Chapter 1 Flashcards by Kenton Tofte

What is the length limit of a host name?

255 characters

How well did you know this?

Not at all

Perfectly

What kinds of characters can a host name contain?

Letters, numbers, periods, and hyphens

How well did you know this?

Not at all

Perfectly

What is the length limit of a NetBIOS name?

16 characters

How well did you know this?

Not at all

Perfectly

What are the requirements to install the DNS server role?

You must be signed in as an administrator, and the server must have a static IP address

How well did you know this?

Not at all

Perfectly

How do you install the DNS server role using PowerShell?

Add-WindowsFeature DNS -IncludeManagementTools

How well did you know this?

Not at all

Perfectly

How do you install the DNS server role as part of a Nano Server deployment?

New-NanoServerImage Packages Microsoft-NanoServer-DNS-Package

How well did you know this?

Not at all

Perfectly

How do you enable the DNS server role on Nano Server using PowerShell?

Enable-WindowsOptionalFeature -Online -FeatureName DNS-Server-Full-Role

How well did you know this?

Not at all

Perfectly

What type of DNS integration is not supported by Nano Server?

Active Directory

How well did you know this?

Not at all

Perfectly

What DNS function enables a server to redirect requests it is unable to resolve?

Forwarding

How well did you know this?

Not at all

Perfectly

What DNS function enables a server to redirect requests for certain domain names to designated servers?

Conditional forwarding

How well did you know this?

Not at all

Perfectly

What DNS function helps DNS servers resolve domains for which they do not have authoritative information?

Root hints

How well did you know this?

Not at all

Perfectly

Where are root hints stored on a DNS server?

%systemroot%\System32\dns\CACHE.DNS

How well did you know this?

Not at all

Perfectly

What PowerShell commands can be used to view and modify DNS root hints?

Add, Remove, Set, Get, and Import-DnsServerRootHint

How well did you know this?

Not at all

Perfectly

What DNS function enables a server to perform DNS queries on a client’s behalf?

Recursion

How well did you know this?

Not at all

Perfectly

For security reasons, what DNS feature should be disabled on DNS servers and how can it be disabled?

Recursion should be disabled (if not needed) to prevent DoS attacks
From DNS Manager, right-click server > Properties > Advanced tab > Server options list > Select “Disable Recursion” > Click OK

How well did you know this?

Not at all

Perfectly

What DNS server feature allows for recursion to be performed more securely?

Recursion scopes

How well did you know this?

Not at all

Perfectly

Which PowerShell cmdlets are used to create DNS recursion scopes?

Add-DnsServerRecursionScope to create scope

Add-DnsServerQueryResolutionPolicy to send certain queries to scope

How well did you know this?

Not at all

Perfectly

What DNS function allows clients to verify they are communicating with a genuine DNS server?

DNSSEC

How well did you know this?

Not at all

Perfectly

From where does a DNSSEC client obtain a public key to validate a DNS server’s signature?

Trust anchors

How well did you know this?

Not at all

Perfectly

What must be created on a DNS server to use DNSSEC?

TrustAnchors zone to store public keys

Name Resolution Policy Table (NRPT) to provide clients with DNSSEC rules

How well did you know this?

Not at all

Perfectly

How are NRPTs usually distributed?

Through a GPO

How well did you know this?

Not at all

Perfectly

What DNS function enables a server to use a random source port when issuing DNS queries?

DNS socket pool

How well did you know this?

Not at all

Perfectly

What is the size range of a socket pool?

0 - 10,000

How well did you know this?

Not at all

Perfectly

What is the default size of a socket pool?

2,500

How well did you know this?

