Understanding DHCP- Configuring DHCP and IPAM

Blog

Exam Essentials- Implementing DNS

Understand the purpose of DNS. DNS is a standard set of protocols that defines a mechanism for querying and updating address information in the database, a mechanism for replicating the information in the database among servers, and a schema of the database.

Understand the different parts of the DNS database. The SOA record defines the general parameters for the DNS zone, including who is the authoritative server. NS records list the name servers for a domain; they allow other name servers to look up names in your domain. A host record (also called an address record or an A record) statically associates a host’s name with its IP addresses. Pointer records (PTRs) map an IP address to a hostname, making it possible to do reverse lookups. Alias records allow you to use more than one name to point to a single host. The MX record tells you which servers can accept mail bound for a domain. SRV records tie together the location of a service (like a domain controller) with information about how to contact the service.

Know how DNS resolves names. With iterative queries, a client asks the DNS server for an answer, and the client, or resolver, returns the best kind of answer it has. In a recursive query, the client sends a query to one name server, asking it to respond either with the requested answer or with an error. The error states either that the server can’t come up with the right answer or that the domain name doesn’t exist. With inverse queries, instead of supplying a name and then asking for an IP address, the client first provides the IP address and then asks for the name.

Understand the differences among DNS servers, clients, and resolvers. Any computer providing domain name services is a DNS server. A DNS client is any machine issuing queries to a DNS server. A resolver handles the process of mapping a symbolic name to an actual network address.

Exam Essentials

Know how to install and configure DNS. DNS can be installed before, during, or after installing the Active Directory service. When you install the DNS server, the DNS snap in is installed too. Configuring a DNS server ranges from easy to difficult, depending on what you’re trying to make it do. In the simplest configuration, for a caching- only server, you don’t have to do anything except to make sure that the server’s root hints are set correctly. You can also configure a root server, a normal forward lookup server, and a reverse lookup server.

Know how to create new forward and reverse lookup zones. You can use the New Zone Wizard to create a new forward or reverse lookup zone. The process is basically the same for both types, but the specific steps and wizard pages differ somewhat. The wizard walks you through the steps, such as specifying a name for the zone (in the case of forward lookup zones) or the network ID portion of the network that the zone covers (in the case of reverse lookup zones).

Know how to configure zones for dynamic updates. The DNS service allows dynamic updates to be enabled or disabled on a per- zone basis at each server. This is easily done in the DNS snap- in.

Know how to delegate zones for DNS. DNS provides the ability to divide the namespace into one or more zones; these can then be stored, distributed, and replicated to other DNS servers. When delegating zones within your namespace, be aware that for each new zone you create, you need delegation records in other zones that point to the authoritative DNS servers for the new zone.

Understand the tools that are available for monitoring and troubleshooting DNS. You can use the DNS snap- in to do some basic server testing and monitoring. More important, you use the snap- in to monitor and set logging options. Windows Server 2022 automatically logs DNS events in the event log under a distinct DNS server heading. Nslookup offers the ability to perform query testing of DNS servers and to obtain detailed responses at the command prompt. You can use the command- line tool ipconfig to view your DNS client settings, to view and reset cached information used locally for resolving DNS name queries, and to register the resource records for a dynamic update client. Finally, you can configure the DNS server to create a log file that records queries, notification messages, dynamic updates, and various other DNS information.

  1. You are the network administrator for the ABC Company. Your network consists of two DNS servers named DNS1 and DNS2. The users who are configured to use DNS2 complain because they are unable to connect to Internet websites. The following table shows the configuration of both servers.
DNS1DNS2
_msdcs.abc.comabc.com.(root)_msdcs.abc.comabc.com

The users connected to DNS2 need to be able to access the Internet. What needs to be done?
A. Build a new Active Directory Integrated zone on DNS2.
B. Delete the .(root) zone from DNS2, and configure conditional forwarding on DNS2.
C. Delete the current cache.dns file.
D. Update your cache.dns file and root hints.

