Networking terms Flashcards

Question

SONET

Answer 1

SONET stands for **synchronous optical networking**, and is a WAN technology that uses optical fiber as its transmission medium).

Answer 2

a border router, because it sits on the border of the LAN

Answer 3

In computer networking, gigabit Ethernet (GbE or 1 GigE) is a term describing various technologies for transmitting Ethernet frames at a rate of a gigabit per second (1,000,000,000 bits per second), as defined by the IEEE 802.3-2008 standard.

Answer 4

Internet Service Provider

Answer 5

Optical Carrier level 12, which transmits data at 622Mbps

Answer 6

Optical Carrier level 19212, capable of transmitting data at almost 10 Gigabits per second [Gbps]

Answer 7

A list of available routes to network destinations.

Answer 8

route print

Answer 9

The number of routers traversed to reach a given destination.

Answer 10

this is sometimes referred to as default route) The route used when no other routing-table entries identify a means of reaching the destination IP address.

Answer 11

With static routing, a network administrator manually enters the entries into the routing-table. In dynamic routing, routers communicate to create a map of the network, to communicate router failures, and to determine the best route for a given packet.

Answer 12

Routing Information Protocol RIP version 2 RIP next generation

Answer 13

Open Shortest Path First

Answer 14

The time it takes dynamic routers to reconfigure their router-centric map of the network after a change in network topology.

Answer 15

When routing-table changes occur in a network with dynamic routers, routers advertise those routing-table changes to the rest of the routers on the network through flooding.

Answer 16

When routers are configured such that a packet gets forwarded from one router to another router, then back to the originating router to begin the circle again, it is considered a routing loop. Routing loops occur when routers are misconfigured.

Answer 17

Routes that send packets to a dead end. In simple terms, a black hole is a routing-table entry with no listening router at its destination.

Answer 18

**Time To Live** The hop count before a packet is destroyed by a router.

Answer 19

**Interior Gateway Protocol** Communication between routers in the same interconnected network uses an Interior Gateway Protocol (IGP). For example, you would use an IGP for communication among routers within a corporate network, or within a community college network.

Answer 20

**Routing Information Protocol** (RIP) and **Open Shortest Path First** (OSPF) are the two most popular IGPs.

Answer 21

In contrast to IGPs, an **Exterior Gateway Protocol** (EGP) enables communication between routers that are not part of the same local network.

Answer 22

providing more than one path to segments in a network.

Answer 23

We often refer to broadcast packets simply as broadcasts, and we use them for a variety of administrative networking purposes—not just for routing protocols.

Answer 24

Windows Internet Name System

Answer 25

autonomous system OSPF works on the premise of an autonomous system (AS) and further segments its networkwide hierarchical organizational unit into smaller, easier-to-manage groups called areas. An AS is the highest level of organization for an OSPF network.

Answer 26

Areas are groups of segments that are within an AS and that work as individual administrative, routing-area units.

Answer 27

Routers that function within an area and do not have interfaces to segments outside the area they reside in.

Answer 28

Within an area, certain routers are designated to manage administrative routing information for other routers within the area. This approach minimizes the amount of traffic necessary to dynamically administer routers in an OSPF network.

Answer 29

Routers that handle communication between areas. An area border router is attached (has an interface connected) to two areas. An area border router maintains information about each area to which it has an interface, and communicates that information to the backbone.

Answer 30

Routers that have at least one interface connected to the OSPF backbone.

Answer 31

There are often instances when a LAN will have access to areas outside its AS, such as a connection to the Internet. We call these AS boundary routers—routers with interfaces that reach outside the AS.

Answer 32

Packets per second how many packets a router can send through its system each second, either on a systemwide basis (more common) or a single interface-pair basis. This is one of the two key metrics for routers. The other is...

Answer 33

able to forward Ethernet (100 Mbps) at all packet sizes

Answer 34

the time it takes a packet to get accepted on one interface on the router, and then sent out onto its other (properly routed) interface on the router. Put another way, latency is the time it takes a packet to get through the router. This is one of the tow key metrics for routers. The other is...

Answer 35

IP addresses based on the 6 classes of IP addresses. Class A, B, C, D (E - not usually referred to in Class discussions).

Answer 36

IP address are presented in decimal format (versus binary format), delimited using decimals (the dots between the numbers).

Answer 37

A collection of 8 ones and zeros. Each number in an IP address can be written as a binary octet.

Answer 38

A network mask acts as a filter. When applied to an IP address, the network mask identifies which part of the IP address defines the network; the remaining information in the IP address is the client’s unique address. In a network mask, when expressed in binary, the ones designate the portion of the IP address that identifies the network. Conversely, when a network mask is expressed in binary, the zeros designate the portion of the IP address that uniquely identifies the client’s address within that network.

