Ch 10 DNS

What is RSAT?
Remote Server Administration Tools

Default RDP settings?

Remote Desktop Protocol

The different types of DNS servers based on functionality

Primary DNS Server

Primary DNS servers can be configured to notify secondary DNS servers of changes to
a zone and to begin a zone transfer. They can also be configured to perform a zone
transfer on a scheduled basis.

Secondary DNS Server

Zone transfer types and Record types

Understanding DNS Zones

A zone in DNS is a portion of a DNS namespace that is controlled by a particular DNS

server or group of servers. The zone is the primary delegation mechanism in DNS and
is used to establish boundaries over which a particular server can resolve requests. Any
server that hosts a particular zone is said to be authoritative for that zone, with the
exception of stub zones, which are defined later in the chapter in the “Stub Zones”
section.

Forward Lookup Zones

A forward lookup zone is created to, as the name suggests, forward lookups to the DNS
database. In other words, this type of zone resolves names to IP addresses and
resource information. For example, if a user wants to reach dc1.companyabc.com and
queries for its IP address through a forward lookup zone, DNS returns 172.16.1.11, the
IP address for that resource.

Reverse Lookup Zones

A reverse lookup zone performs the exact opposite operation as a forward lookup zone.
IP addresses are matched up with a common name in a reverse lookup zone. This is
similar to knowing a phone number but not knowing the name associated with it.
Reverse lookup zones are usually manually created and do not always exist in every
implementation. Creating a new zone using the Configure a DNS Server Wizard, as in
the example earlier in this chapter, can automatically create a reverse lookup zone.
Reverse lookup zones are primarily populated with PTR records, which serve to point
the reverse lookup query to the appropriate name.
Primary Zones

In traditional (non–Active Directory–integrated) DNS, a single server serves as the

master DNS server for a zone, and all changes made to that particular zone are done
on that particular server. A single DNS server can host multiple zones, and can be
primary for one and secondary for another. If a zone is primary, however, all requested
changes for that particular zone must be performed on the server that holds the master
copy of the zone.

Secondary Zones

A secondary zone is established to provide redundancy and load balancing for the
primary zone. Each copy of the DNS database is read-only, however, because all
record keeping is done on the primary zone copy. A single DNS server can contain
several zones that are primary and several that are secondary. The zone creation
process is similar to the one outlined in the preceding section on primary zones, but with
the difference being that the zone is transferred from an existing primary server.

Stub Zones

The concept of stub zones is unique to Microsoft DNS. A stub zone is essentially a zone
that contains no information about the members in a domain but simply serves to
forward queries to a list of designated name servers for different domains. A stub zone
subsequently contains only NS, SOA, and glue records. Glue records are essentially A
records that work in conjunction with a particular NS record to resolve the IP address of
a particular name server. A server that hosts a stub zone for a namespace is not
authoritative for that zone.

Performing Full Zone Transfers

The standard method for zone transfers, which transfers the entire contents of a DNS
zone from the primary server to the secondary server, is known as asynchronous zone
transfer (AXFR), or full zone transfer. This type of zone transfer copies every item in the
DNS database to the secondary server, regardless of whether the server already has
some of the items in the database. Older implementations of DNS utilized AXFR
exclusively, and it is still utilized for specific purposes today.

Initiating Incremental Zone Transfers

An incremental zone transfer (IXFR) is a process by which all incremental changes to a

DNS database are replicated to the secondary DNS server. This saves bandwidth over
AXFR replication changes because only the deltas, or changes made to the database
since the last zone transfer, are replicated. IXFR zone transfers are accomplished by
referencing a serial number that is stored on the SOA of the DNS server that holds the
primary zone. This number is incremented upon each change to a zone. If the server
requesting the zone transfer has a serial number of 45, for example, and the primary
zone server has a serial number of 55, only those changes made during the period of
time between 45 and 55 will be incrementally sent to the requesting server via an IXFR
transfer. However, if the difference in index numbers is too great, the information on the
requesting server is assumed to be stale, and a full AXFR transfer will be initiated. For
example, if a requesting server has an index of 25, and the primary zone server’s index
is 55, an AXFR zone transfer will be initiated.

Performing Recursive Queries

Recursive queries are most often performed by resolvers, or clients, that need a specific
name resolved by a DNS server. Recursive queries are also accomplished by a DNS
server if forwarders are configured to be used on a particular name server. A recursive
query essentially asks whether a particular record can be resolved by a particular name
server. The response to a recursive query is either negative or positive.

Performing Iterative Queries

Iterative queries ask a DNS server to either resolve the query or make a best-guess
referral to a DNS server that might contain more accurate information about where the
query can be resolved. Another iterative query is then performed to the referred server
and so on until a result, positive or negative, is obtained.

Start of Authority (SOA) Records

The Start of Authority (SOA) record in a DNS database indicates which server is
authoritative for that particular zone. The server referenced by the SOA records is
subsequently the server that is assumed to be the authoritative source of information
about a particular zone and is in charge of processing zone updates. The SOA record
contains information such as the Time to Live (TTL) interval, the contact person
responsible for DNS, and other critical information.

