Wednesday, November 16, 2011

System & Network Admin Q n A

1) What is an IP address?
 This definition is based on Internet Protocol Version 4.
See Internet Protocol Version 6 (IPv6) for a description of
the newer 128-bit IP address. Note that the system of IP
address classes described here, while forming the basis for
IP address assignment, is generally bypassed today by use
of Classless Inter-Domain Routing (CIDR) addressing.
In the most widely installed level of the Internet Protocol
(IP) today, an IP address is a 32-bit number that
identifies each sender or receiver of information that is
sent in packets across the Internet. When you request an
HTML page or send e-mail, the Internet Protocol part of
TCP/IP includes your IP address in the message (actually,
in each of the packets if more than one is required) and
sends it to the IP address that is obtained by looking up
the domain name in the Uniform Resource Locator you
requested or in the e-mail address you're sending a note
to. At the other end, the recipient can see the IP address
of the Web page requestor or the e-mail sender and can
respond by sending another message using the IP address it
 An IP address has two parts: the identifier of a particular
network on the Internet and an identifier of the particular
device (which can be a server or a workstation) within that
network. On the Internet itself - that is, between
therouter that move packets from one point to another along
the route - only the network part of the address is looked
2) What is a subnet mask?
A subnet mask allows you to identify which part of an IP
address is reserved for the network, and which part is
available for host use. If you look at the IP address
alone, especially now with classless inter-domain routing,
you can't tell which part of the address is which. Adding
the subnet mask, or netmask, gives you all the information
you need to calculate network and host portions of the
address with ease. In summary, knowing the subnet mask can
allow you to easily calculate whether IP addresses are on
the same subnet, or not.
3) What is ARP?
ARP is a very important part of IP networking. ARP is used
to connect OSI Layer 3 (Network) to OSI Layer 2 (Data-
Link). For most of us, that means that ARP is used to link
our IP addressing to our Ethernet addressing (MAC
Addressing). For you to communicate with any device on your
network, you must have the Ethernet MAC address for that
device. If the device is not on your LAN, you go through
your default gateway (your router). In this case, your
router will be the destination MAC address that your PC
will communicate with.

4) What is ARP Cache Poisoning?
ARP cache poisoning, also known as ARP spoofing, is the
process of falsifying the source Media Access Control (MAC)
addresses of packets being sent on an Ethernet network. It
is a MAC layer attack that can only be carried out when an
attacker is connected to the same local network as the
target machines, limiting its effectiveness only to
networks connected with switches, hubs, and bridges; not

5) What is the ANDing process?
Notice that when the resulting AND values are converted
back to binary, it becomes clear that the two hosts are on
different networks. Computer A is on subnet,
while the destination host is on subnet, which
means that Computer A will next be sending the data to a
router. Without ANDing, determining local and remote hosts
can be difficult. Once you’re very familiar with subnetting
and calculating ranges of addresses, recognizing local and
remote hosts will become much more intuitive.
Whenever you’re in doubt as to whether hosts are local or
remote, use the ANDing process. You should also notice that
the ANDing process always produces the subnet ID of a given

6) What is a default gateway? What happens if I don't have
In computer networking, a default network gateway is the
device that passes traffic from the local subnet to devices
on other subnets. The default gateway often connects a
local network to the Internet, although internal gateways
for connecting two local networks also exist.
Can a workstation computer be configured to browse the
Internet and yet NOT have a default gateway?

7) Can a workstation computer be configured to browse the
Internet and yet NOT have a default gateway?
If we are using public ip address, we can browse the
internet. If it is having an intranet address a gateway
is needed as a router or firewall to communicate with internet.

8) What is a subnet?
   A subnet is a logical organization of network address ranges
used to separate hosts and network devices from each other
to serve a design purpose.
In many cases, subnets are created to serve as physical or
geographical separations similar to those found between
rooms, floors, buildings, or cities.

9) What is APIPA?
Short for Automatic Private IP Addressing, a feature of
later Windows operating systems. With APIPA, DHCP clients
can automatically self-configure an IP address and subnet
mask when a DHCPserver isn't available. When a DHCP client
boots up, it first looks for a DHCP server in order to
obtain an IP address and subnet mask. If the client is
unable to find the information, it uses APIPA to
automatically configure itself with an IP address from a
range that has been reserved especially for Microsoft. The
IP address range is through
The client also configures itself with a default class B
subnet mask of A client uses the self-
configured IP address until a DHCP server becomes
The APIPA service also checks regularly for the presence of
a DHCP server (every five minutes, according to Microsoft).
If it detects a DHCP server on the network, APIPA stops,
and the DHCP server replaces the APIPA networking addresses
with dynamically assigned addresses. 
APIPA is meant for nonrouted small business environments,
usually less than 25 clients.

