Windows Server Chapter 8: Configuring and Managing Network Services
forward lookup
A DNS lookup that resolves a FQDN to an IP address.
reverse lookup
A DNS lookup that resolves an IP address to a FQDN.
secondary DNS servers
A DNS server that contains a read-only copy of a zone file that was obtained from a primary DNS server.
primary DNS server Zone file
A DNS server that contains a read-write copy of a zone file. It also contains a _______ for storing resource records for the zone.
authoritative
A DNS server that contains resource records for a portion of the Domain Name Space.
stub DNS servers
A DNS server that forwards requests for a zone directly to an authoritative DNS server.
default forwarders
A DNS server that relays lookup requests it cannot resolve (using zone files or conditional forwarders) to another DNS server.
caching-only DNS server
A DNS server that uses its DNS cache and recursion to respond to lookup requests.
Windows Internet Name Service (WINS)
A Windows Server 2019 service used to resolve NetBIOS names to IP addresses.
netmask ordering
A feature of DNS that ensures the first result returned in a list closely matches the IP address of the resolver.
round robin
A feature of DNS that rotates a list of returned results for load balancing purposes.
Dynamic DNS (DDNS)
A feature that allows computers to automatically create records on a DNS server.
hosts file
A file on a local computer that contains entries that can be used to resolve FQDNs to IP addresses.
zone
A portion of the Domain Name Space.
Active Directory-integrated primary DNS server
A primary DNS server that stores its zone file in the Active Directory database.
resource records
A record stored in a zone file.
stale resource records
A resource record that was created using dynamic update, but has not been refreshed by the computer for which the record was created for a long period of time.
will replicate the zone to all domain controllers in domainX.com that have the DNS Server role installed.
After pick the zone type, click next to select the domain controllers to replicate the zone. what does the select option do?
zone to modify zone configuration
After you create a primary lookup zone, you can access the properties of the
You are prompted for zone file options if you did not select an Active Directory-integrated primary zone type you are prompted to select the dynamic update configuration for the zone This is the last step in making a primary reverse lookup zone
After you specify the reverse lookup zone name. what does this screen do?
poor practice as it allows any computer on the network to create resource records in a DNS zone. As a result, most server administrators configure secure dynamic updates or prevent dynamic updates altogether.
Allowing nonsecure dynamic updates is considered _________________ becauce
target organization's zone directly to a DNS server in the target organization.
As with conditional forwarders, a stub DNS server forwards requests for a
own folder (As a result, server administrators often prefer to create conditional forwarders over stub zones on DNS servers that host many forward lookup zones.)
Rather than being displayed as an additional forward lookup zone in DNS Manager, conditional forwarders are stored in their ________. What does this do?
DNS from the Tools menu in Server Manager to start the DNS Manager tool
Regardless of how the DNS Server role was installed, you can manage a DNS server by clicking
be updated automatically if the FQDN in the host record for server1.zoneX.com is modified using dynamic update.
The Allow any authenticated user to update all DNS records with the same name option allows the CNAME record to be
resource record to be modified by dynamic update following creation
The Allow any unauthenticated user to update DNS records with the same owner name option allows the
1. the client computer first checks its DNS cache to see if the IP address for docs.microsoft.com was previously resolved before sending a forward lookup request 2. Sends the request to the organization's DNS server. (if found, step 10, if not, step 3) 3. the organization DNS server relays the forward lookup request to an ISP DNS server (Yes, step 10, No, Step 4) 4. the ISP DNS server contacts a DNS server for the .com top-level zone and repeats the forward lookup request for docs.microsoft.com. 5.The .com DNS server replies with the IP address of a DNS server for the microsoft.com zone
The DNS lookup process in an organization network (Steps 1 - 5)
6. The ISP DNS server then contacts the DNS server for the microsoft.com zone and repeats the forward lookup request for docs.microsoft.com. 7. The DNS server for the microsoft.com domain then returns the IP address for the docs.microsoft.com computer to the ISP DNS server. 8. The ISP DNS server caches the result for future use and then relays it to the organization DNS server. 9. The organization DNS server also caches the result for future use and then relays it to the client computer 10. The client computer then caches the result for future use before connecting to the IP address of the docs.microsoft.com Web server
The DNS lookup process in an organization network (Steps 6 - 10)
pause lookup responses for the zone as well as change the zone type, the Active Directory-integrated zone replication options (if applicable), and dynamic update configuration
The General tab of zone properties allows
DNS Server
The Windows Server 2019 server role that provides for DNS server services.
