What is an IP ADDRESS?

An Internet Protocol address (IP address) is a numerical label that is assigned to devices participating in a
computer network that uses the Internet Protocol for communication between its nodes
The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts
(DHCP clients) to retrieve IP address assignments and other configuration information
This is an IP address that is allocated to you that does not change each time you access the Internet. You
can use a static IP address to run an email server or even host a website, however, virtual hosting is very
inexpensive so it would be most advisable to obtain a proper hosting solution
In computer networking, the term IP address spoofing or IP spoofing refers to the creation of Internet
Protocol (IP) packets with a forged source IP address, called spoofing, with the purpose of concealing the
identity of the sender or impersonating another computing system
A proxy server is a server (a computer system or an application program) that acts as an intermediary for
requests from clients seeking resources from other servers

What is Subnet ?

A subnet mask allows you to identify which part of an IP Address is reserved for the network,
and which part is available for host use.

A subnetwork, or subnet, is a logically visible, distinctly addressed part of a single Internet Protocol
network.The process of subnetting is the division of a computer network into groups of computers that
have a common, designated IP address routing prefix.
An IP address has two components, the network address and the host address. A subnet mask
separates the IP address into the network and host addresses (<network><host>). Subnetting further
divides the host part of an IP address into a subnet and host address (<network><subnet><host>).
ARP is the Address Resolution Protocol. The ARP protocol maps addresses between the Data Link Layer
and the Network Layer of the OSI Model
ARP cache poisoning, also known as ARP spoofing, is the process of falsifying the source Media Access
Control (MAC) addresses of packets being sent on an Ethernet network.
A Default gateway is a node (a router) on a TCP/IP Network that serves as an access point to another
network.a default geteway is used by a host when the ip's packet destination address belongs to
someplace outside the local subnet,
A gateway is a routing device that knows how to pass traffic between different subnets and networks. A
computer will know some routes (a route is the address of each node a packet must go through on the
Internet to reach a specific destination), but not the routes to every address on the Internet. It won’t
even know all the routes on the nearest subnets.
A feature of Microsoft Windows, APIPA is a DHCP failover mechanism. With APIPA, DHCP clients can
obtain IP addresses when DHCP servers are nonfunctional. APIPA exists in all popular versions of
Windows except Windows NT
When a DHCP server fails, APIPA allocates addresses in the private range 169.254.0.1 to
169.254.255.254. Clients verify their address is unique on the LAN using ARP. When the DHCP server is
again able to service requests, clients update their addresses automatically
A Request For Comments (RFC) document defines a protocol or policy used on the Internet. An RFC can
be submitted by anyone. Eventually, if it gains enough interest, it may evolve into an Internet Standard
Each RFC is designated by an RFC number. Once published, an RFC never changes. Modifications to an
original RFC are assigned a new RFC number
What is RFC 1918? RFC 1918 is Address Allocation for Private Internets
CIDR (Classless Inter-Domain Routing, sometimes known as supernetting) is a way to allocate and specify
the Internet addresses used in inter-domain routing more flexibly than with the original system of
Internet Protocol (IP) address classes. As a result, the number of available Internet addresses has been
greatly increased
You have the following Network ID: 192.115.103.64/27. What is the IP range for your network?

if Network id- 192.115.103.64/27

subnet mask- 255.255.255.224
block size=32
no of possible network=8
1st network id-192.115.103.0-192.115.103.31
2nd network id-192.115.103.32-192.115.103.63
3rd network id-192.115.103.64-192.115.103.95
4th network id-192.115.103.96-192.115.103.127
5th network id-192.115.103.128-192.115.103.159
6th network id-192.115.103.160-192.115.103.191
7th network id-192.115.103.192-192.115.103.223
8th network id-192.115.103.224-192.115.103.255
our network id is 192.115.103.64
so valid ip range of this net is 192.115.103.65-192.115.103.94
because 192.115.103.64 is a network address
and 192.115.103.95 is a broadcast address
You need to view at network traffic. What will you use? Name a few tools ?
Wire shark or tcp dump
Ethereal
Net flow Traffic Analyzer
How do I know the path that a packet takes to the destination ?
use "tracert" command-line
What does the ping 192.168.0.1 -l 1000 -n 100 command do ?

What is DHCP? What are the benefits and drawbacks of using it?
Benefits:
1. DHCP minimizes configuration errors caused by manual IP address configurationDHCP minimizes
configuration errors caused by manual IP address configuration
2. Reduced network administration.