10) What is an RFC? Name a few if possible (not necessarily the
numbers, just the ideas behind them)
Short for Request for Comments, a series of notes about the
Internet, started in 1969 (when the Internet was the
ARPANET). An Internet Document can be submitted to the IETF
by anyone, but the IETF decides if the document becomes an
RFC. Eventually, if it gains enough interest, it may evolve
into an Internet standard.
Each RFC is designated by an RFC number. Once published, an
RFC never changes. Modifications to an original RFC are
assigned a new RFC number.

11) What is RFC 1918?
RFC 1918 is Address Allocation for Private Internets The
Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the
IP address space for private internets: - (10/8 prefix) -
(172.16/12 prefix) -
(192.168/16 prefix) We will refer to the first block as
"24-bit block", the second as "20-bit block", and to the
third as "16-bit" block. Note that
(in pre-CIDR notation) the first block is nothing but a
single class A network number, while the second block is a
set of 16 contiguous class B network
numbers, and third block is a set of 256 contiguous class C
network numbers.
12) What is CIDR?
CIDR (Classless Inter-Domain Routing, sometimes known as
supernetting) is a way to allocate and specify the Internet
addresses used in inter-domain
routing more flexibly than with the original system of
Internet Protocol (IP) address classes. As a result, the
number of available Internet addresses
has been greatly increased.

13. You have the following Network ID: is the IP range for your network?

It ranges from -

But the usable address are from - - it is the broadcast address - will be the ip address of next range 
we can use 30 hostes in this network

14.You have the following Network ID: You need
at least 500 hosts per network. How many networks can you
create? What subnet mask will you use?
If you need 500 users then 2^9th would give you 512
(remember the first and last are network and broadcast), 510
usable. So of your 32 bits you would turn
the last 9 off for host and that would give you give you a subnet mask
(11111111.11111111.11111110.00000000). Now that we know that
we can see
that you have the first 7 of your third octet turned on so
to figure out how many subnets you have us the formula
2^7th= 128. So you can have 128 subnets
with 500 people on them.

15.You need to view at network traffic. What will you use?
Name a few tools
winshark or tcp dump

16. How do I know the path that a packet takes to the
use "tracert" command-line
17. What does the ping -l 1000 -n 100 command do?

The ping command will send roundtrip packets to a
destination ( other PC, router, printer, etc. ) and see how
long it takes. The
is the destination ( which, by the way is a typical default
IP address of a router. ) The -l 1000 is how big the packet
should be in bytes.
The default is 32, if the -l parameter is not used. And the
-n 100 is saying to send it 100 times. The default is 4,
when this parameter is not used.

18. What is DHCP? What are the benefits and drawbacks of
using it?
 1. DHCP minimizes configuration errors caused by manual IP
address configurationDHCP minimizes configuration errors
caused by manual IP address configuration
2. Reduced network administration.
Your machine name does not change when you get a new IP
address. The DNS (Domain Name System) name is associated
with your IP address and therefore does
change. This only presents a problem if other clients try to
access your machine by its DNS name.

1. DHCP minimizes configuration errors caused by manual IP
address configurationDHCP minimizes configuration errors
caused by manual IP address configuration
2. Reduced network administration.

Your machine name does not change when you get a new IP
address. The DNS (Domain Name System) name is associated
with your IP address and therefore does
change. This only presents a problem if other clients try to
access your machine by its DNS name.
19.Describe the steps taken by the client and DHCP server in
order to obtain an IP address.
    *  At least one DHCP server must exist on a network.
Once the DHCP server software is installed, you create a
DHCP scope, which is a pool of IP addresses
that the server manages. When clients log on, they request
an IP address from the server, and the server provides an IP
address from its pool of available
* DHCP was originally defined in RFC 1531 (Dynamic Host
Configuration Protocol, October 1993) but the most recent
update is RFC 2131
(Dynamic Host Configuration Protocol, March 1997). The IETF
Dynamic Host Configuration (dhc) Working Group is chartered
to produce a protocol for automated
allocation, configuration, and management of IP addresses
and TCP/IP protocol stack parameters.

