Exam Objectives Frequently Asked Questions

Previous page
Table of content
Next page


The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts. You will also gain access to thousands of other FAQs at ITFAQnet.com.

1.

What new features of Windows Server 2003 DNS are most likely to be included in the exam?

windows server 2003 introduces a number of new features for dns. these include stub zones, conditional forwarding, application directory partitions, support for edns0 to allow larger udp packet sizes, and limited support for dnssec. of these, the most widely used and implemented features will be stub zones, conditional forwarding, and application directory partitions. the use of these features can play a key role in optimizing a dns infrastructure and making it more fault tolerant. for example, the use of stub zones can help to eliminate problems with lame delegations and can help to reduce dns referral traffic. conditional forwarding can be used to help reduce cross-referral traffic and can be used as an alternative to stub zones.

2.

What is the DnsUpdateProxy group and why is it important?

the dnsupdateproxy group allows dhcp servers that are members of this group to register mappings in forward and reverse lookup zones so that the resulting acls on the resource records have no security configured on them. this makes it possible for other dhcp servers and clients to subsequently overwrite the resource records in active directory-integrated zones that are configured to accept authenticated updates only. because this also creates a security hole, especially if the dhcp service is located on a domain controller, it is now possible in windows server 2003 to configure the dhcp server to create resource records using a user account created for this purpose.

3.

What is the difference between a DNS domain and a zone?

a zone contains the actual resource records that are used to provide name resolution for a particular dns domain. a single zone file can contain records for both the parent and its subdomains. the dns servers on which this zone file is located are said to be authoritative for the parent and the subdomains. if the zone file is too large or if there is some other need, authority for the subdomains can be delegated to other dns servers. when this occurs, the dns server that is authoritative for the parent domain is no longer authoritative for the subdomains, since its zone file no longer contains resource records for those zones.

4.

What is the difference between an authoritative and nonauthoritative response?

an authoritative response is one that comes directly from a dns server that is authoritative for domain. a nonauthoritative response is one that comes from the cache of a dns server that is not authoritative for the domain and has previously resolved the query.

5.

What is the difference between a recursive query and an iterative query?

a recursive query is performed by a dns host to a dns server asking the dns server to find the answer or return an error. the dns server assumes the responsibility for resolving the name. usually dns clients and dns forwarders send recursive queries to dns servers configured to perform recursion, that is, to send iterative queries to other dns servers. iterative queries are usually used for communication between dns servers. if the dns server cannot resolve a name mapping, it will contact other dns servers in the dns hierarchy and accept referral answers to find dns servers that are authoritative for the domain where the host is located. for example, if the dns server is trying to resolve www.syngress.com to an ip address, it might contact a dns server that is authoritative for the .com namespace and accept a referral answer that provides the ip addresses of dns servers that are authoritative for the foobar.com domain namespace. this process is referred to as walking the tree .

6.

What is the version ID, and why is it so important in WINS replication?

all name mapping records in a wins database have a field that contains a version id. every time a registration is created or updated, the record is given an incremented version id. the version id is sequentially incremented across the entire set of records in the database. when wins servers are set up as replication partners to each other, they store the highest version id of the partner server in an owner table. when push or pull replication is triggered, the wins servers compare the values of the version ids in their owner table with values sent to them by their replication partner. by comparing version ids, wins servers can determine what incremental changes have occurred since the last replication cycle.

7.

What is tombstoning?

when a record is deleted in a local wins database, the deletion of the record should be propagated to other wins severs. the problem is this: how do you replicate a deletion? well, you can t. but, you can mark the record in a special way that will let other wins servers know that they should delete their own copy of the record. tombstoning is the process of marking the record so that it will replicate and persist long enough to let other wins servers know they should delete their copy of the record. when you manually delete a record in a wins database, you will be prompted as to whether you want to perform a simple deletion or a tombstone deletion. when you choose a simple deletion, only the local copy is deleted, and the record can be replicated back to the server and reappear. a tombstone deletion ensures the record stays deleted.

8.

What is the difference between push and pull replication?

push and pull replication differ only in how they are initiated. a wins server initiates push replication by informing its push replication partner that it has records it would like to replicate. the wins server sends only a notification containing its owner table (a table listing owner ids and version ids) to its push partner. the push partner subsequently initiates a pull replication with the original server (its pull partner). push replication is triggered when a configurable threshold of updates is reached. for example, a wins server could be configured to send a notification after it had received 50 updates. pull replication is initiated according to a configurable schedule on the wins server.

9.

What is the most efficient replication topology for WINS server replication?

in most cases, the most efficient replication topology for replicating wins records is a hub-and-spoke topology. however, this will vary depending on the circumstances. most large, complex networks may find that the best topology is one that involves a mix of different topologies (such as ring and hub-and-spoke) and replication partnerships.

Answers

1.

