microsoft network admin 2 chapter 12 test
secondary zone
A ___________________ contains a database with all of the same information as the primary zone, and it can be used to resolve DNS requests. Secondary zones have the following advantages: ■ A secondary zone provides fault tolerance, so if the primary zone server becomes unavailable, name resolution can still occur using the secondary zone server. ■ Secondary DNS servers can also increase network performance by offloading some of the traffic that would otherwise go to the primary server
FQDN (Fully Qualified Domain Name)
A _____________________________, is written with the hostname and the domain name, including the top-level domain, in that order: [host name].[domain].[tld].
what to consider when using dns cache locking
Allows cached DNS record to remain safe for the duration of their TTL callus, this mean that the cached DNS records cannot be over written or changed.
DNS update proxy group
As mentioned previously, the DHCP server can be configured to register host (A) and pointer (PTR) resource records dynamically on behalf of DHCP clients. Because of this, the DNS server can end up with stale resources. To help solve this issue, an administrator can use the built-Insecurity group called ____________________________________
advantages of dns in server 2012 r2
Background zone loading support for tcp/ip version ipv6 read-only domain controllers global name zone dns socket pools dns cache locking dns security extensions (dnssec) dns devolution record weighting netmask ordering dnsupdateproxy group
stub zone
Consider using a _______________ when two large companies are merging and DNS zone information must be made available to every employee
A record - Add-DnsServerResourceRecordA [-Name] <String> [-ComputerName] <String> [-ZoneName] <String> -AllowUpdateAny <IPAddress[]> [-TimeToLive] <TimeSpan>
Define how to create the following records via PowerShell:
secure, non-secure, and none
Describe the 3 types of dynamic updates used in Server 2012?
characters
Domain names and hostnames must contain only ________________ a to z, A to Z, 0 to 9, and - (hyphen). Other common and useful characters, such as the & (ampersand), / (slash), . (period), and _ (underscore) characters, are not allowed. This is in conflict with NetBIOS's naming restrictions. However, you'll find that Windows Server 2012 R2 is smart enough to take a NetBIOS name, like Server_1, and turn it into a legal DNS name, like server1.example.com.
gcm -name *DNS*
How can you get the DNS resource related Commandlets?
Nslookup mail.contoso.com
How can you look up and test DNS records?
get-nettcpconnection
How can you view a client's TCP connection property?
Get-DnsClientServerAddress Clear-DnsClientCache
How can you view a client's current DNS Cache and clear it?
Get-DnsServerResourceRecord
How can you view the DNS server resource records?
recursive query
In a ___________________, the client sends a query to a name server, asking it to respond either with the requested answer or with an error message. The error states one of two things: ■ The server can't come up with the right answer. ■ The domain name doesn't exist.
DNS socket pools
_____________________________ allow source port randomization to protect again dns cache-poisoning attacks. If enable when the dns service starts the dns server will randomly pick a source pot from a pool of available sockets.
Domain Name System Security Extensions (DNSSEC)
_____________________________ protocol allows your DNS servers to be secure by validating DNS responses. ________________________ secures your DNS resource records by accompanying the records with a digital signature.
DNS (Domain Name Service)
The _________________________ is a service that allows you to resolve a hostname to an Internet Protocol (IP) address.
DDNS (Dynamic DNS)
The _____________________________ standard, described in RFC 2136, allows DNS clients to update information in the DNS database files. For example, a Windows Server 2012 R2 DHCP server can automatically tell a DDNS server which IP addresses it has assigned to what machines. Windows 2000, 2003, 2008, XP Pro, Vista, Windows 7, and Windows 8 DHCP clients can do this too. For security reasons, however, it's better to let the DHCP server do it. The result: IP addresses and DNS records stay in sync so that you can use DNS and DHCP together seamlessly. Because DDNS is a proposed Internet standard, you can even use the Windows Server 2012 R2 DDNS-aware parts with Unix/Linux-based DNS servers.
BIND (Berkeley Internet Name Domain)
The ______________________________________ was originally the only software available for running the root servers on the Internet. However, a few years ago the organizations responsible for the root servers undertook an effort to diversify the software running on these important machines. BIND is still primarily on Unix-based machines, and it is also the most popular for Internet providers. None of the root servers run Windows DNS.
Active Directory integrated DNS
The following are the purpose of what? Full fault tolerance, all AD DNS servers have access to the same data. IF the server or driver fails you can still retrieve DNS records No additional network traffic since all records are stored in active directory DNS security
DNS devolution
Using _________________________, if a client computer is a member of a child namespace, the client computer will be able to access resources in the parent namespace without the need to explicitly provide the fully qualified domain name of the resource. _____________________ removes the leftmost label of the namespace to get to the parent suffix. DNS devolution allows the DNS resolver to create the new FQDNs. _______________________ works by appending the single label, unqualified domain name with the parent suffix of the primary DNS suffix name.