Time To Live (TTL)
The amount of time that a computer is allowed to cache the results of a DNS lookup.
resolver
The computer that requests a DNS lookup.
C:\Windows\system32\drivers\etc\hosts
The default hosts file on Windows systems is
most recent time that the associated computers contacted the DNS server to create or update their resource records, if necessary.
The host record for SERVERY and two host records for domainX.com were created by dynamic update as there is a time listed in the Timestamp column. This time indicates the
Host records (A and AAAA)
The most common resource record types configured on a DNS server, as they provide for forward lookups.
ill forward requests to the DNS server with IP address 192.168.1.1 or the DNS server with IP address 192.168.1.2 if the first DNS server is unavailable.
The options in the forwarders tab will
C:\Windows\system32\dns folder called zoneX.com.dns
The options will create a zone file under the
deploy their own DNS servers that host zones needed for Active Directory.
The process illustrated in Figure 8-1 is different when you use a client computer in an organization to resolve docs.microsoft.com. This is because organizations often
scavenging
The process of removing stale resource records on a DNS server
1. The client computer checks its DNS chache for the IP address for doc.microsoft.com is listed in a previous forward lookup request. (If not, go to step 2, If it is there, go to step 8). 2. the client computer sends a forward lookup request for the site to the The Preferred DNS server is typically a DNS server at your ISP. If the ISP DNS server has recently resolved docs.microsoft.com and placed the result in its DNS cache, it returns the result immediately to the client computer (called an iterative query). If it has not, (go to step 3) 3.T he ISP DNS server contacts a DNS server for the .com top-level zone and repeats the forward lookup request for docs.microsoft.com. 4. The .com DNS server will not contain the IP address for the docs.microsoft.com computer in its zone, but will reply with the IP address of a DNS server for the microsoft.com zone
The whole process used to resolve the FQDN docs.microsoft.com for a DNS lookup process from a home or public network (Step 1 - 4)
5. The ISP DNS server then contacts the DNS server for the microsoft.com zone and repeats the forward lookup request for docs.microsoft.com (another recursive query). 6. The DNS server for the microsoft.com domain contains a resource record that lists the IP address for the docs.microsoft.com computer and returns this IP address to the ISP DNS server. 7. The ISP DNS server caches the result for future use and then relays it to the client computer 8. The client computer also caches the result for future use before connecting to the IP address of the docs.microsoft.com Web server
The whole process used to resolve the FQDN docs.microsoft.com for a DNS lookup process from a home or public network (Step 5- 8)
authoritative DNS server
There is also a host (A) record for SERVERY (192.168.1.150), an SOA record for the zone, and an NS record for the zone that identifies serverx as an
single DNS server or a series of DNS servers
This forward lookup can be performed by a
After you have created a primary zone, you can right-click it in DNS Manager and click Properties to modify the zone type and options as well as the default zone records
To Configure Zone Properties
organization DNS servers are typically configured to relay forward lookup requests for zones that they do not host to ISP DNS servers. As a result, these organization DNS servers are also called default forwarders, as they forward requests they cannot resolve to other DNS servers instead of using root hints to perform recursive queries.
To allow computers in the domain to resolve FQDNs for computers on the Internet,
Aging button in zone properties select Scavenge stale resource records in the Zone Aging/Scavenging Properties window
To automatically remove stale resource records (a process called scavenging), click the
right-click SERVERX, click Properties, and highlight the Forwarders tab
To configure SERVERX
right-click the Conditional Forwarders folder click New Conditional Forwarder to open the New Conditional Forwarder window create an Active Directory-integrated conditional forwarder that relays forward lookup requests for the lala.com zone to the DNS server with IP address 4.99.192.1.
