Technical Interview Questions – Networking

1. What is an IP address?
2. What is a subnet mask?
3. What is ARP?
4. What is ARP Cache Poisoning?
5. What is the ANDing process?
6. What is a default gateway? What happens if I don't have one?
7. Can a workstation computer be configured to browse the
Internet and yet NOT have a default gateway?
8. What is a subnet?
9. What is APIPA?
10. What is an RFC? Name a few if possible (not necessarily
the numbers, just the ideas behind them)
11. What is RFC 1918?
12. What is CIDR?
13. You have the following Network ID: 192.115.103.64/27.
What is the IP range for your network?
14. You have the following Network ID: 131.112.0.0. You need
at least 500 hosts per network. How many networks can you
create? What subnet mask will you use?
15. You need to view at network traffic. What will you use?
Name a few tools
16. How do I know the path that a packet takes to the
destination?
17. What does the ping 192.168.0.1 -l 1000 -n 100 command do?
18. What is DHCP? What are the benefits and drawbacks of
using it?
19. Describe the steps taken by the client and DHCP server
in order to obtain an IP address.
20. What is the DHCPNACK and when do I get one? Name 2
scenarios.
21. What ports are used by DHCP and the DHCP clients?
22. Describe the process of installing a DHCP server in an
AD infrastructure.
23. What is DHCPINFORM?
24. Describe the integration between DHCP and DNS.
25. What options in DHCP do you regularly use for an MS
network?
26. What are User Classes and Vendor Classes in DHCP?
27. How do I configure a client machine to use a specific
User Class?
28. What is the BOOTP protocol used for, where might you
find it in Windows network infrastructure?
29. DNS zones – describe the differences between the 4 types.
30. DNS record types – describe the most important ones.
31. Describe the process of working with an external domain
name
32. Describe the importance of DNS to AD.
33. Describe a few methods of finding an MX record for a
remote domain on the Internet.
34. What does "Disable Recursion" in DNS mean?
35. What could cause the Forwarders and Root Hints to be
grayed out?
36. What is a "Single Label domain name" and what sort of
issues can it cause?
37. What is the "in-addr.arpa" zone used for?
38. What are the requirements from DNS to support AD?
39. How do you manually create SRV records in DNS?
40. Name 3 benefits of using AD-integrated zones.
41. What are the benefits of using Windows 2003 DNS when
using AD-integrated zones?
42. You installed a new AD domain and the new (and first) DC
has not registered its SRV records in DNS. Name a few
possible causes.
43. What are the benefits and scenarios of using Stub zones?
44. What are the benefits and scenarios of using Conditional
Forwarding?
45. What are the differences between Windows Clustering,
Network Load Balancing and Round Robin, and scenarios for
each use?
46. How do I work with the Host name cache on a client
computer?
47. How do I clear the DNS cache on the DNS server?
48. What is the 224.0.1.24 address used for?
49. What is WINS and when do we use it?
50. Can you have a Microsoft-based network without any WINS
server on it? What are the "considerations" regarding not
using WINS?
51. Describe the differences between WINS push and pull
replications.
52. What is the difference between tombstoning a WINS record
and simply deleting it?
53. Name the NetBIOS names you might expect from a Windows
2003 DC that is registered in WINS.
54. Describe the role of the routing table on a host and on
a router.
55. What are routing protocols? Why do we need them? Name a
few.
56. What are router interfaces? What types can they be?
57. In Windows 2003 routing, what are the interface filters?
58. What is NAT?
59. What is the real difference between NAT and PAT?
60. How do you configure NAT on Windows 2003?
61. How do you allow inbound traffic for specific hosts on
Windows 2003 NAT?
62. What is VPN? What types of VPN does Windows 2000 and
beyond work with natively?
63. What is IAS? In what scenarios do we use it?
64. What's the difference between Mixed mode and Native mode
in AD when dealing with RRAS?
65. What is the "RAS and IAS" group in AD?
66. What are Conditions and Profile in RRAS Policies?
67. What types or authentication can a Windows 2003 based
RRAS work with?
68. How does SSL work?
69. How does IPSec work?
70. How do I deploy IPSec for a large number of computers?
71. What types of authentication can IPSec use?
72. What is PFS (Perfect Forward Secrecy) in IPSec?
73. How do I monitor IPSec?
74. Looking at IPSec-encrypted traffic with a sniffer. What
packet types do I see?
75. What can you do with NETSH?
76. How do I look at the open ports on my machine?

What is an IP address?
This definition is based on Internet Protocol Version 4.
See Internet Protocol Version 6 (IPv6) for a description
of
the newer 128-bit IP address. Note that the system of IP
address classes described here, while forming the basis
for
IP address assignment, is generally bypassed today by use
of Classless Inter-Domain Routing (CIDR) addressing.
In the most widely installed level of the Internet
Protocol
(IP) today, an IP address is a 32-bit number that
identifies each sender or receiver of information that is
sent in packets across the Internet. When you request an
HTML page or send e-mail, the Internet Protocol part of
TCP/IP includes your IP address in the message (actually,
in each of the packets if more than one is required) and
sends it to the IP address that is obtained by looking up
the domain name in the Uniform Resource Locator you
requested or in the e-mail address you're sending a note
to. At the other end, the recipient can see the IP
address
of the Web page requestor or the e-mail sender and can
respond by sending another message using the IP address
it
received.

An IP address has two parts: the identifier of a

particular
network on the Internet and an identifier of the
particular
device (which can be a server or a workstation) within
that
network. On the Internet itself - that is, between
therouter that move packets from one point to another
along
the route - only the network part of the address is
looked
at.
IP V6 IPv6 (Internet Protocol Version 6) is the latest
level of the Internet Protocol (IP) and is now included
as
part of IP support in many products including the major
computer operating systems. IPv6 has also been called
"IPng" (IP Next Generation). Formally, IPv6 is a set of
specifications from the Internet Engineering Task Force
(IETF). IPv6 was designed as an evolutionary set of
improvements to the current IP Version 4. Network hosts
and
intermediate nodes with either IPv4 or IPv6 can handle
packets formatted for either level of the Internet
Protocol. Users and service providers can update to IPv6
independently without having to coordinate with each
other.

The most obvious improvement in IPv6 over the IPv4 is

that
IP addresses are lengthened from 32 bits to 128 bits.
This
extension anticipates considerable future growth of the
Internet and provides relief for what was perceived as an
impending shortage of network addresses.

IPv6 describes rules for three types of addressing:

unicast
(one host to one other host), anycast (one host to the
nearest of multiple hosts), andmulticast (one host to
multiple hosts). Additional advantages of IPv6 are:

Options are specified in an extension to the header that

is
examined only at the destination, thus speeding up
overall
network performance.
The introduction of an "anycast" address provides the
possibility of sending a message to the nearest of
several
possible gateway hosts with the idea that any one of them
can manage the forwarding of the packet to others.
Anycast
messages can be used to update routing tables along the
line.
Packets can be identified as belonging to a particular
"flow" so that packets thatare part of a multimedia
presentation that needs to arrive in "real time" can be
provided a higher quality-of-service relative to other
customers.
The IPv6 header now includes extensions that allow a
packet
to specify a mechanism for authenticating its origin, for
ensuring data integrity, and for ensuring privacy.
What is a subnet mask?
A subnet mask allows you to identify which part of an IP
address is reserved for the network, and which part is
available for host use. If you look at the IP address
alone, especially now with classless inter-domain
routing,
you can't tell which part of the address is which. Adding
the subnet mask, or netmask, gives you all the
information
you need to calculate network and host portions of the
address with ease. In summary, knowing the subnet mask
can
allow you to easily calculate whether IP addresses are on
the same subnet, or not.
What is ARP?
ARP is a very important part of IP networking. ARP is
used
to connect OSI Layer 3 (Network) to OSI Layer 2 (Data-
Link). For most of us, that means that ARP is used to
link
our IP addressing to our Ethernet addressing (MAC
Addressing). For you to communicate with any device on
your
network, you must have the Ethernet MAC address for that
device. If the device is not on your LAN, you go through
your default gateway (your router). In this case, your
router will be the destination MAC address that your PC
will communicate with.
What is ARP Cache Poisoning?
ARP cache poisoning, also known as ARP spoofing, is the
process of falsifying the source Media Access Control
(MAC)
addresses of packets being sent on an Ethernet network.
It
is a MAC layer attack that can only be carried out when
an
attacker is connected to the same local network as the
target machines, limiting its effectiveness only to
networks connected with switches, hubs, and bridges; not
routers.
What is the ANDing process?
Notice that when the resulting AND values are converted
back to binary, it becomes clear that the two hosts are
on
different networks. Computer A is on subnet 192.168.56.0,
while the destination host is on subnet 192.168.64.0,
which
means that Computer A will next be sending the data to a
router. Without ANDing, determining local and remote
hosts
can be difficult. Once you’re very familiar with
subnetting
and calculating ranges of addresses, recognizing local
and
remote hosts will become much more intuitive.
Whenever you’re in doubt as to whether hosts are local or
remote, use the ANDing process. You should also notice
that
the ANDing process always produces the subnet ID of a
given
host.
What is a default gateway? What happens if I don't have
one?
In computer networking, a default network gateway is the
device that passes traffic from the local subnet to
devices
on other subnets. The default gateway often connects a
local network to the Internet, although internal gateways
for connecting two local networks also exist.
Can a workstation computer be configured to browse the
Internet and yet NOT have a default gateway?
What is a subnet?
What is APIPA?
Short for Automatic Private IP Addressing, a feature of
later Windows operating systems. With APIPA, DHCP clients
can automatically self-configure an IP address and subnet
mask when a DHCPserver isn't available. When a DHCP
client
boots up, it first looks for a DHCP server in order to
obtain an IP address and subnet mask. If the client is
unable to find the information, it uses APIPA to
automatically configure itself with an IP address from a
range that has been reserved especially for Microsoft.
The
IP address range is 169.254.0.1 through 169.254.255.254.
The client also configures itself with a default class B
subnet mask of 255.255.0.0. A client uses the self-
configured IP address until a DHCP server becomes
available.
The APIPA service also checks regularly for the presence
of
a DHCP server (every five minutes, according to
Microsoft).
If it detects a DHCP server on the network, APIPA stops,
and the DHCP server replaces the APIPA networking
addresses
with dynamically assigned addresses.

APIPA is meant for nonrouted small business environments,

usually less than 25 clients.

What is an RFC? Name a few if possible (not necessarily

the
numbers, just the ideas behind them)
Short for Request for Comments, a series of notes about
the
Internet, started in 1969 (when the Internet was the
ARPANET). An Internet Document can be submitted to the
IETF
by anyone, but the IETF decides if the document becomes
an
RFC. Eventually, if it gains enough interest, it may
evolve
into an Internet standard.
Each RFC is designated by an RFC number. Once published,
an
RFC never changes. Modifications to an original RFC are
assigned a new RFC number.

1) What is an IP address?

This definition is based on Internet Protocol Version 4.

See Internet Protocol Version 6 (IPv6) for a description
of
the newer 128-bit IP address. Note that the system of IP
address classes described here, while forming the basis
for
IP address assignment, is generally bypassed today by use
of Classless Inter-Domain Routing (CIDR) addressing.
In the most widely installed level of the Internet
Protocol
(IP) today, an IP address is a 32-bit number that
identifies each sender or receiver of information that is
sent in packets across the Internet. When you request an
HTML page or send e-mail, the Internet Protocol part of
TCP/IP includes your IP address in the message (actually,
in each of the packets if more than one is required) and
sends it to the IP address that is obtained by looking up
the domain name in the Uniform Resource Locator you
requested or in the e-mail address you're sending a note
to. At the other end, the recipient can see the IP
address
of the Web page requestor or the e-mail sender and can
respond by sending another message using the IP address
it
received.

An IP address has two parts: the identifier of a

particular
network on the Internet and an identifier of the
particular
device (which can be a server or a workstation) within
that
network. On the Internet itself - that is, between
therouter that move packets from one point to another
along
the route - only the network part of the address is
looked
at.

2) What is a subnet mask?

A subnet mask allows you to identify which part of an IP
address is reserved for the network, and which part is
available for host use. If you look at the IP address
alone, especially now with classless inter-domain
routing,
you can't tell which part of the address is which. Adding
the subnet mask, or netmask, gives you all the
information
you need to calculate network and host portions of the
address with ease. In summary, knowing the subnet mask
can
allow you to easily calculate whether IP addresses are on
the same subnet, or not.

3) What is ARP?
ARP is a very important part of IP networking. ARP is
used
to connect OSI Layer 3 (Network) to OSI Layer 2 (Data-
Link). For most of us, that means that ARP is used to
link
our IP addressing to our Ethernet addressing (MAC
Addressing). For you to communicate with any device on
your
network, you must have the Ethernet MAC address for that
device. If the device is not on your LAN, you go through
your default gateway (your router). In this case, your
router will be the destination MAC address that your PC
will communicate with.

4) What is ARP Cache Poisoning?

ARP cache poisoning, also known as ARP spoofing, is the
process of falsifying the source Media Access Control
(MAC)
addresses of packets being sent on an Ethernet network.
It
is a MAC layer attack that can only be carried out when
an
attacker is connected to the same local network as the
target machines, limiting its effectiveness only to
networks connected with switches, hubs, and bridges; not
routers.

5) What is the ANDing process?

Notice that when the resulting AND values are converted
back to binary, it becomes clear that the two hosts are
on
different networks. Computer A is on subnet 192.168.56.0,
while the destination host is on subnet 192.168.64.0,
which
means that Computer A will next be sending the data to a
router. Without ANDing, determining local and remote
hosts
can be difficult. Once you’re very familiar with
subnetting
and calculating ranges of addresses, recognizing local
and
remote hosts will become much more intuitive.
Whenever you’re in doubt as to whether hosts are local or
remote, use the ANDing process. You should also notice
that
the ANDing process always produces the subnet ID of a
given
host.

6) What is a default gateway? What happens if I don't

have one?
In computer networking, a default network gateway is the
device that passes traffic from the local subnet to
devices
on other subnets. The default gateway often connects a
local network to the Internet, although internal gateways
for connecting two local networks also exist.
Can a workstation computer be configured to browse the
Internet and yet NOT have a default gateway?

7) Can a workstation computer be configured to browse the

Internet and yet NOT have a default gateway?
If we are using public ip address, we can browse the
internet. If it is having an intranet address a gateway
is needed as a router or firewall to communicate with
internet.

8) What is a subnet?

A subnet is a logical organization of network address

ranges
used to separate hosts and network devices from each
other
to serve a design purpose.
In many cases, subnets are created to serve as physical
or
geographical separations similar to those found between
rooms, floors, buildings, or cities.

9) What is APIPA?
Short for Automatic Private IP Addressing, a feature of
later Windows operating systems. With APIPA, DHCP clients
can automatically self-configure an IP address and subnet
mask when a DHCPserver isn't available. When a DHCP
client
boots up, it first looks for a DHCP server in order to
obtain an IP address and subnet mask. If the client is
unable to find the information, it uses APIPA to
automatically configure itself with an IP address from a
range that has been reserved especially for Microsoft.
The
IP address range is 169.254.0.1 through 169.254.255.254.
The client also configures itself with a default class B
subnet mask of 255.255.0.0. A client uses the self-
configured IP address until a DHCP server becomes
available.
The APIPA service also checks regularly for the presence
of
a DHCP server (every five minutes, according to
Microsoft).
If it detects a DHCP server on the network, APIPA stops,
and the DHCP server replaces the APIPA networking
addresses
with dynamically assigned addresses.

APIPA is meant for nonrouted small business environments,

usually less than 25 clients.

10) What is an RFC? Name a few if possible (not

necessarily the
numbers, just the ideas behind them)
Short for Request for Comments, a series of notes about
the
Internet, started in 1969 (when the Internet was the
ARPANET). An Internet Document can be submitted to the
IETF
by anyone, but the IETF decides if the document becomes
an
RFC. Eventually, if it gains enough interest, it may
evolve
into an Internet standard.
Each RFC is designated by an RFC number. Once published,
an
RFC never changes. Modifications to an original RFC are
assigned a new RFC number.