20. What is the DHCPNACK and when do I get one? Name 2
Recently I saw a lot of queries regarding when the Microsoft
DHCP server issues a NAK to DHCP clients.For simplification
purposes, I am listing down the possible scenarios in which
the server should NOT issue a NAK. This should give you a
good understanding
of DHCP NAK behavior.When a DHCP server receives a
DHCPRequest with a previously assigned address specified, it
first checks to see if it came from the local segment by
the GIADDR field. If it originated from the local segment,
the DHCP server compares the requested address to the IP
address and subnet mask belonging to
the local interface that received the request.
DHCP server will issue a NAK to the client ONLY IF it is
sure that the client, "on the local subnet", is asking for
an address that doesn't exist on that
subnet.The server will send a NAK EXCEPT in the following
1. Requested address from possibly the same subnet but not
in the address pool of the server:-
This can be the failover scenario in which 2 DHCP servers
are serving the same subnet so that when one goes down, the
other should not NAK to clients which got an IP from the
first server.
2. Requested address on a different subnet:-
If the Address is from the same superscope to which the
subnet belongs, DHCP server will ACK the REQUEST.

21. What ports are used by DHCP and the DHCP clients?
Requests are on UDP port 68, Server replies on UDP 67

22. Describe the process of installing a DHCP server in an
AD infrastructure.
It is about how to install DHCP server...
In Windows server 2008 ...
Go to... START-->Administrative Tools --> Server Manager -->
Roles (Right Click)
--> Add Roles (Here a Add roles wizard will appear) -->
Check the box of DHCP Server
--> click next --> Next --> In IPv4 DNS settings Give the
parent domain Name and DNS server
IP address and validate it... Click Next --> Add the DHCP
scopes --> Disable DHCPv6.. click
Next --> Finally Click on INSTALL
This was the process for installing the DHCP server.,....

23. What is DHCPINFORM?
DHCPInform is a DHCP message used by DHCP clients to obtain
DHCP options. While PPP remote access clients do not use
DHCP to obtain IP addresses for the
remote access connection, Windows 2000 and Windows 98 remote
access clients use the DHCPInform message to obtain DNS
server IP addresses, WINS server
IP addresses, and a DNS domain name. The DHCPInform message
is sent after the IPCP negotiation is concluded.
The DHCPInform message received by the remote access server
is then forwarded to a DHCP server. The remote access server
forwards DHCPInform messages only
if it has been configured with the DHCP Relay Agent..

24. Describe the integration between DHCP and DNS.
Traditionally, DNS and DHCP servers have been configured and
managed one at a time. Similarly, changing authorization
rights for a particular user on a
group of devices has meant visiting each one and making
configuration changes. DHCP integration with DNS allows the
aggregation of these tasks across
devices, enabling a company's network services to scale in
step with the growth of network users, devices, and
policies, while reducing administrative
operations and costs. 
This integration provides practical operational efficiencies
that lower total cost of ownership. Creating a DHCP network
automatically creates an associated
DNS zone, for example, reducing the number of tasks required
of network administrators. And integration of DNS and DHCP
in the same database instance
provides unmatched consistency between service and
management views of IP address-centric network services data.

25.What options in DHCP do you regularly use for an MS
Automatic providing IP address 
Subnet mask
DNS server 
Domain name 
Default getaway or router
26. What are User Classes and Vendor Classes in DHCP?
Microsoft Vendor Classes 
The following list contains pre-defined vendor classes that
are available in Windows 2000 DHCP server.