To create a conditional forwarder,
Right-click a forward lookup zone in DNS Manager Click New host (A or AAAA)
To create a host record,
right-click a forward lookup zone in DNS Manager click New Alias (CNAME) to open the New Resource Record window
To create a new CNAME record,
right-click the Forward Lookup Zones folder click New Zone to start the New Zone Wizard click Next at the first page of the New Zone Wizard, you are prompted to select the zone type, as shown for the primary zone click next to select the domain controllers to replicate the zone
To create a primary forward lookup zone,
right-click the Reverse Lookup Zones folder click New Zone to start the same New Zone Wizard used to create a primary forward lookup zone. you are prompted to select the zone type
To create a primary reverse lookup zone,
right-click the Forward Lookup Zones folder click New Zone to start the New Zone Wizard select Secondary zone as zone type you are prompted for the zone name you are prompted to specify the IP address of the DNS server that hosts the primary zone Finish to create the secondary zone.
To create a secondary forward lookup zone,
right-click a forward lookup zone in DNS Manager click New Mail Exchanger (MX) to open the New Resource Record window
To create an MX record for a zone,
Increment button
To force all secondary zones to request a zone transfer, click the
configure either a conditional forwarder or stub zone.
To forward lookup requests to another organization's DNS server that is not publicly registered with top-level DNS servers, you can choose to
two DNS servers
To provide fault tolerance for Active Directory and Internet FQDN resolution, an organization should have a minimum of
request information contained in specific resource record types
What do DNS Lookups request?
hold information about a service, FQDN, IP address, or zone on an authoritative DNS server
What do recourse records do?
create an Active Directory-integrated conditional forwarder that relays forward lookup requests for the lala.com zone to the DNS server with IP address 4.99.192.1.
What do the options allow to create?
you are prompted to specify either the associated network ID that can be used to generate the reverse lookup zone name, or the reverse lookup zone name itself
What does this screen do after choosing the reverse lookup zone type
not registered with the top-level DNS servers on the Internet. (This is considered secure practice as it ensures that the zone used for Active Directory in an organization is not visible to other computers on the Internet using recursive queries.)
When an Active Directory domain is implemented, most organizations choose to use a domain name that is
After zone transfers have been allowed to your DNS server in the properties of a primary forward or reverse lookup zone
When can you create an associated secondary zone on your DNS server?
After creating a forward or reverse lookup zone
When can you make resource records?
forward lookup of the FQDN which in turn allows it to contact the IP address of the Web server.
When you contact a Web server on the Internet using a Web browser from a home or public network, your Web browser performs a
MX record for the recipient's zone
When you send an email, your email server locates the target email server by resolving the
Created by each domain controller using dynamic update to ensure correct location information.
Because SRV records include a priority and weight that are used by computers to locate the nearest domain controller in a domain, they are automatically
path to a zone file that you copied from another DNS server. This allows you to migrate a primary zone from an existing DNS server to your DNS server.
Because zone files follow a standard format, instead select Use this existing file and specify the _____________. What does it allow you to do?
allow for dynamic updates require that resource records be manually created by the server administrator.
You can create an unlimited number of primary forward and reverse lookup zones on a DNS server to hold resource records that are authoritative for a zone in the Domain Name Space. You can configure each zone to either:
lowest priority number listed first (This ensures that the email server with the lowest priority number is contacted first, followed by the email server with the second lowest priority number if the first is unavailable, and so on.)
if you create multiple MX records with different priority numbers, the list of email servers is returned with the email server that has the
zone name
if you did not select an Active Directory-integrated primary zone type), you are prompted for the
resolve the FQDNs for the other organization's Active Directory zone.
there are times when one organization may need to resolve FQDNs for another organization's Active Directory zone, and vice versa. the DNS servers in each organization must be able to
Resolves an FQDN to an IPv4 address
what do A (Host) resource record do?
it resolves one FQDN to another FQDN. For example, a CNAME record may be used to resolve www.microsoft.com to server05.microsoft.com.
what do CNAME (Canonical Name) resource record do?
Identifies an email server for a zone
what do MX (Mail Exchanger) resource record do?
Identifies a DNS server that is authoritative for a zone
what do NS (Name Server) resource record do?