Answer 39

First octets 1- 126 Class A has the last three octets available for client identification because only the first octet identifies the network. Class A networks would be appropriate for huge organizations like the U.S. military or the entire federal government. Each Class A network can provide more than 16 million unique IP addresses within its network.

Answer 40

First octets128-191A Class B has the first two octets reserved for the network address, leaving only the second and last octet available for client identification. Each Class B network has 65,534 unique IP addresses within its network.

Answer 41

First octets 192-223 Class C has the first 3 octets reserved for the network address, leaving only the last octet available for client identification. Each Class C network has 254 unique IP addresses.

Answer 42

First octets 224-239 Class D addresses are reserved for a specialized network transmission called multicast.

Answer 43

**Any IP address in the 127.x.x.x range**. Packets sent to the 127.x.x.x address range go down through the networking stack, then immediately back up that same networking stack on the same machine. The packet never reaches the wire.

Answer 44

**ping** The ping utility is a simple test utility that sends a single packet to the target IP address, and the target IP address returns a ping packet back in response.

Answer 45

Fully Qualified Domain Name.

Answer 46

Internet Assigned Numbers Authority

Answer 47

Zeros in the client portion are for router broadcasts, which enable routers to communicate information or solicit information directly between routers on a subnet.

Answer 48

The use of 255 in the final octet of an IP address designates a broadcast address. A broadcast is a packet addressed to every node on the subnet but to no node in particular.

Answer 49

Transmission Control Protocol

Answer 50

Internet Protocol

Answer 51

User Datagram Protocol

Answer 52

Hypertext Transfer Protocol

Answer 53

Secure Hypertext Transfer Protocol

Answer 54

Dynamic Host Configuration Protocol

Answer 55

Simple Mail Transfer Protocol

Answer 56

Internet Message Access Protocol

Answer 57

Post Office Protocol version 3

Answer 58

Internet Control Message Protocol

Answer 59

Simple Network Management Protocol

Answer 60

Network Time Protocol

Answer 61

Address Resolution Protocol

Answer 62

**Classless Inter-Domain Routing** With CIDR, the network mask does not have to align with the octet boundary. With CIDR, you can still have the first eight bits denote the network, or you can have the first nine bits, the first 12 bits, the first 27 bits, or any other arrangement.

Answer 63

We call a **collection of IP addresses based on CIDR notation** a CIDR block. CIDR represents these blocks of IP addresses with a slash ( / ) and then a number. The number after the slash is the CIDR-based binary network mask, and that number specifies how many binary bits, starting on the left, constitute the network mask. So a CIDR block represented as 22.21.103.19/9 uses the first nine binary bits as the network mask, and leaves the remaining 23 bits (32 binary bits in an IP address, minus nine for the network mask, leaves 23) for individual IP addresses.

Answer 64

**Routing Information Protocol** (RIP)

Answer 65

Open Shortest Path First OSPF is a step up from RIP in terms of routing protocols. It has more inherent capabilities than RIP, but its deployment in a network requires more planning and a thorough understanding of the protocol itself. Due to its increased capabilities, OSPF is more difficult to deploy than RIP. But in many cases, its benefits are worth it. OSPF takes static and dynamic network conditions, such as bandwidth availability and network congestion, into consideration when determining the best route for a packet to take through the network.

Answer 66

In Windows, an object maintains its security information in something called an **access control list** (ACL).

Answer 67

There are two primary types or ACLs: ## Footnote The **discretionary access control list** (DACL),which is an ACL that maintains data indicating which users have access to the object, and the access permissions those users have The system access control list (SACL), which is an ACL that the system uses to track events for auditing purposes

Answer 68

There are two primary types or ACLs: ## Footnote The discretionary access control list (DACL),which is an ACL that maintains data indicating which users have access to the object, and the access permissions those users have The **system access control list** (SACL), which is an ACL that the system uses to track events for auditing purposes

Answer 69

Upon creation, each user and group receives a unique **security identifier**, commonly referred to as a SID.

Answer 70

To reflect the need to collect all permissions a user has, **Windows packages all SIDs associated with a user or group when attempting to access an object**. We call this collection of SIDs a security token.

Answer 71

That’s the breakdown of how security operates on objects in Windows environments. These basic components—**SIDs, the security token, and ACLs on computer objects**—are security primitives. They are the lowest building block of operating-system-based security. From these building blocks, even more elaborate security implementations are dreamed up.

Answer 72

**The means by which that security token is transmitted across the network** is called the security protocol.

Answer 73

Windows and Windows Server provide the following security protocols: ## Footnote **Kerberos version 5** **NTLM** digital certificates / public key infrastructure (**PKI**) Secure Sockets Layer/Transport Layer Security (**SSL/TLS**)

Answer 74

Kerberos V5 protocol is appropriate for most Windows **logon features and authentication**, and it’s the default authentication method for large Windows deployments (Windows deployments that implement a domain structure). When a user logs on to a Windows computer, the authentication of that user generally occurs within the organization's local network, versus going across the Internet, for example.