  1. You are the network administrator for a large company that has one main site and one branch office. Your company has a single Active Directory forest, ABC.com. You have a single domain controller (ServerA) in the main site that has the DNS role installed. ServerA is configured as a primary DNS zone. You have decided to place a domain controller (ServerB) in the remote site and implement the DNS role on that server. You want to configure DNS so that, if the WAN link fails, users in both sites can still update records and resolve any DNS queries. How should you configure the DNS servers?
    A. Configure ServerB as a secondary DNS server. Set replication to occur every 5 minutes.
    B. Configure ServerB as a stub zone.
    C. Configure ServerB as an Active Directory Integrated zone, and convert ServerA to an Active Directory Integrated zone.
    D. Convert ServerA to an Active Directory Integrated zone, and configure ServerB as a secondary zone.
  2. You are the network administrator for a midsized computer company. You have a single Active Directory forest, and your DNS servers are configured as Active Directory Integrated zones. When you look at the DNS records in Active Directory, you notice that there are many records for computers that do not exist on your domain. You want to make sure only domain computers register with your DNS servers. What should you do to resolve this issue?
    A. Set dynamic updates to None.
    B. Set dynamic updates to Nonsecure And Secure.
    C. Set dynamic updates to Domain Users Only.
    D. Set dynamic updates to Secure Only.
  3. Your company consists of a single Active Directory forest. You have a Windows Server 2022 domain controller that also has the DNS role installed. You also have a Unix- based DNS server at the same location. You need to configure your Windows DNS server to allow zone transfers to the Unix- based DNS server. What should you do?
    A. Enable BIND secondaries.
    B. Configure the Unix machine as a stub zone.
    C. Convert the DNS server to Active Directory Integrated.
    D. Configure the Microsoft DNS server to forward all requests to the Unix DNS server.
  4. You are the network administrator for Stormwind Corporation. Stormwind has two trees in its Active Directory forest, Stormwind.com and abc.com. Company policy does not allow DNS zone transfers between the two trees. You need to make sure that when anyone in abc.com tries to access the Stormwind.com domain, all names are resolved from the Stormwind.com DNS server. What should you do?
    A. Create a new secondary zone in abc.com for Stormwind.com.
    B. Configure conditional forwarding on the abc.com DNS server for Stormwind.com.
    C. Create a new secondary zone in Stormwind.com for abc.com.
    D. Configure conditional forwarding on the Stormwind.com DNS server for abc.com.
  5. You are the network administrator for your organization. A new company policy states that all inbound DNS queries need to be recorded. What can you do to verify that the IT department is compliant with this new policy?
    A. Enable Server Auditing – Object Access.
    B. Enable DNS debug logging.
    C. Enable server database query logging.
    D. Enable DNS Auditing – Object Access.
  6. You are the network administrator for a small company with two DNS servers: DNS1 and DNS2. Both DNS servers reside on domain controllers. DNS1 is set up as a standard primary zone, and DNS2 is set up as a secondary zone. A new security policy was written stating that all DNS zone transfers must be encrypted. How can you implement the new security policy?
    A. Enable the Secure Only setting on DNS1.
    B. Enable the Secure Only setting on DNS2.
    C. Configure Secure Only on the Zone Transfers tab for both servers.
    D. Delete the secondary zone on DNS2. Convert both DNS servers to use Active Directory Integrated zones.
  7. You are responsible for DNS in your organization. You look at the DNS database and see a large number of older records on the server. These records are no longer valid. What should you do?
    A. In the zone properties, enable Zone Aging and Scavenging.
    B. In the server properties, enable Zone Aging and Scavenging.
    C. Manually delete all the old records.
    D. Set Dynamic Updates to None.
  8. Your IT team has been informed by the compliance team that they need copies of the DNS Active Directory Integrated zones for security reasons. You need to give the Compliance department a copy of the DNS zone. How should you accomplish this goal?
    A. Run dnscmd /zonecopy.
    B. Run dnscmd /zoneinfo.
    C. Run dnscmd /zoneexport.
    D. Run dnscmd /zonefile.
  9. You are the network administrator for a Windows Server 2022 network. You have multiple remote locations connected to your main office by slow satellite links. You want to install DNS into these offices so that clients can locate authoritative DNS servers in the main location. What type of DNS servers should be installed in the remote locations?
    A. Primary DNS zones
    B. Secondary DNS zones
    C. Active Directory Integrated zones
    D. Stub zones
  10. You assign two DNS server addresses as part of the options for a scope. Later you find a client workstation that isn’t using those addresses. What’s the most likely cause?