Collapse this tableExpand this table 
Class Data Class Name Description MSFT 5.0 Microsoft Windows
2000 options Class that includes all Windows 2000 DHCP
clients. MSFT 98 Microsoft
Windows 98 options Class that includes all Windows 98 and
Microsoft Windows Millennium Edition (Me) DHCP clients. MSFT
Microsoft options Class that includes
all Windows 98, Windows Me, and Windows 2000 DHCP clients.
If you have non-Microsoft DHCP clients, you can define other
vendor-specific classes on the DHCP server. When you define
such classes, make sure the vendor
class identifier that you define matches the identifier used
by the clients.
Back to the top
User Classes
 The following list contains pre-defined user classes that
are available in Windows 2000 DHCP server.
Collapse this tableExpand this table
Class ID Class Type Description Unspecified Default user
class All DHCP clients that have no user class specified.
RRAS.Microsoft Default
Routing and Remote Access class All Dial-Up Networking (DUN)
clients. Bootp Default Bootp class All Bootp clients
In addition to these pre-defined classes, you can also add
custom user classes for Windows 2000 DHCP clients. When you
configure such classes, you must
specify a custom identifier that corresponds to the user
class defined on the DHCP server.
27.How do I configure a client machine to use a specific
User Class?
The command to configure a client machine to use a specific
user class is
 ipconfig /setclassid "<Name of your Network card>" <Name of
the class you created on DHCP and you want to join (Name is
case sensitive)> 
ipconfig /setclassid " Local Area Network" Accounting
28. What is the BOOTP protocol used for, where might you
find it in Windows network infrastructure?
ootP (RFC951) provides
   * a unique IP address to the requester (using port 67)
similar to the DHCP request on port 68 AND
    * can provide (where supported) the ability to boot a
system without a hard drive (ie: a diskless client)
Apple OS X 10.* Server supports BootP (albeit) renamed as
NetBoot. The facility allows the Admin to maintain a
selected set of configurations as boot
images and then assign sets of client systems to share(or
boot from) that image. For example Accounting, Management,
and Engineering departments have
elements in common, but which can be unique from other
departments. Performing upgrades and maintenance on three
images is far more productive that working
on all client systems individually.
Startup is obviously network intensive, and beyond 40-50
clients, the Admin needs to
carefully subnet the infrastructure, use gigabit switches,
and host the images local to the clients to avoid saturating
the network. This will expand the
number of BootP servers and multiply the number of images,
but the productivity of 1 BootP server per 50 clients is
undeniable :)
Sunmicro, Linux, and AIX RS/600 all support BootP.
Todate, Windows does not support booting "diskless clients".
 29. DNS zones – describe the differences between the 4 types.
Dns zone is actual file which contains all the records for a
specific domain.
i)Forward Lookup Zones :-

This zone is responsible to resolve host name to ip.

ii)Reverse Lookup Zones :-

This zone is responsible to resolve ip to host name.

iii)Stub Zone :-

Stubzone is read only copy of primary zone.but it contains
only 3 records viz

the SOA for the primary zone, NS record and a Host (A) record.

30. DNS record types – describe the most important ones.
Type of Record What it does

A (Host) Classic resource record. Maps hostname to IP(ipv4)

PTR Maps IP to hostname (Reverse of A (Host)

AAAA Maps hostname to ip (ipv6)

Cname Canonical name, in plain English an alias.such as

Web Server,FTP Server, Chat Server

NS Identifies DNS name servers. Important for forwarders

MX Mail servers, particularly for other domains.MX records

required to deliver internet email.

_SRV Required for Active Directory. Whole family of

underscore service,records, for example, gc = global catalog.

SOA Make a point of finding the Start of Authority (SOA) tab
at the

DNS Server.

31. Describe the process of working with an external domain name
 Serving Sites with External Domain Name Servers
If you host Web sites on this server and have a standalone
DNS server acting as a primary (master) name server for your
sites, you may want to set up your control panel's DNS
server to function as a secondary (slave) name server:

To make the control panel's DNS server act as a secondary
name server:
   1. Go to Domains > domain name > DNS Settings (in the Web
Site group).
   2. Click Switch DNS Service Mode.
   3. Specify the IP address of the primary (master) DNS server.
   4. Click Add.
   5. Repeat steps from 1 to 5 for each Web site that needs
to have a secondary name server on this machine.

To make the control panel's DNS server act as a primary for
a zone:

   1. Go to Domains > domain name > DNS Settings (in the Web
Site group).
   2. Click Switch DNS Service Mode. The original resource
records for the zone will be restored.
If you host Web sites on this server and rely entirely on
other machines to perform the Domain Name Service for your
sites (there are two external name servers - a primary and a
secondary), switch off the control panel's DNS service for
each site served by external name servers.

To switch off the control panel's DNS service for a site
served by an external name server:
   1. Go to Domains > domain name > DNS Settings (in the Web
Site group).
   2. Click Switch Off the DNS Service in the Tools group.
Turning the DNS service off for the zone will refresh the
screen, so that only a list of name servers remains.
Note: The listed name server records have no effect on the
system. They are only presented on the screen as clickable
links to give you a chance to validate the configuration of
the zone maintained on the external authoritative name servers.

   1. Repeat the steps from 1 to 3 to switch off the local
domain name service for each site served by external name
If you wish to validate the configuration of a zone
maintained on authoritative name servers:
   1. Go to Domains > domain name > DNS Settings (in the Web
Site group).
   2. Add to the list the entries pointing to the
appropriate name servers that are authoritative for the
zone: click Add, specify a name server, and click OK. Repeat
this for each name server you would like to test.

The records will appear in the list.

   1. Click the records that you have just created.
Parallels Plesk Panel will retrieve the zone file from a
remote name server and check the resource records to make
sure that domain's resources are properly resolved.
The results will be interpreted and displayed on the screen.

32. Describe the importance of DNS to AD.
When you install Active Directory on a server, you promote
the server to the role of a domain controller for a
specified domain. When completing this
process, you are prompted to specify a DNS domain name for
the Active Directory domain for which you are joining and
promoting the server.If during this
process, a DNS server authoritative for the domain that you
specified either cannot be located on the network or does
not support the DNS dynamic update
protocol, you are prompted with the option to install a DNS
server. This option is provided because a DNS server is
required to locate this server or other
domain controllers for members of an Active Directory domain

33.Describe a few methods of finding an MX record for a
remote domain on the Internet.
In order to find MX Records for SMTP domains you can use
Command-line tools such as NSLOOKUP or DIG. You can also use
online web services that allow you to
perform quick searches and display the information in a
convenient manner.
34. What does "Disable Recursion" in DNS mean?
In the Windows 2000/2003 DNS console (dnsmgmt.msc), under a
server's Properties -> Forwarders tab is the setting Do not
use recursion for this domain. On the Advanced tab you will
find the confusingly similar option Disable recursion (also
disables forwarders).
Recursion refers to the action of a DNS server querying
additional DNS servers (e.g. local ISP DNS or the root DNS
servers) to resolve queries that it cannot
resolve from its own database
35. What could cause the Forwarders and Root Hints to be
grayed out?
Win2K configured your DNS server as a private root server
36. What is a "Single Label domain name" and what sort of
issues can it cause?
Single-label names consist of a single word like "contoso".
• Single-label DNS names cannot be registered by using an
Internet registrar.
• Client computers and domain controllers that joined to
single-label domains require additional configuration to
dynamically register DNS records in
single-label DNS zones. • Client computers and domain
controllers may require additional configuration to resolve
DNS queries in single-label DNS zones.
• By default, Windows Server 2003-based domain members,
Windows XP-based domain members, and Windows 2000-based
domain members do not perform dynamic
updates to single-label DNS zones.
• Some server-based applications are incompatible with
single-label domain names. Application support may not exist
in the initial release of an application,
or support may be dropped in a future release. For example,
Microsoft Exchange Server 2007 is not supported in
environments in which single-label DNS is
• Some server-based applications are incompatible with the
domain rename feature that is supported in Windows Server
2003 domain controllers and in Windows
Server 2008 domain controllers. These incompatibilities
either block or complicate the use of the domain rename
feature when you try to rename a single-label
DNS name to a fully qualified domain name.
37. What is the "" zone used for?
When creating DNS records for your hosts, A records make
sense. After all, how can the world find your mail server
unless the IP address of that server is associated with its
hostname within a DNS database? However, PTR records aren't
as easily understood. If you already have a zone file, why
does there have to be a separate zone
containing PTR records matching your A records? And who
should be making those PTR records--you or your provider?
Let's start by defining .arpa is actually a
TLD like .com or .org. The name of the TLD comes from
Address and Routing Parameter Area and it has been
designated by the IANA to be used exclusively for Internet
infrastructure purposes. In other words, it is an important
zone and an integral part of the inner workings of DNS. The
RFC for DNS (RFC 1035) has an entire section on the domain. The first two paragraphs in that
section state the purpose of the domain: "The Internet uses
a special domain to support gateway location and Internet
address to host mapping. Other classes may employ a similar
strategy in other domains. The intent of this domain is to
provide a guaranteed method to perform host address to host
name mapping, and to facilitate queries to locate all
gateways on a particular network in the Internet. Note that
both of these services are similar to functions that could
be performed by inverse queries; the difference is that this
part of the domain name space is structured according to
address, and hence can guarantee that the appropriate data
can be located without an exhaustive search of the domain
space." In other words, this zone provides a database of all
allocated networks and the DNS reachable hosts within those
networks. If your assigned network does not appear in this