Disadvantage

Your machine name does not change when you get a new IP address. The DNS (Domain Name
System) name is associated with your IP address and therefore does change. This only presents a
problem if other clients try to access your machine by its DNS name.
Describe the steps taken by the client and DHCP server in order to obtain an IP address?
Ans :
At least one DHCP server must exist on a network. Once the DHCP server software
is installed, you create a DHCP scope, which is a pool of IP addresses that the
server manages. When clients log on, they request an IP address from the server,
and the server provides an IP address from its pool of available addresses.

DHCP was originally defined in RFC 1531 (Dynamic Host Configuration Protocol,
October 1993) but the most recent update is RFC 2131 (Dynamic Host
Configuration Protocol, March 1997). The IETF Dynamic Host Configuration (dhc)
Working Group is chartered to produce a protocol for automated allocation,
configuration, and management of IP addresses and TCP/IP protocol stack
parameters.
What is the DHCPNACK and when do I get one? Name 2 scenarios ?

Recently I saw a lot of queries regarding when the Microsoft DHCP server issues a NAK to DHCP clients.
For simplification purposes, I am listing down the possible scenarios in which the server should NOT
issue a NAK. This should give you a good understanding of DHCP NAK behavior.

When a DHCP server receives a DHCPRequest with a previously assigned address specified, it first checks
to see if it came from the local segment by checking the GIADDR field. If it originated from the local
segment, the DHCP server compares the requested address to the IP address and subnet mask
belonging to the local interface that received the request.
DHCP server will issue a NAK to the client ONLY IF it is sure that the client, "on the local subnet", is
asking for an address that doesn't exist on that subnet.

The server will send a NAK EXCEPT in the following scenarios:-

1. Requested address from possibly the same subnet but not in the address pool of the server:-
This can be the failover scenario in which 2 DHCP servers are serving the same subnet so that when one
goes down, the other should not NAK to clients which got an IP from the first server.
2. Requested address on a different subnet:-
If the Address is from the same superscope to which the subnet belongs, DHCP server will ACK the
REQUEST.
What ports are used by DHCP and the DHCP clients ?
Requests are on UDP port 68, Server replies on UDP 67
Describe the process of installing a DHCP server in an AD infrastructure.?
It is about how to install DHCP server...
In Windows server 2008 ...
Go to... START-->Administrative Tools --> Server Manager --> Roles (Right Click)
--> Add Roles (Here a Add roles wizard will appear) --> Check the box of DHCP Server
--> click next --> Next --> In IPv4 DNS settings Give the parent domain Name and DNS server
IP address and validate it... Click Next --> Add the DHCP scopes --> Disable DHCPv6.. click
Next --> Finally Click on INSTALL
What is DHCPINFORM ?

DHCPInform is a DHCP message used by DHCP clients to obtain DHCP options.

While PPP remote access clients do not use DHCP to obtain IP addresses for the
remote access connection, Windows 2000 and Windows 98 remote access clients
use the DHCPInform message to obtain DNS server IP addresses, WINS server IP
addresses, and a DNS domain name. The DHCPInform message is sent after the
IPCP negotiation is concluded.

The DHCPInform message received by the remote access server is then forwarded
to a DHCP server. The remote access server forwards DHCPInform messages only if
it has been configured with the DHCP Relay Agent.

Describe the integration between DHCP and DNS ?

Traditionally, DNS and DHCP servers have been configured and managed one at a time. Similarly,
changing authorization rights for a particular user on a group of devices has meant visiting each one and
making configuration changes. DHCP integration with DNS allows the aggregation of these tasks across
devices, enabling a company's network services to scale in step with the growth of network users,
devices, and policies, while reducing administrative operations and costs.

This integration provides practical operational efficiencies that lower total cost of ownership. Creating a
DHCP network automatically creates an associated DNS zone, for example, reducing the number of tasks
required of network administrators. And integration of DNS and DHCP in the same database instance
provides unmatched consistency between service and management views of IP address-centric network
services data.

