Active directory 2003 interview questions:
http://faceinterviewqns.blogspot.in/2012/10/windows-active-directory-interview.html ==============================================================
Tuesday, April 29, 2014
Active directory, desktop, Exchange server 2007/2010, Networking, DNS, DHCP INTERVIEW QUESTIONS with ANSWERS
==============================================================
Exchange server 2007/2010 Interview Questions/Answers
1.What are the pre requisites to install Exchange Server 2007?
Microsoft .Net Framework 2.0
Microsoft ASP .Net
World Wide Web Service
MMC 3.0
Windows power shell
SMTP & NNTP service should not be installed
2. What’s the order to install Exchange Server 2007 Roles in a exchange Server 2003 organization?
Client Access Server Role
Hub Transport Server Role
Mailbox Server Role
Unified Messaging Server role
3. What are the versions available in Exchange Server 2007?
There are two types of Exchange Server 2007 version release
· 64 bit – for production environment
· 32 bit – only for non-production environment
4. What are the Operating system requirements to install Exchange Server 2007?
Exchange Server 2007 can be installed on
· Windows Server 2003 SP2 64-bit,
· Windows Server 2003 R2 SP2 64-bit or
· Windows Server 2008 64-bit
5. What are the Active directory requirements to install Exchange Server 2007?
Domain functional level at least windows server 2000 native or higher
Schema Master must be run on windows 2003 server with sp1
At least one Domain Controller, in each domain with windows server 2003 sp1
At least one global catalog server in Active Directory Site which hosts exchange Server 2007
4:1 ratio of Exchange processor to global catalog server processors
6. What are the hardware requirements to install Exchange Server 2007?
Processor – 64 bit processor
RAM – 2 GB + 5 MB per Mailbox
Disk Space – At least 1.2 GB on the drive on which you install Exchange
- 200 MB of available disk space on the system drive
File Format – NTFS
7. What are the Software requirements to install Exchange Server 2007?
Following are the software prerequisites to install Exchange Server 2007
Microsoft .Net Framework 2.0
IIS
WWW
MMC 3.0
Microsoft Windows Power Shell
8. What is Transition in Exchange Server 2007?
Transition is the scenario in which you upgrade an existing Exchange organization to Microsoft Exchange Server 2007. To perform the transition, you must move data from the existing Exchange servers to new Exchange 2007 servers. For example, when upgrading from an Exchange Server 2003 or Exchange 2000 Server organization to an Exchange 2007 organization, you perform a transition
When transitioning to Exchange 2007, you cannot perform an in-place server upgrade on an existing Exchange server. Instead, you must install a new Exchange 2007 server into the existing organization, and then move data to the new Exchange 2007 server.
9. What is Migration in Exchange Server 2007?
Migration is the scenario in which you upgrade to Exchange 2007 by migrating data from a non-Exchange messaging system to Exchange 2007 or from an existing Exchange organization to a completely new Exchange organization, without retaining any of the Exchange configuration data in the first organization. For example, when merging with another company, you can perform a migration. In this scenario, you move mailboxes and data to the other company’s Exchange organization, without retaining any of the configuration data from your existing Exchange organization. Another example is when upgrading from Lotus Notes to Exchange 2007, you perform a migration. In this scenario, you must move mailboxes and data to the new Exchange 2007 organization, without retaining any of the data from the Lotus Notes organization.
The migration process includes installing a completely new Exchange 2007 organization, and then migrating mailboxes from the old messaging system to the new Exchange 2007 messaging system, using various tools for migration.
10. Is it possible to do in place upgrade from Exchange Server 2003 to Exchange Server 2007?
No in-place upgrade on existing Exchange server organization. Install new Exchange Server 2007 server into existing organization, and move data to new server.
11. What are the transition options available in Exchange Server 2007
We can make transition in following options
Single forest to single forest – you have an existing single forest Exchange 2003 or Exchange 2000 topology, you can transition to a single forest Exchange 2007 organization
Single forest to cross forest – If you have an existing single forest Exchange 2003 or Exchange 2000 topology, you can transition to a cross-forest Exchange 2007 topology
Cross forest to cross forest – If you have an existing cross-forest Exchange 2003 or Exchange 2000 topology with Exchange servers and mailboxes in each forest, you can transition to an Exchange 2007 cross-forest topology.
Resource forest to resource forest -
Single forest to resource forest -
12. What are the considerations for Exchange Server 2007 to co exists with Exchange server 2000 and Exchange Server 2003?
Exchange Organization in Exchange Native Mode· Exchange Server 2007 routing group (DWBGZMFD01QNBJR) is created only for coexisting with earlier versions of Exchange.
Routing Group Connector is required between Exchange Server 2003 and Exchange Server 2007 (created during setup).
Exchange Server 2003 computers cannot interoperate with the Unified Messaging server role. Exchange 2003 mailboxes cannot be Unified Messaging–enabled.
Exchange 2003 Front-ends cannot talk to Exchange Server 2007 Mailbox Server Roles.
No in-place upgrade on existing Exchange server. Install new Exchange Server 2007 server into existing organization, and move data to new server
13. Will Front End server talk to Exchange Server 2007 Mailbox server in an Exchange organization having both exchange 2003 and exchange Server 2007?
Exchange Server 2003 Front-end server cannot talk to Exchange Server 2007 Mailbox Server Roles
14. What is the status of routing group connector in co existed of Exchange Server 2003 and 2007?
Exchange Organization in Exchange Native Mode· Exchange Server 2007 routing group (DWBGZMFD01QNBJR) is created only for coexisting with earlier versions of Exchange.
Routing Group Connector is required between Exchange Server 2003 and Exchange Server 2007 (created during setup).
15. Which service should not be installed in Exchange Server 2007 installation?
SMTP and NNTP service should not be installed
16. What are the Exchange Server editions available?
There are two types of Exchange Server 2007 editions available
Standard Edition
Enterprise Edition
17. What is the difference between standard and Enterprise Edition?
Exchange 2007 functions | Standard Edition | Enterprise Edition |
Number of Data Stores Supported | 5 includes Mailbox/Public Folder | 50 combination of both |
Clustering support | No | Yes |
OS Support | Windows 2003 64 bit | Windows 2003 64 bit |
18. What to do if exchange Server 5.5 in your organization in order to upgrade to Exchange Server 2007?
You cannot upgrade an existing Microsoft Exchange Server version 5.5 organization to Exchange Server 2007. You must first migrate from the Exchange Server 5.5 organization to an Exchange Server 2003 or an Exchange 2000 Server organization. Then you can transition the Exchange 2003 or Exchange 2000 organization to Exchange 2007.
19. What are the Planning considerations for Client Access Server Role?
The Client Access server role supports the Outlook Web Access, Outlook Anywhere, and Exchange ActiveSync client applications, in addition to the POP3 and IMAP4 protocols. The Client Access server role also hosts several key services, such as the Auto discover service and Exchange Web Services.