    A. The client didn’t get the option information as part of its lease.
    B. The client has been manually configured with a different set of DNS servers.
    C. The client has a reserved IP address in the address pool.
    D. There’s a bug in the DHCP server service.
  11. You are the network administrator for your company. After configuring a new computer and connecting it to the network, you discover that you cannot access any of the computers on the remote subnet by IP address. You can access some of the computers on the local subnet by IP address. What is the most likely problem?
    A. Incorrectly defined IP address
    B. Incorrectly defined subnet mask
    C. Incorrectly defined default gateway
    D. Incorrectly defined DNS server
  12. A user cannot access a server in the domain. After troubleshooting, you determine that the user cannot access the server by name but can access the server by IP address. What is the most likely problem?
    A. Incorrectly defined IP address
    B. Incorrectly defined subnet mask
    C. Incorrectly defined DHCP server
    D. Incorrectly defined DNS server
  13. You have a Windows client machine that needs to have a static TCP/IP address. You assign the IP address to the machine and you now want to register the computer with DNS. How can you do this from the Windows client machine?
    A. ipconfig /renewdns
    B. ipconfig /flushdns
    C. ipconfig /dns
    D. ipconfig /registerdns
  14. You are the administrator for your company network. Your network has a DNS server that contained corrupted data. You fix the issues on the server. One of the users in the network is complaining that they are still unable to access Internet resources. You check to see whether things are working on another computer on the same subnet. What command should you run to fix the issue?
    A. You should run the DNS /flushdns command.
    B. You should run the ipconfig /flush command.
    C. You should run the ipconfig /flushdns command.
    D. You should run the ping /flush command.
  15. You are the administrator for your company network. A user is using a computer running a Windows client. When this user connects to the corporate network, they are unable to access the internal company servers but can access the servers on the Internet. You run the ipconfig /all command and receive the following:
    Connection-s pecific DNS Suffix . :
    Description . . . . . . . . . . : Ethernet 1
    Physical Address . . . . . . . . : 00- 50- B6- 7B- E4- 81
    DHCP Enabled . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . : Yes
    Link- local IPv6 Address . . . . : fe80::5d56:3419:eB3b:3c46%17 (Preferred)
    IPv4 Address . . . . . . . . . . : 192.168.0.121(Preferred)
    Subnet Mask . . . . . . . . . . : 255.255.255.0
    Lease Obtained . . . . . . . . . : Friday, August 5, 2022 11:38:12 AM
    Lease Expires . . . . . . . . . : Friday, August 5, 2022 11:38:12 PM
    Default Gateway . . . . . . . . : 192.168.0.1
    DHCP Server . . . . . . . . . . : 192.168.0.2
    DHCPv6 IAID . . . . . . . . . . : 536891574
    DHCPv6 Client DUID . . . . . . . : 00- 01- 00- 01- 22-A C- 5F- 64- 00- 50- B6- 7B- E4- 81
    DNS Servers . . . . . . . . . . : 131.107.10.60
    192.168.0.3
    NetBIOS over Tcpip . . . . . . . : Enabled
    You send a ping request and can ping the default gateway, the DNS servers, and the DHCP server successfully. What configuration could be causing the issue?
    A. The issue is with the default gateway address.
    B. The issue is with the DNS servers.
    C. The issue is with the IPv4 address.
    D. The issue is with the subnet mask.
  16. You need to configure your Windows DNS server to allow zone transfers to the Unix- based DNS server. What should you do?
    A. Enable BIND secondaries.
    B. Configure the Unix machine as a stub zone.
    C. Convert the DNS server to Active Directory Integrated.
    D. Configure the Microsoft DNS server to forward all requests to the Unix DNS server.
  17. You have two DNS servers: DNSA and DNSB. Both DNS servers reside on domain controllers. DNSA is set up as a standard primary zone, and DNSB is set up as a secondary zone.
    All DNS zone transfers must be encrypted. How can you implement the new security policy?
    A. Enable the Secure Only setting on DNSA.
    B. Enable the Secure Only setting on DNSB.
    C. Configure Secure Only on the Zone Transfers tab for both servers.
    D. Delete the secondary zone on DNSB. Convert both DNS servers to use Active Directory Integrated zones.
  18. You notice that in your DNS database you see a number of older records on the server. These records are no longer valid. What should you do?
    A. In the zone properties, enable Zone Aging and Scavenging.
    B. In the server properties, enable Zone Aging and Scavenging.
    C. Manually delete all the old records.
    D. Set Dynamic Updates to None.
  19. How do you give an administrator a copy of the DNS zone?
    A. Run dnscmd /zonecopy.
    B. Run dnscmd /zoneinfo.
    C. Run dnscmd /zoneexport.
    D. Run dnscmd /zonefile.

Leave a Reply

Your email address will not be published. Required fields are marked *