http://systadmin.wordpress.

com/2010/01/07/dns-interview-questions-and-answers/
DNS Interview Questions and Answer
1. Secure services in your network require reverse name resolution to make it more difficult to launch
successful attacks against the services. To set this up, you configure a reverse lookup zone and proceed
to add records. Which record types do you need to create?
2. What is the main purpose of a DNS server?
3. SOA records must be included in every zone. What are they used for?
4. By default, if the name is not found in the cache or local hosts file, what is the first step the client
takes to resolve the FQDN name into an IP address?
5. What is the main purpose of SRV records?
6. Before installing your first domain controller in the network, you installed a DNS server and created
a zone, naming it as you would name your AD domain. However, after the installation of the domain
controller, you are unable to locate infrastructure SRV records anywhere in the zone. What is the most
likely cause of this failure?
7. Which of the following conditions must be satisfied to configure dynamic DNS updates for legacy
clients?
8. At some point during the name resolution process, the requesting party received authoritative reply.
Which further actions are likely to be taken after this reply?
9. Your company uses ten domain controllers, three of which are also used as DNS servers. You
have one companywide AD-integrated zone, which contains several thousand resource records. This
zone also allows dynamic updates, and it is critical to keep this zone up-to-date.
Replication between domain controllers takes up a significant amount of bandwidth. You are looking to
cut bandwidth usage for the purpose of replication. What should you do?
10. You are administering a network connected to the Internet. Your users complain that everything is
slow. Preliminary research of the problem indicates that it takes a considerable amount of time to resolve
names of resources on the Internet. What is the most likely reason for this?
Answers………………….
1. PTR Records
2. DNS servers are used to resolve FQDN hostnames into IP addresses and vice versa
3. SOA records contain a TTL value, used by default in all resource records in the zone. SOA records
contain the e-mail address of the person who is responsible for maintaining the zone. SOA records
contain the current serial number of the zone, which is used in zone transfers.
4. Performs a recursive search through the primary DNS server based on the network interface
configuration
5. SRV records are used in locating hosts that provide certain network services.
6. The zone you created was not configured to allow dynamic updates. The local interface on the
DNS server was not configured to allow dynamic updates.
7. The zone to be used for dynamic updates must be configured to allow dynamic updates. The
DHCP server must support, and be configured to allow, dynamic updates for legacy clients.
8. After receiving the authoritative reply, the resolution process is effectively over.
9. Change the replication scope to all DNS servers in the domain.
10. DNS servers are not caching replies.. Local client computers are not caching replies… The
cache.dns file may have been corrupted on the server.
Frequently asked questions about Windows 2000 DNS and Windows Server 2003 DNS
SUMMARY This article describes DNS functionality in Windows 2000 and Windows
Server 2003, and provides answers to frequently asked questions about Windows 2000
and Windows Server 2003 DNS. MORE INFORMATION DNS is the backbone of
Active Directory and the primary name resolution mechanism of
Windows 2000 and Windows Server 2003. Windows 2000 and Windows Server 2003
domain
controllers dynamically register information about themselves and about Active
Directory in
DNS. Other Windows 2000 and Windows Server 2003 domain controllers, servers, and
workstations that are part of the domain query DNS to find Active Directory-related
information. If DNS is not set up correctly, domain-wide issues can occur such as
replication
between domain controllers. You may also be unable to log on to the domain or to join
the
domain from a workstation or server.
Question: What are the common mistakes that are made when administrators set up DNS
on network that contains a single Windows 2000 or Windows Server 2003 domain
controller? Answer: The most common mistakes are: •The domain controller is not
pointing to itself for DNS resolution on all network interfaces.
•The "." zone exists under forward lookup zones in DNS.
•Other computers on the local area network (LAN) do not point to the Windows 2000 or
Windows Server 2003 DNS server for DNS. Question: Why do I have to point my
domain controller to itself for DNS? Answer: The Netlogon service on the domain
controller registers a number of records in DNS that enable other domain controllers and
computers to find Active Directory-related
information. If the domain controller is pointing to the Internet service provider's (ISP)
DNS
server, Netlogon does not register the correct records for Active Directory, and errors are
generated in Event Viewer. In Windows Server 2003, the recommended DNS
configuration is to
configure the DNS client settings on all DNS servers to use themselves as their own
primary
DNS server, and to use a different domain controller in the same domain as their
alternative
DNS server, preferably another domain controller in the same site. This process also
works
around the DNS "Island" problem in Windows 2000. You must always configure the
DNS client
settings on each domain controller's network interface to use the alternative DNS server
addresses in addition to the primary DNS server address.
For more information about the Windows 2000 DNS "Island" problem, see "Chapter 2 -
Structural Planning for Branch Office Environments" in the "Planning" section of the
Windows
2000 Server Active Directory Branch Office Planning Guide at the following Microsoft
Web site:
http://www.microsoft.com/windows2000/techinfo/planning/activedirectory/branchoffice/
default
.asp
Question: What does a domain controller register in DNS? Answer: The Netlogon service
registers all the SRV records for that domain controller. These records are displayed as
the _msdcs, _sites, _tcp, and _udp folders in the forward lookup zone
that matches your domain name. Other computers look for these records to find Active
Directory-related information.
Question: Why can't I use WINS for name resolution like it is used in Microsoft
Windows NT

4.0?