In order to have better client access functionality we have to perform a Planning consideration on Exchange Active Sync. Outlook web Access, outlook anywhere, POP3 and IMAP4 protocols and also securing client access
20. What are the Planning Considerations of Hub Transport Server Role?
Hub Transport server role is a required role in a Microsoft Exchange Server 2007 organization that provides routing within a single organizational network by using the Active Directory directory service site. Hub Transport server role installed handles all mail flow inside the organization, apply transport rules, apply journal rules, and deliver messages to recipients’ mailboxes
We have to perform a Planning Consideration on
Topology for mail flow inside and outside the Exchange organization
Server capacity – determine how to perform performance monitor
Security – includes delegation of administrative roles and verification that IP connections are only enabled from authorized servers
Transport Features – determine the transport features that you will enable at the Hub Transport server and how they will be configured
21. What are the Planning Considerations of Mailbox Server Role?
The Microsoft Exchange Server 2007 Mailbox server role hosts mailbox databases and provides e-mail storage and advanced scheduling services for Microsoft Office Outlook users The Mailbox server role can also host a public folder database, which provides a foundation for workflow, document sharing, and other forms of collaboration
We have to perform a planning consideration on
Sizing the database,
Planning for public folder,
Co hosting with other server roles and
Planning for clustered Mailbox server
22. What are the Planning Considerations for Edge Transport Server Role?
Exchange Server 2007 Edge Transport server role is designed to provide improved antivirus and anti-spam protection for the Exchange organization. Computers that have the Edge Transport server role also apply policies to messages in transport between organizations. The Edge Transport server role is deployed in an organization’s perimeter network.
Edge Transport Should not be included in Active Directory
Should be installed in a Standalone Server
Edge Transport Should not be Part of the domain
ADAM Should be Installed
Pre requisites .Net framework , Windows Management Shell, MMC
Difference Between Exchange Server 2007 Standard and Enterprise Edition.
- Exchange 2007 Enterprise Edition supports up to fifty storage groups, one storage group support up to five databases.
- Exchange 2007 Standard Edition supports only five storage groups, one storage group support up to five databases.
- If You are using Continuous Replication technology Microsoft recommend use one database per storage group.
- Exchange 2007 Enterprise Edition supports up to fifty databases per server.
- Exchange 2007 Standard Edition supports only five databases per server.
- Exchange 2007 Enterprise Edition database size is limited to 16 TB.
- Exchange 2007 Standard Edition databases size is limited to 16 TB.
- Microsoft recommend limit database size to 100 GB or If You are
using Continuous Replication technology database size should be limited
200 GB.
- Exchange 2007 Enterprise Edition supports Single Copy Clusters
technology (better protection mail system with two Exchange servers and
one disc store).
- Exchange 2007 Standard Edition do not support Single Copy Clusters technology.
- Local Continuous Replication technology (better protection mail
store with one Exchange server and two discs store) is supported by
Exchange 2007 Standard Edition and Exchange 2007 Enterprise Edition.
- Exchange 2007 Enterprise Edition supports Single Copy Clusters
technology (better protection mail system and mail store with two
Exchange servers and two discs store)
- Exchange 2007 Standard Edition do not support Single Copy Clusters technology.
- Standby Continuous Replication technology (better protection mail
store) is supported by Exchange 2007 Standard Edition SP1 and Exchange
2007 Enterprise Edition SP1.
Q. How does the OAB distribution happens in Exchange 2007?Ans.
The Exchange System Attendant service is responsible for the generation
of oab. This service is available only on a server that has the mailbox
role installed. The SA invokes a dll file called oabgen.dll.
The oab files are stored in C:\Program Files\Microsoft\Exchange
Server\ExchangeOAB. This folder is shared so that it can be replicated
to the CAS server for web distribution.
The oab generation server opens the oab folders and updates the file.
The oabgen.dll file is responsible for connecting to the public folder.
CAS server runs a service named Microsoft Exchange File Distribution
Service which copies the oab files from the mailbox server (ExchangeOAB
folder) to the web distribution point in the CAS server.
The web distribution folder is a folder on CAS Server where the copied
oab files are placed. The default location is C:\Program
Files\Microsoft\Exchange Server\ClientAccess\OAB.
The web distribution point is updated once in 8 hours. If you want to
force an oab update, restart the Exchange File Distribution Service.
Q. Is it recommended to install CAS server in perimeter network? Why?
Ans. No. Security and availability of AD attributes are two main reasons.
Q. How is the performance of Exchange 2007 better than Exchange 2003?
Ans. In Exchange 2003, the database read to write ratio was typically
2:1 or 66 percent reads. With Exchange 2007, the larger database cache
decreases the number of reads to the database on disk causing the reads
to shrink as a percentage of total I/O.
In Exchange 2003, a transaction log for a storage group requires roughly
10 percent as many I/Os as the databases in the storage group. For
example, if the database LUN is using 1000 I/Os, the log LUN would use
approximately 100 I/Os. With the reduction in database reads in Exchange
2007, combined with the smaller log file size and the ability to have
more storage groups, the log-to-database write ratio is roughly 1:2. For
example, if the database LUN is consuming 500 write I/Os, the log LUN
will consume approximately 250 write I/Os.
Q. What is Transport Dumpster?
Ans. The transport dumpster submits recently delivered mail after an
unscheduled outage MaxDumpsterSizePerStorageGroup: 1.5 times the size of
the max msg that can be sent MaxDumpsterTime: How long the email can
stay in the transport dumpster queue 7.00:00:00 means 7 days
Q. What is Back-Pressure?
Ans. The settings for back-pressure can be configure on Hub Transport
and Edge Server. If utilization of a system resource exceeds the
specified limit, the Exchange server stops accepting new connections and
messages. This prevents the system resources from being completely
overwhelmed and enables the Exchange server to deliver the existing
messages.
Q. Exchange 2007 main Services:
Microsoft Exchange Active Directory Topology
Microsoft Exchange Monitoring
Microsoft Exchange IMAP4
Microsoft Exchange POP3
Microsoft Exchange Transport Log Search
Microsoft Exchange Transport: On Hub and Edge
Microsoft Exchange Service Host
Microsoft Exchange Search Indexer
Microsoft Exchange Replication Service
Microsoft Exchange Mail Submission
Microsoft Exchange Mailbox Assistants
Microsoft Exchange File Distribution: On CAS Server
Microsoft Exchange Information Store
Microsoft Exchange System Attendant
Microsoft Exchange EdgeSync: on Hub Transport Server
Microsoft Exchange Anti-spam Update
- Exchange 2007 Enterprise Edition supports up to fifty storage groups, one storage group support up to five databases.
- Exchange 2007 Standard Edition supports only five storage groups, one storage group support up to five databases.
- If You are using Continuous Replication technology Microsoft recommend use one database per storage group.
- Exchange 2007 Enterprise Edition supports up to fifty databases per server.
- Exchange 2007 Standard Edition supports only five databases per server.
- Exchange 2007 Enterprise Edition database size is limited to 16 TB.
- Exchange 2007 Standard Edition databases size is limited to 16 TB.
- Microsoft recommend limit database size to 100 GB or If You are using Continuous Replication technology database size should be limited 200 GB.
- Exchange 2007 Enterprise Edition supports Single Copy Clusters technology (better protection mail system with two Exchange servers and one disc store).
- Exchange 2007 Standard Edition do not support Single Copy Clusters technology.
- Local Continuous Replication technology (better protection mail store with one Exchange server and two discs store) is supported by Exchange 2007 Standard Edition and Exchange 2007 Enterprise Edition.