Windows Server 2003 DNS supports DHCP by means of the dynamic update of DNS zones. By integrating
DHCP and DNS in a DNS deployment, you can provide your network resources with dynamic addressing
information stored in DNS. To enable this integration, you can use the Windows Server 2003 DHCP
service.
The dynamic update standard, specified in RFC 2136: Dynamic Updates in the Domain Name System
(DNS UPDATE), automatically updates DNS records. Both Windows Server 2003 and Windows 2000
support dynamic update, and both clients and DHCP servers can send dynamic updates when their IP
addresses change.
Dynamic update enables a DHCP server to register address (A) and pointer (PTR) resource records on
behalf of a DHCP client by using DHCP Client FQDN option 81. Option 81 enables the DHCP client to
provide its FQDN to the DHCP server. The DHCP client also provides instructions to the DHCP server
describing how to process DNS dynamic updates on behalf of the DHCP client.
The DHCP server can dynamically update DNS A and PTR records on behalf of DHCP clients that are not
capable of sending option 81 to the DHCP server. You can also configure the DHCP server to discard
client A and PTR records when the DHCP client lease is deleted. This reduces the time needed to manage
these records manually and provides support for DHCP clients that cannot perform dynamic updates. In
addition, dynamic update simplifies the setup of Active Directory by enabling domain controllers to
dynamically register SRV resource records.
If the DHCP server is configured to perform DNS dynamic updates, it performs one of the following
actions:

 The DHCP server updates resource records at the request of the client. The client requests
the DHCP server to update the DNS PTR record on behalf of the client, and the client
registers A.
  The DHCP server updates DNS A and PTR records regardless of whether the client
requests this action or not.

By itself, dynamic update is not secure because any client can modify DNS records. To secure
dynamic updates, you can use the secure dynamic update feature provided in Windows Server
2003. To delete outdated records, you can use the DNS server aging and scavenging feature.

What options in DHCP do you regularly use for an MS network?

Automatic providing IP address
Subnet mask
DNS server
Domain name
Default getaway or router
What are User Classes and Vendor Classes in DHCP?
http://support.microsoft.com/kb/266675
http://support.microsoft.com/kb/240247
http://www.yeyan.cn/Programming/DHCPVendorclassesUserclasses.aspx
How do I configure a client machine to use a specific User Class?
The command to configure a client machine to use a specific user class is
ipconfig /setclassid "<Name of your Network card>" <Name of the class you created on DHCP and you
want to join (Name is case sensitive)>
Eg:
ipconfig /setclassid " Local Area Network" Accounting
What is the BOOTP protocol used for, where might you find it in Windows network infrastructure?
BootP (RFC951) provides

 a unique IP address to the requester (using port 67) similar to the DHCP request on port
68 AND
 can provide (where supported) the ability to boot a system without a hard drive (ie: a
diskless client)

Apple OS X 10.* Server supports BootP (albeit) renamed as NetBoot. The facility allows the Admin to
maintain a selected set of configurations as boot images and then assign sets of client systems to
share(or boot from) that image. For example Accounting, Management, and Engineering departments
have elements in common, but which can be unique from other departments. Performing upgrades and
maintenance on three images is far more productive that working on all client systems individually.

Startup is obviously network intensive, and beyond 40-50 clients, the Admin needs to
carefully subnet the infrastructure, use gigabit switches, and host the images local to the clients to avoid
saturating the network. This will expand the number of BootP servers and multiply the number of
images, but the productivity of 1 BootP server per 50 clients is undeniable :)

Sunmicro, Linux, and AIX RS/600 all support BootP.

Todate, Windows does not support booting "diskless clients".

DNS zones – describe the differences between the 4 types.?

Dns zone is actual file which contains all the records for a specific domain.

i)Forward Lookup Zones :-

This zone is responsible to resolve host name to ip.

ii)Reverse Lookup Zones :-

This zone is responsible to resolve ip to host name.

iii)Stub Zone :-

Stubzone is read only copy of primary zone.but it contains only 3 records viz

the SOA for the primary zone, NS record and a Host (A) record

DNS record types – describe the most important ones ?

A (Host) Classic resource record. Maps hostname to IP(ipv4)

PTR Maps IP to hostname (Reverse of A (Host)

AAAA Maps hostname to ip (ipv6)

Cname Canonical name, in plain English an alias.such as

Web Server,FTP Server, Chat Server

NS Identifies DNS name servers. Important for forwarders

MX Mail servers, particularly for other domains.MX records

required to deliver internet email.

_SRV Required for Active Directory. Whole family of

underscore service,records, for example, gc = global catalog.

SOA Make a point of finding the Start of Authority (SOA) tab at the

DNS Server.

For more knowledge

Srv records :- A SRV or Service Record is a category of data in the DNS specifying information
on available services. When looking up for a service, you must first lookup the SRV Record for
the service to see which server actually handles it. Then it looks up the Address Record for the
server to connect to its IP Address.