Not at all

Perfectly

What command is used to resize the DNS socket pool?

``` dnscmd /config /socketpoolsize # The DNS server must be restarted after this ```

What DNS function helps a server prevent attackers from poisoning the DNS cache?

Cache locking

Which PowerShell cmdlet is used to configure DNS cache locking?

Set-DnsServerCache -LockingPercent

What DNS function helps servers prevent DoS attacks on other DNS servers?

Response rate limiting

How can response rate limiting be enabled on DNS servers?

Set-DnsServerResponseRateLimiting

What DNS function helps prevent man-in-the-middle attacks?

DNS-Based Authentication of Named Entities (DANE)

How are DNS resource records with multiple IP addresses stored?

In multiple zone scopes

How can DNS be configured to respond with different results based a client's location?

Add clients to a client subnet, then create a query resolution policy pointing their requests to a particular zone scope

What three groups have administrative access to DNS servers?

Domain Admins: Full permissions in home domain Enterprise Admins: Full permissions in forest DnsAdmins: View/modify in home domain

What DNS server objects can have delegated administrative permissions?

Servers and zones

What is the name for a general DNS query to translate a hostname to an IP address, and how are these queries resolved?

Forward lookup queries, resolved by referencing forward lookup zones

What is the name for a DNS query to translate an IP address to a hostname, and how are these queries resolved?

Reverse lookup queries, resolved by referencing reverse lookup zones

What type of records do reverse lookup zones contain?

Pointer (PTR) records

What is a primary zone?

A copy of a zone that can be updated directly on a server

What info is contained in the Start of Authority (SOA) record?

``` Primary server Responsible person Refresh interval Retry interval Expires after TTL ```

What is a secondary zone?

A read-only copy of a zone

What DNS feature allows for delegating authority over part of a domain to another server?

DNS delegation

What features are provided by AD DS-integrated zones?

Multimaster updates Replication Secure dynamic updates Security through ACLs

What AD DS feature allows clients to update their own DNS records?

Secure dynamic updates

What are two ways to redirect query traffic to designated DNS servers?

Conditional forwarding and stub zones

What is the primary difference between a stub zone and conditional forwarding?

A stub zone contains the complete list of DNS servers in the other domain that is updated automatically, while conditional forwarding allows for pointing to a specific DNS server

What zone can be used as an alternative to running a WINS server for legacy clients?

GlobalNames zone

What DNS records contain IPv4 addresses?

Host A records

What DNS records contain IPv6 addresses?

Host AAAA records

What DNS record is created automatically with every primary zone?

A start of authority (SOA) record

What DNS record identifies authoritative name servers in a zone, along with delegated zones?

Name server (NS) records

What are SRV records?

Specify by service, protocol, and domain name which servers host a partiuclar service, so clients can find them using A or AAAA records

What is the format of a SRV record?

_Service.Proto.Name TTL Class SRV Priority Weight Port Target I.e. http._tcp.Contoso.com. IN SRV 0 0 80 www.Contoso.com

What DNS record is an alias for a host?

CNAME records

What DNS record identifies mail servers for SMTP?

MX records

How can MX records be used to distribute load across mail servers?

Use multiple MX records with different priorities

What DNS records are likely to be updated dynamically?

A, AAAA, PTR, and SRV records

Which PowerShell cmdlet is used to create DNS records?

Add-DnsServerResourceRecord

What DNS feature allows for outdated DNS records to be periodically removed?

Zone aging/scavenging

What two parameters determine scavenging behavior?

No-refresh interval: Period of time record is not eligible to be refreshed, default 7 days Refresh interval: Time between earliest moments when record can be refreshed and scavenged, default 7 days

In what order does DNS choose between different servers in a zone?

It finds the record with the lowest priority value. If the priorities are the same, it decides based on the proportion of weight values. If there are MX records, it looks for the one with the lowest preference value.

What value determines how long a record can reside in the DNS cache of a client or server?

Time to Live (TTL)

How do you add unknown records to DNS via PowerShell?

Use Add-DnsServerResourceRecord with the -Unknown parameter

How do you implement DNS round robin?

Used the Advanced server settings dialog to add multiple IP addresses to the same record

What is a form of DNS round robin that allows clients to receive a result based on their subnet?

Netmask ordering

What are the two kinds of DNS scopes?

Zone scopes: collections of resource records | Recursion scopes: collection of settings that define recursion behavior in a zone

What is the relationship between zones, scopes, and records?

Zones can contain multiple scopes, scopes contain records, but records can exist across multiple scopes using different IP addresses

Which PowerShell cmdlet is used to create DNS client subnets?

Add-DnsServerClientSubnet

Which PowerShell cmdlet is used to create zone scopes in DNS?

Add-DnsServerZoneScope

How do you place resource records into a particular zone scope?

Use the Add-DnsServerResourceRecord cmdlet with the -ZoneScope option

What type of events log every time a DNS server, zone, or resource record is changed?

DNS Audit Events

What type of events log every time a DNS server sends or receives DNS information?

DNS Analytic Events

How do you view zone level statistics of a DNS server?

Use the Get-DnsServerStatistics cmdlet with the -ZoneName option

Chapter 1 Flashcards

(72 cards)