Chapter 2 Flashcards
Two primary Zones
File based zones and active directory - integrated DNS zones
Primary Zone
Only zone type that can be edited or updated. This is bc the data in the zone is the original source of data for all domain in the zone. Updates to primary zone are mady by the DNS server that is authoritative for specific primary zone.
AD - Integrated Zone
Saves zone data in the active directory database Advantages are more security and automatic replication of zone data between DNS servers.
Secondary zone
Read-only copy of primary zone. To configure a secondary zone, you must know the IP address of the master DNS server. Stub zone AKA secondary zone
Stub zone
Special type of secondary zone in which only NS and A records of DNS servers are present. It keeps delegated zone info current, improves name resolution by enabling DNS server to preforms recursion using stub zone lists of name servers, simplifies DNS administration.
File base zone types
Primary zone, secondary zone, stub zone have commonalities. All hosted on standalone server without using Active directory and zone data is stored in a local zone file.
AXFR
Transfer of the complete zone. Happens only during initial configuration of a secondary DNS server.
IXFR
Incremental zone transfer of zone data. Only changes on a primary DNS server are transferred to secondary DNS server.
ForestDNSZones
Is a default Active Directory Partition. The msdcs zone saves its zone data by default in the ForestDNSZ one Partition. Any zone data saved in that partition is replicated to all domain controllers in the forest.
DomainDNSZones
DomainDNSZones is a default Active Directory partition used to replicate zone data to all domain cotrollers in a domain.
Application Directory Partition
Can be used as a custom partition to save DNS data and to replicate this data only to specific domain controllers. Administrator can individually define the name of the partition, replication scope, and enlisted domain controllers.
KSK
Signing key. For DNSSEC, this key validates the DNSKEY record. KSK signs the public ZSK key.
ZSK
Zone signing key pair. Each zone in DNSSEC has a ZSK, which is the private portion of the key that digitally signs records in the zone.
Trust Anchors
Recursive or forwarding DNS server recognizes that the zone supports NSSEC if it has a DNSKEY, also called a trust anchor, for that zone. DNSKEY and KS resource records are also called trust anchors.
msdcs zone
Automatically created during the installation of a DNS server. It is reserved for registering records for Microsoft domain controllers.
GlobalNames Zone
Use GlobalNames zone if you plan to retire WINS or if you need single-label name resolution
Zone transfer
Is the process of transferring zone data from a primary DNS server to one or more secondary DNS server. On a windows server 2016 DNS primary DNS server, zone transfer is disabled by default. Network traffic of zone transfer is not encrypted by default.
DNS server transfer policies
DNS server transfer policies are a new possiblility with Windows Server 2016. With these policies, you can specify whether to deny or ignore zone transfers based on different criteria.
Zone-level Statistics
Zone-level statistics give DNS server-level statistics to track sage or monitor DNS server performance.
Scaveging
Scavenging is a DNS server mechanism to clean up and remove stale resource records based on time stamps..
TLSA Record
TLSA DNS resource record (RR) associates a TLS server certificate association
Unknown record support
As of windows server 2016, previously unknown resource recored types (such as TLSA records) are supported. Now you can add the unsupported record types into the windows DNS server zones in the binary on-wire Format.
DNS Analytical Logging
DNS analytical logs are not enabled by default. They typically affect only DNS server performance at very high DNS query rates.
To list all zones on the local DNS server
Use Get-DNSServerZone Powershell