11) What is RFC 1918?

RFC 1918 is Address Allocation for Private Internets The
Internet Assigned Numbers Authority (IANA) has reserved
the
following three blocks of the
IP address space for private internets: 10.0.0.0 -
10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255
(172.16/12 prefix) 192.168.0.0 - 192.168.255.255
(192.168/16 prefix) We will refer to the first block as
"24-bit block", the second as "20-bit block", and to the
third as "16-bit" block. Note that
(in pre-CIDR notation) the first block is nothing but a
single class A network number, while the second block is
a
set of 16 contiguous class B network
numbers, and third block is a set of 256 contiguous class
C
network numbers.

12) What is CIDR?

CIDR (Classless Inter-Domain Routing, sometimes known as
supernetting) is a way to allocate and specify the
Internet
addresses used in inter-domain
routing more flexibly than with the original system of
Internet Protocol (IP) address classes. As a result, the
number of available Internet addresses
has been greatly increased.

13. You have the following Network ID:

192.115.103.64/27.What is the IP range for your network?

It ranges from 192.115.103.64 - 192.115.103.96

But the usable address are from 192.115.103.64 -

192.115.103.94

192.115.103.95 - it is the broadcast address

192.115.103.96 - will be the ip address of next range

we can use 30 hostes in this network

14.You have the following Network ID: 131.112.0.0. You

need
at least 500 hosts per network. How many networks can you
create? What subnet mask will you use?
If you need 500 users then 2^9th would give you 512
(remember the first and last are network and broadcast),
510
usable. So of your 32 bits you would turn
the last 9 off for host and that would give you give you
a
255.255.254.0 subnet mask
(11111111.11111111.11111110.00000000). Now that we know
that
we can see
that you have the first 7 of your third octet turned on
so
to figure out how many subnets you have us the formula
2^7th= 128. So you can have 128 subnets
with 500 people on them.
15.You need to view at network traffic. What will you
use?
Name a few tools
winshark or tcp dump

16. How do I know the path that a packet takes to the

destination?
use "tracert" command-line

17. What does the ping 192.168.0.1 -l 1000 -n 100 command

do?
The ping command will send roundtrip packets to a
destination ( other PC, router, printer, etc. ) and see
how
long it takes. The 192.168.0.1
is the destination ( which, by the way is a typical
default
IP address of a router. ) The -l 1000 is how big the
packet
should be in bytes.
The default is 32, if the -l parameter is not used. And
the
-n 100 is saying to send it 100 times. The default is 4,
when this parameter is not used.

18. What is DHCP? What are the benefits and drawbacks of

using it?
Benefits:

1. DHCP minimizes configuration errors caused by manual

IP
address configurationDHCP minimizes configuration errors
caused by manual IP address configuration

2. Reduced network administration.

Disadvantage

Your machine name does not change when you get a new IP
address. The DNS (Domain Name System) name is associated
with your IP address and therefore does
change. This only presents a problem if other clients try
to
access your machine by its DNS name.

Benefits:

1. DHCP minimizes configuration errors caused by manual

IP
address configurationDHCP minimizes configuration errors
caused by manual IP address configuration

2. Reduced network administration.

Disadvantage

Your machine name does not change when you get a new IP
address. The DNS (Domain Name System) name is associated
with your IP address and therefore does
change. This only presents a problem if other clients try
to
access your machine by its DNS name.

19.Describe the steps taken by the client and DHCP server

in order to obtain an IP address.
* At least one DHCP server must exist on a network.
Once the DHCP server software is installed, you create a
DHCP scope, which is a pool of IP addresses
that the server manages. When clients log on, they
request
an IP address from the server, and the server provides an
IP
address from its pool of available
addresses.
* DHCP was originally defined in RFC 1531 (Dynamic Host
Configuration Protocol, October 1993) but the most recent
update is RFC 2131
(Dynamic Host Configuration Protocol, March 1997). The
IETF
Dynamic Host Configuration (dhc) Working Group is
chartered
to produce a protocol for automated
allocation, configuration, and management of IP addresses
and TCP/IP protocol stack parameters.

20. What is the DHCPNACK and when do I get one? Name 2

scenarios.
DHCP server issues a NAK to DHCP clients.For
simplification
purposes, I am listing down the possible scenarios in
which
the server should NOT issue a NAK. This should give you a
good understanding
of DHCP NAK behavior.When a DHCP server receives a
DHCPRequest with a previously assigned address specified,
it
first checks to see if it came from the local segment by
checking
the GIADDR field. If it originated from the local
segment,
the DHCP server compares the requested address to the IP
address and subnet mask belonging to
the local interface that received the request.
DHCP server will issue a NAK to the client ONLY IF it is
sure that the client, "on the local subnet", is asking
for
an address that doesn't exist on that
subnet.The server will send a NAK EXCEPT in the following
scenarios:-
1. Requested address from possibly the same subnet but
not
in the address pool of the server:-
This can be the failover scenario in which 2 DHCP servers
are serving the same subnet so that when one goes down,
the
other should not NAK to clients which got an IP from the
first server.
2. Requested address on a different subnet:-
If the Address is from the same superscope to which the
subnet belongs, DHCP server will ACK the REQUEST.
21. What ports are used by DHCP and the DHCP clients?
Requests are on UDP port 68, Server replies on UDP 67

22. Describe the process of installing a DHCP server in

an AD infrastructure.
It is about how to install DHCP server...
In Windows server 2008 ...
Go to... START-->Administrative Tools --> Server Manager
-->
Roles (Right Click)
--> Add Roles (Here a Add roles wizard will appear) -->
Check the box of DHCP Server
--> click next --> Next --> In IPv4 DNS settings Give the
parent domain Name and DNS server
IP address and validate it... Click Next --> Add the DHCP
scopes --> Disable DHCPv6.. click
Next --> Finally Click on INSTALL
This was the process for installing the DHCP server.,....

23. What is DHCPINFORM?

DHCPInform is a DHCP message used by DHCP clients to
obtain
DHCP options. While PPP remote access clients do not use
DHCP to obtain IP addresses for the
remote access connection, Windows 2000 and Windows 98
remote
access clients use the DHCPInform message to obtain DNS
server IP addresses, WINS server
IP addresses, and a DNS domain name. The DHCPInform
message
is sent after the IPCP negotiation is concluded.
The DHCPInform message received by the remote access
server
is then forwarded to a DHCP server. The remote access
server
forwards DHCPInform messages only
if it has been configured with the DHCP Relay Agent..

24. Describe the integration between DHCP and DNS.

Traditionally, DNS and DHCP servers have been configured
and
managed one at a time. Similarly, changing authorization
rights for a particular user on a
group of devices has meant visiting each one and making
configuration changes. DHCP integration with DNS allows
the
aggregation of these tasks across
devices, enabling a company's network services to scale
in
step with the growth of network users, devices, and
policies, while reducing administrative
operations and costs.

This integration provides practical operational

efficiencies
that lower total cost of ownership. Creating a DHCP
network
automatically creates an associated
DNS zone, for example, reducing the number of tasks
required
of network administrators. And integration of DNS and
DHCP
in the same database instance
provides unmatched consistency between service and
management views of IP address-centric network services
data.

25.What options in DHCP do you regularly use for an MS

network?
Automatic providing IP address

Subnet mask

DNS server

Domain name

Default getaway or router

26. What are User Classes and Vendor Classes in DHCP?

Microsoft Vendor Classes
The following list contains pre-defined vendor classes
that
are available in Windows 2000 DHCP server.

Collapse this tableExpand this table

Class Data Class Name Description MSFT 5.0 Microsoft

Windows
2000 options Class that includes all Windows 2000 DHCP
clients. MSFT 98 Microsoft
Windows 98 options Class that includes all Windows 98 and
Microsoft Windows Millennium Edition (Me) DHCP clients.
MSFT
Microsoft options Class that includes
all Windows 98, Windows Me, and Windows 2000 DHCP
clients.
If you have non-Microsoft DHCP clients, you can define
other
vendor-specific classes on the DHCP server. When you
define
such classes, make sure the vendor
class identifier that you define matches the identifier
used
by the clients.