Authoritative Name Server [NS] Record:-A Zone should contain one NS Record for each of
its own DNS servers (primary and secondary). This mostly is used for Zone Transfer purposes
(notify). These NS Records have the same name as the Zone in which they are located.

SOA:-This record is used while synchronizing data between multiple computers. A given zone
must have precisely one SOA record which contains Name of Primary DNS Server, Mailbox of
the Responsible Person, Serial Number: Used by Secondary DNS Servers to check if the Zone
has changed. If the Serial Number is higher than what the Secondary Server has, a Zone
Transfer will be initiated, Refresh Interval: How often Secondary DNS Servers should check if
changes are made to the zone, Retry Interval: How often Secondary DNS Server should retry
checking, if changes are made - if the first refresh fails, Expire Interval: How long the Zone will
be valid after a refresh. Secondary Servers will discard the Zone if no refresh could be made
within this interval. Minimum (Default) TTL: Used as the default TTL for new Records created
within the zone. Also used by other DNS Server to cache negative responses (such as Record
does not exist, etc.).

Describe the process of working with an external domain name ?

Serving Sites with External Domain Name Servers

If you host Web sites on this server and have a standalone DNS server acting as a primary (master) name
server for your sites, you may want to set up your control panel's DNS server to function as a secondary
(slave) name server:
To make the control panel's DNS server act as a secondary name server:
Go to Domains > domain name > DNS Settings (in the Web Site group).
Click Switch DNS Service Mode.
Specify the IP address of the primary (master) DNS server.
Click Add.
Repeat steps from 1 to 5 for each Web site that needs to have a secondary name server on this machine.
To make the control panel's DNS server act as a primary for a zone:
Go to Domains > domain name > DNS Settings (in the Web Site group).
Click Switch DNS Service Mode. The original resource records for the zone will be restored.
If you host Web sites on this server and rely entirely on other machines to perform the Domain Name
Service for your sites (there are two external name servers - a primary and a secondary), switch off the
control panel's DNS service for each site served by external name servers.
To switch off the control panel's DNS service for a site served by an external name server:
Go to Domains > domain name > DNS Settings (in the Web Site group).
Click Switch Off the DNS Service in the Tools group. Turning the DNS service off for the zone will refresh
the screen, so that only a list of name servers remains.
Note: The listed name server records have no effect on the system. They are only presented on the
screen as clickable links to give you a chance to validate the configuration of the zone maintained on the
external authoritative name servers.
Repeat the steps from 1 to 3 to switch off the local domain name service for each site served by external
name servers.
If you wish to validate the configuration of a zone maintained on authoritative name servers:
Go to Domains > domain name > DNS Settings (in the Web Site group).
Add to the list the entries pointing to the appropriate name servers that are authoritative for the zone:
click Add, specify a name server, and click OK. Repeat this for each name server you would like to test.
The records will appear in the list.
Click the records that you have just created. Parallels Plesk Panel will retrieve the zone file from a
remote name server and check the resource records to make sure that domain's resources are properly
resolved.
The results will be interpreted and displayed on the screen.
Describe the importance of DNS to AD.?
When you install Active Directory on a server, you promote the server to the role of a domain controller
for a specified domain. When completing this process, you are prompted to specify a DNS domain name
for the Active Directory domain for which you are joining and promoting the server.If during this
process, a DNS server authoritative for the domain that you specified either cannot be located on the
network or does not support the DNS dynamic update protocol, you are prompted with the option to
install a DNS server. This option is provided because a DNS server is required to locate this server or
other domain controllers for members of an Active Directory domain.
Describe a few methods of finding an MX record for a remote domain on the Internet.?
In order to find MX Records for SMTP domains you can use Command-line tools such as NSLOOKUP or
DIG. You can also use online web services that allow you to perform quick searches and display the
information in a convenient manner
What does "Disable Recursion" in DNS mean?

In the Windows 2000/2003 DNS console (dnsmgmt.msc), under a server's Properties ->
Forwarders tab is the setting Do not use recursion for this domain. On the Advanced tab you
will find the confusingly similar option Disable recursion (also disables forwarders).

Recursion refers to the action of a DNS server querying additional DNS servers (e.g. local ISP
DNS or the root DNS servers) to resolve queries that it cannot resolve from its own database. So
what is the difference between these settings?