- Exchange 2007 Enterprise Edition supports Single Copy Clusters technology (better protection mail system and mail store with two Exchange servers and two discs store)
- Exchange 2007 Standard Edition do not support Single Copy Clusters technology.
- Standby Continuous Replication technology (better protection mail store) is supported by Exchange 2007 Standard Edition SP1 and Exchange 2007 Enterprise Edition SP1.
The oab files are stored in C:\Program Files\Microsoft\Exchange Server\ExchangeOAB. This folder is shared so that it can be replicated to the CAS server for web distribution.
The oab generation server opens the oab folders and updates the file. The oabgen.dll file is responsible for connecting to the public folder.
CAS server runs a service named Microsoft Exchange File Distribution Service which copies the oab files from the mailbox server (ExchangeOAB folder) to the web distribution point in the CAS server.
The web distribution folder is a folder on CAS Server where the copied oab files are placed. The default location is C:\Program Files\Microsoft\Exchange Server\ClientAccess\OAB.
The web distribution point is updated once in 8 hours. If you want to force an oab update, restart the Exchange File Distribution Service.
Q. Is it recommended to install CAS server in perimeter network? Why?
Ans. No. Security and availability of AD attributes are two main reasons.
Q. How is the performance of Exchange 2007 better than Exchange 2003?
Ans. In Exchange 2003, the database read to write ratio was typically 2:1 or 66 percent reads. With Exchange 2007, the larger database cache decreases the number of reads to the database on disk causing the reads to shrink as a percentage of total I/O.
In Exchange 2003, a transaction log for a storage group requires roughly 10 percent as many I/Os as the databases in the storage group. For example, if the database LUN is using 1000 I/Os, the log LUN would use approximately 100 I/Os. With the reduction in database reads in Exchange 2007, combined with the smaller log file size and the ability to have more storage groups, the log-to-database write ratio is roughly 1:2. For example, if the database LUN is consuming 500 write I/Os, the log LUN will consume approximately 250 write I/Os.
Q. What is Transport Dumpster?
Ans. The transport dumpster submits recently delivered mail after an unscheduled outage MaxDumpsterSizePerStorageGroup: 1.5 times the size of the max msg that can be sent MaxDumpsterTime: How long the email can stay in the transport dumpster queue 7.00:00:00 means 7 days
Q. What is Back-Pressure?
Ans. The settings for back-pressure can be configure on Hub Transport and Edge Server. If utilization of a system resource exceeds the specified limit, the Exchange server stops accepting new connections and messages. This prevents the system resources from being completely overwhelmed and enables the Exchange server to deliver the existing messages.
Q. Exchange 2007 main Services:
Microsoft Exchange Active Directory Topology
Microsoft Exchange Monitoring
Microsoft Exchange IMAP4
Microsoft Exchange POP3
Microsoft Exchange Transport Log Search
Microsoft Exchange Transport: On Hub and Edge
Microsoft Exchange Service Host
Microsoft Exchange Search Indexer
Microsoft Exchange Replication Service
Microsoft Exchange Mail Submission
Microsoft Exchange Mailbox Assistants
Microsoft Exchange File Distribution: On CAS Server
Microsoft Exchange Information Store
Microsoft Exchange System Attendant
Microsoft Exchange EdgeSync: on Hub Transport Server
Microsoft Exchange Anti-spam Update
Wednesday, April 23, 2014
DNS EXPLANATION IN 2012
What is DNS zones?
It is a collection of Records, whether that collection is updatable, and how that collection will replicate to other DNS servers.
What are forwarders?
It is a method of re-directing DNS queries to specific servers. It is used to improve DNS performance or allow connections to specific DNS zones that might (otherwise) not be directly accessible.
Where you can create AD integrated zone?
You can create it only on wriatable domain controller. It is the computer in whcih you have installed AD domain controller.
Where you can configure primary and stub zones as AD intergrated zone?
On AD integrated zone which has DNS server installed on it so it can process updates to those zones.
Where you can configure DNS replication scope?
When you create a new zone on AD integrated zone you will get a option to configure DNS replication:
*To all DNS servers running on all domain controllers in this Forest.
*To all DNS servers running on all domain controllers in this Domain.
*To all DNS servers running on all domain controllers in this Domain (For windows 2000 compatibility).
Why we need to configure dynamic updates while configuring zone?
This is useful in environments in which clients change IP addresses on a regular basis. When a client gets a new IP address, it can update the record associated with its host name in the appropriate DNS zone.
■ Allow only secure dynamic updates : You can use this option only with Active Directory integrated zones. Only authenticated clients can update DNS records.
■■ Allow both nonsecure and secure dynamic updates : With this option, any client can update a record. Although this option is convenient, it is also insecure because any client can update the DNS zone, potentially redirecting clients that trust the quality of the information stored on the DNS server.
■■ Do not allow dynamic updates When you choose this option, all DNS updates must be performed manually. This option is very secure, but it is also labor-intensive.
Can Read only Domain controller (RODC) can replicate updates to other DNS servers?
No because it is a read only domain controller but An RODC will forward any zone update traffic directed at it to a writable domain controller.
How to create a Active Directory integrated zone cpandl.com to replicate to all domain controllers in the forest by using command?
Add-DnsServerPrimaryZone –Name cpandl.com –ReplicationScope Forest
__________________________________________________________________________
Notes: When you first install Active Directory, the installation process ensures that the DNS zone associated with the root domain is automatically configured as an Active Directory integrated zone and is replicated to all domain controllers in the forest.
______________________________________________________________________________
What is primary zone?
When a zone that this DNS server hosts is a primary zone, the DNS server is the primary source for information about this zone, and it stores the master copy of zone data in a local file or in AD DS. When the zone is stored in a file, by default the primary zone file is named zone_name.dns and it is located in the %windir%\System32\Dns folder on the server.
If primary zone is not working or deleted, then no zone updates can occur until the primary zone is restored.
Windows Server 2012 supports two types of primary zones: Active Directory integrated zones and standard primary zones.
Active Directory integrated zones can be hosted only on computers that also function as domain controllers. Computers running Windows Server 2012 that are not domain controllers can host standard primary zones. When you create a primary zone on a computer that is not a domain controller, the wizard does not enable you to specify a replication scope for the zone.
What is secondary zone?
A secondary zone is a read-only copy of a primary zone. Secondary zones cannot process updates; they can only retrieve updates from a primary zone. Secondary zones cannot be Active Directory integrated zones, but you can configure a secondary zone of a zone that is an Active Directory integrated primary zone. Prior to configuring a secondary zone, you need to configure the primary zone that it will replicate from to enable transfers to that zone. You can do this on the Zone Transfers tab of the zone properties, as shown in Figure 3-4. Secondary zones work best when the primary zone they replicate from does not update frequently. If the primary zone is frequently updated, it is possible that the secondary zone may have out-of-date records.
What is Reverse Look up Zones?
Reverse lookup zones translate IP addresses into FQDNs. You can create IPv4 or IPv6 reverse lookup zones, and reverse lookup zones can be configured as Active Directory integrated zones. You can configure reverse lookup zones as standard primary, secondary, or stub zones. The domain controller promotion process automatically creates a reverse lookup zone based on the IP address of the first domain controller promoted in the organization.
Reverse lookup zones are dependent on the network ID of the IP address range they represent.