Answer 75

NTLM is on Windows **primarily for backward compatibility** with networks running older versions of Windows or Windows Server, but it’s no longer the security protocol of choice. There are **certain circumstances when NTLM is used for authentication**, generally when Kerberos-based authentication is not available, but those circumstances are limited. These days, Kerberos protocol is the security protocol most widely used in Windows deployments.

Answer 76

Digital certificates are appropriate for use with a PKI deployment, which is an **Internet-based authentication infrastructure**. We use **digital certificates to ensure that the person attempting to log on, or the server someone is attempting to connect to, is indeed the entity it claims to be**. I mentioned that the Kerberos protocol is appropriate for logging on inside an organization's network; PKI is appropriate when the logon process must occur over the Internet, because it provides security better suited for that environment. In a Windows deployment, digital-certificate authentication maps a user to a Windows user account, so the Windows user account—with its associated security token, and the Windows security implementation—is still used.

Answer 77

SSL/TLS is appropriate for **connection-oriented security**, such as access to Web-based resources on an intranet or the Internet

Answer 78

If your logon credentials specify that your user account is on the local computer, Windows passes your credentials to the **Windows security subsystem**. (This security subsystem is Winlogon, and it’s a small software component that is part of the Windows operating system.)

Answer 79

If your logon credentials specify membership in a Windows domain—a domain is a large grouping of users and computers in a Windows network deployment—the local computer checks with another computer (called a domain controller) to ensure that your user name and password are the same as those that the domain controller holds. **A domain controller is a special computer that holds domainwide information, including security information.**

Answer 80

logging on, which occurs once per logon session. I also explained that authentication is the process of proving you are who you say you are, and that also generally occurs only once per session. Authorization, on the other hand, **occurs frequently during any given logon session**. In fact, it occurs every time a user attempts to access a secured object. ## Footnote Authorization is the process of determining whether you, the logged-on and authenticated you, have **sufficient permissions to access a given object**. Authorization is determined by comparing a security principal’s access rights against the security descriptors of a given object. That authorization is performed by comparing access permissions on a given object to the user’s access rights.

Answer 81

**Public key infrastructure** (PKI) was created out of necessity. Organizations want to use the Internet for private purposes, but they need security. A PKI deployment can provide security for private organizations, enabling them to use the Internet for secure communication.

Answer 82

Data is scrambled, or encrypted, with something called a key. There are two types of keys in encryption technology: symmetric keys and asymmetric keys. ## Footnote **Symmetric keys are identical keys**.

Answer 83

Data is scrambled, or encrypted, with something called a key. There are two types of keys in encryption technology: symmetric keys and asymmetric keys. ## Footnote Symmetric keys are identical keys. They are similar to house keys in that multiple keys to your house are identical, and you can use any copy of the house key to lock or unlock your front door. Asymmetric keys are not identical. When asymmetric keys are used in encryption key technology, **two keys form a key pair. As such, if one key is used to encrypt data, the other key must be used to decrypt that data.**

Answer 84

With asymmetric key pairs, one key is generally a public key (**often published in some central repository such as a certificate authority**). The other key is the private key, and it must be secure so that no one but its owner has access to it.

Answer 85

With asymmetric key pairs, one key is generally a public key (often published in some central repository such as a certificate authority). The other key is the private key, and it **must be secure so that no one but its owner has access to it.**

Answer 86

With key pairs (asymmetric encryption technology), if one key is used to encrypt data, the other key is used to decrypt the data. **Either key can encrypt or decrypt, but the corresponding key is required to perform the opposite function** (decrypting or encrypting, respectively).

Answer 87

So if someone needs to send you encrypted data, he or she can **obtain your public key** (from the certificate server) and encrypt the data before sending it to you. When you receive the encrypted data, you use your private key to decrypt it, rendering the data readable once again.

Answer 88

Jack wants to send Ronald a message about hamburgers. Jack wants to encrypt the message, but he also wants Ronald to be able to verify that Jack sent the message. Jack encrypts the message with Ronald’s public key, and he includes a string in the message—the digital signature—that **is encrypted with his own private key**. Maybe the string reads, This message is from Jack. So, the bulk of the message is encrypted with Ronald’s public key (decrypted by Ronald using his own private key), but a string inside that encrypted message is encrypted with Jack’s private key. ## Footnote Remember that either the private key or the public key can encrypt data; the other key provides the opposite function. Ronald receives the message and decrypts it and then uses Jack’s public key to decrypt the digital signature. When the digital signature is verified, Ronald can confirm Jack’s identity as the sender of the message. Why does this work? Because only Jack has access to Jack’s private key. And the relationship between Jack’s private key and public key is such that verification of Jack’s digital signature is successful only if Jack’s private key generates (and encrypts) the signature. The string, This message is from Jack, is successfully decrypted using Jack’s public key only if Jack encrypted the string himself, using his private key.