Back to the top

User Classes

The following list contains pre-defined user classes that

are available in Windows 2000 DHCP server.

Collapse this tableExpand this table

Class ID Class Type Description Unspecified Default user

class All DHCP clients that have no user class specified.
RRAS.Microsoft Default
Routing and Remote Access class All Dial-Up Networking
(DUN)
clients. Bootp Default Bootp class All Bootp clients
In addition to these pre-defined classes, you can also
add
custom user classes for Windows 2000 DHCP clients. When
you
configure such classes, you must
specify a custom identifier that corresponds to the user
class defined on the DHCP server.

27.How do I configure a client machine to use a specific

User Class?
The command to configure a client machine to use a
specific
user class is

ipconfig /setclassid "<Name of your Network card>" <Name

of
the class you created on DHCP and you want to join (Name
is
case sensitive)>

Eg:

ipconfig /setclassid " Local Area Network" Accounting

28. What is the BOOTP protocol used for, where might you
find it in Windows network infrastructure?
ootP (RFC951) provides

* a unique IP address to the requester (using port

67)
similar to the DHCP request on port 68 AND
* can provide (where supported) the ability to boot a
system without a hard drive (ie: a diskless client)

Apple OS X 10.* Server supports BootP (albeit) renamed as

NetBoot. The facility allows the Admin to maintain a
selected set of configurations as boot
images and then assign sets of client systems to share(or
boot from) that image. For example Accounting,
Management,
and Engineering departments have
elements in common, but which can be unique from other
departments. Performing upgrades and maintenance on three
images is far more productive that working
on all client systems individually.

Startup is obviously network intensive, and beyond 40-50

clients, the Admin needs to
carefully subnet the infrastructure, use gigabit
switches,
and host the images local to the clients to avoid
saturating
the network. This will expand the
number of BootP servers and multiply the number of
images,
but the productivity of 1 BootP server per 50 clients is
undeniable :)

Sunmicro, Linux, and AIX RS/600 all support BootP.

Todate, Windows does not support booting "diskless

clients".

29. DNS zones – describe the differences between the 4

types.
Dns zone is actual file which contains all the records
for a
specific domain.

i)Forward Lookup Zones :-

This zone is responsible to resolve host name to ip.

ii)Reverse Lookup Zones :-

This zone is responsible to resolve ip to host name.

iii)Stub Zone :-

Stubzone is read only copy of primary zone.but it

contains
only 3 records viz
the SOA for the primary zone, NS record and a Host (A)
record.

30. DNS record types – describe the most important ones.

Type of Record What it does

A (Host) Classic resource record. Maps hostname to

IP(ipv4)

PTR Maps IP to hostname (Reverse of A (Host)

AAAA Maps hostname to ip (ipv6)

Cname Canonical name, in plain English an alias.such as

Web Server,FTP Server, Chat Server

NS Identifies DNS name servers. Important for forwarders

MX Mail servers, particularly for other domains.MX

records

required to deliver internet email.

_SRV Required for Active Directory. Whole family of

underscore service,records, for example, gc = global

catalog.

SOA Make a point of finding the Start of Authority (SOA)

tab
at the

DNS Server.

31. Describe the process of working with an external

domain name

Serving Sites with External Domain Name Servers

If you host Web sites on this server and have a
standalone
DNS server acting as a primary (master) name server for
your
sites, you may want to set up your control panel's DNS
server to function as a secondary (slave) name server:

To make the control panel's DNS server act as a secondary

name server:

1. Go to Domains > domain name > DNS Settings (in the

Web
Site group).
2. Click Switch DNS Service Mode.
3. Specify the IP address of the primary (master) DNS
server.
4. Click Add.
5. Repeat steps from 1 to 5 for each Web site that
needs
to have a secondary name server on this machine.

To make the control panel's DNS server act as a primary

for
a zone:

1. Go to Domains > domain name > DNS Settings (in the

Web
Site group).
2. Click Switch DNS Service Mode. The original
resource
records for the zone will be restored.

If you host Web sites on this server and rely entirely on

other machines to perform the Domain Name Service for
your
sites (there are two external name servers - a primary
and a
secondary), switch off the control panel's DNS service
for
each site served by external name servers.

To switch off the control panel's DNS service for a site

served by an external name server:

1. Go to Domains > domain name > DNS Settings (in the

Web
Site group).
2. Click Switch Off the DNS Service in the Tools
group.
Turning the DNS service off for the zone will refresh the
screen, so that only a list of name servers remains.

Note: The listed name server records have no effect on

the
system. They are only presented on the screen as
clickable
links to give you a chance to validate the configuration
of
the zone maintained on the external authoritative name
servers.

1. Repeat the steps from 1 to 3 to switch off the

local
domain name service for each site served by external name
servers.

If you wish to validate the configuration of a zone

maintained on authoritative name servers:

1. Go to Domains > domain name > DNS Settings (in the

Web
Site group).
2. Add to the list the entries pointing to the
appropriate name servers that are authoritative for the
zone: click Add, specify a name server, and click OK.
Repeat
this for each name server you would like to test.

The records will appear in the list.

1. Click the records that you have just created.

Parallels Plesk Panel will retrieve the zone file from a
remote name server and check the resource records to make
sure that domain's resources are properly resolved.
The results will be interpreted and displayed on the
screen.

32. Describe the importance of DNS to AD.

When you install Active Directory on a server, you

promote
the server to the role of a domain controller for a
specified domain. When completing this
process, you are prompted to specify a DNS domain name
for
the Active Directory domain for which you are joining and
promoting the server.If during this
process, a DNS server authoritative for the domain that
you
specified either cannot be located on the network or does
not support the DNS dynamic update
protocol, you are prompted with the option to install a
DNS
server. This option is provided because a DNS server is
required to locate this server or other
domain controllers for members of an Active Directory
domain

33.Describe a few methods of finding an MX record for a

remote domain on the Internet.

In order to find MX Records for SMTP domains you can use

Command-line tools such as NSLOOKUP or DIG. You can also
use
online web services that allow you to
perform quick searches and display the information in a
convenient manner.

34. What does "Disable Recursion" in DNS mean?

In the Windows 2000/2003 DNS console (dnsmgmt.msc), under
a
server's Properties -> Forwarders tab is the setting Do
not
use recursion for this domain. On the Advanced tab you
will
find the confusingly similar option Disable recursion
(also
disables forwarders).
Recursion refers to the action of a DNS server querying
additional DNS servers (e.g. local ISP DNS or the root
DNS
servers) to resolve queries that it cannot
resolve from its own database

35. What could cause the Forwarders and Root Hints to be

grayed out?
Win2K configured your DNS server as a private root server

36. What is a "Single Label domain name" and what sort of

issues can it cause?
Single-label names consist of a single word like
"contoso".
• Single-label DNS names cannot be registered by using an
Internet registrar.
• Client computers and domain controllers that joined to
single-label domains require additional configuration to
dynamically register DNS records in
single-label DNS zones. • Client computers and domain
controllers may require additional configuration to
resolve
DNS queries in single-label DNS zones.
• By default, Windows Server 2003-based domain members,
Windows XP-based domain members, and Windows 2000-based
domain members do not perform dynamic
updates to single-label DNS zones.
• Some server-based applications are incompatible with
single-label domain names. Application support may not
exist
in the initial release of an application,
or support may be dropped in a future release. For
example,
Microsoft Exchange Server 2007 is not supported in
environments in which single-label DNS is
used.
• Some server-based applications are incompatible with
the
domain rename feature that is supported in Windows Server
2003 domain controllers and in Windows
Server 2008 domain controllers. These incompatibilities
either block or complicate the use of the domain rename
feature when you try to rename a single-label
DNS name to a fully qualified domain name.