zone, it appears to be unallocated. And if your hosts don't
have a PTR record in this database, they appear to be
unreachable through DNS. Assuming an A record exists for a
host, a missing PTR record may or may not impact on the DNS
reachability of that host, depending upon the applications
running on that host. For example, a mail server will
definitely be impacted as PTR records are used in mail
header checks and by most anti-SPAM mechanisms. Depending
upon your web server configuration, it may also depend upon
an existing PTR record. This is why the DNS RFCs recommend
that every A record has an associated PTR record. But who
should make and host those PTR records? Twenty years ago
when you could buy a full Class C network address (i.e. 254
host addresses) the answer was easy: you. Remember, the zone is concerned with delegated network
addresses. In other words, the owner of the network address
is authoritative (i.e. responsible) for the host PTR records
associated with that network address space. If you only own
one or two host addresses within a network address space,
the provider you purchased those addresses from needs to
host your PTR records as the provider is the owner of (i.e.
authoritative for) the network address. Things are a bit
more interesting if you have been delegated a CIDR block of
addresses. The zone assumes a classful
addressing scheme where a Class A address is one octet (or
/8), a Class B is 2 octets (or /16) and a Class C is 3
octets (or /24). CIDR allows for delegating address space
outside of these boundaries--say a /19 or a /28. RFC 2317
provides a best current practice for maintaining with these types of network allocations. Here
is a summary regarding PTR records: • Don't wait until users
complain about DNS unreachability--be proactive and ensure
there is an associated PTR record for every A record. • If
your provider hosts your A records, they should also host
your PTR records. • If you only have one or two assigned IP
addresses, your provider should host your PTR records as
they are authoritative for the network those hosts belong
to. • If you own an entire network address (e.g. a Class C
address ending in 0), you are responsible for hosting your
PTR records. • If you are configuring an internal DNS server
within the private address ranges (e.g. or, you are responsible for your own internal PTR
records. • Remember: the key to PTR hosting is knowing who
is authoritative for the network address for your domain.
When in doubt, it probably is not you.
38. What are the requirements from DNS to support AD?
When you install Active Directory on a member server, the
member server is promoted to a domain controller. Active
Directory uses DNS as the location
mechanism for domain controllers, enabling computers on the
network to obtain IP addresses of domain controllers.
During the installation of Active Directory, the service
(SRV) and address (A) resource records are dynamically
registered in DNS, which are necessary for
the successful functionality of the domain controller
locator (Locator) mechanism.
To find domain controllers in a domain or forest, a client
queries DNS for the SRV and A DNS resource records of the
domain controller, which provide the
client with the names and IP addresses of the domain
controllers. In this context, the SRV and A resource records
are referred to as Locator DNS resource
When adding a domain controller to a forest, you are
updating a DNS zone hosted on a DNS server with the Locator
DNS resource records and identifying the
domain controller. For this reason, the DNS zone must allow
dynamic updates (RFC 2136) and the DNS server hosting that
zone must support the SRV resource
records (RFC 2782) to advertise the Active Directory
directory service. For more information about RFCs, see DNS
If the DNS server hosting the authoritative DNS zone is not
a server running Windows 2000 or Windows Server 2003,
contact your DNS administrator to
determine if the DNS server supports the required standards.
If the server does not support the required standards, or
the authoritative DNS zone cannot be
configured to allow dynamic updates, then modification is
required to your existing DNS infrastructure.
39. How do you manually create SRV records in DNS?
this is on windows server
 go to run ---> dnsmgmt.msc
 rightclick on the zone you want to add srv record to and
choose "other new record" 
and choose service location(srv).....
40. Name 3 benefits of using AD-integrated zones.
1. you can give easy name resolution to ur clients.
2. By creating AD- integrated zone you can also trace hacker
and spammer by creating reverse zone.
3. AD integrated zoned all for incremental zone transfers
which on transfer changes and not the entire zone. This
reduces zone transfer traffic.
4. AD Integrated zones suport both secure and dmanic updates.
5. AD integrated zones are stored as part of the active
directory and support domain-wide or forest-wide replication
through application pertitions in AD.

41. What are the benefits of using Windows 2003 DNS when
using AD-integrated zones?
DNS supports Dynamic registration of SRV records registered
by a Active Directory server or a domain controller during
promotion. With the help of SRV records client machines can
find domain controllers in the network.

1. DNS supports Secure Dynamic updates. Unauthorized access
is denied.

2. Exchange server needs internal DNS or AD DNS to locate
Global Catalog servers.

3. Active Directory Integrated Zone. If you have more than
one domain controller (recommended) you need not worry about
zone replication. Active Directory replication will take
care of DNS zone replication also.

4. If your network use DHCP with Active Directory then no
other DHCP will be able to service client requests coming
from different network. It is because DHCP server is
authorized in AD and will be the only server to participate
on network to provide IP Address information to client machines.

5. Moreover, you can use NT4 DNS with Service Pack 4 or
later. It supports both SRV record registration and Dynamic

Using Microsoft DNS gives the following benefits:
If you implement networks that require secure updates.
If you want to take benefit of Active Directory replication.
If you want to integrate DHCP with DNS for Low-level clients
to register their Host records in Zone database.

42. You installed a new AD domain and the new (and first) DC
has not registered its SRV records in DNS. Name a few
possible causes.

The machine cannot be configured with DNS client her own
The DNS service cannot be run
43. What are the benefits and scenarios of using Stub zones?

One of the new features introduced in the Windows Server
2003-based implementation of DNS are stub zones. Its main
purpose is to provide name resolution in domains, for which
a local DNS server is not authoritative. The stub zone
contains only a few records: - Start of Authority (SOA)
record pointing to a remote DNS server that is considered to
be the best source of information about the target DNS
domain, - one or more Name Server (NS) records (including
the entry associated with the SOA record), which are
authoritative for the DNS domain represented by the stub
zone, - corresponding A records for each of the NS entries
(providing IP addresses of the servers). While you can also
provide name resolution for a remote domain by either
creating a secondary zone (which was a common approach in
Windows Server 2000 DNS implementation) or delegation (when
dealing with a contiguous namespace), such approach forces
periodic zone transfers, which are not needed when stub
zones are used. Necessity to traverse network in order to
obtain individual records hosted on the remote Name Servers
is mitigated to some extent by caching process, which keeps
them on the local server for the duration of their
Time-to-Live (TTL) parameter. In addition, records residing
in a stub zone are periodically validated and refreshed in
order to avoid lame delegations.

44. What are the benefits and scenarios of using Conditional
 The benefits are speed up name resolution in certain scenarios.
According to research that is forwarded to the correct server or with
specific speed. And down where DNS queries are sent in specific areas.

45. What are the differences between Windows Clustering,
Network Load Balancing and Round Robin, and scenarios for
each use?
I will make a few assumptions here: 1) By "Windows
Clustering Network Load Balancing" you mean Windows Network
Load Balancing software included in Windows Server software
a.k.a NLB., and 2) By Round Robin, you mean DNS Round Robin
meaning the absence of a software or hardware load balancing
device, or the concept of the Round Robin algorithm
available in just about every load balancing solution.

Microsoft NLB is designed for a small number (4 - 6) of
Windows Servers and a low to moderate number of new
connections per second, to provide distribution of web
server requests to multiple servers in a virtual resource
pool. Some would call this a "cluster", but there are suttle
differences between a clustered group of devices and a more
loosely configured virtual pool. From the standpoint of
scalability and performance, almost all hardware load
balancing solutions are superior to this and other less
known software load balancing solutions [e.g. Bright Tiger
circa 1998].

DNS Round Robin is an inherent load balancing method built
into DNS. When you resolve an IP address that has more than
one A record, DNS hands out different resolutions to
different requesting local DNS servers. Although there are
several factors effecting the exact resulting algorithm
(e.g. DNS caching, TTL, multiple DNS servers [authoritative
or cached]), I stress the term "roughly" when I say it
roughly results in an even distribution of resolutions to
each of the addresses specified for a particular URL. It
does not however, consider availability, performance, or any
other metric and is completely static. The basic RR
algorithm is available in many software and hardware load
balancing solutions and simply hands the next request to the
next resource and starts back at the first resource when it
hits the last one.

NLB is based on proprietary software, meant for small groups
of Windows servers only on private networks, and is dynamic
in nature (takes into account availability of a server, and
in some cases performance). "Round Robin", DNS or otherwise,
is more generic, static in nature (does not take into
account anything but the resource is a member of the
resource pool and each member is equal), and ranges from DNS
to the default static load balancing method on every
hardware device in the market.