Answer 89

The central authority guaranteeing user and computer identities is called the **certificate authority** (CA), which is **a computer that provides certificate services for a PKI deployment**. The CA can guarantee user and computer identities because the CA is the entity that **creates and issues encryption key pairs in the first place**. There may be many CAs in operation. Some are private, deployed by organizations that want to create, maintain, and deploy their own PKI. Others are public, such as VeriSign.

Answer 90

In terms of the information included in a digital certificate, there is a standard in existence that many CAs adhere to: the X.509 **standard for digital certificates**. An X.509 certificate contains the following fields: ## Footnote Version Serial number Signature algorithm ID Issuer name Validity period Subject user name Subject public key information Issuer unique ID Subject unique identifier Extensions Signature on the above fields Most PKI deployments are created for communication across the Internet for a dispersed agency (think of a government agency that has offices scattered across the country), or for communication from one agency to the other. *PKI is not generally for consumer activities, such as online shopping -- strange*.

Answer 91

probably the most widely used form of secure communication on the Internet—is **Secure Sockets Layer** (SSL). SSL was the predecessor to another secure communication protocol called Transport Layer Security (TLS). SSL and TLS are very similar. We generally consider them equivalent, in terms of their security. SSL is a software component that provides a secure communication channel between a client computer and a server—and it does this by implementing RSA data security encryption. RSA data encryption is a type of encryption that the RSA company created. SSL is implemented on Windows through the use of a DLL called schannel.dll. Invocation of SSL is transparent to users; when SSL is needed for a given connection, it is automatically implemented without user intervention.

Answer 92

SSL is a software component that provides a secure communication channel between a client computer and a server—and it does this by implementing RSA data security encryption. **RSA data encryption is a type of encryption that the RSA company created.**

Answer 93

**SSL is implemented on Windows through the use of a DLL** called schannel.dll.

Answer 94

SSL **authenticates** that data is being sent to its intended server and that the server is secure. SSL **encrypts data** as it travels between a client and a server. SSL ensures that the data the server receives **hasn’t been tampered** with along the way.

Answer 95

The activity of **establishing a secure line of communication using SSL, transmitting data back and forth between the client computer and the secured server, and then dismantling the secure communication line** is called an SSL session. SSL shares its encryption roots with digital certificates; SSL works on the basis of an **asymmetric key pair**, which is the same public/private key pair concept used in PKI deployments.

Answer 96

1. The client establishes a connection to the server. 2. The server sends its digital certificate, along with its public key. 3. The client and the server negotiate encryption depth: 1024 or 2048 for stronger security. The more bits, the more difficult it is to crack the code. 4. The client randomly generates a session key and encrypts the session key with the server’s public key. The session key—which has been encrypted with the server’s public key—can be decrypted only with the server’s private key, so the session key is secure as it’s transmitted over the Internet. 5. The server decrypts the session key, and a unique secure communications channel is established between the client and server, because all data will be encrypted or decrypted with that randomly generated session key.

Answer 97

**Servers that require a digital certificate from the client** create more work to establish the connection. We call this client certificate authentication.

Answer 98

Vitural Private Network

Answer 99

**Point-to-Point Tunneling Protocol**, more commonly called PPTP, was the first underlying networking protocol that enabled the creation of VPNs over the Internet. A few years later, engineers created another protocol to implement VPNs, called Layer 2 Tunneling Protocol, or L2TP.

Answer 100

Point-to-Point Tunneling Protocol, more commonly called PPTP, was the first underlying networking protocol that enabled the creation of VPNs over the Internet. A few years later, engineers created another protocol to implement VPNs, called **Layer 2 Tunneling Protocol**, or L2TP.

Answer 101

Both PPTP and L2TP add another header to a data packet at the IP layer, encapsulating the packet for transmission over another (usually public) network. Both PPTP and L2TP operate in a similar fashion, with one primary difference: PPTP encrypts a packet before sending it across the Internet, L2TP does not (we’ll discuss that encryption shortly). **Instead of encrypting a packet directly, L2TP relies on another protocol to handle the encrypting and decrypting.** Aside from that distinction, PPTP and L2TP protocols create VPNs in a similar way. In this chapter, we’re focusing on PPTP; L2TP operates in a similar fashion. When I mention PPTP, just know that I’m talking about L2TP as well.

Answer 102

Many organizations deploy **remote access servers** (RASs) in their networks. RASs are computers (or other devices, such as routers, that have built-in RAS/VPN capability) that connect Internet-connected devices to a private network, such as a corporate network.

Answer 103

You cannot start into the tunnel and choose different destinations, such as two or three other buildings’ lobbies. There is one beginning to the tunnel, and there is one end. It is a point-to-point connection, as the term goes.

