|
|
|
|
|
|
|
|
|
|
|
| MCSE Microsoft® Windows® 2000 Network Infrastructure Readiness Review; Exam 70-216 |
|
|
|
|||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
Objective Domain 1: Installing, Configuring, Managing, Monitoring, and Troubleshooting DNS in a Windows 2000 Network Infrastructure
Objective Domain 1 Installing, Configuring, Managing, Monitoring, and Troubleshooting DNS in a Windows 2000 Network Infrastructure
The Installing, Configuring, Managing, Monitoring, and Troubleshooting DNS in a Windows 2000 Network Infrastructure objective domain focuses on implementing Domain Name System (DNS) in Microsoft Windows 2000. All computers on the Internet have both an IP (Internet Protocol) address (such as 172.16.52.204) as well as a fully qualified domain name such as www.microsoft.com. For most users, remembering the name of a computer is much easier than memorizing individual IP addresses. In addition, although IP addresses can change, the name itself typically doesn’t. For example, Microsoft might decide to change the IP address associated with its Web site. In this case, all you need to remember is the name of the site. Regardless of what IP address changes are made, you are still able to connect to the primary Microsoft Web site.
When a client is connecting to another computer using its host name, a DNS server is called to translate the name to an actual IP address. The client making the request is called a resolver while the DNS server providing the translation is called the name server. The name server then returns the appropriate IP address, a pointer to another name server (that performs the translation), or an error message in the event the host name cannot be located.
DNS itself is designed as a hierarchical group of names. There are three main levels in this hierarchy:
- Root-level domain (represented by a single period)
- Top-level domain (represented by various suffixes such as .com or .org)
- Second-level domain (represented by the organization’s name, such as Microsoft or Compaq)
DNS administers the IP address mapping of host computer names by grouping them by domain (or subdomain) into zones. Zones make it easier for the administration of large numbers of host computers. Each DNS server has an identified zone of authority for which it is responsible. This makes managing client requests more efficient. In addition, secondary DNS servers can be deployed to act as backups for a given DNS server and its zone of authority.
Although DNS has been a core feature of the Internet for years, it was first introduced as a feature of Microsoft Windows NT 4.0. The version of DNS included with Windows 2000 has additional features. These include:
- Active Directory service integration
- Incremental Zone Transfer (IXFR)
- Dynamic update and secure dynamic update
- Unicode Character Support
- Enhanced Domain Locator
- Enhanced Caching Resolver Service
- Enhanced DNS Manager
Tested Skills and Suggested Practices
The following skills are needed to successfully master the Installing, Configuring, Managing, Monitoring, and Troubleshooting DNS in a Windows 2000 Network Infrastructure objective domain on the Implementing and Administering a Microsoft Windows 2000 Network Infrastructure exam. After completing the Practices on your own, check the Appendix for procedures.
- Installing and configuring DNS on an existing deployment of Windows 2000 Server.
- Practice 1: Install DNS Server.
- Practice 2: Test a DNS Server installation using the DNS administration console.
- Using NSLOOKUP.EXE and the DNS administrative console to troubleshoot a DNS installation.
- Practice 1: Troubleshoot a Windows 2000 DNS Server installation using the Nslookup utility. Nslookup is a command-based application you can run from a command prompt.
- Using the DNSCMD.EXE utility for DNS server administration from a command prompt. The time spent managing complex DNS environments can be reduced by utilizing this utility in automated scripts.
- Practice 1: Install and run the DNSCMD.EXE utility from the Windows 2000 Server product CD-ROM.
Further Reading
This section contains a list of supplemental readings divided by objective. Study these sources thoroughly before taking the exam.Objective 1.1
Microsoft Corporation. Microsoft Windows 2000 Server Resource Kit. Volume: Microsoft Windows 2000 Server TCP/IP Core Networking Guide. Redmond, Washington: Microsoft Press, 2000. Chapter 5,"Introduction to DNS" introduces DNS and explores how computers on the Internet resolve host names. This topic also reviews fundamental DNS concepts, such as forward and reverse lookup, and the record types supported by DNS.
Microsoft Corporation. Microsoft Windows 2000 Server Resource Kit. Volume: Microsoft Windows 2000 Server TCP/IP Core Networking Guide. Redmond, Washington: Microsoft Press, 2000. Chapter 6,"Windows 2000 DNS" provides information about how the Windows 2000 DNS Server differs from traditional DNS servers.
Microsoft Corporation. MCSE Training Kit: Microsoft Windows 2000 Network Infrastructure Administration. Redmond, Washington: Microsoft Press, 2000. Chapter 7, "Implementing Domain Name System (DNS)" provides an overview of DNS and how it is used to resolve TCP/IP host names. This chapter also provides steps to implement a DNS Server.