IPv4 reverse lookup zones can represent only /8, /16, or /24 (the old Class A, Class B, and Class C) networks. You can’t create a single reverse lookup zone for IP subnets that don’t fit into these categories, and the smallest reverse lookup zone you can create is for subnet mask /24 (255.255.255.0).
How to create Reverse Lookup Zones?
1. In the DNS Manager Console, right-click Reverse Lookup Zones and click New Zone.
2. On the Zone Type page, select the type of reverse lookup zone that you want to create.
You can create a primary or a stub zone that can be Active Directory integrated if you are managing a DNS server on a domain controller, or create a secondary zone if the reverse lookup zone is being replicated from an existing primary reverse lookup zone.
3. If you have chosen to make the lookup zone Active Directory integrated, you’ll need to choose the zone replication scope.
4. On the Reverse Lookup Zone Name page, choose between IPv4 and IPv6 Reverse Lookup Zone.
5. You can configure the reverse lookup zone either on the basis of choosing either Network
ID or Reverse Lookup Zone Name, as shown in Figure 3-5. The name is automatically
generated when you provide the ID.
6. You can then choose whether to enable secure dynamic updates, enable nonsecure and secure dynamic updates, or not enable dynamic updates.
What are ZONE Delegation?
Zone delegations function as pointers to the next DNS layer down in the DNS hierarchy. For example, if your organization uses the contoso.com DNS zone and you want to create a separate australia.contoso.com DNS zone, you can perform a zone delegation so that the DNS servers for the contoso.com DNS zone would point to the DNS servers for the australia .contoso.com DNS zone. When you create a new child domain in an Active Directory forest, zone delegation occurs automatically. When you are performing a manual delegation, create the delegated zone on the target DNS server prior to performing the delegation from the parent zone.
How to configure Zone delegation?
You can configure a zone delegation by performing the following steps:
1. Create the primary zone, either standard or Active Directory integrated, on the DNS server that will host the delegated zone.
2. In the DNS Manager Console, right-click the zone that you want to create a delegation for and click New Delegation.
3.On the Delegated Domain Name page of the New Delegation Wizard, shown in Figure 3-6, enter the name of the delegated domain.
4.On the Name Servers page, shown in Figure 3-6, add the address of the DNS server that hosts the zone for which you are creating a delegation. The wizard will check that the DNS server is authoritative for the delegated zone
What is Split DNS?
DNSSplit DNS enables organizations to use the same namespace for internal and external hosts, but enables those organizations to ensure that external hosts can’t resolve internal names.
For example, an organization might want to enable internal users to resolve the addresses www.tailspintoys.com and aus-fs1.tailspintoys.com, but enable external users to resolve only www.tailspintoys.com.
How to implement Split DNS?
To implement split DNS, create two zones on different name servers for the same DNS zone. For example, you can configure split DNS in the following way:
■■ Contoso.com is an Active Directory integrated primary zone replicated to all domain controllers on your organization’s internal network. Internal clients would run queries against these DNS servers for the contoso.com zone.
■■ Contoso.com is a standard primary zone hosted on a computer running Windows Server 2012 that is not a member of a domain and is located on your organization’s perimeter network. External clients would run queries against this DNS server for the contoso.com zone.
You can configure the standard primary zone hosted on the computer on the perimeter network to accept only manual updates. You can then manually populate the zone with those records that external hosts should be able to resolve, such as the address of web servers and mail gateways.
However, Many organizations don’t bother hosting the publicly resolvable zone associated with their organization, but instead have it hosted on their ISP’s DNS servers.
Can you create an AD intergrated primary zone on computer running win server 2012 with DNS server role installed?
You can’t create an Active Directory integrated primary zone if the Windows Server 2012 computer hosting the DNS Server service is not a domain controller.
What are Forwarders and conditional forwarders?
These forwarders are used to forward traffic to specific DNS
Forwarders and conditional forwarders enable your DNS server to forward traffic to specific DNS servers when a lookup request cannot be handled locally. If you don’t configure a forwarder,
or if a configured forwarder can’t be contacted, the DNS Server service will forward the request to a DNS root server, and the request will be resolved normally.
What are forwarders?
You are likely to use a DNS forwarder, rather than have your DNS server just use the root server, when you want to have a specific DNS server on the Internet handle your organization’s DNS resolution traffic. You are most likely to configure your organization’s ISP’s DNS server as a forwarder. When you do this, the ISP’s DNS server performs all the query work, returning the result to your organization’s DNS server that returns the result of the query back to the original requesting client.
You configure forwarders on a per-DNS server level.
You can configure a forwarder using the DNS Manager, by editing the properties of a DNS server and then editing the list of forwarders on the Forwarders tab, as shown in Figure 3-7.
You can create a DNS forwarder using the Add-DnsServerForwarder cmdlet.
For example, to create a DNS forwarder for a DNS server with IP address 10.10.10.111, issue this command:
Add-DnsServerForwarder 10.10.10.111
You can’t create a forwarder on one DNS server and then have it replicate to all other DNS servers in the forest or the domain, although this is possible with conditional forwarders and stub zones.
What are conditional forwarders?
Conditional forwarders forward address requests from only specific domains rather than all requests that can’t be resolved by the DNS server. When configured, a conditional forwarder takes precedence over a forwarder. Conditional forwarders are useful when your organization has a trust relationship or partnership with another organization. You can configure a conditional forwarder that directs all traffic to host names within that organization instead of them having to be resolved by the standard DNS-resolution process.
How to create conditional forwarders?
To create a conditional forwarder, perform the following steps:
1.Open DNS Manager.
2. Expand the DNS server on which you want to create the conditional forwarder. Because
conditional forwarders can be replicated to all DNS servers in a forest or domain, you have to create the forwarder only once.
3.Right-click Conditional Forwards and choose New Conditional Forwarder.
4.Enter the DNS domain name of the zone for the forwarder. For example, if you want all traffic for hosts in the wingtiptoys.com zone to be forwarded to specific DNS servers, enter wingtiptoys.com as the DNS domain name.
5.Enter the IP address or addresses of the DNS server to which you want to forward DNS traffic.
6.Select whether the conditional forwarder will be stored within Active Directory. Choose whether to replicate the forwarder to all servers in the forest or in the domain, as shown in Figure 3-8.
.
Command:
You can create conditional forwarders using the Add-DnsServerConditionalForwarderZone PowerShell cmdlet. For example, to create a conditional forwarder for the DNS domain tailspintoys.com that forwards DNS queries to the server at IP address 10.10.10.102 and replicates that conditional forwarder to all DNS servers within the Active Directory forest,
issue this command:
Add-DnsServerConditionalForwarderZone –MasterServers 10.10.10.102 –Name tailspintoys.com –ReplicationScope Forest
What are stub zones?
A stub zone is a special zone that stores authoritative name server records for a target zone. Stub zones have an advantage over forwarders when the address of a target zone’s authoritative DNS server changes on a regular basis. Stub zones are often used to host the records for authoritative DNS servers in delegated zones. Using stub zones in this way ensures that delegated zone information is up to date. If you create the stub zone on a writable domain controller, as shown in Figure 3-9, it can be stored with Active Directory and replicated to other DCs in the domain or forest
How to create stub zones?