37. What is the "in-addr.arpa" zone used for?

When creating DNS records for your hosts, A records make
sense. After all, how can the world find your mail server
unless the IP address of that server is associated with
its
hostname within a DNS database? However, PTR records
aren't
as easily understood. If you already have a zone file,
why
does there have to be a separate in-addr.arpa zone
containing PTR records matching your A records? And who
should be making those PTR records--you or your provider?
Let's start by defining in-addr.arpa. .arpa is actually a
TLD like .com or .org. The name of the TLD comes from
Address and Routing Parameter Area and it has been
designated by the IANA to be used exclusively for
Internet
infrastructure purposes. In other words, it is an
important
zone and an integral part of the inner workings of DNS.
The
RFC for DNS (RFC 1035) has an entire section on the
in-addr.arpa domain. The first two paragraphs in that
section state the purpose of the domain: "The Internet
uses
a special domain to support gateway location and Internet
address to host mapping. Other classes may employ a
similar
strategy in other domains. The intent of this domain is
to
provide a guaranteed method to perform host address to
host
name mapping, and to facilitate queries to locate all
gateways on a particular network in the Internet. Note
that
both of these services are similar to functions that
could
be performed by inverse queries; the difference is that
this
part of the domain name space is structured according to
address, and hence can guarantee that the appropriate
data
can be located without an exhaustive search of the domain
space." In other words, this zone provides a database of
all
allocated networks and the DNS reachable hosts within
those
networks. If your assigned network does not appear in
this
zone, it appears to be unallocated. And if your hosts
don't
have a PTR record in this database, they appear to be
unreachable through DNS. Assuming an A record exists for
a
host, a missing PTR record may or may not impact on the
DNS
reachability of that host, depending upon the
applications
running on that host. For example, a mail server will
definitely be impacted as PTR records are used in mail
header checks and by most anti-SPAM mechanisms. Depending
upon your web server configuration, it may also depend
upon
an existing PTR record. This is why the DNS RFCs
recommend
that every A record has an associated PTR record. But who
should make and host those PTR records? Twenty years ago
when you could buy a full Class C network address (i.e.
254
host addresses) the answer was easy: you. Remember, the
in-addr.arpa zone is concerned with delegated network
addresses. In other words, the owner of the network
address
is authoritative (i.e. responsible) for the host PTR
records
associated with that network address space. If you only
own
one or two host addresses within a network address space,
the provider you purchased those addresses from needs to
host your PTR records as the provider is the owner of
(i.e.
authoritative for) the network address. Things are a bit
more interesting if you have been delegated a CIDR block
of
addresses. The in-addr.arpa zone assumes a classful
addressing scheme where a Class A address is one octet
(or
/8), a Class B is 2 octets (or /16) and a Class C is 3
octets (or /24). CIDR allows for delegating address space
outside of these boundaries--say a /19 or a /28. RFC 2317
provides a best current practice for maintaining
in-addr.arpa with these types of network allocations.
Here
is a summary regarding PTR records: • Don't wait until
users
complain about DNS unreachability--be proactive and
ensure
there is an associated PTR record for every A record. •
If
your provider hosts your A records, they should also host
your PTR records. • If you only have one or two assigned
IP
addresses, your provider should host your PTR records as
they are authoritative for the network those hosts belong
to. • If you own an entire network address (e.g. a Class
C
address ending in 0), you are responsible for hosting
your
PTR records. • If you are configuring an internal DNS
server
within the private address ranges (e.g. 10.0.0.0 or
192.168.0.0), you are responsible for your own internal
PTR
records. • Remember: the key to PTR hosting is knowing
who
is authoritative for the network address for your domain.
When in doubt, it probably is not you.
38. What are the requirements from DNS to support AD?
When you install Active Directory on a member server, the
member server is promoted to a domain controller. Active
Directory uses DNS as the location
mechanism for domain controllers, enabling computers on
the
network to obtain IP addresses of domain controllers.
During the installation of Active Directory, the service
(SRV) and address (A) resource records are dynamically
registered in DNS, which are necessary for
the successful functionality of the domain controller
locator (Locator) mechanism.
To find domain controllers in a domain or forest, a
client
queries DNS for the SRV and A DNS resource records of the
domain controller, which provide the
client with the names and IP addresses of the domain
controllers. In this context, the SRV and A resource
records
are referred to as Locator DNS resource
records.
When adding a domain controller to a forest, you are
updating a DNS zone hosted on a DNS server with the
Locator
DNS resource records and identifying the
domain controller. For this reason, the DNS zone must
allow
dynamic updates (RFC 2136) and the DNS server hosting
that
zone must support the SRV resource
records (RFC 2782) to advertise the Active Directory
directory service. For more information about RFCs, see
DNS
RFCs.
If the DNS server hosting the authoritative DNS zone is
not
a server running Windows 2000 or Windows Server 2003,
contact your DNS administrator to
determine if the DNS server supports the required
standards.
If the server does not support the required standards, or
the authoritative DNS zone cannot be
configured to allow dynamic updates, then modification is
required to your existing DNS infrastructure.

39. How do you manually create SRV records in DNS?

this is on windows server

go to run ---> dnsmgmt.msc

rightclick on the zone you want to add srv record to and

choose "other new record"

and choose service location(srv).....

40. Name 3 benefits of using AD-integrated zones.

1. you can give easy name resolution to ur clients.

2. By creating AD- integrated zone you can also trace

hacker
and spammer by creating reverse zone.

3. AD integrated zoned all for incremental zone transfers

which on transfer changes and not the entire zone. This
reduces zone transfer traffic.

4. AD Integrated zones suport both secure and dmanic

updates.

5. AD integrated zones are stored as part of the active

directory and support domain-wide or forest-wide
replication
through application pertitions in AD.

41. What are the benefits of using Windows 2003 DNS when
using AD-integrated zones?
Advantages:

DNS supports Dynamic registration of SRV records

registered
by a Active Directory server or a domain controller
during
promotion. With the help of SRV records client machines
can
find domain controllers in the network.

1. DNS supports Secure Dynamic updates. Unauthorized

access
is denied.

2. Exchange server needs internal DNS or AD DNS to locate

Global Catalog servers.

3. Active Directory Integrated Zone. If you have more

than
one domain controller (recommended) you need not worry
about
zone replication. Active Directory replication will take
care of DNS zone replication also.

4. If your network use DHCP with Active Directory then no

other DHCP will be able to service client requests coming
from different network. It is because DHCP server is
authorized in AD and will be the only server to
participate
on network to provide IP Address information to client
machines.

5. Moreover, you can use NT4 DNS with Service Pack 4 or

later. It supports both SRV record registration and
Dynamic
Updates.

Using Microsoft DNS gives the following benefits:

If you implement networks that require secure updates.
If you want to take benefit of Active Directory
replication.
If you want to integrate DHCP with DNS for Low-level
clients
to register their Host records in Zone database.

42. You installed a new AD domain and the new (and first)
DC
has not registered its SRV records in DNS. Name a few
possible causes.

The machine cannot be configured with DNS client her own

The DNS service cannot be run

43. What are the benefits and scenarios of using Stub

zones?

One of the new features introduced in the Windows Server

2003-based implementation of DNS are stub zones. Its main
purpose is to provide name resolution in domains, for
which
a local DNS server is not authoritative. The stub zone
contains only a few records: - Start of Authority (SOA)
record pointing to a remote DNS server that is considered
to
be the best source of information about the target DNS
domain, - one or more Name Server (NS) records (including
the entry associated with the SOA record), which are
authoritative for the DNS domain represented by the stub
zone, - corresponding A records for each of the NS
entries
(providing IP addresses of the servers). While you can
also
provide name resolution for a remote domain by either
creating a secondary zone (which was a common approach in
Windows Server 2000 DNS implementation) or delegation
(when
dealing with a contiguous namespace), such approach
forces
periodic zone transfers, which are not needed when stub
zones are used. Necessity to traverse network in order to
obtain individual records hosted on the remote Name
Servers
is mitigated to some extent by caching process, which
keeps
them on the local server for the duration of their
Time-to-Live (TTL) parameter. In addition, records
residing
in a stub zone are periodically validated and refreshed
in
order to avoid lame delegations.

