Configuring and Troubleshooting DNS

Question 1

How do you install DNS using PowerShell?

Answer 1

Install-WindowsFeature -Name DNSServer -IncludeManagementTools

Question 2

1. Iterative Query
2. Recursive Query

Answer 2

1. Iterative Query - Server returns the best answer, it never sends out an additional query. It may refer you to another server through a referral
2. Recursive Query - client asks server to respond either with the requested answer or with an error

Question 3

What is the difference between a Forwarder and a Conditional Forwarder?

Answer 3

• Forwarder: If the name query cannot be resolved using its local zone data or cache, then it will forward the query to the DNS server designated as a forwarder
• Conditional Forwarder: Conditional forwarders are DNS servers that only forward queries for specific domain names

Question 4

How do you configure a DNS forwarder?

Answer 4

• Open DNS Manager
• Right-Click the Server, and select Properties
• Select the Forwarders tab
• Select Edit
• Add the IP Address or DNS Name
• Add the number of seconds before the forward query times out

Question 5

How do you configure a conditional forward?

Answer 5

1. Open DNS Manager
2. Expand the Server
3. Right-Click Conditional Forwarders, Select New Conditional Forwarder
4. Add the IP Address
5. Select if you want to store the conditional forwarder in AD

Question 6

What is the following DNS record?

SOA

Answer 6

Start of Authority Record

Question 7

What is the following DNS record?

A

Answer 7

Host Address Record (IPv4)

Question 8

What is the following DNS record?

CNAME

Answer 8

Alias Record

Question 9

What is the following DNS record?

MX

Answer 9

Mail Exchanger Record

Question 10

What is the following DNS record?

SRV

Answer 10

Service Locator Record

Question 11

What is the following DNS record?

NS

Answer 11

Name Server Record

Question 12

What is the following DNS record?

AAAA

Answer 12

IPv6 host address record

Question 13

What is the following DNS record?

PTR

Answer 13

Pointer resource record

Question 14

How would you create a DNS Record in PowerShell?

1. A
2. AAAA
3. CName
4. MX
5. PTR
6. How would you create an other type of record?

Answer 14

1. Add-DnsServerResourceRecordA
2. Add-DnsServerResourceRecordAAAA
3. Add-DnsServerResourceRecordCName
4. Add-DnsServerResourceRecordMX
5. Add-DnsServerResourceRecordPtr
6. Add-DnsServerResourceRecord
   • Follow-up Question: Can it create the records mentioned before and how?
     
     • Answer: Yes, just append a dash record type to the cmdlet

Question 15

What are the following types of zones?

1. Primary
2. Secondary
3. Stub
4. Active-Direcotry integrated

Answer 15

1. Read/Write copy of a DNS Database
2. Read-Only copy of a DNS database
3. Copy of a zone that contains only records used to locate name servers
4. Zone data is storead in AD rather than in Zone Files

Question 16

Where would you configure Zone Transfers?

What are your options?

Answer 16

• The Zone Properties and the Zone Transfer Tab
  
  • Options:
    
    • Any Server
    • Name Server
    • Only the following Servers:

Question 17

How would you configure Zone Tranfers via PowerShell?

Answer 17

Set-DnsServerPrimaryZone -Name <zone> -SecureSecondaries </zone>

• NoTransfer - No transfers are allowed for this zone from this server.
• TransferAnyServer - Any server can request a zone transfer, including servers that you know nothing about and don’t manage or control.
• TransferToZoneNameServer - Only servers in the NS records for this zone are allowed to request transfers.
• TransferToSecureServers - Only servers specified with the -SecondaryServers
  parameter are allowed to request a zone transfer.
  
  • ex. Set-DnsServerPrimaryZone -Name <zone> -SecureSecondaries -SecondaryServers <ipv4></ipv4></zone>

Question 18

Where would you configure notifications so that Name Servers are up to date?

What are the options?

Answer 18

The Zone Properties, Zone Transfers Tab, select the Notify Button

• Servers listed on the name servers tab
• The Following Servers

Question 19

How would you configure notification settings via PowerShell?

What are the three options?

How do you use them?

Answer 19

Set-DnsServerPrimaryZone -Notify

The equivalent Set-DnsServerPrimaryZone parameter is the -Notify parameter, which accepts the following strings:

1. NoNotify - No notifications are sent, and secondary servers need to manually request a zone transfer or update.
   
   • Set-DnsServerPrimaryZone -Name <zone> -Notify NoNotify</zone>
2. Notify - All servers for whom there are NS records in the zone are automatically notified whenever a change is made to the zone.
   
   • Set-DnsServerPrimaryZone -Name <zone> -Notify Notify</zone>
3. NotifyServers - Only servers specified by the -NotifyServers parameter are automatically notified of changes to the domain. Any other servers that are allowed to request zone transfers must request the transfer manually.
   
   • Set-DnsServerPrimaryZone -Name <zone> -Notify NotifyServers -NotifyServers <ipv4></ipv4></zone>

Question 20

How would you have a DNS Server re-regester all services?

Answer 20

net stop netlogon

net start netlogon

Question 21

What Zones can be stored in Active Directory?

Answer 21

• Primary
• Stub

Question 22

When would you want to set up a Stub Zone?

Answer 22

When you want to set up a dynamic link between two companies. (Partner Companies)

This would allow clients to use the stub zone to find the server to resolve the DNS request to. Contains only Start Of Authority and Name Servers

Question 23

When would you use a conditional fowarder?

Question 24

How do you configure zone delegation via GUI?

PowerShell?

Answer 24

1. Open DNS Manager:
   
   1. Select the Zone
   2. Right-Click, New Delgation
   3. Enter the Delegated Domain
   4. Add the IP Address for the Name Server
2. Add-DnsServerZoneDelegation -Name “<parent>" -ChildZoneName "<child>" -NameServer "<name>" -IPAddress <ip></ip></name></child></parent>

Question 25

If you create an Active Directory Integrated Primary Zone, what are the different replication options and what do they mean?

Answer 25

* Forest Wide - All DNS Servers in the forest get a copy of the zone * Domain Wide - All DNS Servers in the Domain get a copy of the zone

Question 26

What is a conditional forwarder?

Answer 26

Sends a query to a name server based on domain name

Question 27

What is a server level forwarder?

Answer 27

Short Answer: a recursive query to another DNS Server that is used to get either a positive or negative response but not a referal. Long Answer: Forwarders, on the other hand, use recursive queries. If forwarders are configured, when the local DNS server can't resolve a query, it sends a recursive query to one of the forwarders in its list. This type of query tells the forwarder that the local server will accept either a positive or negative response, but not a referral. Essentially, the forwarder does the work of tracking down the record in the query, which may involve the referral process above, and the local server simply waits for the response, which it then sends to the querying client.

Question 28

What is DNS Round Robin? Is it fault tolerant if a server drops?

Answer 28

It switches which resource record is being given (ie for a website). This is not fault tolerance

Question 29

What is the SOA record responsible for? What is it for?

Answer 29

It is for every forward look up zone created * Incrementing the Serial Number * Identifying the primary Server - Identify the DNS server that is authoritative for all information within the domain. * Identifying the Responsible person - List the email address of the person in charge of the domain. * The refresh interval - Control how often secondary servers check for changes to the zone file. * The retry interval - Control how often secondary servers will retry to check for changes to the zone file if it fails. * The Expires after - Control how long secondary servers keep the zone file active when the primary server cannot be contacted. * The default TTL - Control how long a negative response is cached by a DNS resolver (but for some DNS servers, this is also how long a DNS resolver should cache any response). * TTL for SOA The purpose of the SOA record is: * Control how long a negative response is cached by a DNS resolver (but for some DNS servers, this is also how long a DNS resolver should cache any response).

Question 30

What is a NS record responsible for?

Answer 30

List all the name servers for the zone

Question 31

How do you create a Reverse Lookup Zone?

Answer 31

1. Open DNS Manager 2. Expand the Server 3. Select Reverse Lookup Zone, Right-Click select New Zone 1. Select a Primary, Secondary, Stub, or Primary AD-integrated 4. Select Replication Scope 1. Forest, Domain 5. Select Address type - IPv4 or IPv6 6. Enter the network ID - IP Subnet 7. Dynamic Update 1. Secure (AD only) 2. Nonsecure and Secure 3. Do not allow updates 8.

