Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
58 Cards in this Set
- Front
- Back
Who assigns top-level domains?
|
ICANN
|
|
What are the three types of DNS queries?
|
Recursive, iterative, and inverse
|
|
What is an iterative query?
|
A DNS query where the DNS server is expected to return the best answer based on information in its own database
|
|
What is a recursive query?
|
A DNS query where the DNS server is expected to return either the answer or an error, even if it has to query other DNS servers to find the answer
|
|
What are the three options for DDNS secure updating?
|
none, nonsecure and secure, secure only
|
|
What is nonsecure DNS updating?
|
Where any computer can update a DNS table
|
|
What is secure DNS updating?
|
DNS queries AD to verify that an updater has a valid computer account
|
|
What is an inverse query?
|
A DNS query using PTR records to look up a hostname based on the IP address
|
|
What type of record does an inverse query use?
|
PTR records
|
|
What domain is used for inverse queries?
|
in.addr.arpa
|
|
How is in.addr.arpa arranged?
|
by IP address in reverse octet order
|
|
What does TTL specify?
|
How long a record may be cached
|
|
What is a negative cache TTL?
|
the amount of time to cache the fact that a record doesn't exist
|
|
What type of DNS query looks up hostnames based on IP address?
|
an inverse query
|
|
What filename extension do primary DNS zone files have?
|
.dns
|
|
What are two advantages of secondary DNS zones?
|
fault tolerance and load reduction
|
|
When choosing a DNS zone type, how do you specify an Active Directory-integrated zone?
|
check "Store the Zone in Active Directory" on the Zone Type screen
|
|
What server requirements exist for creating an AD-integrated zone?
|
The DNS server must be a writable DC
|
|
What do stub zones do?
|
Identify the authoritative DNS server for a zone
|
|
What three types of records can a stub zone contain?
|
Name Server (NS), Start of Authority (SOA), and glue Host (A) records
|
|
What do GlobalName Zones do?
|
map single-label names (CNAME) to FQDN's
|
|
Are GlobalName Zones dynamic?
|
no
|
|
What are the 2 types of zone transfers?
|
full zone transfers (AFXR) and incremental zone transfers (IXFR)
|
|
When do secondary DNS zones initiate incremental zone transfers?
|
When the refresh interval expires or the server reboots
|
|
What is DNS Notify?
|
the mechanism for notifying secondary DNS servers that a change has occurred
|
|
What does Background Zone Loading do?
|
loads AD zone data immediately when a DNS server restarts
|
|
What zone type was implemented to support using RODC's as DNS servers?
|
Primary Read-Only zones
|
|
What do DNS socket pools do?
|
allow source port randomization to protect against DNS cache poisoning
|
|
What technology was created to help prevent DNS cache poisoning?
|
DNS socket pools
|
|
What is DNS cache locking?
|
design that prevents cached records from being overwritten for a percentage of the record's TTL (default 100%)
|
|
What does DNSSEC do?
|
uses zone signing to secure resource records
|
|
Does DNSSEC sign entire zones, or individual records?
|
individual records
|
|
What are the digital signatures produced by DNSSEC called?
|
RRSIGs
|
|
What are trust anchors?
|
preconfigured public keys linked to a DNS zone
|
|
Where are trust anchors stored in an AD-integrated DNS zone?
|
in the directory partition of the forest
|
|
Where are trust anchors stored on a standalone DNS server?
|
in TrustAnchors.dns
|
|
What powershell command will retrieve trust anchors?
|
get-dnsservertrustanchor
|
|
What OS's can act as DNSSEC clients?
|
Windows 7 and above
|
|
What is DNS devolution?
|
DNS clients don't need to provide the full FQDN to search the parent namespace
|
|
What system is netmask ordering a part of?
|
round robin
|
|
What does netmask ordering do?
|
returns the host address on the same subnet as the resolver for a service
|
|
What does an SOA do?
|
identifies the general parameters of a DNS zone, including authoritative server
|
|
How is round robin configured in DNS?
|
add multiple A records with same hostname but different IP addresses
|
|
What is WINS forward lookup?
|
DNS passes queries it can't resolve to WINS for resolution
|
|
How are delegated zones configured?
|
place a delegation record in other zones for each delegated zone pointing to the authoritative server
|
|
What are the 2 types of DNS forwarding?
|
external and conditional
|
|
When are dynamic DNS records removed by the DNS client?
|
When the client shuts down cleanly
|
|
What determines if a DNS record is considered stale?
|
The scavenging interval
|
|
What determines when stale records are removed?
|
the cleanup interval
|
|
What DNS server tab has tools to test DNS?
|
Monitoring
|
|
What tab can be used to monitor inbound/outbound DNS traffic?
|
Debug Logging
|
|
What should you do if a simple query fails?
|
check to make sure zone 1.0.0.127.in-addr.arpa exists
|
|
What should you do if a recursive query fails?
|
check root hints and root servers
|
|
What are the two modes for nslookup?
|
standalone (single command) and interactive (multiple commands)
|
|
What does DNSLint /d do?
|
diagnoses "lame delegation"
|
|
What does DNSLint /ql do?
|
verifies a user-defined set of DNS records on multiple servers
|
|
What does DNSLint /ad do?
|
Verifies DNS records related to AD replication
|
|
What needs to be done to allow a zone transfer to a BIND DNS server?
|
enable BIND Secondaries on the Microsoft DNS server
|