44. What are the benefits and scenarios of using

Conditional Forwarding?
Conditional forwarding is a new feature of DNS in Windows Server
2003 that can be used to speed up name resolution in certain
scenarios. They can also be used to help companies resolve each
other's namespace in a situation where companies collaborate a
merger is underway. This article will look in detail at how
conditional forwarding works, how to configure it, and when you
might use it. But first, let's briefly review the concepts of
forwarding and forwarders in traditional DNS, starting with
different types of name queries.

45. What are the differences between Windows Clustering,

Network Load Balancing and Round Robin, and scenarios for
each use?
I will make a few assumptions here: 1) By "Windows
Clustering Network Load Balancing" you mean Windows
Network
Load Balancing software included in Windows Server
software
a.k.a NLB., and 2) By Round Robin, you mean DNS Round
Robin
meaning the absence of a software or hardware load
balancing
device, or the concept of the Round Robin algorithm
available in just about every load balancing solution.

Microsoft NLB is designed for a small number (4 - 6) of

Windows Servers and a low to moderate number of new
connections per second, to provide distribution of web
server requests to multiple servers in a virtual resource
pool. Some would call this a "cluster", but there are
suttle
differences between a clustered group of devices and a
more
loosely configured virtual pool. From the standpoint of
scalability and performance, almost all hardware load
balancing solutions are superior to this and other less
known software load balancing solutions [e.g. Bright
Tiger
circa 1998].

DNS Round Robin is an inherent load balancing method

built
into DNS. When you resolve an IP address that has more
than
one A record, DNS hands out different resolutions to
different requesting local DNS servers. Although there
are
several factors effecting the exact resulting algorithm
(e.g. DNS caching, TTL, multiple DNS servers
[authoritative
or cached]), I stress the term "roughly" when I say it
roughly results in an even distribution of resolutions to
each of the addresses specified for a particular URL. It
does not however, consider availability, performance, or
any
other metric and is completely static. The basic RR
algorithm is available in many software and hardware load
balancing solutions and simply hands the next request to
the
next resource and starts back at the first resource when
it
hits the last one.

NLB is based on proprietary software, meant for small

groups
of Windows servers only on private networks, and is
dynamic
in nature (takes into account availability of a server,
and
in some cases performance). "Round Robin", DNS or
otherwise,
is more generic, static in nature (does not take into
account anything but the resource is a member of the
resource pool and each member is equal), and ranges from
DNS
to the default static load balancing method on every
hardware device in the market.
46. How do I work with the Host name cache on a client
computer?
A host name is an alias assigned to identify a TCP/IP host or
its interfaces. Host names are used in all TCP/IP environments.
The following describes the attributes of a host name:
• The host name does not have to match the NetBIOS computer
name, and a host name can contain as many as 255
characters.
• Multiple host names can be assigned to the same host.
• Host names are easier to remember than IP addresses.
• A user can specify host name instead of an IP address when
using Windows Sockets applications, such as the Ping tool
or Internet Explorer.
• A host name should correspond to an IP address mapping that
is stored either in the local Hosts file or in a database
on a DNS server. TCP/IP for Windows XP and Windows
Server 2003 also use NetBIOS name resolution methods for
host names.
• The Hostname tool displays the computer name of your
Windows–based computer, as configured from the Computer Name
tab of the System item of Control Panel.

47. How do I clear the DNS cache on the DNS server?

To clear the server names cache

* Using the Windows interface

* Using a command line

Using the Windows interface

1. Open DNS.

2. In the console tree, click the applicable DNS

server.

Where?

* DNS/applicable DNS server

3. On the Action menu, click Clear Cache.

Notes

* To perform this procedure, you must be a member of

the
Administrators group on the local computer, or you must
have
been delegated the appropriate authority. If the computer
is
joined to a domain, members of the Domain Admins group
might
be able to perform this procedure. As a security best
practice, consider using Run as to perform this
procedure.

* To open DNS, click Start, click Control Panel,

double-click Administrative Tools, and then double-click
DNS.

Using a command line

1. Open Command Prompt.

2. Type the following command and then press ENTER:

Dnscmd ServerName /clearcache

48. What is the 224.0.1.24 address used for?

WINS server group address. Used to support autodiscovery
and
dynamic configuration of replication for WINS servers.
For
more information, see WINS replication overview

WINS server group address. Used to support autodiscovery

and
dynamic configuration of replication for WINS servers.

49. What is WINS and when do we use it?

In the Windows Server family, the primary means for
client
computer to locate and communicate with other computers
on
an Internet Protocol (IP) network is by using Domain Name
System (DNS). However, clients that use older versions of
Windows, such as Windows NT 4.0, use network basic I/O
system (NetBIOS) names for network communication. Some
applications that run on Windows Server 2003 may also use
NetBIOS names for network communication. Using NetBIOS
names
requires a method of resolving NetBIOS names to IP .
Using a WINS server is essential for any Windows client
computer to work with other Windows computers over the
Internet. In addition, using a WINS server is essential
for
any Windows client computer at Indiana University that
intends to use Microsoft network resources. To use WINS
services, you must insert into your TCP/IP networking
configuration the IP address of the WINS servers you wish
to
use.

50. Can you have a Microsoft-based network without any

WINS
server on it? What are the "considerations" regarding not
using WINS?
Yes, you can. WINS was designed to speed up information flow
about the Windows workstations in a network. It will work
without it, and most networks do not utilize WINS servers
anymore because it is based on an old protocol (NetBUI) which is
no longer in common use.

51. Describe the differences between WINS push and pull

replications.

To replicate database entries between a pair of WINS

servers, you must configure each WINS server as a pull
partner, a push partner, or both with the other WINS
server.

* A push partner is a WINS server that sends a

message
to its pull partners, notifying them that it has new WINS
database entries. When a WINS server's pull partner
responds
to the message with a replication request, the WINS
server
sends (pushes) copies of its new WINS database entries
(also
known as replicas) to the requesting pull partner.
* A pull partner is a WINS server that pulls WINS
database entries from its push partners by requesting any
new WINS database entries that the push partners have.
The
pull partner requests the new WINS database entries that
have a higher version number than the last entry the pull
partner received during the most recent replication.

52. What is the difference between tombstoning a WINS

record
and simply deleting it?

Simple deletion removes the records that are selected in

the
WINS console only from the local WINS server you are
currently managing. If the WINS records deleted in this
way
exist in WINS data replicated to other WINS servers on
your
network, these additional records are not fully removed.
Also, records that are simply deleted on only one server
can
reappear after replication between the WINS server where
simple deletion was used and any of its replication
partners.
Tombstoning marks the selected records as tombstoned,
that
is, marked locally as extinct and immediately released
from
active use by the local WINS server. This method allows
the
tombstoned records to remain present in the server
database
for purposes of subsequent replication of these records
to
other servers. When the tombstoned records are
replicated,
the tombstone status is updated and applied by other WINS
servers that store replicated copies of these records.
Each
replicating WINS server then updates and tombstones

53. Name the NetBIOS names you might expect from a

Windows 2003 DC that is registered in WINS.
If a Microsoft Windows NT 3.5-based client computer does not
receive a response from the primary Windows Internet Name
Service (WINS) server, it queries the secondary WINS server to
resolve a NetBIOS name. However, if a NetBIOS name is not found
in the primary WINS server's database, a Windows NT 3.5-based
client does not query the secondary WINS server.

In Microsoft Windows NT 3.51 and later versions of the Windows

operating system, a Windows-based client does query the
secondary WINS server if a NetBIOS name is not found in the
primary WINS server's database. Clients that are running the
following versions In Windows NT 3.51, Windows NT 4, Windows 95,
Windows 98, Windows 2000, Windows Millennium Edition, Windows
XP, and Windows Server 2003, you can specify up to 12 WINS
servers. Additional WINS servers are useful when a requested
name is not found in the primary WINS server's database or in
the secondary WINS server's database. In this situation, the
WINS client sends a request to the next server in the list.