The DNS server will attempt to resolve the name locally, then will forward requests to any DNS
servers specified as forwarders. If Do not use recursion for this domain is enabled, the DNS
server will pass the query on to forwarders, but will not recursively query any other DNS servers
(e.g. external DNS servers) if the forwarders cannot resolve the query.

If Disable recursion (also disables forwarders) is set, the server will attempt to resolve a query
from its own database only. It will not query any additional servers.

If neither of these options is set, the server will attempt to resolve queries normally:
... the local database is queried
... if an entry is not found, the request is passed to any forwarders that are set
... if no forwarders are set, the server will query servers on the Root Hints tab to resolve queries
beginning at the root domains.
What could cause the Forwarders and Root Hints to be grayed out?

Win2K configured your DNS server as a private root server

What is a "Single Label domain name" and what sort of issues can it cause?
Single-label names consist of a single word like "contoso".
• Single-label DNS names cannot be registered by using an Internet registrar.
• Client computers and domain controllers that joined to single-label domains require additional
configuration to dynamically register DNS records in single-label DNS zones. • Client computers and
domain controllers may require additional configuration to resolve DNS queries in single-label DNS
zones.
• By default, Windows Server 2003-based domain members, Windows XP-based domain members, and
Windows 2000-based domain members do not perform dynamic updates to single-label DNS zones.
• Some server-based applications are incompatible with single-label domain names. Application support
may not exist in the initial release of an application, or support may be dropped in a future release. For
example, Microsoft Exchange Server 2007 is not supported in environments in which single-label DNS is
used.
• Some server-based applications are incompatible with the domain rename feature that is supported in
Windows Server 2003 domain controllers and in Windows Server 2008 domain controllers. These
incompatibilities either block or complicate the use of the domain rename feature when you try to
rename a single-label DNS name to a fully qualified domain name.
What is the "in-addr.arpa" zone used for?

What are the requirements from DNS to support AD?

DNS requirements for installing Active Directory

When you install Active Directory on a member server, the member server is promoted to a
domain controller. Active Directory uses DNS as the location mechanism for domain controllers,
enabling computers on the network to obtain IP addresses of domain controllers.

During the installation of Active Directory, the service (SRV) and address (A) resource records
are dynamically registered in DNS, which are necessary for the successful functionality of the
domain controller locator (Locator) mechanism.

To find domain controllers in a domain or forest, a client queries DNS for the SRV and A DNS
resource records of the domain controller, which provide the client with the names and IP
addresses of the domain controllers. In this context, the SRV and A resource records are referred
to as Locator DNS resource records.

When adding a domain controller to a forest, you are updating a DNS zone hosted on a DNS
server with the Locator DNS resource records and identifying the domain controller. For this
reason, the DNS zone must allow dynamic updates (RFC 2136) and the DNS server hosting that
zone must support the SRV resource records (RFC 2782) to advertise the Active Directory
directory service. For more information about RFCs, see DNS RFCs.
If the DNS server hosting the authoritative DNS zone is not a server running Windows 2000 or
Windows Server 2003, contact your DNS administrator to determine if the DNS server supports
the required standards. If the server does not support the required standards, or the authoritative
DNS zone cannot be configured to allow dynamic updates, then modification is required to your
existing DNS infrastructure.

For more information, see Checklist: Verifying DNS before installing Active Directory and
Using the Active Directory Installation Wizard.

Important
• The DNS server used to support Active Directory must support SRV resource records for the Locator
mechanism to function. For more information, see Managing resource records.
• It is recommended that the DNS infrastructure allows dynamic updates of Locator DNS resource
records (SRV and A) before installing Active Directory, but your DNS administrator may add these
resource records manually after installation.
After installing Active Directory, these records can be found on the domain controller in the following
location: systemroot\System32\Config\Netlogon.dns
How do you manually create SRV records in DNS?

this is on windows server

go to run ---> dnsmgmt.msc
rightclick on the zone you want to add srv record to and choose "other new record"
and choose service location(srv).....
Name 3 benefits of using AD-integrated zones.

1. you can give easy name resolution to ur clients.

2. By creating AD- integrated zone you can also trace hacker and spammer by creating reverse zone.
3. AD integrated zoned all for incremental zone transfers which on transfer changes and not the entire
zone. This reduces zone transfer traffic.
4. AD Integrated zones suport both secure and dmanic updates.
5. AD integrated zones are stored as part of the active directory and support domain-wide or forest-
wide replication through application partitions in AD.
You installed a new AD domain and the new (and first) DC has not registered its SRV records in DNS.
Name a few possible causes.