Answer 104

I mentioned earlier that PPTP and L2TP simply add an IP header to the otherwise complete packet. The packet is considered encapsulated because that IP header is all that is used to route the packet through the Internet. Some people become confused because encapsulation suggests being completely shrouded (like soda being encapsulated in an aluminum can). For PPTP, adding that IP header is equivalent in electronic terms to putting that packet into a sealed aluminum can.

Answer 105

A single VPN server can handle thousands of individual VPN connections. In Windows, VPN capabilities are part of RRAS (**routing and remote access server**), which is part of all Windows servers used to provide secure remote access for remote users.

Answer 106

Windows Internet Name Service

Answer 107

But in certain situations, the domain-hierarchy part of the FQDN is cumbersome. To address those situations, there is a need for a local name that is relative to the DNS domain in which the host resides. We call that name the **relative distinguished name**, or the RDN. The RDN is **simply the single host name to the left of the leftmost dot in the FQDN**. For example, a host with an FQDN of server1.widgets.microsoft.com has a relative distinguished name of server1.

Answer 108

namespace: **A context within which the names of all objects must be unambiguously resolvable.** For example, the Internet is a single DNS namespace—within which all network devices with a DNS name can be resolved to a particular address, such as www.facebook.com to 69.63.189.16. ## Footnote A namespace can be flat or hierarchical.

Answer 109

DNS domains: Domains in DNS are familiar to anyone who has used the Internet. **Domains are sections in the DNS hierarchical namespace**, and we can divide each domains into subdomains. Domains in the gadgets.widgets.microsoft.com hierarchy, for example, include the gadgets, widgets, microsoft, and com domains.

Answer 110

Subdomain is simply a fancy name for a domain that is part of a parent domain. So, in widgets.microsoft.com, Microsoft is a subdomain of .com, and widgets is a subdomain of Microsoft.com.

Answer 111

DNS zone: **A boundary within the DNS hierarchical namespace.** We use DNS zones to delineate which DNS servers are responsible—sometimes called authoritative—for resolving name-resolution queries for a given section of the DNS hierarchy. ## Footnote **DNS zones differ from the domain structure in the following fashion: Zones can be composed of one or more DNS domains.** One zone in the gadgets.widgets.microsoft.com domain tree might be authoritative for the gadgets and widgets domains. In other words, there is not a requirement for DNS zones to have a 1:1 relationship with DNS domains.

Answer 112

root: **The uppermost domain in a hierarchical namespace**. The root, which we define as a dot (.), is the base at which any entire-domain-tree search must be initiated. **So the uppermost domain in the Internet is actually dropped off of common Web site browsing practice.** For example, when you visit www.facebook.com, you’re technically visiting www.facebook.com. (notice the dot after com in the address). **That final dot is the root of the Internet DNS hierarchical namespace.** Because there’s nothing after the dot, the dot is removed from browsers by convention.

Answer 113

name resolution: **The process of comparing a host name (such as a computer name, like server1.widgets.microsoft.com) to a list of resource records (RRs) and identifying the corresponding IP address.**

Answer 114

DNS server: **A computer that completes the process of name resolution in DNS**. DNS servers contain files, called zone files, that enable DNS servers to resolve names to IP addresses. When queried, a DNS server will respond in one of three ways: ## Footnote The server returns the requested name-resolution or IP-resolution information. The server returns a pointer to another DNS server that can service the request. The server indicates that it doesn’t have the requested information. DNS servers might query other DNS servers during the course of preparing to return the requested resolution information. But beyond that, DNS servers don’t perform any operations other than those mentioned in the previous list.

Answer 115

DNS servers contain files, called zone files, **that enable DNS servers to resolve names to IP addresses**. When queried, a DNS server will respond in one of three ways: ## Footnote The server returns the requested name-resolution or IP-resolution information. The server returns a pointer to another DNS server that can service the request. The server indicates that it doesn’t have the requested information. A zone file is simply a collection of RRs. A zone file—sometimes referred to as a db file or, simply, the database—is the complete collection of resource records for a given DNS zone. DNS servers use a local copy of the zone file to resolve queries. (Local copy means the file actually resides on the DNS server computer itself.) Each zone file contains all the RRs necessary to resolve queries for the zone.

Answer 116

The **primary server is the authoritative server for the zone**. All administrative tasks associated with the zone (for example, creating subdomains within the zone, or other administrative tasks) must be performed on the primary server. In addition, any changes associated with the zone or any modifications or additions to resource records (RRs) in the zone’s zone files must be made on the primary server. For any given zone, there is one primary server. ## Footnote **Secondary servers are backup DNS servers**. Secondary servers receive all of their zone files from the primary server’s zone files in a zone transfer. You can have multiple secondary servers for any given zone—as many as are necessary to provide load balancing, fault tolerance, and traffic reduction. Additionally, any given DNS server can be a secondary server for more than one zone. Here’s an example:

Answer 117

In addition to primary and secondary DNS servers, there are three additional DNS server types used when such servers are appropriate for a given DNS infrastructure: caching servers, forwarders, and slaves. ## Footnote Caching servers, also known as caching-only servers, perform as their name suggests: **They provide only cached-query service for DNS responses (caching retains only recently resolved queries, but no zone files to look up). Rather than maintaining zone files like other secondary servers do, caching DNS servers perform queries, cache the answers, and return the results to the querying client.** The advantage to using caching servers is that we can completely avoid network traffic associated with the replication of zone transfers (copying updated zone files from the primary DNS server to secondary DNS servers). The disadvantage is that whenever a caching server is rebooted, the cache is flushed and must be regenerated through the process of performing queries and caching the answers. So the primary difference between caching servers and other secondary servers is that other secondary servers maintain zone files (and they do zone transfers when appropriate, generating network traffic associated with the transfer).

Answer 118

Forwarders are DNS servers that have been **designated to handle communication with off-site DNS servers**. The idea behind forwarders is that it’s better to have one DNS server communicating with outside DNS servers (for example, DNS servers on the Internet rather than inside the private LAN) instead of all DNS servers doing so.

Answer 119

The advantage to using caching servers is that we can completely avoid network traffic associated with the replication of zone transfers (**copying updated zone files from the primary DNS server to secondary DNS servers**).

Answer 120

It’s important to know that all DNS servers cache results, not just caching servers. DNS servers cache information for a period of seconds known as **Time To Live** (TTL). TTL is configured on the primary server, and it applies to all DNS servers in the domain. When determining the TTL value, administrators must balance the need for quick query responses with the need for keeping cache information consistent across the organization’s DNS servers. If low TTL values are used, the cache information will remain consistent, but your DNS servers will not keep quickly accessible cached information for very long. DNS servers can also cache negative responses, decreasing the response time for queries about domains or nodes that don’t exist or are unavailable.

Answer 121

DNS servers can use a forwarder in one of two modes: exclusive or nonexclusive. ## Footnote A DNS server configured to use a forwarder in nonexclusive mode submits the query to its forwarder (or forwarders) and receives the result of the query to pass back to the originator of the query. If the forwarder can’t resolve the query or doesn’t receive a response, the DNS server using the forwarder attempts to resolve the query using its own zone files. DNS servers configured to use their forwarder in **exclusive mode** depend entirely on the forwarder to resolve queries; those DNS servers are called slaves (clearly not the most appropriate term, but this is how these DNS servers are known in the field). Slaves behave the same as DNS servers configured to use a forwarder in nonexclusive mode, with one exception: If the forwarder cannot resolve a forwarded query, the slave DNS server does not attempt to resolve the query on its own; it simply returns a query failure to the DNS client that initiated the query.

Answer 122

DNS servers can use a forwarder in one of two modes: exclusive or nonexclusive. ## Footnote A DNS server configured to use a forwarder in **nonexclusive** mode **submits the query to its forwarder (or forwarders) and receives the result of the query to pass back to the originator of the query**. If the forwarder can’t resolve the query or doesn’t receive a response, the DNS server using the forwarder attempts to resolve the query using its own zone files. DNS servers configured to use their forwarder in exclusive mode depend entirely on the forwarder to resolve queries; those DNS servers are called slaves (clearly not the most appropriate term, but this is how these DNS servers are known in the field). Slaves behave the same as DNS servers configured to use a forwarder in nonexclusive mode, with one exception: If the forwarder cannot resolve a forwarded query, the slave DNS server does not attempt to resolve the query on its own; it simply returns a query failure to the DNS client that initiated the query.

Answer 123

DNS servers can use a forwarder in one of two modes: exclusive or nonexclusive. ## Footnote A DNS server configured to use a forwarder in nonexclusive mode submits the query to its forwarder (or forwarders) and receives the result of the query to pass back to the originator of the query. If the forwarder can’t resolve the query or doesn’t receive a response, the DNS server using the forwarder attempts to resolve the query using its own zone files. DNS servers configured to use their forwarder in exclusive mode depend entirely on the forwarder to resolve queries; those DNS servers are called slaves (clearly not the most appropriate term, but this is how these DNS servers are known in the field). **Slaves behave the same as DNS servers configured to use a forwarder in nonexclusive mode, with one exception: If the forwarder cannot resolve a forwarded query, the slave DNS server does not attempt to resolve the query on its own; it simply returns a query failure to the DNS client that initiated the query.**

Answer 124

DNS resolver: **A software component** that is bundled in the TCP/IP protocol suite and communicates with DNS servers to create and resolve name-resolution queries. In other words, resolvers are the little pieces of software that take your attempts to reach TCP/IP computers (we also call these IP clients), extract information about the target IP client, bundle that information into a resolution request, and send it to an appropriate DNS server. **Resolvers exist on DNS clients and DNS servers.**

Answer 125

the basic unit of DNS information: the **resource record**, commonly abbreviated to RR. Resource records are the building blocks of a DNS, and taking a look at common RRs will help you get your mind around how DNS does its name-resolution thing. these resource records are in a file on DNS servers called the zone file. The zone file is a database file, which means it has a special way of formatting so that each record is unique and accessible (a record is a unit of information for a database).