1. In DNS Manager, right-click Forward Lookup Zones and click New Zone.
2. On the Zone Type page of the New Zone Wizard, select Stub Zone, as shown in
Figure 3-9.
3. If you chose the Store The Zone In Active Directory option, you see the Active Directory Zone Replication Scope page. Choose whether to replicate the stub zone to all domain controllers in the forest, in the domain, or to all domain controllers enrolled in a specific directory partition.
4.Provide the stub zone with the name of the target DNS zone.
5. On the Master DNS Servers page, shown in Figure 3-10, provide the address of an authoritative
DNS name server for the zone. Choose the Use The Above Servers To Create A Local List Of Master Servers option to generate a list of all authoritative name servers in the target DNS zone.
.
Command :
You can add a stub zone using the Add-DnsServerStubZone cmdlet. For example, to add a DNS stub zone for the fabrikam.com zone using the DNS server at 10.10.10.222 that replicates to all DNS servers in the forest, execute this command:
Add-DnsServerStubZone –MasterServers 10.10.10.222 –Name fabrikam.com –ReplicationScope Forest –LoadExisting
LESSON SUMMARY
Lesson summary
■■ Primary and stub zones can be configured as Active Directory integrated zones.
■■ Active Directory integrated zones can be replicated to all domain controllers in a domain, in the forest, or that have a specific DNS application partition.
■■ Reverse lookup zones translate IP addresses into FQDNs.
■■ Reverse lookup zones can be Active Directory integrated zones.
■■ Secondary zones are read-only.
■■ Conditional forwarders forward all traffic for a particular zone to a particular DNS server.
■■ Forwarders forward all traffic not handled by conditional forwarders to a specific DNS server.
1. You want to create a new DNS zone. Only computers that are members of the domain should be able to update the zone. You should not have to perform zone updates manually. Which of the following steps should you take to accomplish this goal? (Choose all that apply.)
A. Configure the contoso.com zone as an Active Directory integrated primary.
B. Configure the contoso.com zone as a standard primary zone.
C. Configure the zone to enable only secure dynamic updates.
D. Configure the zone to not enable dynamic updates.
Correct answers: A and C
A. Correct: Configuring the zone as Active Directory integrated primary enables you to configure the zone to accept only secure dynamic updates.B. Incorrect: You cannot configure a standard primary zone so that it will accept only secure dynamic updates. A standard primary zone can be configured to accept both secure and insecure dynamic updates.
C. Correct: Configuring this setting ensures that only computers that are members of the domain can update the zone.
D. Incorrect: If you do not configure the zone to allow dynamic updates, you have to perform zone updates manually.
2. Which of the following network IDs is associated with the reverse lookup zone 15.168.192.in-addr.arpa?
A. 192.168.15.0 /16
B. 15.168.192.0 /24
C. 192.168.15.0 /24
D. 15.168.192.0 /24
2.Correct answer: C
A. Incorrect: This network ID would be associated with the 168.192.in-ddr.arpa zone.
B.Incorrect: This network ID would be associated with the 192.186.15.in-addr.arpa zone.
C.Correct: Zones names use octets in reverse. The zero is dropped from the zone name.
D.Incorrect: This network ID would be associated with the 15.168.192.0 network ID.
3. You want to create a delegation for the zone australia.fabrikam.com. This zone will be hosted on a DNS server with the IP address 10.100.10.10. The DNS server that is authoritative for the zone fabrikam.com is hosted on a computer with the IP address 10.10.10.10. Which of the following steps must you take first? (Choose all that apply.)
A. Create the zone australia.fabrikam.com on the computer that hosts the DNS server with the IP address 10.10.10.10.
B. Create the zone australia.fabrikam.com on the computer that hosts the DNS server with the IP address 10.100.10.10.
C. Create the delegation using the zone fabrikam.com on the computer that hosts the DNS server with the IP address 10.100.10.10.
D. Create the delegation using the zone fabrikam.com on the computer that hosts the DNS server with the IP address 10.10.10.10.
3. Correct answer: B
A. Incorrect: You should not create the target zone on the computer on which you are going to perform the delegation, unless that computer will host that zone. In this situation, the target zone will be hosted on the computer with IP address 10.100.10.10.
B. Correct: You must create the target zone on the server that will host that zone prior to performing the delegation.
C. Incorrect: You must create the target zone before you perform a delegation.
D. Incorrect: You must create the target zone before you perform a delegation.
4. A partner organization frequently alters the IP addresses of its authoritative name servers. Clients in the partner DNS zone also change their DNS records frequently. You want to enable clients in your organizational network to be able to quickly resolve addresses in the partner’s DNS zone without worrying that your own DNS server is hosting stale DNS records. Which of the following should you create on your local DNS server to accomplish this goal? (Choose all that apply.)
A. Secondary zone
B. Conditional forwarder
C. Forwarder
D. Stub zone
4. Correct answer: D
A. Incorrect: Although configuring a secondary zone will provide a local copy of the partner organization’s zone, a better approach is to use a stub zone because the zone updates frequently. This way, clients on your organizational network can quickly locate the authoritative name servers in the partner zone and resolve addresses in that zone accurately.
B. Incorrect: Conditional forwarders use static entries for authoritative servers in the target zone. Because the authoritative servers in the target zone often change, a conditional forwarder is quickly out of date.
C. Incorrect: Forwarders are used to forward all queries, rather than queries to a specific zone.
D. Correct: The best approach is to use a stub zone. This way, clients on your organizational
network can quickly locate the authoritative name servers in the partner zone and resolve addresses in that zone accurately.
5. You want to have all DNS requests for nonlocal addresses go to your ISP’s DNS server, except those for hosts located in the margiestravel.com zone. Any requests for hosts located in the margiestravel.com zone should automatically be forwarded to a DNS server with a specific IP address. Which of the following should you configure to accomplish this goal? (Choose all that apply.)
A. Stub zone
B. Forwarder
C. Conditional forwarder
D. Secondary zone
5. Correct answers: B and C
A. Incorrect: A stub zone replicates authoritative name server information from a target zone. In this situation, you simply want to forward traffic for hosts in a specific
zone to a specific DNS server.
B. Correct: You need to configure a forwarder that will forward traffic to your ISP’s DNS server.
C. Correct: A conditional forwarder will forward all traffic to the margiestravel.com DNS zone to a DNS server at a specific address.
D. Incorrect: You want to forward client request traffic either to your ISP’s DNS server or to the margiestravel.com DNS server. Hosting a secondary zone of the margiestravel.com DNS zone does not accomplish this goal.
Lesson 2: WINS and GlobalNames zones
Both WINS and GlobalNames zones provide single-label name resolution solutions. Single-label name resolution solutions are often required because custom code and scripts, some dating back to the days when Windows NT 4.0 was the server operating system of choice, don’t use the DNS FQDNs. In this lesson, you’ll learn how to provide an appropriate single-label name resolution solution for your organizational network.
What are WINS?
WINS is an older name resolution technology that resolves NetBIOS names to IP addresses. WINS was primarily used on networks running Windows NT 4.0 and has been declining in utilization ever since. Other than small changes to make WINS less vulnerable to malicious attack, the functionality of WINS has not changed substantially since the release of Windows Server 2003 almost a decade ago. Windows Server 2012 still includes the WINS role because a large number of organizations have need for single-label name resolution functionality. Single-label name resolution is required when a host is referred to on the network with a single name, such as Windows Server Update Services (WSUS), rather than an FQDN such as wsus.contoso.internal. Depending on how DNS is configured, some clients can use their DNS host suffix to locate hosts on the basis of a single label. You can also integrate DNS with WINS.