54. Describe the role of the routing table on a host and

on
a router.
During the process of routing, decisions of hosts and
routers are aided by a database of routes known as the
routing table. The routing table is not exclusive to a
router. Depending on the routable protocol, hosts may
also
have a routing table that may be used to decide the best
router for the packet to be forwarded. Host-based routing
tables are optional for the Internet Protocol, as well as
obsolete routable protocols such as IPX.
55. What are routing protocols? Why do we need them? Name
a few.

A routing protocol is a protocol that specifies how

routers
communicate with each other, disseminating information
that
enables them to select routes between any two nodes on a
computer network, the choice of the route being done by
routing algorithms. Each router has a prior knowledge
only
of networks attached to it directly. A routing protocol
shares this information first among immediate neighbors,
and
then throughout the network. This way, routers gain
knowledge of the topology of the network. For a
discussion
of the concepts behind routing protocols, see: Routing.

The term routing protocol may refer specifically to one

operating at layer three of the OSI model, which
similarly
disseminates topology information between routers.

Many routing protocols used in the public Internet are

defined in documents called RFCs.[1][2][3][4]

Although there are many types of routing protocols, two

major classes are in widespread use in the Internet:
link-state routing protocols, such as OSPF and IS-IS; and
path vector or distance vector protocols, such as BGP,
RIP
and EIGRP.

56. What are router interfaces? What types can they be?
Routers can have many different types of connectors; from
Ethernet, Fast Ethernet, and Token Ring to Serial and
ISDN
ports. Some of the available configurable items are
logical
addresses (IP,IPX), media types, bandwidth, and
administrative commands. Interfaces are configured in
interface mode which you get to from global configuration
mode after logging in.
The media type is Ethernet, FastEthernet,
GigabitEthernet,
Serial, Token-ring, or other media types. You must keep
in
mind that a 10Mb Ethernet interface is the only kind of
Ethernet interface called Ethernet. A 100Mb Ethernet
interface is called a FastEthernet interface and a 1000Mb
Ethernet interface is called a GigabitEthernet interface.

57. In Windows 2003 routing, what are the interface

filters?
NAT actsas a middle man between the internal and external
network; packets coming from the private network are handled by
NAT and then transferred to their intended destination. A single
external address is used on the Internet so that the internal IP
addresses are not shown. A table is created on the router that
lists local and global addresses and uses it as a reference when
translating IP addresses.

NAT can work in several ways:

Static NAT
An unregistered IP address is mapped to a registered IP address
on a one-to-one basis - which is useful when a device needs to
be accessed from outside the network.

Dynamic NAT
An unregistered IP address is mapped to a registered IP address
from a group of registered IP addresses. For example, a computer
192.168.10.121 will translate to the first available IP in a
range from 212.156.98.100 to 212.156.98.150.

Overloading
A form of dynamic NAT, it maps multiple unregistered IP
addresses to a single registered IP address, but in this case
uses different ports. For example, IP address 192.168.10.121
will be mapped to 212.56.128.122:port_number
(212.56.128.122:1080).

Overlapping
This when addresses in the inside network overlap with addresses
in the outside network - the IP addresses are registered on
another network too. The router must maintain a lookup table of
these addresses so that it can intercept them and replace them
with registered unique IP addresses.

How NAT works

A table of information about each packet that passes through is
maintained by NAT.

When a computer on the network attempts to connect to a website

on the Internet:
the header of the source IP address is changed and replaced with
the IP address of the NAT computer on the way out the
"destination" IP address is changed (based on the records in the
table) back to the specific internal private class IP address in
order to reach the computer on the local network on the way back
in Network Address Translation can be used as a basic firewall –
the administrator is able to filter out packets to/from certain
IP addresses and allow/disallow access to specified ports. It is
also a means of saving IP addresses by having one IP address
represent a group of computers.

Setting up NAT
To setup NAT you must start by opening the Configure your server
wizard in administrative tools and selecting the RRAS/VPN Server
role. Now press next and the RRAS setup wizard will open. The
screen below shows the Internet Connection screen in which you
must specify which type of connection to the Internet and
whether or not you want the basic firewall feature to be
enabled.

Press next to continue. The installation process will commence

and services will be restarted, after which the finish screen
will be displayed - showing what actions have taken place.

Configuring NAT
Configuration of NAT takes place from the Routing and Remote
Access mmc found in the Administrative Tools folder in the
Control Panel or on the start menu.

The screenshot below shows the routing and remote access mmc.
Select which interface you wish to configure and double click
it. This will bring up the properties window giving you the
option to change settings such as packet filtering and port
blocking, as well as enabling/disabling certain features, such
as the firewall. The remote router (set up previously)
properties box is shown below. The NAT/Basic Firewall tab is
selected.
You are able to select the interface type
– to specify what the network connection will be. In my example
I have selected for the interface to be a public interface
connected to the internet. NAT and the basic firewall option
have also been enabled. The inbound and outbound buttons will
open a window that will allow you restrict traffic based on IP
address or protocol packet attributes. As per your instructions,
certain TCP packets will be dropped before they reach the client
computer. Thus, making the network safer and giving you more
functionality. This is useful if, for example, you wanted to
reject all packets coming from a blacklisted IP address or
restrict internal users access to port 21 (ftp).

For further firewall configuration, go to the Services and Ports

tab. Here you can select which services you would like to
provide your users access to. You can also add more services by
specifying details such as the incoming and outgoing port
number.

The list of services shown in the above screenshot are preset.

Press Add to bring up the window that will allow the creation of
a new service or select an available service and press Edit to
modify that service. You will be asked to specify the name, TCP
and UDP port number and the IP address of the computer hosting
that service.

If the services in the list aren’t enabled then any client

computer on the Windows 2003 domain will not be able to access
that specific service. For example, if the computer was
configured as shown in the image above and a client computer
tried to connect to an ftp site, he would be refused access.
This section can prove to be very useful for any sized networks,
but especially small ones.

That concludes this article. As you have seen, Network Address

Translation is a useful feature that adds diversity and security
to a network in a small to medium sized company. With the
advent,

58. What is NAT?

Windows Server 2003 provides network address translation
(NAT) functionality as a part of the Routing and Remote
Access service. NAT enables computers on small- to
medium-sized organizations with private networks to
access
resources on the Internet or other public network. The
computers on a private network are configured with
reusable
private Internet Protocol version 4 (IPv4) addresses; the
computers on a public network are configured with
globally
unique IPv4 (or, rarely at present, Internet Protocol
version 6 [IPv6]) addresses. A typical deployment is a
small
office or home office (SOHO), or a medium-sized business,
that uses Routing and Remote Access NAT technology to
enable
computers on the internal corporate network to connect to
resources on the Internet without having to deploy a
proxy
server.

59. What is the real difference between NAT and PAT?

Take NAT (Network Address Translation) and PAT (Port
Address
Translation). NAT allows you to translate or map one IP
address onto another single ip address. PAT on the other
hand is what is most commonly referred to as NAT. In a
PAT
system you have a single or group of public IP addresses
that are translated to multiple internal ip addresses by
mapping the TCP/UDP ports to different ports. This means
that by using some "magic" on a router or server you can
get
around problems that you might have with two web browsers
sending a request out the same port.

60. How do you configure NAT on Windows 2003?

http://www.windowsnetworking.com/articles_tutorials/NAT_W
indows_2003_Setup_Configuration.html
Configure Routing and Remote Access
To activate Routing and Remote Access, follow these
steps:

1. Click Start, point to All Programs, point to

Administrative Tools, and then click Routing and Remote
Access.
 2. Right-click your server, and then click Configure
and
Enable Routing and Remote Access.
3. In the Routing and Remote Access Setup Wizard,
click
Next, click Network address translation (NAT), and then
click Next.
4. Click Use this public interface to connect to the
Internet, and then click the network adapter that is
connected to the Internet. At this stage you have the
option
to reduce the risk of unauthorized access to your
network.
To do so, click to select the Enable security on the
selected interface by setting up Basic Firewall check
box.
5. Examine the selected options in the Summary box,
and
then click Finish.