Answer 126

SOA resource record: The **start of authority** (SOA) record is the required first entry in all forward and reverse zone files. (Reverse lookups are also available in DNS, where you resolve an IP address to a host name using a special domain called in-addr.arpa.) The SOA record **defines the zone for which the DNS server is authoritative, as well as the specific server that is authoritative for the domain.**

Answer 127

NS resource records: **Name server** (NS) records describe **which servers are secondary servers** for the zone specified in the SOA record, **and they indicate which servers are primary servers for any delegated zones**.

Answer 128

PTR resource records: **The pointer** (PTR) record provides **reverse address resolution** (called reverse lookups); PTR RRs map an IP address to a host name

Answer 129

A resource records: The **address** (A) record is **the most common. It simply maps a host name to an IP address**

Answer 130

MX resource records: The **mail exchange** (MX) record **specifies where mail should be routed for users in the given DNS domain**. In addition to standard fields, the MX RR contains a field that enables administrators to weight multiple MX RRs based on whatever criteria seem appropriate. We call this field the preference field.

Answer 131

CNAME resource records: The **canonical name** (CNAME) record **provides a mechanism by which you can assign an alias to a given host.** CNAME RRs are useful for keeping the naming conventions of your network infrastructure hidden from the outside world (or the inside world, for that matter). When DNS resolves a CNAME RR, it uses the owner field (filesrv1.widgets.com. in the following example) to subsequently find an A RR to resolve the name.

Answer 132

WINS resource records: Microsoft DNS servers are the only servers capable of implementing the **Windows Internet Name Service** (WINS) record. A WINS resource record is used when dynamically created host names registered with WINS are unavailable in a static DNS zone file. In essence, **this RR enables Microsoft DNS to make a request to a WINS server when DNS is unable to resolve a given host name.** If the host name exists in the WINS database, WINS returns the query to DNS, and DNS resolves the query.

Answer 133

WINS-R resource records: The **WINS-reverse** (WINS-R) record provides administrators with the **capability to perform reverse lookups through WINS**.

Answer 134

SRV resource records: The **service** (SRV) record **enables administrators to specify which service a server provides, which protocol it uses, and which domain it services. SRV RRs have their own special syntax,**

Answer 135

load-sharing resource records: This is a means of incorporating load-sharing mechanisms into a DNS deployment. Load sharing is when multiple computers contain the same information, and clients are diverted between those same-information services to provide better service. It’s a lot like having two people answering questions at a customer service booth (rather than just one person). DNS can perform load sharing in a round-robin fashion. **When multiple *A RR*s for a given host name exist in the zone file, DNS servers distribute the load by rotating entry returns**.

Answer 136

**full zone transfer**: In this type of transfer, **the primary DNS server transmits the complete contents of the zone file to the zone’s secondary DNS server(s)**.

Answer 137

**incremental zone transfer**: Many DNS servers can perform this type of transfer. Whether a DNS server can perform incremental zone transfers depends on whether the DNS server software is current enough to support this feature. (Most current DNS servers can.) A primary server that supports an incremental zone transfer maintains a recent-version history of the zone file (in other words, a record of recent changes) and can identify which records have changed since the most recent update. ## Footnote When secondary servers that support incremental zone transfers determine that changes to the zone file have occurred—which they do by checking the serial number in the SOA RR, just like with full zone transfers—they submit an IXFR request (incremental zone transfer request). **The primary server then transmits only the changed records**.

Answer 138

When secondary servers that support incremental zone transfers determine that changes to the zone file have occurred—which they do by checking the serial number in the SOA RR, just like with full zone transfers—they submit an IXFR request (**incremental zone transfer request**). The primary server then transmits only the changed records.

Answer 139

DNS Notify: When DNS Notify is used in a **zone transfer, the initiator of the process is the primary server rather than a secondary server.**

Answer 140

DNS Notify: When DNS Notify is used in a zone transfer, the initiator of the process is the primary server rather than a secondary server. DNS servers using DNS Notify take the following steps when a zone file is updated: ## Footnote A change in the zone file triggers the primary DNS server to increment the serial number in the SOA RR. The primary server sends a notify message to secondary servers that have been placed (by an administrator) in something called a notify set. **A notify set is simply a list of secondary DNS servers that the primary DNS server should notify when the zone file changes**. ...

Answer 141

Dynamic updates require servers that support dynamic DNS. **With dynamic DNS, zone files on primary servers can be updated automatically.** Secondary servers receive these updates like they would manual updates: through zone transfers. ... Dynamic updates are driven by **update messages**, which can specify the creation or deletion of RRs or RR sets. Administrators can specify the conditions that must occur before an RR is updated—and this protects the zone files from unwanted updates.