How to configure WINS server?
To install and configure WINS role on a computer running Windows Server 2012, perform the following steps:
1. From Server Manager, use the Manage menu to launch the Add Roles And Features Wizard.
2. Select the WINS Server feature, as shown in Figure 3-11.
To install WINS using Windows PowerShell, use the following command:
Install-WindowsFeature WINS
Unless the routers are specially configured, NetBIOS traffic doesn’t cross subnet boundaries.
This means that unless you take specific steps, the WINS database will not be populated with address entries by hosts on remote networks. WINS does support the creation of static address entries, and you can use it to manually populate the WINS database with the addresses of important hosts that must be resolvable using single-label names. Client computers must know the address of a WINS server to utilize it for single-label name resolution. You can configure a client with the address of a WINS server by configuring DHCP option 044. You can also configure the address of a WINS server by editing the TCP/IPv4 properties on a specific network adapter, as shown in Figure 3-12.
.
You can configure WINS servers on different subnets as replication partners. When you do this, these WINS servers exchange address data with one another. WINS uses two types of partners in replication:
■■ Push partner A WINS server that notifies a pull partner that the WINS database has been updated. The pull partner will respond with a replication request, and database changes will be replicated. Push replication occurs only when a certain number of updates to the database have occurred.
■■ Pull partner Waits for notification that the database has been updated and then replicates database changes.
It is a collection of Records, whether that collection is updatable, and how that collection will replicate to other DNS servers.
What are forwarders?
It is a method of re-directing DNS queries to specific servers. It is used to improve DNS performance or allow connections to specific DNS zones that might (otherwise) not be directly accessible.
Where you can create AD integrated zone?
You can create it only on wriatable domain controller. It is the computer in whcih you have installed AD domain controller.
Where you can configure primary and stub zones as AD intergrated zone?
On AD integrated zone which has DNS server installed on it so it can process updates to those zones.
Where you can configure DNS replication scope?
When you create a new zone on AD integrated zone you will get a option to configure DNS replication:
*To all DNS servers running on all domain controllers in this Forest.
*To all DNS servers running on all domain controllers in this Domain.
*To all DNS servers running on all domain controllers in this Domain (For windows 2000 compatibility).
Why we need to configure dynamic updates while configuring zone?
This is useful in environments in which clients change IP addresses on a regular basis. When a client gets a new IP address, it can update the record associated with its host name in the appropriate DNS zone.
■ Allow only secure dynamic updates : You can use this option only with Active Directory integrated zones. Only authenticated clients can update DNS records.
■■ Allow both nonsecure and secure dynamic updates : With this option, any client can update a record. Although this option is convenient, it is also insecure because any client can update the DNS zone, potentially redirecting clients that trust the quality of the information stored on the DNS server.
■■ Do not allow dynamic updates When you choose this option, all DNS updates must be performed manually. This option is very secure, but it is also labor-intensive.
Can Read only Domain controller (RODC) can replicate updates to other DNS servers?
No because it is a read only domain controller but An RODC will forward any zone update traffic directed at it to a writable domain controller.
How to create a Active Directory integrated zone cpandl.com to replicate to all domain controllers in the forest by using command?
Add-DnsServerPrimaryZone –Name cpandl.com –ReplicationScope Forest
__________________________________________________________________________
Notes: When you first install Active Directory, the installation process ensures that the DNS zone associated with the root domain is automatically configured as an Active Directory integrated zone and is replicated to all domain controllers in the forest.
______________________________________________________________________________
What is primary zone?
When a zone that this DNS server hosts is a primary zone, the DNS server is the primary source for information about this zone, and it stores the master copy of zone data in a local file or in AD DS. When the zone is stored in a file, by default the primary zone file is named zone_name.dns and it is located in the %windir%\System32\Dns folder on the server.
If primary zone is not working or deleted, then no zone updates can occur until the primary zone is restored.
Windows Server 2012 supports two types of primary zones: Active Directory integrated zones and standard primary zones.
Active Directory integrated zones can be hosted only on computers that also function as domain controllers. Computers running Windows Server 2012 that are not domain controllers can host standard primary zones. When you create a primary zone on a computer that is not a domain controller, the wizard does not enable you to specify a replication scope for the zone.
What is secondary zone?
A secondary zone is a read-only copy of a primary zone. Secondary zones cannot process updates; they can only retrieve updates from a primary zone. Secondary zones cannot be Active Directory integrated zones, but you can configure a secondary zone of a zone that is an Active Directory integrated primary zone. Prior to configuring a secondary zone, you need to configure the primary zone that it will replicate from to enable transfers to that zone. You can do this on the Zone Transfers tab of the zone properties, as shown in Figure 3-4. Secondary zones work best when the primary zone they replicate from does not update frequently. If the primary zone is frequently updated, it is possible that the secondary zone may have out-of-date records.
What is Reverse Look up Zones?
Reverse lookup zones translate IP addresses into FQDNs. You can create IPv4 or IPv6 reverse lookup zones, and reverse lookup zones can be configured as Active Directory integrated zones. You can configure reverse lookup zones as standard primary, secondary, or stub zones. The domain controller promotion process automatically creates a reverse lookup zone based on the IP address of the first domain controller promoted in the organization.
Reverse lookup zones are dependent on the network ID of the IP address range they represent.
IPv4 reverse lookup zones can represent only /8, /16, or /24 (the old Class A, Class B, and Class C) networks. You can’t create a single reverse lookup zone for IP subnets that don’t fit into these categories, and the smallest reverse lookup zone you can create is for subnet mask /24 (255.255.255.0).
How to create Reverse Lookup Zones?
1. In the DNS Manager Console, right-click Reverse Lookup Zones and click New Zone.
2. On the Zone Type page, select the type of reverse lookup zone that you want to create.
You can create a primary or a stub zone that can be Active Directory integrated if you are managing a DNS server on a domain controller, or create a secondary zone if the reverse lookup zone is being replicated from an existing primary reverse lookup zone.
3. If you have chosen to make the lookup zone Active Directory integrated, you’ll need to choose the zone replication scope.
4. On the Reverse Lookup Zone Name page, choose between IPv4 and IPv6 Reverse Lookup Zone.
5. You can configure the reverse lookup zone either on the basis of choosing either Network
ID or Reverse Lookup Zone Name, as shown in Figure 3-5. The name is automatically
generated when you provide the ID.
6. You can then choose whether to enable secure dynamic updates, enable nonsecure and secure dynamic updates, or not enable dynamic updates.
What are ZONE Delegation?
Zone delegations function as pointers to the next DNS layer down in the DNS hierarchy. For example, if your organization uses the contoso.com DNS zone and you want to create a separate australia.contoso.com DNS zone, you can perform a zone delegation so that the DNS servers for the contoso.com DNS zone would point to the DNS servers for the australia .contoso.com DNS zone. When you create a new child domain in an Active Directory forest, zone delegation occurs automatically. When you are performing a manual delegation, create the delegated zone on the target DNS server prior to performing the delegation from the parent zone.
How to configure Zone delegation?
You can configure a zone delegation by performing the following steps:
1. Create the primary zone, either standard or Active Directory integrated, on the DNS server that will host the delegated zone.
2. In the DNS Manager Console, right-click the zone that you want to create a delegation for and click New Delegation.
3.On the Delegated Domain Name page of the New Delegation Wizard, shown in Figure 3-6, enter the name of the delegated domain.
4.On the Name Servers page, shown in Figure 3-6, add the address of the DNS server that hosts the zone for which you are creating a delegation. The wizard will check that the DNS server is authoritative for the delegated zone
What is Split DNS?
DNSSplit DNS enables organizations to use the same namespace for internal and external hosts, but enables those organizations to ensure that external hosts can’t resolve internal names.
For example, an organization might want to enable internal users to resolve the addresses www.tailspintoys.com and aus-fs1.tailspintoys.com, but enable external users to resolve only www.tailspintoys.com.
How to implement Split DNS?
To implement split DNS, create two zones on different name servers for the same DNS zone. For example, you can configure split DNS in the following way:
■■ Contoso.com is an Active Directory integrated primary zone replicated to all domain controllers on your organization’s internal network. Internal clients would run queries against these DNS servers for the contoso.com zone.
■■ Contoso.com is a standard primary zone hosted on a computer running Windows Server 2012 that is not a member of a domain and is located on your organization’s perimeter network. External clients would run queries against this DNS server for the contoso.com zone.
You can configure the standard primary zone hosted on the computer on the perimeter network to accept only manual updates. You can then manually populate the zone with those records that external hosts should be able to resolve, such as the address of web servers and mail gateways.
However, Many organizations don’t bother hosting the publicly resolvable zone associated with their organization, but instead have it hosted on their ISP’s DNS servers.
Can you create an AD intergrated primary zone on computer running win server 2012 with DNS server role installed?
You can’t create an Active Directory integrated primary zone if the Windows Server 2012 computer hosting the DNS Server service is not a domain controller.
What are Forwarders and conditional forwarders?
These forwarders are used to forward traffic to specific DNS
Forwarders and conditional forwarders enable your DNS server to forward traffic to specific DNS servers when a lookup request cannot be handled locally. If you don’t configure a forwarder,
or if a configured forwarder can’t be contacted, the DNS Server service will forward the request to a DNS root server, and the request will be resolved normally.
What are forwarders?
You are likely to use a DNS forwarder, rather than have your DNS server just use the root server, when you want to have a specific DNS server on the Internet handle your organization’s DNS resolution traffic. You are most likely to configure your organization’s ISP’s DNS server as a forwarder. When you do this, the ISP’s DNS server performs all the query work, returning the result to your organization’s DNS server that returns the result of the query back to the original requesting client.
You configure forwarders on a per-DNS server level.
You can configure a forwarder using the DNS Manager, by editing the properties of a DNS server and then editing the list of forwarders on the Forwarders tab, as shown in Figure 3-7.
You can create a DNS forwarder using the Add-DnsServerForwarder cmdlet.
For example, to create a DNS forwarder for a DNS server with IP address 10.10.10.111, issue this command:
Add-DnsServerForwarder 10.10.10.111
You can’t create a forwarder on one DNS server and then have it replicate to all other DNS servers in the forest or the domain, although this is possible with conditional forwarders and stub zones.
What are conditional forwarders?
Conditional forwarders forward address requests from only specific domains rather than all requests that can’t be resolved by the DNS server. When configured, a conditional forwarder takes precedence over a forwarder. Conditional forwarders are useful when your organization has a trust relationship or partnership with another organization. You can configure a conditional forwarder that directs all traffic to host names within that organization instead of them having to be resolved by the standard DNS-resolution process.
How to create conditional forwarders?
To create a conditional forwarder, perform the following steps:
1.Open DNS Manager.
2. Expand the DNS server on which you want to create the conditional forwarder. Because
conditional forwarders can be replicated to all DNS servers in a forest or domain, you have to create the forwarder only once.
3.Right-click Conditional Forwards and choose New Conditional Forwarder.
4.Enter the DNS domain name of the zone for the forwarder. For example, if you want all traffic for hosts in the wingtiptoys.com zone to be forwarded to specific DNS servers, enter wingtiptoys.com as the DNS domain name.
5.Enter the IP address or addresses of the DNS server to which you want to forward DNS traffic.
6.Select whether the conditional forwarder will be stored within Active Directory. Choose whether to replicate the forwarder to all servers in the forest or in the domain, as shown in Figure 3-8.
.Command:
You can create conditional forwarders using the Add-DnsServerConditionalForwarderZone PowerShell cmdlet. For example, to create a conditional forwarder for the DNS domain tailspintoys.com that forwards DNS queries to the server at IP address 10.10.10.102 and replicates that conditional forwarder to all DNS servers within the Active Directory forest,
issue this command:
Add-DnsServerConditionalForwarderZone –MasterServers 10.10.10.102 –Name tailspintoys.com –ReplicationScope Forest
What are stub zones?
A stub zone is a special zone that stores authoritative name server records for a target zone. Stub zones have an advantage over forwarders when the address of a target zone’s authoritative DNS server changes on a regular basis. Stub zones are often used to host the records for authoritative DNS servers in delegated zones. Using stub zones in this way ensures that delegated zone information is up to date. If you create the stub zone on a writable domain controller, as shown in Figure 3-9, it can be stored with Active Directory and replicated to other DCs in the domain or forest
How to create stub zones?
1. In DNS Manager, right-click Forward Lookup Zones and click New Zone.
2. On the Zone Type page of the New Zone Wizard, select Stub Zone, as shown in
Figure 3-9.
3. If you chose the Store The Zone In Active Directory option, you see the Active Directory Zone Replication Scope page. Choose whether to replicate the stub zone to all domain controllers in the forest, in the domain, or to all domain controllers enrolled in a specific directory partition.
4.Provide the stub zone with the name of the target DNS zone.
5. On the Master DNS Servers page, shown in Figure 3-10, provide the address of an authoritative
DNS name server for the zone. Choose the Use The Above Servers To Create A Local List Of Master Servers option to generate a list of all authoritative name servers in the target DNS zone.
.Command :
You can add a stub zone using the Add-DnsServerStubZone cmdlet. For example, to add a DNS stub zone for the fabrikam.com zone using the DNS server at 10.10.10.222 that replicates to all DNS servers in the forest, execute this command:
Add-DnsServerStubZone –MasterServers 10.10.10.222 –Name fabrikam.com –ReplicationScope Forest –LoadExisting
LESSON SUMMARY
Lesson summary
■■ Primary and stub zones can be configured as Active Directory integrated zones.
■■ Active Directory integrated zones can be replicated to all domain controllers in a domain, in the forest, or that have a specific DNS application partition.
■■ Reverse lookup zones translate IP addresses into FQDNs.
■■ Reverse lookup zones can be Active Directory integrated zones.
■■ Secondary zones are read-only.
■■ Conditional forwarders forward all traffic for a particular zone to a particular DNS server.
■■ Forwarders forward all traffic not handled by conditional forwarders to a specific DNS server.
1. You want to create a new DNS zone. Only computers that are members of the domain should be able to update the zone. You should not have to perform zone updates manually. Which of the following steps should you take to accomplish this goal? (Choose all that apply.)
A. Configure the contoso.com zone as an Active Directory integrated primary.
B. Configure the contoso.com zone as a standard primary zone.
C. Configure the zone to enable only secure dynamic updates.
D. Configure the zone to not enable dynamic updates.
Correct answers: A and C
A. Correct: Configuring the zone as Active Directory integrated primary enables you to configure the zone to accept only secure dynamic updates.B. Incorrect: You cannot configure a standard primary zone so that it will accept only secure dynamic updates. A standard primary zone can be configured to accept both secure and insecure dynamic updates.
C. Correct: Configuring this setting ensures that only computers that are members of the domain can update the zone.
D. Incorrect: If you do not configure the zone to allow dynamic updates, you have to perform zone updates manually.
2. Which of the following network IDs is associated with the reverse lookup zone 15.168.192.in-addr.arpa?
A. 192.168.15.0 /16
B. 15.168.192.0 /24
C. 192.168.15.0 /24
D. 15.168.192.0 /24
2.Correct answer: C
A. Incorrect: This network ID would be associated with the 168.192.in-ddr.arpa zone.
B.Incorrect: This network ID would be associated with the 192.186.15.in-addr.arpa zone.
C.Correct: Zones names use octets in reverse. The zero is dropped from the zone name.
D.Incorrect: This network ID would be associated with the 15.168.192.0 network ID.
3. You want to create a delegation for the zone australia.fabrikam.com. This zone will be hosted on a DNS server with the IP address 10.100.10.10. The DNS server that is authoritative for the zone fabrikam.com is hosted on a computer with the IP address 10.10.10.10. Which of the following steps must you take first? (Choose all that apply.)
A. Create the zone australia.fabrikam.com on the computer that hosts the DNS server with the IP address 10.10.10.10.
B. Create the zone australia.fabrikam.com on the computer that hosts the DNS server with the IP address 10.100.10.10.
C. Create the delegation using the zone fabrikam.com on the computer that hosts the DNS server with the IP address 10.100.10.10.
D. Create the delegation using the zone fabrikam.com on the computer that hosts the DNS server with the IP address 10.10.10.10.
3. Correct answer: B
A. Incorrect: You should not create the target zone on the computer on which you are going to perform the delegation, unless that computer will host that zone. In this situation, the target zone will be hosted on the computer with IP address 10.100.10.10.
B. Correct: You must create the target zone on the server that will host that zone prior to performing the delegation.
C. Incorrect: You must create the target zone before you perform a delegation.
D. Incorrect: You must create the target zone before you perform a delegation.
4. A partner organization frequently alters the IP addresses of its authoritative name servers. Clients in the partner DNS zone also change their DNS records frequently. You want to enable clients in your organizational network to be able to quickly resolve addresses in the partner’s DNS zone without worrying that your own DNS server is hosting stale DNS records. Which of the following should you create on your local DNS server to accomplish this goal? (Choose all that apply.)
A. Secondary zone
B. Conditional forwarder
C. Forwarder
D. Stub zone
4. Correct answer: D
A. Incorrect: Although configuring a secondary zone will provide a local copy of the partner organization’s zone, a better approach is to use a stub zone because the zone updates frequently. This way, clients on your organizational network can quickly locate the authoritative name servers in the partner zone and resolve addresses in that zone accurately.
B. Incorrect: Conditional forwarders use static entries for authoritative servers in the target zone. Because the authoritative servers in the target zone often change, a conditional forwarder is quickly out of date.
C. Incorrect: Forwarders are used to forward all queries, rather than queries to a specific zone.
D. Correct: The best approach is to use a stub zone. This way, clients on your organizational
network can quickly locate the authoritative name servers in the partner zone and resolve addresses in that zone accurately.
5. You want to have all DNS requests for nonlocal addresses go to your ISP’s DNS server, except those for hosts located in the margiestravel.com zone. Any requests for hosts located in the margiestravel.com zone should automatically be forwarded to a DNS server with a specific IP address. Which of the following should you configure to accomplish this goal? (Choose all that apply.)
A. Stub zone
B. Forwarder
C. Conditional forwarder
D. Secondary zone
5. Correct answers: B and C
A. Incorrect: A stub zone replicates authoritative name server information from a target zone. In this situation, you simply want to forward traffic for hosts in a specific
zone to a specific DNS server.
B. Correct: You need to configure a forwarder that will forward traffic to your ISP’s DNS server.
C. Correct: A conditional forwarder will forward all traffic to the margiestravel.com DNS zone to a DNS server at a specific address.
D. Incorrect: You want to forward client request traffic either to your ISP’s DNS server or to the margiestravel.com DNS server. Hosting a secondary zone of the margiestravel.com DNS zone does not accomplish this goal.
Lesson 2: WINS and GlobalNames zones
Both WINS and GlobalNames zones provide single-label name resolution solutions. Single-label name resolution solutions are often required because custom code and scripts, some dating back to the days when Windows NT 4.0 was the server operating system of choice, don’t use the DNS FQDNs. In this lesson, you’ll learn how to provide an appropriate single-label name resolution solution for your organizational network.
What are WINS?
WINS is an older name resolution technology that resolves NetBIOS names to IP addresses. WINS was primarily used on networks running Windows NT 4.0 and has been declining in utilization ever since. Other than small changes to make WINS less vulnerable to malicious attack, the functionality of WINS has not changed substantially since the release of Windows Server 2003 almost a decade ago. Windows Server 2012 still includes the WINS role because a large number of organizations have need for single-label name resolution functionality. Single-label name resolution is required when a host is referred to on the network with a single name, such as Windows Server Update Services (WSUS), rather than an FQDN such as wsus.contoso.internal. Depending on how DNS is configured, some clients can use their DNS host suffix to locate hosts on the basis of a single label. You can also integrate DNS with WINS.
How to configure WINS server?
To install and configure WINS role on a computer running Windows Server 2012, perform the following steps:
1. From Server Manager, use the Manage menu to launch the Add Roles And Features Wizard.
2. Select the WINS Server feature, as shown in Figure 3-11.
To install WINS using Windows PowerShell, use the following command:
Install-WindowsFeature WINS
Unless the routers are specially configured, NetBIOS traffic doesn’t cross subnet boundaries.
This means that unless you take specific steps, the WINS database will not be populated with address entries by hosts on remote networks. WINS does support the creation of static address entries, and you can use it to manually populate the WINS database with the addresses of important hosts that must be resolvable using single-label names. Client computers must know the address of a WINS server to utilize it for single-label name resolution. You can configure a client with the address of a WINS server by configuring DHCP option 044. You can also configure the address of a WINS server by editing the TCP/IPv4 properties on a specific network adapter, as shown in Figure 3-12.
.You can configure WINS servers on different subnets as replication partners. When you do this, these WINS servers exchange address data with one another. WINS uses two types of partners in replication:
■■ Push partner A WINS server that notifies a pull partner that the WINS database has been updated. The pull partner will respond with a replication request, and database changes will be replicated. Push replication occurs only when a certain number of updates to the database have occurred.
■■ Pull partner Waits for notification that the database has been updated and then replicates database changes.
Subscribe to:
Posts (Atom)