Windows Server 2003 introduces a number of new features for DNS. These include stub zones, conditional forwarding, application directory partitions, support for EDNS0 to allow larger UDP packet sizes, and limited support for DNSSEC. Of these, the most widely used and implemented features will be stub zones, conditional forwarding, and application directory partitions. The use of these features can play a key role in optimizing a DNS infrastructure and making it more fault tolerant. For example, the use of stub zones can help to eliminate problems with lame delegations and can help to reduce DNS referral traffic. Conditional forwarding can be used to help reduce cross-referral traffic and can be used as an alternative to stub zones.

2.

The DnsUpdateProxy group allows DHCP servers that are members of this group to register mappings in forward and reverse lookup zones so that the resulting ACLs on the resource records have no security configured on them. This makes it possible for other DHCP servers and clients to subsequently overwrite the resource records in Active Directory-integrated zones that are configured to accept authenticated updates only. Because this also creates a security hole, especially if the DHCP service is located on a domain controller, it is now possible in Windows Server 2003 to configure the DHCP server to create resource records using a user account created for this purpose.

3.

A zone contains the actual resource records that are used to provide name resolution for a particular DNS domain. A single zone file can contain records for both the parent and its subdomains. The DNS servers on which this zone file is located are said to be authoritative for the parent and the subdomains. If the zone file is too large or if there is some other need, authority for the subdomains can be delegated to other DNS servers. When this occurs, the DNS server that is authoritative for the parent domain is no longer authoritative for the subdomains, since its zone file no longer contains resource records for those zones.

4.

An authoritative response is one that comes directly from a DNS server that is authoritative for domain. A nonauthoritative response is one that comes from the cache of a DNS server that is not authoritative for the domain and has previously resolved the query.

5.

A recursive query is performed by a DNS host to a DNS server asking the DNS server to find the answer or return an error. The DNS server assumes the responsibility for resolving the name. Usually DNS clients and DNS forwarders send recursive queries to DNS servers configured to perform recursion, that is, to send iterative queries to other DNS servers. Iterative queries are usually used for communication between DNS servers. If the DNS server cannot resolve a name mapping, it will contact other DNS servers in the DNS hierarchy and accept referral answers to find DNS servers that are authoritative for the domain where the host is located. For example, if the DNS server is trying to resolve www.syngress.com to an IP address, it might contact a DNS server that is authoritative for the .com namespace and accept a referral answer that provides the IP addresses of DNS servers that are authoritative for the foobar.com domain namespace. This process is referred to as walking the tree.

6.

All name mapping records in a WINS database have a field that contains a version ID. Every time a registration is created or updated, the record is given an incremented version ID. The version ID is sequentially incremented across the entire set of records in the database. When WINS servers are set up as replication partners to each other, they store the highest version ID of the partner server in an owner table. When push or pull replication is triggered, the WINS servers compare the values of the version IDs in their owner table with values sent to them by their replication partner. By comparing version IDs, WINS servers can determine what incremental changes have occurred since the last replication cycle.

7.

When a record is deleted in a local WINS database, the deletion of the record should be propagated to other WINS severs. The problem is this: How do you replicate a deletion? Well, you can’t. But, you can mark the record in a special way that will let other WINS servers know that they should delete their own copy of the record. Tombstoning is the process of “marking” the record so that it will replicate and persist long enough to let other WINS servers know they should delete their copy of the record. When you manually delete a record in a WINS database, you will be prompted as to whether you want to perform a simple deletion or a tombstone deletion. When you choose a simple deletion, only the local copy is deleted, and the record can be replicated back to the server and reappear. A tombstone deletion ensures the record stays deleted.

8.

Push and pull replication differ only in how they are initiated. A WINS server initiates push replication by informing its push replication partner that it has records it would like to replicate. The WINS server sends only a notification containing its owner table (a table listing owner IDs and version IDs) to its push partner. The push partner subsequently initiates a pull replication with the original server (its pull partner). Push replication is triggered when a configurable threshold of updates is reached. For example, a WINS server could be configured to send a notification after it had received 50 updates. Pull replication is initiated according to a configurable schedule on the WINS server.

9.

In most cases, the most efficient replication topology for replicating WINS records is a hub-and-spoke topology. However, this will vary depending on the circumstances. Most large, complex networks may find that the best topology is one that involves a mix of different topologies (such as ring and hub-and-spoke) and replication partnerships.



Previous page
Table of content
Next page
MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure. Exam 70-293 Study Guide and DVD Training System
MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam 70-293 Study Guide and DVD Training System
ISBN: 1931836930
EAN: 2147483647
Year: 2003
Pages: 173
Authors: Syngress, Syngress Publishing, Thomas W. Shinder, Debra Littlejohn Shinder
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Snort Cookbook
SQL Hacks
GO! with Microsoft Office 2003 Brief (2nd Edition)
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
File System Forensic Analysis
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy