Professional Documents
Culture Documents
An Internet Protocol address (IP address) is a numerical label that is assigned to devices participating in a
computer network that uses the Internet Protocol for communication between its nodes
The Dynamic Host Configuration Protocol (DHCP) is a computer networking protocol used by hosts
(DHCP clients) to retrieve IP address assignments and other configuration information
This is an IP address that is allocated to you that does not change each time you access the Internet. You
can use a static IP address to run an email server or even host a website, however, virtual hosting is very
inexpensive so it would be most advisable to obtain a proper hosting solution
In computer networking, the term IP address spoofing or IP spoofing refers to the creation of Internet
Protocol (IP) packets with a forged source IP address, called spoofing, with the purpose of concealing the
identity of the sender or impersonating another computing system
A proxy server is a server (a computer system or an application program) that acts as an intermediary for
requests from clients seeking resources from other servers
What is Subnet ?
A subnet mask allows you to identify which part of an IP Address is reserved for the network,
and which part is available for host use.
A subnetwork, or subnet, is a logically visible, distinctly addressed part of a single Internet Protocol
network.The process of subnetting is the division of a computer network into groups of computers that
have a common, designated IP address routing prefix.
An IP address has two components, the network address and the host address. A subnet mask
separates the IP address into the network and host addresses (<network><host>). Subnetting further
divides the host part of an IP address into a subnet and host address (<network><subnet><host>).
ARP is the Address Resolution Protocol. The ARP protocol maps addresses between the Data Link Layer
and the Network Layer of the OSI Model
ARP cache poisoning, also known as ARP spoofing, is the process of falsifying the source Media Access
Control (MAC) addresses of packets being sent on an Ethernet network.
A Default gateway is a node (a router) on a TCP/IP Network that serves as an access point to another
network.a default geteway is used by a host when the ip's packet destination address belongs to
someplace outside the local subnet,
A gateway is a routing device that knows how to pass traffic between different subnets and networks. A
computer will know some routes (a route is the address of each node a packet must go through on the
Internet to reach a specific destination), but not the routes to every address on the Internet. It won’t
even know all the routes on the nearest subnets.
A feature of Microsoft Windows, APIPA is a DHCP failover mechanism. With APIPA, DHCP clients can
obtain IP addresses when DHCP servers are nonfunctional. APIPA exists in all popular versions of
Windows except Windows NT
When a DHCP server fails, APIPA allocates addresses in the private range 169.254.0.1 to
169.254.255.254. Clients verify their address is unique on the LAN using ARP. When the DHCP server is
again able to service requests, clients update their addresses automatically
A Request For Comments (RFC) document defines a protocol or policy used on the Internet. An RFC can
be submitted by anyone. Eventually, if it gains enough interest, it may evolve into an Internet Standard
Each RFC is designated by an RFC number. Once published, an RFC never changes. Modifications to an
original RFC are assigned a new RFC number
What is RFC 1918? RFC 1918 is Address Allocation for Private Internets
CIDR (Classless Inter-Domain Routing, sometimes known as supernetting) is a way to allocate and specify
the Internet addresses used in inter-domain routing more flexibly than with the original system of
Internet Protocol (IP) address classes. As a result, the number of available Internet addresses has been
greatly increased
You have the following Network ID: 192.115.103.64/27. What is the IP range for your network?
What is DHCP? What are the benefits and drawbacks of using it?
Benefits:
1. DHCP minimizes configuration errors caused by manual IP address configurationDHCP minimizes
configuration errors caused by manual IP address configuration
2. Reduced network administration.
Disadvantage
Your machine name does not change when you get a new IP address. The DNS (Domain Name
System) name is associated with your IP address and therefore does change. This only presents a
problem if other clients try to access your machine by its DNS name.
Describe the steps taken by the client and DHCP server in order to obtain an IP address?
Ans :
At least one DHCP server must exist on a network. Once the DHCP server software
is installed, you create a DHCP scope, which is a pool of IP addresses that the
server manages. When clients log on, they request an IP address from the server,
and the server provides an IP address from its pool of available addresses.
DHCP was originally defined in RFC 1531 (Dynamic Host Configuration Protocol,
October 1993) but the most recent update is RFC 2131 (Dynamic Host
Configuration Protocol, March 1997). The IETF Dynamic Host Configuration (dhc)
Working Group is chartered to produce a protocol for automated allocation,
configuration, and management of IP addresses and TCP/IP protocol stack
parameters.
What is the DHCPNACK and when do I get one? Name 2 scenarios ?
Recently I saw a lot of queries regarding when the Microsoft DHCP server issues a NAK to DHCP clients.
For simplification purposes, I am listing down the possible scenarios in which the server should NOT
issue a NAK. This should give you a good understanding of DHCP NAK behavior.
When a DHCP server receives a DHCPRequest with a previously assigned address specified, it first checks
to see if it came from the local segment by checking the GIADDR field. If it originated from the local
segment, the DHCP server compares the requested address to the IP address and subnet mask
belonging to the local interface that received the request.
DHCP server will issue a NAK to the client ONLY IF it is sure that the client, "on the local subnet", is
asking for an address that doesn't exist on that subnet.
The DHCPInform message received by the remote access server is then forwarded
to a DHCP server. The remote access server forwards DHCPInform messages only if
it has been configured with the DHCP Relay Agent.
Traditionally, DNS and DHCP servers have been configured and managed one at a time. Similarly,
changing authorization rights for a particular user on a group of devices has meant visiting each one and
making configuration changes. DHCP integration with DNS allows the aggregation of these tasks across
devices, enabling a company's network services to scale in step with the growth of network users,
devices, and policies, while reducing administrative operations and costs.
This integration provides practical operational efficiencies that lower total cost of ownership. Creating a
DHCP network automatically creates an associated DNS zone, for example, reducing the number of tasks
required of network administrators. And integration of DNS and DHCP in the same database instance
provides unmatched consistency between service and management views of IP address-centric network
services data.
Windows Server 2003 DNS supports DHCP by means of the dynamic update of DNS zones. By integrating
DHCP and DNS in a DNS deployment, you can provide your network resources with dynamic addressing
information stored in DNS. To enable this integration, you can use the Windows Server 2003 DHCP
service.
The dynamic update standard, specified in RFC 2136: Dynamic Updates in the Domain Name System
(DNS UPDATE), automatically updates DNS records. Both Windows Server 2003 and Windows 2000
support dynamic update, and both clients and DHCP servers can send dynamic updates when their IP
addresses change.
Dynamic update enables a DHCP server to register address (A) and pointer (PTR) resource records on
behalf of a DHCP client by using DHCP Client FQDN option 81. Option 81 enables the DHCP client to
provide its FQDN to the DHCP server. The DHCP client also provides instructions to the DHCP server
describing how to process DNS dynamic updates on behalf of the DHCP client.
The DHCP server can dynamically update DNS A and PTR records on behalf of DHCP clients that are not
capable of sending option 81 to the DHCP server. You can also configure the DHCP server to discard
client A and PTR records when the DHCP client lease is deleted. This reduces the time needed to manage
these records manually and provides support for DHCP clients that cannot perform dynamic updates. In
addition, dynamic update simplifies the setup of Active Directory by enabling domain controllers to
dynamically register SRV resource records.
If the DHCP server is configured to perform DNS dynamic updates, it performs one of the following
actions:
The DHCP server updates resource records at the request of the client. The client requests
the DHCP server to update the DNS PTR record on behalf of the client, and the client
registers A.
The DHCP server updates DNS A and PTR records regardless of whether the client
requests this action or not.
By itself, dynamic update is not secure because any client can modify DNS records. To secure
dynamic updates, you can use the secure dynamic update feature provided in Windows Server
2003. To delete outdated records, you can use the DNS server aging and scavenging feature.
a unique IP address to the requester (using port 67) similar to the DHCP request on port
68 AND
can provide (where supported) the ability to boot a system without a hard drive (ie: a
diskless client)
Apple OS X 10.* Server supports BootP (albeit) renamed as NetBoot. The facility allows the Admin to
maintain a selected set of configurations as boot images and then assign sets of client systems to
share(or boot from) that image. For example Accounting, Management, and Engineering departments
have elements in common, but which can be unique from other departments. Performing upgrades and
maintenance on three images is far more productive that working on all client systems individually.
Startup is obviously network intensive, and beyond 40-50 clients, the Admin needs to
carefully subnet the infrastructure, use gigabit switches, and host the images local to the clients to avoid
saturating the network. This will expand the number of BootP servers and multiply the number of
images, but the productivity of 1 BootP server per 50 clients is undeniable :)
Dns zone is actual file which contains all the records for a specific domain.
iii)Stub Zone :-
Stubzone is read only copy of primary zone.but it contains only 3 records viz
the SOA for the primary zone, NS record and a Host (A) record
SOA Make a point of finding the Start of Authority (SOA) tab at the
DNS Server.
Authoritative Name Server [NS] Record:-A Zone should contain one NS Record for each of
its own DNS servers (primary and secondary). This mostly is used for Zone Transfer purposes
(notify). These NS Records have the same name as the Zone in which they are located.