Question 32

How do you store Conditional Forwarder's in Active Directory?

Answer 32

When creating them check the box to store the conditional forwarder in AD. You can also specify the number of seconds before forward queries time out

Question 33

How would you change a single DNS Records TTL?

Answer 33

Edit the Record on the Time to Live. To view this you will have to: 1. Click View 2. Select Advanced

Question 34

How would you change the default TTL for all new records?

Answer 34

Open the Start of Authority (SOA) record and change the minimum (default) TTL

Question 35

If a record is... 1. Created by Hand 2. Created by Dynamic DNS What is the default TTL?

Answer 35

1. 1 hour 2. 20 minutes

Question 36

How do you configure DNS Round Robin?

Answer 36

You create resource records (A or AAAA) witht he same name pointing to each server in the round robin. Note: It is turned on by default in Windows Server 2012R2

Question 37

1. How might you speed up the turn over of returned records in a DNS Round robin? 2. How might you return better random returns in a DNS Round robin?

Answer 37

1. Reduce the TTL for the Records 2. Turn off netmasking ordering

Question 38

When configuring a DNS records priority which will be returned more?

Answer 38

The one with the lowest number

Question 39

When configuring a DNS Records weight, given that the servers have the same priority which will be returned more?

Answer 39

The one with the higher value

Question 40

Please indicate what the numbers in the photo refer to?

Answer 40

1. Priority 2. Weight 3. Port Number

Question 41

How would you change the Weight for a record using powershell?

Answer 41

1. $Variable = $Variable2 = Get-DnsServerResourceRecord -Name -ZoneName -RRType 2. $Variable .RecordData.Weight = 20 3. Set-DnsServerResourceRecord -NewInputObject $Variable -OldInputObject $Variable2 -ZoneName Example: 1. $NewRRObj = $OrigRRObj = Get-DnsServerResourceRecord -Name trey-wds-11 -ZoneName TreyResearch.net -RRType A 2. $NewRRObj.RecordData.Weight = 20 3. Set-DnsServerResourceRecord -NewInputObject $NewRRObj -OldInputObject $OrigRRObj -ZoneName treyresearch.net

Question 42

How would you change the TTL for a record using powershell?

Answer 42

1. $Variable = $Variable2 = Get-DnsServerResourceRecord -Name -ZoneName -RRType 2. $Variable.TimeToLive = [System.TimeSpan]::FromHours(2) 3. Set-DnsServerResourceRecord -NewInputObject $Variable -OldInputObject $Variable2 -ZoneName Example: 1. $NewRRObj = $OrigRRObj = Get-DnsServerResourceRecord -Name trey-wds-11 -ZoneName TreyResearch.net -RRType A 2. $NewRRObj.TimeToLive = [System.TimeSpan]::FromHours(2) 3. Set-DnsServerResourceRecord -NewInputObject $NewRRObj -OldInputObject $OrigRRObj -ZoneName treyresearch.net

Question 43

What are the requirements for Secure Updates? How do you configure secure dynamic updates?

Answer 43

1. The zone must be AD Integrated 2. Do the following: 1. Expand the Server 2. Expand the Forward lookup Zones 3. Select and Right-Click on the Zone 4. Select Properties 5. On the General Tab select Dynamic Updates: Secure only

Question 44

Can you convert a file-base zone to an AD integrated zone by using PowerShell?

Answer 44

Yes using: ConvertTo-DnsServerPrimaryZone -Name -ReplicationScope -Force

Question 45

1. How would you configure all Zones to use scavenging? 2. How would you configure just one Zones to use scavenging?

Answer 45

1. The following Steps: 1. Right Click the Server, Select Set Aging/Scavening for All Zones * Check Scavenge stale resource records, Click ok * Check Apply These Settings To The Existing Active Directory-Integrated Zones 2. Right-Click the Server, Select Properties * Click the Advanced Tab * Select Enable Automatic Scavenging of stale records 2. The following Steps: 1. Right Click the Server, Select Set Aging/Scavening for All Zones 1. Check Scavenge stale resource records, Click ok 2. Click Ok 2. Right Click the Zone, Select Properties 1. On the General Tab, select Aging 2. Check Scavenge stale resource records