Objective 1.2
Microsoft Corporation. Microsoft Windows 2000 Server Resource Kit. Volume: Microsoft Windows 2000 Server TCP/IP Core Networking Guide. Redmond, Washington: Microsoft Press, 2000. Chapter 6, "Windows 2000 DNS" provides information about how Windows 2000 DNS integrates with Active Directory services, along with common troubleshooting techniques.
Microsoft Corporation. MCSE Training Kit: Microsoft Windows 2000 Network Infrastructure Administration, Redmond, Washington: Microsoft Press, 2000. Chapter 8, "Using Windows 2000 Domain Name System" describes how the Microsoft Windows 2000 DNS Server differs from UNIX-based DNS servers—especially in regard to support for Microsoft’s Active Directory services.
1.1 Install, configure, and troubleshoot DNS.
This objective covers deploying Domain Name System (DNS) on a Windows 2000 Server. If you are installing DNS after you’ve installed and configured the operating system, it is important to verify you have implemented the TCP/IP protocol and that your server has a static IP (Internet Protocol) address assigned. In many organizations, existing workstations and servers may have a dynamic IP address assigned via a Dynamic Host Configuration Protocol (DHCP) server. In this case, you cannot install the DNS Server. Once your server has been assigned a static IP address, you can install DNS through the Control Panel’s Add/Remove Programs icon. DNS is a Windows component, so you need to click the appropriate tab. DNS doesn’t require a reinstallation of the operating system, so it can be added to your server at any time.Once you install DNS, you can test your configuration using the DNS Console Manager. The console manager includes a simple query test feature to provide you a quick way to evaluate whether the service has been installed and is working correctly. In addition to the console manager’s test capability, you can also use the command line utility NSLOOKUP.EXE.
A proper DNS installation normally includes both forward and reverse lookup information. Consider using NSLOOKUP.EXE to test this lookup information once your server has been installed and configured. When preparing for this objective, you should have a good understanding of how to install and configure DNS using the console manager as well as how to use Nslookup to test the installation.
MCM
70-216.01.01.001
A and D
You are about to set up a Standard secondary DNS zone on a Windows 2000 Server. What is the importance of setting up this zone? (Choose all that apply.)
To perform DNS load balancing.
Correct:
One reason you may want to implement a secondary DNS zone is to provide additional DNS Server resources for client requests. This comes in the form of load balancing the requests between the primary and secondary zones
To perform maintenance on the primary DNS zone.
Incorrect:
Don’t use a secondary zone to perform maintenance on the primary zone. Instead, create a secondary zone when you want to implement load balancing or fault tolerance.
To provide a location for any additional domain names.
Incorrect:
A secondary zone allows you to implement load balancing or fault tolerance of a primary zone. It isn’t required to implement additional domain names.
To provide fault tolerance with a second valid copy of the zone, in case the primary fails.
Correct:
In addition to providing load balancing for a primary zone, you can also use a secondary zone to implement fault tolerance.
MCS
70-216.01.01.002
A
You are manually creating resource records in a zone of a DNS Server. You want to create a record that maps a fully qualified domain name (FQDN) to an IP address. Which type of resource record should you create?
A.
Correct:
You use the host address (A) record to map a host name to a specific IP address. You use A records when performing a forward lookup of an FQDN.
MX.
Incorrect:
You use the Mail Exchanger (MX) record for mail server resolution—it doesn’t map an FQDN to an IP address.
PTR.
Incorrect:
You use Pointer (PTR) resource records to refer a request to another DNS domain name location. This is typical when performing a reverse lookup of an IP address to a host name.
SRV.
Incorrect:
You use Server location (SRV) resource recordsr , which is new in Windows 2000 DNS, to locate domain controllers, not the IP address of a given host.
MCM
70-216.01.01.003
A, B, and C
You are testing the configuration of your DNS Server on your Windows 2000 Server. You want to accomplish the following goals:
-
Verify the Reverse Lookup zones function properly.
- Type Nslookup at the command prompt.
- Type Server 165.23.10.03.
- Type 165.23.09.003, and view the name of the server returned by Nslookup as Mgcty1.
- Type Set querytype = NS.
Verify the PTR Resource Records function properly.
Verify DNS Server can answer queries.
Verify the configuration of the Forward Lookup zone.
You perform the following actions:
Which goal or goals are accomplished from these actions? (Choose all that apply.)
Verify DNS Server can answer queries.
Correct:
The successful return of the Mgcty1 host name verifies the server is answering queries.
Verify the PTR Resource Records function properly.
Correct:
You use PTR records when performing reverse lookup, resulting in a host name’s being returned when an IP address is provided. In this case, 165.23.09.003 was provided and Mgcty1 was successfully returned.
Verify the Reverse Lookup zones function properly.
Correct:
The fact the server successfully returned the Mgcty1 host name means the server is processing reverse lookup requests.
Verify the configuration of the Forward Lookup zone.
Incorrect:
To test the configuration of the Forward Lookup zone, you need to have typed the name of a computer, not an IP address. Therefore, only the goal of testing the Reverse Lookup zone was completed.
MCM
70-216.01.01.004
A, C, D, and E
You have completed the setup of a DNS Server and are now ready to create an Active Directory–integrated zone. You want to accomplish the following goals:
- Create a zone.
- From the DNS console, right-click the server name and select Create a New Zone.
- From the Create New Zone Wizard, select Active Directory integrated.
- Select Forward Lookup for the zone lookup type, and exit the Wizard.
Create the SOA resource record.
Create the A resource record.
Create the NS resource record.
Create the zone database file.
You perform the following actions:
Which goal or goals are accomplished from these actions? (Choose all that apply.)
Create a zone.
Correct:
When you select Create A New Zone from the DNS console, a new zone, and its associated database file, is created.
Create the A resource record.
Incorrect:
You must manually type a host name and an IP address for an A record. This action wasn’t performed in the steps described in the question.
Create the zone database file.
Correct:
When you successfully create a new zone, an associated zone database file is generated.
Create the NS resource record.
Correct:
The required name server (NS) resource record is created as a result of completing the steps associated with the Create New Zone Wizard. You use the NS resource record to notate which DNS servers are designated as authoritative for the zone.
Create the SOA resource record.
Correct:
The appropriate start of authority (SOA) resource record is created as a result of completing the steps associated with the Create New Zone Wizard. The SOA resource record indicates the name of origin for the zone and contains the name of the server that is the primary source for information about the zone. It also indicates other basic properties of the zone.
1.2 Manage and monitor DNS.
This objective reviews managing an existing Domain Name System (DNS) server installation. This includes converting a standard DNS installation to one that supports Active Directory services. Besides supporting Active Directory services , you need to understand which monitoring features and tools are available. These include using Network Monitor and creating a log file for later analysis.In addition, it is important for you to understand the automation capabilities of the command utility DNSCMD.EXE. For example, this utility is useful in scripting batch files to help automate routine DNS management tasks or to perform simple unattended setup and configuration of new DNS servers on your network. The DNSCMD.EXE utility is included with the Windows 2000 Server Support Tools. You install it by copying it from the \Support\Enterprise\Reskit folder on the Windows 2000 product CD-ROM. For help using the command, type dnscmd /? at a command prompt. For complete documentation on the dnscmd command, see Microsoft Windows 2000 Server Resource Kit.
To completely prepare for this objective, you should also be familiar with the features of Network Monitor, Performance Monitor, and Event Viewer. Together, these fundamental Windows 2000 Server tools can help manage and monitor a DNS installation.
MCM
70-216.01.02.001
C and D
Your server includes a standard primary zone. You are now using Active Directory services, and you need to convert the existing zone to an Active Directory–integrated zone. How can you accomplish this task? (Choose all that apply.)
Select Convert in the Change Zone Type dialog box.
Incorrect:
To convert an existing zone to an Active Directory–integrated zone, you need to use the Change command from the zone’s Properties dialog box.
Select Change Over in the Active Directory dialog box.
Incorrect:
The correct command to convert an existing DNS zone to an Active Directory zone is the Change command found on the zone’s Properties dialog box.
Select Change from the General tab of the Properties dialog box for the zone.
Correct:
To change an existing zone to one that supports Active Directory services, right-click the zone in the DNS console and click Properties. From the General Tab, click Change to select the required zone type.
Select Active Directory–integrated primary in the Change Zone Type dialog box.
Correct:
Once you have clicked the Change command in the DNS console, select the Active Directory-integrated zone type to change an existing zone to support Active Directory.
Select Change from the General tab of the Properties dialog box for the zone, and check the Convert option.
Incorrect:
Although you can use the Change command from the zone’s Properties dialog box, you don’t need to check the Convert option. Clicking Change, or using the Change Zone Type dialog box, converts the zone to support Active Directory.
MCS
70-216.01.02.002
A
You are monitoring the DNS servers on your network. You need to view the packets the servers send and receive. What should you use to accomplish this?
Network Monitor.
Correct:
Windows 2000 Network Monitor is the correct utility to monitor and capture packet information sent to and from your server.
Component Services console.
Incorrect:
You use the Component Services console to manage services, such as stopping and starting, on your server. You don’t use it to monitor packet information generated by your system. Use the Network Monitor utility for this function.
Telnet Server Administration utility.
Incorrect
The Telnet Server Administration utility allows you to manage the Telnet server capability of Windows 2000. Don’t use it to monitor packet information. Use the Network Monitor utility for this function.
Server Extensions Administrator console.
Incorrect:
You don’t use the Server Extensions Administrator console to monitor packet information. Use the Network Monitor utility for this function.
MCM
70-216.01.02.003
A, D, and E
You have configured DNS to log all available event options to the DNS Log file. You want to accomplish the following goals:
- View dynamic updates.
- Open the DNS Log file.
- Open Event Viewer.
View the zone properties changes.
View the number of DNS requests received over a TCP port.
View the number of queries the server sends.
View the existing zone transfers.
You perform the following actions:
Which goal or goals are accomplished from these actions? (Choose all that apply.)
View dynamic updates.
Correct:
The DNS Log file provides detailed information about the activities of the DNS Server, including dynamic update information.
View the zone properties changes.
Incorrect:
Although the DNS Log file provides detailed information about the activities of DNS Server, it doesn’t show specific zone property changes.
View the existing zone transfers.
Incorrect:
Although the DNS Log file provides detailed information about the activities of DNS Server, it doesn’t show information about existing zone transfers.
View the number of queries the server sends.
Correct:
The DNS Log file provides detailed information about the activities of DNS Server, including information about the number of queries the server sends.
View the number of DNS requests received over a TCP port.
Correct:
The DNS Log file provides detailed information about the activities of DNS Server, including information about the number of DNS requests received.
MCM
70-216.01.02.004
A, B, C, and D
You are performing maintenance and monitoring of DNS Server. You want to accomplish the following goals:
- Clear the cache.
- Run the command-line tool DNSCMD.EXE.
- Run Performance Monitor.
Refresh the zone.
Scavenge stale records.
Configure query settings.
Execute scripts.
You perform the following actions:
Which goal or goals are accomplished from these actions? (Choose all that apply.)
Utilize in scripts.
Correct:
The DNSCMD.EXE utility, included with the Windows 2000 Resource Kit, allows you to create scripts to help automate managing a DNS server.
Clear the cache.
Correct:
You can clear the existing DNS Server cache using the command line utility DNSCMD.EXE that is included with the Windows 2000 Resource Kit.
Refresh the zone.
Correct:
You can refresh zones using the command line utility DNSCMD.EXE that is included with the Windows 2000 Resource Kit.
Scavenge stale records.
Correct:
You can use DNSCMD.EXE, which is included with the Windows 2000 Resource Kit, to configure the settings for scavenging stale records.
Configure query settings.
Incorrect:
You use neither Performance Monitor nor the DNSCMD.EXE utility to configure query settings of a DNS Server. To do this, use the DNS console and the NSLOOKUP.EXE utility.
MCM
70-216.01.02.005
A, B, and D
You are performing maintenance on your DNS server. You need the following tasks performed:
- Delete an Active Directory–integrated zone.
- From the Advanced Tab on the DNS server properties page in DNS Console Manager, set the Load Data on Startup field equal to From Registry.
- Delete the zone.
- Answer No to the Delete from Active Directory question.
- From the Advanced Tab on the DNS server properties page in DNS Console Manager, set the Load Data on Startup field equal to From Active Directory and Registry.
- DNS Server polls the directory for changes.
The Active Directory–integrated zone removed from the registry.
The Active Directory–integrated zone removed from Active Directory services.
The zone to reappear as an Active Directory–integrated primary zone after deletion.
The following actions are performed:
Which task or tasks are performed from these actions? (Choose all that apply.)
Delete an Active Directory–integrated zone.
Correct:
Using the DNS console, you have successfully deleted an Active Directory–integrated zone based on the steps outlined in the question.
The Active Directory–integrated zone removed from the registry.
Correct:
By specifying that DNS should Load Data on Startup from the registry, and then deleting the zone, you are removing the zone information from the registry.
The Active Directory–integrated zone removed from Active Directory services.
Incorrect:
By answering No to the Delete from Active Directory prompt, you aren’t removing this zone. However, it will be removed from the registry based on the steps described.
The zone to reappear as an Active Directory–integrated primary zone after deletion.
Correct:
Because the zone wasn’t deleted from Active Directory services, it reappears when DNS polls the directory. Based on the steps described, the zone information will only be removed from the registry.
| Top of Page |
Last Updated: Friday, July 6, 2001