Answer 142

There are two terms we often use in association with DNS name/address resolution: **name-to-IP-address resolutions** are forward lookups,

Answer 143

There are two terms we often use in association with DNS name/address resolution: name-to-IP-address resolutions are forward lookups, while **IP-address-to-name resolutions** are reverse lookups.

Answer 144

recursive queries: In this type of query, the requesting client demands that the **DNS server reply with either the resolved name or an error message** that states that the requested data or name doesn't exist.

Answer 145

iterative queries: In this type of query, the requesting client allows the **DNS server to return the best answer it can, based on its local zone file or cached data**. If the queried DNS server can't resolve the name, the reply might be a referral to another DNS server that the client should try. In an iterative query, the **client continues this process until it gets a pointer to a DNS server that answers the query** by using its local zone file or cached data (which is most likely the DNS server that is authoritative for the domain in which the target host in question resides).

Answer 146

This specially formatted file is based on a standardized language we call **Hypertext Markup Language** (HTML). It's a scripting language, which means the computer reads and interprets the language, rather than computer programs

Answer 147

Internet e-mail servers: These servers implement an industry-standard protocol called **Simple Mail Transfer Protocol** (SMTP). SMTP defines the methods used to transfer Internet e-mail.

Answer 148

SMTP defines the methods used to transfer Internet e-mail. Two other e-mail-related standards, POP3 and IMAP, **define the handling of individual user mailboxes**. It’s important to recognize the difference: SMTP transfers the mail; POP3 and IMAP **manage individual mailbox destinations where transferred mail is delivered**.

Answer 149

Internet-based file servers: These servers implement an industry-standard file-transfer protocol aptly named **File Transfer Protocol** (FTP). FTP is the best way (in network-efficiency terms) to get data files across the Internet, or across any TCP/IP network. FTP is extremely efficient; it’s arguably one of the most efficient transfer protocols in existence.

Answer 150

You can send an **Instant Message** (usually simply called an IM) to anyone you know who happens to be connected to the Internet.

Answer 151

Windows Script Host (WSH) Java and JavaScript Common Gateway Interface (CGI) and PERL Hypertext Preprocessor (PHP) Active Server Pages (ASP) Internet Server Application Programming Interface (ISAPI) programs

Answer 152

**Windows Script Host** (WSH) is a scripting language built into the Windows operating system, which means that Web servers running on a Windows computer can interpret and run Web scripts written in the WSH language. We use WSH more for administrative tasks, and not really to make dynamic or graphics-flashing Web pages. In other words, we don’t generally use WSH extensively within Web pages to enrich content.

Answer 153

**Active Server Pages** (ASP) is a scripting language for Windows that we can use to create rich Web site content. ASP lets administrators and Web publishers embed scripts right into Web pages, enabling the creation of dynamic content, the implementation of databases, the use of graphical components, file transfers, and all sorts of other activities that scripts are good for carrying out.

Answer 154

**Common Gateway Interface** (CGI) is a set of specifications for creating Web-based applications. CGI applications can come in the form of interpreted scripts, including PERL scripts. PERL is an industry-standard language used heavily in UNIX/Linux environments and in some Windows environments. PERL can run as a script, or compiled into an executable such as an .exe application.

Answer 155

PERL is an **industry-standard language used heavily in UNIX/Linux environments** and in some Windows environments. PERL can run as a script, or compiled into an executable such as an .exe application.

Answer 156

There are many other scripting languages, such as **PHP, ColdFusion, Groovy, Python, Ruby, Websphere**, and even additional programming languages such as Microsoft’s **.NET Framework**. We don’t have time to cover all of these in this lesson, but I provide links to them in the Supplementary Material section.

Answer 157

Microsoft dreamed up ISAPI (**Internet Server Application Programming Interface**) specifically for its Web server product called Internet Information Services (IIS). Microsoft created ISAPI to boost Web-based application performance on IIS. ISAPI is a programmed interface, not a scripted interface, so it requires knowledge of C, C++, or C# (pronounced see sharp). If you want to have ISAPI applications, the programmer has to program and compile them, rather than creating scripts that can be modified on-the-fly.

Answer 158

You might have heard of the term **network operating systems**, commonly referred to as NOSs. I don't like the term at all; with the advent of the Internet, every operating system sold today has the capability to connect to a network. Therefore, every operating system today is a network operating system. **It's kind of like saying, "I have a wheeled automobile**." Of course your automobile is wheeled. If it weren't, you would own a tank!

Answer 159

Servers with multiple CPUs are called **symmetric multiprocessing** (SMP) machines.

Answer 160

There's another way datacenters get lots of servers installed: container-based servers. This approach uses **servers that are preinstalled in a shipping container** (containers like those you find on the highway pulled by a semi).

Networking terms Flashcards

(184 cards)