
|
What file are root hints stored in? |
Cache.dns in %systemroot%/system32/dns |
|
If dns not ad integrated then where is the zone data held?
|
%sustemroot%/system32/dns folder file called .dns |
|
If you want to ensure users cannot access the Internet what can you do? |
Create a new dns zone called . By creating this blank root zone it is considered authoritative for all top level domains.
|
|
Conditional forwarders
|
A conditional forwarder is a DNS server on a network that is used to forward DNS queries according to the DNS domain name in the query. For example, a DNS server can be configured to forward all the queries it receives for names ending with widgets.example.com to the IP address of a specific DNS server or to the IP addresses of multiple DNS servers.
|
|
DNS Forwarder (External)
|
A forwarder is a Domain Name System (DNS) server on a network that forwards DNS queries for external DNS names to DNS servers outside that network.By using a forwarder, you can manage name resolution for names outside your network, such as names on the Internet, and improve the efficiency of name resolution for the computers in your network
|
|
DNScmd A command-line interface for managing DNS servers. This utility is useful in scripting batch files to help automate routine DNS management tasks, or to perform simple unattended setup and configuration of new DNS servers on your network |
dnscmd /name dnssvr1.contoso.com /recordadd test ptr 0.0.10.in-addr.arpa dnscmd dnssvr1.contoso.com /recordadd test A 10.0.0.5 dnscmd /recordadd test.contoso.com test MX 10 mailserver.test.contoso.com |