Resolves an IP address to an FQDN
what do PTR (Pointer) resource record do?
same functionality
Conditional forwarders are an alternative to stub zones that provide the
root hints and cached entries
DNS server role functions as a caching-only DNS server that uses ______________________ respond to lookup requests on all network interfaces
You are prompted to choose an IPv4 or IPv6 reverse lookup zone
Define the options:
Authoritative DNS server to ensure that names can be resolved if one server is unavailable
Each zone typically has more than one
perform a recursive query in order to resolve the lookup request
For lookup requests that do not match an authoritative zone or conditional forwarder, DNS servers will use root hints to
large number of recursive lookup requests in organizations that have many DNS servers. As a result, most organizations will instead configure their DNS servers as default forwarders that relay lookup requests that cannot be resolved to an ISP DNS server or other DNS server in the organization.
For lookup requests that do not match an authoritative zone or conditional forwarder, DNS servers will use root hints to perform a recursive query in order to resolve the lookup request. However, this can result in a
CNAME and MX records as well as host records that provide for round robin or netmask ordering. You may also create host and PTR records for computers that are unable to automatically update their resource records in the zone because they are configured to use a different DNS server or run an operating system that does not support dynamic update.
For zones that allow dynamic updates, you still need to manually create
automatically using the dynamic update feature of DNS to save administrative effort
Host records (A and AAAA) can be made manually by a administrator, they are normally created
the computer name that is configured locally on the system
Host records often represent
CNAME record that maps a common service name (such as www for Web services) to the host record for the server
Host records often represent the computer name that is configured locally on the system. However, for servers that host common network services, you may wish to create a
replicated immediately using Active Directory to all other Active Directory-integrated primary DNS servers.
If a new resource record is added to an Active Directory-integrated primary DNS server, it is
root hints are used to perform a recursive query.
If both DNS servers are unavailable,
root hints to perform a recursive query
If lookup requests cannot be resolved using the zones configured on the server, the DNS server will use
default forwarder to the Preferred and Alternate DNS servers listed in the properties of the network interface, and the network interface is then modified to ensure that the local server is listed as the Preferred DNS server.
If the DNS Server role was installed by the Active Directory Domain Services role on a new domain controller, then the DNS server is automatically configured as a
Active Directory
If the DNS server is also a domain controller, you can also configure the zone file to be stored in
create (or update) their own host records in that zone on the DNS server at boot time, or when their IP address or FQDN is changed. And used by domain controllers to automatically create the SRV records that computers use to locate Active Directory services.
If the dynamic update feature is enabled for a zone on the DNS server, Windows 2000 and later systems automatically ___________________________ and ________________
the Active Directory database and replicated to other domain controllers that are also configured as DNS servers.
If the organization DNS server is also a domain controller, zone files can be stored in
stale resource records that represent computers that are no longer present on the network because they have failed or have been decommissioned or redeployed.
If the zone is configured to accept dynamic updates, resource records are created automatically, but they are not automatically removed by default. As a result, zones that accept dynamic updates often accumulate
zone file options
If you did not select an Active Directory-integrated primary zone type, you are prompted to choose
zone information is changed or resource records are added to the zone. This allows secondary zones to identify when new information is available for zone transfer.
If you highlight the Start of Authority (SOA) tab of zone properties, you can modify the settings in the SOA resource record for the zone. The serial number of a zone is automatically updated when
create an Active Directory-integrated primary zone, but you can deselect this option to ensure that the zone file is not stored in Active Directory. If you choose to create an Active Directory-integrated primary zone
If your DNS server is also a domain controller, Store the zone in Active Directory is selected by default to
MX records for each one with the same priority number to provide round robin load balancing of email requests.
If your organization has multiple email servers, you can create multiple
Allow only secure: allows dynamic updates, but only if they can be secured using Kerberos. As a result, this option only allows dynamic updates from computers that are joined to the Active Directory domain; it is only available if you selected an Active Directory-integrated primary zone type. Allow non and secure: nonsecure dynamic updates Do no allow dynamic updates: prevent dynamic updates altogether
Name the result of all these options
