DNS Zones and Records

Questions and Answers

What is the purpose of a stub zone?

• To resolve hostnames to IP addresses
• To temporarily store information about previous DNS lookups
• To replicate DNS zone information using AD DS replication
• To find the right server containing the zone instead of searching every server for a specific zone (correct)

What type of DNS zone has a read-only copy of zone data?

• Secondary zone (correct)
• Primary zone
• Active directory integrated zone
• Stub zone

What is the purpose of DNS zone replication?

• To temporarily store information about previous DNS lookups
• To ensure that all DNS servers have the same zone data (correct)
• To find the right server containing the zone instead of searching every server for a specific zone
• To resolve hostnames to IP addresses

What is the difference between primary and secondary zones?

Primary zones have a read-write copy of zone data, while secondary zones have a read-only copy (A)

What is the purpose of active directory integrated zones?

To replicate DNS zone information using AD DS replication (B)

What is required for active directory integrated zones to replicate DNS zone information?

Every domain controller needs DNS enabled (C)

What is the difference between a primary zone and an active directory integrated zone?

Primary zones replicate using AXFR, while active directory integrated zones replicate using AD DS replication (C)

What is the purpose of a primary zone?

To make changes to the DNS zone data (B)

What type of DNS zone is used for reverse DNS lookups?

Reverse zone (D)

What is the purpose of DNS caching?

To temporarily store information about previous DNS lookups (C)

What is the primary function of a secondary zone in DNS?

To answer DNS name resolution from DNS clients (A)

What type of DNS record is used to specify a service on a specific host or port?

SRV record (D)

What is the main purpose of DNSSEC?

To provide security for DNS zones (B)

What type of DNS zone is used to integrate DNS with Active Directory?

Active Directory integrated zone (D)

What is the purpose of a stub zone in DNS?

To query to specific zones instead of querying all servers (A)

What is the minimum number of domain controllers required per domain?

2 (B)

What is the purpose of a domain controller in Active Directory?

To authenticate users and determine access (A)

What is the purpose of a forest in Active Directory?

To group trees together (B)

What is the purpose of root hints in a DNS server?

To contain domain name and IP address of all root zone authoritative nameservers (A)

What is the primary difference between Active Directory-integrated zones and traditional DNS zones?

The method of zone replication (B)

What is the purpose of DNS zone replication?

To copy records from a zone on one server to another server (B)

What type of DNS zone is used to make all changes?

Primary zone (A)

What is the purpose of a forward zone in a DNS server?

To resolve hostnames to IP addresses (B)

What is the purpose of a reverse zone in a DNS server?

To resolve IP addresses to hostnames (A)

What is the main benefit of using DNS zone replication?

Increased scalability (B)

What is the main difference between DNS zone replication and DNS forwarding?

The method of resolving DNS queries (C)

What is the purpose of DNS zone types?

To organize DNS records by domain name (C)

What is the main benefit of using Active Directory-integrated zones?

Incremental replication between servers (A)

Flashcards are hidden until you start studying

Study Notes

DNS Fundamentals

• A DNS record is a part of a zone that contains information about a domain.
• Types of DNS records:
  • A record: IPv4 host address record.
  • PTR record: pointer record (reverse of A).
  • SOA record: Start of Authority (contains data to control the zone transfer).
  • CNAME record: alias record.
  • NS record: name server record (contains name of authoritative name server in a DNS zone).
  • AAAA record: IPv6 host address record.
  • SRV record: service record, specifies host and port for specific services.

DNS Zone Types

• Primary zone: zone where all changes are made, has read/write copy of zone data, and located in c:\windows\system32\dns.
• Secondary zone: zone where primary replicates to, can't process updates from client computers, and has read-only copy of zone data.
• Stub zone: contains data of another zone for search purpose, used to find the right server containing the zone instead of searching every server for a specific zone.
• Active directory integrated zones: replicates DNS zone info using AD DS replication, every domain controller needs DNS enabled, and can only replicate from 1 integrated zone to another.

DNS Dynamic Updates

• None: records are manually added.
• Nonsecure and secure: clients can perform updates.
• Secure only: AD domain clients can perform updates.

DNS Name Resolution

• DNS Recursive query: a query sent to a local DNS server that requires a complete answer from the server (entire FQDN or entire IP address).
• DNS Iterative query: queries sent to different DNS servers to find the answer to the recursive query.

DNS Caching

• Temporarily stores info about previous DNS lookups and stores them on the DNS server.
• Located in c:\windows\system32\dns.

Active Directory Domain Service (AD DS)

• On-premise hosted directory that connects all computers to a local directory called domain.
• Centralizes and simplifies administration of users that are domain-joined.
• Domain: group of objects (users, ...) that share the same AD database.

Domain Controller

• Runs AD DS and holds a copy of the database.
• Replicates changes with other DC's.
• Used for authenticating users and determining access.
• Minimum of 2 DCs per domain for redundancy.

AD Database

• Stores all objects.
• 1 Domain controller is needed to create AD database.
• Objects have attributes (username, password, email, ...).
• 2 types of objects: containers and leaf.

AD DS Structure

• Trees: group of domains, 2-way trust between parent and child, child inherits from parent.
• Forest: group of AD trees, all domains in tree share same schema, Global Catalog.

DNSSEC

• Security for DNS zone.
• Zone and all records in it are asymmetric encrypted (public and private key).
• Public key is in Trust Point folder on DNS server.
• Not confidential for data.
• Assures clients that the DNS in use is a valid one and not a hacker.

DHCP

• Automatically gives an IP address, subnet mask, default gateway, domain name, and DNS server to end devices.
• Minimizes errors caused by static IP.
• Reduces network administration.
• Optional feature in Windows Server.
• UDP port: 67, 68.