53 UDP and TCP
What port does DNS use to operate?
DNS zone delegation
When you want to be delegated by another location or department in your organization. For Load Balancing you might consider using __________________________
C:\Windows\Systems32\drivers\etc.
Where is the HOSTS file located on windows machine?
security extensions
Windows Server 2012 R2 can use a suite of _____________________________that will help add security to DNS, and that suite is called DNSSEC, which was introduced in Windows Server 2008 R2. The DNSSEC protocol allows your DNS servers to be secure by validating DNS responses. DNSSEC secures your DNS resource records by accompanying the records with a digital signature.
dns Trust anchors
_______________________ are an important part of the DNSSEC process because trust anchors allow the DNS servers to validate the DNSKEY resource records. __________________ are preconfigured public keys that are linked to a DNS zone. For a DNS server to perform validation, one or more trust anchors must be configured. If you are running an Active Directory Integrated zone, trust anchors can be stored in the Active Directory Domain Services directory partition of the forest
Inverse queries
_________________________ use pointer (PTR) records. Instead of supplying a name and then asking for an IP address, the client first provides the IP address and then asks for the name. Because there's no direct correlation in the DNS namespace between a domain name and its associated IP address, this search would be fruitless without the use of the in-addr.arpa domain.
Iterative queries
__________________________ are the easiest to understand: A client asks the DNS server for an answer, and the server returns the best answer.
Weighting DNS records
__________________________ will allow an administrator to place a value on DNS SRV records. Clients will then randomly choose SRV records proportional to the weight value assigned.
Top level Domains
___________________________ are located directly below the root node (.com, .net, .org, .gov, .edu to name a few).
Full zone transfers(axfr) and incremental zone transfers (ixfr)
_______________________________ and ___________________ A full zone transfer contain all of the information in the DNS database Subsequent zone transfers after a full zone transfer are incremental. It only sends changes that have been made in the interim
DNS namespace
_______________________________ name service provided by the Internet for TCP/IP networks. DNS is broken up into domains, a logical organization of computers that exist in a larger network. The domains exist at different levels and connect in a hierarchy that resembles the root structure of a tree.
Primary DNS Zones
________________________________ get stored locally in a file (with the suffix .dns) on the server. This allows you to store a primary zone on a domain controller or a member server. In addition, by loading DNS onto a member server, you can help a small organization conserve resources. Such an organization may not have the resources to load DNS on an Active Directory domain controller.
NDDNS (Non-Dynamic DNS)
___________________________________ does not automatically populate the DNS database. The client systems do not have the ability to update to DNS. If you decide to use Non-Dynamic DNS, an administrator will need to populate the DNS database manually. Non-Dynamic DNS is a reasonable choice if your organization is small-to-midsize and you do not want extra network traffic (clients updating to the DNS server) or if you need to enter the computer's TCP/IP information manually because of strict security measures.
RODC (read only domain controller)
the following is the purpose of what? security to make only changes to a RODC you have to change the primary zones located on the AD integrated DNS servers
What do DNS Records define
■Resource Record Signature (RRSIG) Record This is the additional record that is returned to a client for validity upon a DNS query. This record is stored in the DNSSEC signed zone. ■Next Secure (NSEC/NSEC3) Record This record provides proof that a queried record does not exist in the zone. If a client queries a nonexistent record, then the DNS server returns a NSEC record. ■DNSKEY This record is used for cryptographic verification of the RRSIG records.
DNS Records
■SOA- The first record in a database file is the start of authority (SOA) record. The SOA defines the general parameters for the DNS zone, including the identity of the authoritative server for the zone. ■Name Servers- Name server (NS) records list the name servers for a domain. This record allows other name servers to look up names in your domain. A zone file may contain more than one name server record. Host Record - A host record (also called an A record for IPv4 and AAAA record for IPv6) is used to associate statically a host's name to its IP addresses. ■Name Server Records - Name server (NS) records list the name servers for a domain. This record allows other name servers to look up names in your domain. A zone file may contain more than one name server record. ■Host Record - A host record (also called an A record for IPv4 and AAAA record for IPv6) is used to associate statically a host's name to its IP addresses. ■Alias Record - Closely related to the host record is the alias record, or canonical name (CNAME) record. ■Pointer Record - A or AAAA records are probably the most visible component of the DNS database because Internet users depend on them to turn FQDNs like www.microsoft.com into the IP addresses that browsers and other components require to find Internet resources. However, the host record has a lesser-known but still important twin: the pointer (PTR) record. ■Mail Exchanger Record - The mail exchanger (MX) record is used to specify which servers accept mail for this domain. ■Service Records - Service (SRV) records tie together the location of a service (like a domain controller) with information about how to contact the service. SRV records provide seven items of information. Let's review an example to help clarify this powerful concept.