Configure dynamic IP address assignment for private

network
clients
You can configure your Network Address Translation
computer
to act as a Dynamic Host Configuration Protocol (DHCP)
server for computers on your internal network. To do so,
follow these steps:

1. Click Start, point to All Programs, point to

Administrative Tools, and then click Routing and Remote
Access.
2. Expand your server node, and then expand IP
Routing.
3. Right-click NAT/Basic Firewall, and then click
Properties.
4. In the NAT/Basic Firewall Properties dialog box,
click
the Address Assignment tab.
5. Click to select the Automatically assign IP
addresses
by using the DHCP allocator check box. Notice that
default
private network 192.168.0.0 with the subnet mask of
255.255.0.0 is automatically added in the IP address and
the
Mask boxes. You can keep the default values, or you can
modify these values to suit your network.
6. If your internal network requires static IP
assignment
for some computers -- such as for domain controllers or
for
DNS servers -- exclude those IP addresses from the DHCP
pool. To do this, follow these steps:
1. Click Exclude.
2. In the Exclude Reserved Addresses dialog box,
click Add, type the IP address, and then click OK.
3. Repeat step b for all addresses that you want
to
exclude.
4. Click OK.

Configure name resolution

To configure name resolution, follow these steps:

1. Click Start, point to All Programs, point to

Administrative Tools, and then click Routing and Remote
Access.
2. Right-click NAT/Basic Firewall, and then click
Properties.
3. In the NAT/Basic Firewall Properties dialog box,
click
the Name Resolution tab.
4. Click to select the Clients using Domain Name
System
(DNS) check box. If you use a demand-dial interface to
connect to an external DNS server, click to select the
Connect to the public network when a name needs to be
resolved check box, and then click the appropriate dial-
up
interface in the list.
61. How do you allow inbound traffic for specific hosts
on Windows 2003 NAT?
You can use the Windows Server 2003 implementation of
IPSec
to compensate for the limited protections provided by
applications for network traffic, or as a network-layer
foundation of a defense-in-depth strategy. Do not use
IPSec
as a replacement for other user and application security
controls, because it cannot protect against attacks from
within established and trusted communication paths. Your
authentication strategy must be well defined and
implemented
for the potential security provided by IPSec to be
realized,
because authentication verifies the identity and trust of
the computer at the other end of the connection.

62. What is VPN? What types of VPN does Windows 2000 and
beyond work with natively?
L2TP (layer 2 tunneling protocol )

vpn server is also know as L2TP server in native mode &

in
PPTP in mixed mode

PN gives extremely secure connections between private

networks linked through the Internet. It allows remote
computers to act as though they were on the same secure,
local network.

63. What is IAS? In what scenarios do we use it?

IAS is called as Internet Authentication Service. It's
used
by for configuring centralised authentication using
RADIUS
server.

64. What's the difference between Mixed mode and Native

mode in AD when dealing with RRAS?
When you are in Mixed mode certain options in the dial-in
tab of the user proeprties are disabled. And some of the
RRAS policies are also disabled. So if you want high
level
security with all the advanced feature then change the AD
to
Native mode.

65. What is the "RAS and IAS" group in AD?

Used for managing security and allowing administration
for
the respective roles of the server.

66. What are Conditions and Profile in RRAS Policies?

The conditions and profiles are used to set some
restrictions based on the media type, connection method,
group membership and lot more. So if used matches those
conditions mentioned in the profile then he can allowed /
denied access to RAS / VPN server.

67. What types or authentication can a Windows 2003 based

RRAS work with?
It supports authentication methods like MSCHAPv2, MSCHAP,
SPAP, EAP, Digest authentication. ( You can check it by
going to properties of your server in RRAS )

68. How does SSL work?

Internet communication typically runs through multiple

program layers on a server before getting to the
requested
data such as a web page or cgi scripts.

The outer layer is the first to be hit by the request.

This
is the high level protocols such as HTTP (web server),
IMAP
(mail server), and FTP (file transfer).

Determining which outer layer protocol will handle the

request depends on the type of request made by the
client.
This high level protocol then processes the request
through
the Secure Sockets Layer. If the request is for a non-
secure
connection it passes through to the TCP/IP layer and the
server application or data.

If the client requested a secure connection the ssl layer

initiates a handshake to begin the secure communication
process. Depending on the SSL setup on the server, it may
require that a secure connection be made before allowing
communication to pass through to the TCP/IP layer in
which
case a non-secure request will send back an error asking
for
them to retry securely (or simply deny the non-secure
connection).

69. How does IPSec work?

IPSec is an Internet Engineering Task Force (IETF)
standard
suite of protocols that provides data authentication,
integrity, and confidentiality as data is transferred
between communication points across IP networks. IPSec
provides data security at the IP packet level. A packet
is a
data bundle that is organized for transmission across a
network, and it includes a header and payload (the data
in
the packet). IPSec emerged as a viable network security
standard because enterprises wanted to ensure that data
could be securely transmitted over the Internet. IPSec
protects against possible security exposures by
protecting
data while in transit.

70. How do I deploy IPSec for a large number of

computers?
Just use this program Server and Domain Isolation Using
IPsec and Group Policy

71. What types of authentication can IPSec use?

Deploying L2TP/IPSec-based Remote Access

Deploying L2TP-based remote access VPN connections using
Windows Server 2003 consists of the following:

* Deploy certificate infrastructure

* Deploy Internet infrastructure

* Deploy AAA infrastructure

* Deploy VPN servers

* Deploy intranet infrastructure

* Deploy VPN clients

Implantando L2TP/IPSec-based Acesso Remoto

Implantando L2TP com base em conexões VPN de acesso
remoto
usando o Windows Server 2003 é constituída pelos
seguintes
elementos:

* Implantar certificado infra-estrutura

* Implantar infra-estrutura Internet
* Implantar infra-estrutura AAA
* Implementar VPN servidores
* Implantar intranet infra-estrutura
* Implementar clientes VPN

72. What is PFS (Perfect Forward Secrecy) in IPSec?

In an authenticated key-agreement protocol that uses

public
key cryptography, perfect forward secrecy (or PFS) is the
property that ensures that a session key derived from a
set
of long-term public and private keys will not be
compromised
if one of the (long-term) private keys is compromised in
the
future.
Forward secrecy has been used as a synonym for perfect
forward secrecy [1], since the term perfect has been
controversial in this context. However, at least one
reference [2] distinguishes perfect forward secrecy from
forward secrecy with the additional property that an
agreed
key will not be compromised even if agreed keys derived
from
the same long-term keying material in a subsequent run
are
compromised.

73. How do I monitor IPSec?

To test the IPSec policies, use IPSec Monitor. IPSec
Monitor
(Ipsecmon.exe) provides information about which IPSec
policy
is active and whether a secure channel between computers
is
established.

74. Looking at IPSec-encrypted traffic with a sniffer.

What packet types do I see?
You can see the packages to pass, but you can not see its
contents

IPSec Packet Types

IPSec packet types include the authentication header (AH)
for data integrity and the encapsulating security payload
(ESP) for data confidentiality and integrity.
The authentication header (AH) protocol creates an
envelope
that provides integrity, data origin identification and
protection against replay attacks. It authenticates every
packet as a defense against session-stealing attacks.
Although the IP header itself is outside the AH header,
AH
also provides limited verification of it by not allowing
changes to the IP header after packet creation (note that
this usually precludes the use of AH in NAT environments,
which modify packet headers at the point of NAT). AH
packets
use IP protocol 51.
The encapsulating security payload (ESP) protocol
provides
the features of AH (except for IP header authentication),
plus encryption. It can also be used in a null encryption
mode that provides the AH protection against replay
attacks
and other such attacks, without encryption or IP header
authentication. This can allow for achieving some of the
benefits of IPSec in a NAT environment that would not
ordinarily work well with IPSec. ESP packets use IP
protocol 50.

75. What can you do with NETSH?

Netsh is a command-line scripting utility that allows you
to, either locally or remotely, display, modify or script
the network configuration of a computer that is currently
running.

76. How do I look at the open ports on my machine?

Windows: Open a command prompt (Start button -> Run->
type
"cmd"), and type:
netstat -a

Linux: Open an SSH session and type:

netstat -an