Host (A) Records

The most common type of resource record (RR) in DNS is the host record, also known
as an A record. This type of RR simply contains the name of the host and its
corresponding IP address.

Name Server (NS) Records

Name Server (NS) records identify which computers in a DNS database are the name
servers, essentially the DNS servers for a particular zone. Although there can be only
one SOA record for a zone, there can be multiple NS records for the zone, which
indicate to clients which machines are available to run DNS queries against for that
zone.
Service (SRV) Records

Service (SRV) records are RRs that indicate which resources perform a particular
service. Domain controllers in Active Directory Domain Services are referenced by SRV
records that define specific services, such as the global catalog (GC), Lightweight
Directory Access Protocol (LDAP), and Kerberos. SRV records are a relatively new
addition to DNS, and did not exist in the original implementation of the standard. Each
SRV record contains information about a particular functionality that a resource
provides. For example, an LDAP server can add an SRV record, indicating that it can
handle LDAP requests for a particular zone. SRV records can be very useful for Active
Directory Domain Services because domain controllers can advertise that they handle
global catalog requests.

Mail Exchanger (MX) Records

A Mail Exchanger (MX) record indicates which resources are available for Simple Mail
Transfer Protocol (SMTP) mail reception. MX records can be set on a domain basis so
that mail sent to a particular domain will be forwarded to the server or servers indicated
by the MX record. For example, if an MX record is set for the domain companyabc.com,
all mail sent to user@companyabc.com will be automatically directed to the server
indicated by the MX record.

Pointer (PTR) Records

Reverse queries to DNS are accomplished through the use of Pointer (PTR) records. In
other words, if a user wants to look up the name of a resource that is associated with a
specific IP address, he would do a reverse lookup using that IP address. A DNS server
would reply using a PTR record that would indicate the name associated with that IP
address. PTR records are most commonly found in reverse lookup zones.

Canonical Name (CNAME) Records

A Canonical Name (CNAME) record represents a server alias, and allows any one of a
number of servers to be referred to by multiple names in DNS. The record essentially
redirects queries to the A record for that particular host. CNAME records are useful
when migrating servers and for situations in which friendly names, such as
mail.companyabc.com, are required to point to more complex server-naming
conventions, such as sfoexch01.companyabc.com.

Top Level domain (TLD)

http://www.google .com .
host 2nd level domain root
Fully Qualified Domain Name (FQDN)
A(n) Incremental zone transfer (IXFR) will transfer changed and/or new records within a zone
from a primary server to a secondary server.

A(n) full zone transfer (AXFR) will transfer all records within a zone from a primary server to a
secondary server.

The “.” zone represents the root of the DNS naming hierarchy.

A(n) CNAME Record creates an alias for an existing A record.

A(n) Mail Exchanger (MX) record is used by e-mail systems to locate mail servers in different
networks.

The In-addr.arpa domain allows IPv4 hosts to map host names to IP addresses.

contoso.com is an example of a(n) second-level domain within the .com top-level domain.

The DomainDNSZones application scope will replicate DNS data to all DNS servers within a
domain.

A(n) AD Integrated Zone stores DNS data in Active Directory, rather than as part of text file.

Each DNS record has a(n) Time to Live (TTL) that indicates the maximum time that a record will
be cached by a DNS server before it is discarded.

A DNS server is considered authoritative for each zone that it hosts.

A DNS domain name like .ca or .ch is an example of a(n) country code domain.

Multiple Choice: circle the best answer(s) to the following questions.

1. A stub DNS zone only stores which domain record(s)? (Choose all that apply)

a. NS
b. A
c. CNAME
d. SOA
e. MX

2. Which port and transport protocol does the DNS service use to listen for hostname resolution
requests?

a. TCP port 25
b. TCP port 80
c. TCP port 53
d. UDP port 25
e. UDP port 80
f. UDP port 53
3. You want to configure a different list of root servers for your DNS server. Which file
in “%systemroot%\system32\dns” do you edit?

a. Cache.dns
b. Roots.dns
c. Zone.dns
d. Hints.dns

4. Which of the following commands would manually force a supported client’s Dynamic DNS
information to refresh?

a. Ipconfig /refresh
b. Ipconfig /registerdns
c. Ipconfig /flushdns
d. Ipconfig /displaydns

5. Round robin DNS is the process of?

a. Creating multiple host (A) records with the same name to multiple IP addresses
b. Creating multiple host (A) records with different names to a single IP address
c. Creating different priorities for an MX record
d. Enabling forwarding to root hint servers

6. An administrator wants to change the replication schedule for a DNS server but the
“Replication” button is grayed out. What type of zone is it?

a. Primary
b. Secondary
c. Active Directory Integrated
d. Caching-only

7. What is the file extension used with a HOSTS file?

a. .txt
b. .sam
c. .dat
d. .nbt
e. No file extension is used