SOA:-This record is used while synchronizing data between multiple computers. A given zone
must have precisely one SOA record which contains Name of Primary DNS Server, Mailbox of
the Responsible Person, Serial Number: Used by Secondary DNS Servers to check if the Zone
has changed. If the Serial Number is higher than what the Secondary Server has, a Zone
Transfer will be initiated, Refresh Interval: How often Secondary DNS Servers should check if
changes are made to the zone, Retry Interval: How often Secondary DNS Server should retry
checking, if changes are made - if the first refresh fails, Expire Interval: How long the Zone will
be valid after a refresh. Secondary Servers will discard the Zone if no refresh could be made
within this interval. Minimum (Default) TTL: Used as the default TTL for new Records created
within the zone. Also used by other DNS Server to cache negative responses (such as Record
does not exist, etc.).
In the Windows 2000/2003 DNS console (dnsmgmt.msc), under a server's Properties ->
Forwarders tab is the setting Do not use recursion for this domain. On the Advanced tab you
will find the confusingly similar option Disable recursion (also disables forwarders).
Recursion refers to the action of a DNS server querying additional DNS servers (e.g. local ISP
DNS or the root DNS servers) to resolve queries that it cannot resolve from its own database. So
what is the difference between these settings?
The DNS server will attempt to resolve the name locally, then will forward requests to any DNS
servers specified as forwarders. If Do not use recursion for this domain is enabled, the DNS
server will pass the query on to forwarders, but will not recursively query any other DNS servers
(e.g. external DNS servers) if the forwarders cannot resolve the query.
If Disable recursion (also disables forwarders) is set, the server will attempt to resolve a query
from its own database only. It will not query any additional servers.
If neither of these options is set, the server will attempt to resolve queries normally:
... the local database is queried
... if an entry is not found, the request is passed to any forwarders that are set
... if no forwarders are set, the server will query servers on the Root Hints tab to resolve queries
beginning at the root domains.
What could cause the Forwarders and Root Hints to be grayed out?
What is a "Single Label domain name" and what sort of issues can it cause?
Single-label names consist of a single word like "contoso".
• Single-label DNS names cannot be registered by using an Internet registrar.
• Client computers and domain controllers that joined to single-label domains require additional
configuration to dynamically register DNS records in single-label DNS zones. • Client computers and
domain controllers may require additional configuration to resolve DNS queries in single-label DNS
zones.
• By default, Windows Server 2003-based domain members, Windows XP-based domain members, and
Windows 2000-based domain members do not perform dynamic updates to single-label DNS zones.
• Some server-based applications are incompatible with single-label domain names. Application support
may not exist in the initial release of an application, or support may be dropped in a future release. For
example, Microsoft Exchange Server 2007 is not supported in environments in which single-label DNS is
used.
• Some server-based applications are incompatible with the domain rename feature that is supported in
Windows Server 2003 domain controllers and in Windows Server 2008 domain controllers. These
incompatibilities either block or complicate the use of the domain rename feature when you try to
rename a single-label DNS name to a fully qualified domain name.
What is the "in-addr.arpa" zone used for?
During the installation of Active Directory, the service (SRV) and address (A) resource records
are dynamically registered in DNS, which are necessary for the successful functionality of the
domain controller locator (Locator) mechanism.
To find domain controllers in a domain or forest, a client queries DNS for the SRV and A DNS
resource records of the domain controller, which provide the client with the names and IP
addresses of the domain controllers. In this context, the SRV and A resource records are referred
to as Locator DNS resource records.
When adding a domain controller to a forest, you are updating a DNS zone hosted on a DNS
server with the Locator DNS resource records and identifying the domain controller. For this
reason, the DNS zone must allow dynamic updates (RFC 2136) and the DNS server hosting that
zone must support the SRV resource records (RFC 2782) to advertise the Active Directory
directory service. For more information about RFCs, see DNS RFCs.
If the DNS server hosting the authoritative DNS zone is not a server running Windows 2000 or
Windows Server 2003, contact your DNS administrator to determine if the DNS server supports
the required standards. If the server does not support the required standards, or the authoritative
DNS zone cannot be configured to allow dynamic updates, then modification is required to your
existing DNS infrastructure.
For more information, see Checklist: Verifying DNS before installing Active Directory and
Using the Active Directory Installation Wizard.
Important
• The DNS server used to support Active Directory must support SRV resource records for the Locator
mechanism to function. For more information, see Managing resource records.
• It is recommended that the DNS infrastructure allows dynamic updates of Locator DNS resource
records (SRV and A) before installing Active Directory, but your DNS administrator may add these
resource records manually after installation.
After installing Active Directory, these records can be found on the domain controller in the following
location: systemroot\System32\Config\Netlogon.dns
How do you manually create SRV records in DNS?