Answer: A Windows 2000 or Windows Server 2003 domain controller does not register
Active Directory-related information with a WINS server; it only registers this
information with a DNS server that supports dynamic updates such as a Windows 2000
or Windows Server 2003 DNS server. Other Windows 2000-based and Windows Server
2003-based computers do not query WINS to find Active Directory-related information.
Question: If I remove the ISP's DNS server settings from the domain controller, how does
it resolve names such as Microsoft.com on the Internet? Answer: As long as the "." zone
does not exist under forward lookup zones in DNS, the DNS service uses the root hint
servers. The root hint servers are well-known servers on the Internet that help all DNS
servers resolve name queries. Question: What is the "." zone in my forward lookup zone?
Answer: This setting designates the Windows 2000 or Windows Server 2003 DNS server
to be a root hint server and is usually deleted. If you do not delete this setting, you may
not be able to perform external name resolution to the root hint servers on the Internet.
For more information, click the following article number to view the article in the
Microsoft
Knowledge Base:
229840 DNS server's root hints and forwarder pages are unavailable
Question: Do I need to configure forwarders in DNS? Answer: No. By default, Windows
2000 DNS uses the root hint servers on the Internet; however, you can configure
forwarders to send DNS queries directly to your ISP's DNS server or other DNS servers.
Most of the time, when you configure forwarders, DNS performance and efficiency
increases, but this configuration can also introduce a point of failure if the forwarding
DNS server is experiencing problems. The root hint server can provide a level of
redundancy in exchange for slightly increased DNS traffic on your Internet connection.
Windows Server 2003 DNS will query root hints servers if it cannot query the
forwarders. Question: Should I point the other Windows 2000-based and Windows
Server 2003-based computers on my LAN to my ISP's DNS servers? Answer: No. If a
Windows 2000-based or Windows Server 2003-based server or workstation does not find
the domain controller in DNS, you may experience issues joining the domain or logging
on to the domain. A Windows 2000-based or Windows Server 2003-based computer's
preferred DNS setting should point to the Windows 2000 or Windows Server 2003
domain controller running DNS. If you are using DHCP, make sure that you view scope
option #15 for the correct DNS server settings for your LAN. Question: Do I need to
point computers that are running Windows NT 4.0 or Microsoft Windows 95, Microsoft
Windows 98, or Microsoft Windows 98 Second Edition to the Windows 2000 or
Windows Server 2003 DNS server? Answer: Legacy operating systems continue to use
NetBIOS for name resolution to find a domain controller; however it is recommended
that you point all computers to the Windows 2000 or Windows Server 2003 DNS server
for name resolution. Question: What if my Windows 2000 or Windows Server 2003 DNS
server is behind a proxy server or firewall

Answer: If you are able to query the ISP's DNS servers from behind the proxy server or
firewall, Windows 2000 and Windows Server 2003 DNS server is able to query the root
hint servers. UDP and TCP Port 53 should be open on the proxy server or firewall.
Question: What should I do if the domain controller points to itself for DNS, but the SRV
records still do not appear in the zone? Answer: Check for a disjointed namespace, and
then run Netdiag.exe /fix. You must install Support Tools from the Windows 2000 Server
or Windows Server 2003 CD-ROM to run Netdiag.exe. For more information about how
to check for a disjointed namespace, click the following article
number to view the article in the Microsoft Knowledge Base:
257623 The DNS suffix of the computer name of a new domain controller may not match
the
name of the domain after you install upgrade a Windows NT 4.0 Primary domain
controller to
Windows 2000
Question: How do I set up DNS for a child domain? Answer: To set up DNS for a child
domain, create a delegation record on the parent DNS server for the child DNS server.
Create a secondary zone on the child DNS server that transfers the parent zone from the
parent DNS server. Note Windows Server 2003 has additional types of zones, such as
Stub Zones and forest-level integrated Active Directory zones, that may be a better fit for
your environment. Set the child domain controller to point to itself first. As soon as an
additional domain
controller is available, set the child domain controller to point to this domain controller in
the
child domain as its secondary

1. Describe how the DHCP lease is obtained. It’s a four-step process consisting of (a) IP request,
(b) IP offer, © IP selection and (d) acknowledgement.
2. I can’t seem to access the Internet, don’t have any access to the corporate network
and on ipconfig my address is 169.254.*.*. What happened? The 169.254.*.* netmask is
assigned to Windows machines running 98/2000/XP if the DHCP server is not available. The name
for the technology is APIPA (Automatic Private Internet Protocol Addressing).
3. We’ve installed a new Windows-based DHCP server, however, the users do not seem
to be getting DHCP leases off of it. The server must be authorized first with the Active
Directory.
4. How can you force the client to give up the dhcp lease if you have access to the client
PC? ipconfig /release
5. What authentication options do Windows 2000 Servers have for remote clients? PAP,
SPAP, CHAP, MS-CHAP and EAP.
6. What are the networking protocol options for the Windows clients if for some reason
you do not want to use TCP/IP? NWLink (Novell), NetBEUI, AppleTalk (Apple).
7. What is data link layer in the OSI reference model responsible for? Data link layer is
located above the physical layer, but below the network layer. Taking raw data bits and
packaging them into frames. The network layer will be responsible for addressing the frames, while
the physical layer is reponsible for retrieving and sending raw data bits.
8. What is binding order? The order by which the network protocols are used for client-server
communications. The most frequently used protocols should be at the top.
9. How do cryptography-based keys ensure the validity of data transferred across the
network? Each IP packet is assigned a checksum, so if the checksums do not match on both
receiving and transmitting ends, the data was modified or corrupted.
10. Should we deploy IPSEC-based security or certificate-based security? They are really
two different technologies. IPSec secures the TCP/IP communication and protects the integrity of
the packets. Certificate-based security ensures the validity of authenticated clients and servers.
11. What is LMHOSTS file? It’s a file stored on a host machine that is used to resolve NetBIOS to
specific IP addresses.
12. What’s the difference between forward lookup and reverse lookup in DNS?Forward
lookup is name-to-address, the reverse lookup is address-to-name.
13. How can you recover a file encrypted using EFS? Use the domain recovery agent.