46. How do I work with the Host name cache on a client computer?

Use the command nbtstat.
-a (adapter status) Lists the remote machine's name table given its name
-A (Adapter status) Lists the remote machine's name table given its
IP address.
-c (cache) Lists NBT's cache of remote [machine] names and their IP
-n (names) Lists local NetBIOS names.
-r (resolved) Lists names resolved by broadcast and via WINS
-R (Reload) Purges and reloads the remote cache name table
-S (Sessions) Lists sessions table with the destination IP addresses
-s (sessions) Lists sessions table converting destination IP
addresses to computer NETBIOS names.
-RR (ReleaseRefresh) Sends Name Release packets to WINS and then, starts Refr

 47. How do I clear the DNS cache on the DNS server?
To clear the server names cache

    * Using the Windows interface

    * Using a command line

Using the Windows interface

   1. Open DNS.

   2. In the console tree, click the applicable DNS server.


          * DNS/applicable DNS server

   3. On the Action menu, click Clear Cache.

    * To perform this procedure, you must be a member of the
Administrators group on the local computer, or you must have
been delegated the appropriate authority. If the computer is
joined to a domain, members of the Domain Admins group might
be able to perform this procedure. As a security best
practice, consider using Run as to perform this procedure.

    * To open DNS, click Start, click Control Panel,
double-click Administrative Tools, and then double-click DNS.

Using a command line

   1. Open Command Prompt.

   2. Type the following command and then press ENTER:

      Dnscmd ServerName /clearcache

48. What is the address used for?

WINS server group address. Used to support autodiscovery and
dynamic configuration of replication for WINS servers. For
more information, see WINS replication overview

WINS server group address. Used to support autodiscovery and
dynamic configuration of replication for WINS servers.

49. What is WINS and when do we use it?

In the Windows Server family, the primary means for client
computer to locate and communicate with other computers on
an Internet Protocol (IP) network is by using Domain Name
System (DNS). However, clients that use older versions of
Windows, such as Windows NT 4.0, use network basic I/O
system (NetBIOS) names for network communication. Some
applications that run on Windows Server 2003 may also use
NetBIOS names for network communication. Using NetBIOS names
requires a method of resolving NetBIOS names to IP .
Using a WINS server is essential for any Windows client
computer to work with other Windows computers over the
Internet. In addition, using a WINS server is essential for
any Windows client computer at Indiana University that
intends to use Microsoft network resources. To use WINS
services, you must insert into your TCP/IP networking
configuration the IP address of the WINS servers you wish to
50. Can you have a Microsoft-based network without any WINS
server on it? What are the "considerations" regarding not
using WINS? 

51. Describe the differences between WINS push and pull
To replicate database entries between a pair of WINS
servers, you must configure each WINS server as a pull
partner, a push partner, or both with the other WINS server.
    * A push partner is a WINS server that sends a message
to its pull partners, notifying them that it has new WINS
database entries. When a WINS server's pull partner responds
to the message with a replication request, the WINS server
sends (pushes) copies of its new WINS database entries (also
known as replicas) to the requesting pull partner.
    * A pull partner is a WINS server that pulls WINS
database entries from its push partners by requesting any
new WINS database entries that the push partners have. The
pull partner requests the new WINS database entries that
have a higher version number than the last entry the pull
partner received during the most recent replication.
52. What is the difference between tombstoning a WINS record
and simply deleting it? 
Simple deletion removes the records that are selected in the
WINS console only from the local WINS server you are
currently managing. If the WINS records deleted in this way
exist in WINS data replicated to other WINS servers on your
network, these additional records are not fully removed.
Also, records that are simply deleted on only one server can
reappear after replication between the WINS server where
simple deletion was used and any of its replication partners.
Tombstoning marks the selected records as tombstoned, that
is, marked locally as extinct and immediately released from
active use by the local WINS server. This method allows the
tombstoned records to remain present in the server database
for purposes of subsequent replication of these records to
other servers. When the tombstoned records are replicated,
the tombstone status is updated and applied by other WINS
servers that store replicated copies of these records. Each
replicating WINS server then updates and tombstones

53. Name the NetBIOS names you might expect from a Windows
2003 DC that is registered in WINS.

54. Describe the role of the routing table on a host and on
a router.
During the process of routing, decisions of hosts and
routers are aided by a database of routes known as the
routing table. The routing table is not exclusive to a
router. Depending on the routable protocol, hosts may also
have a routing table that may be used to decide the best
router for the packet to be forwarded. Host-based routing
tables are optional for the Internet Protocol, as well as
obsolete routable protocols such as IPX.
55. What are routing protocols? Why do we need them? Name a few.
A routing protocol is a protocol that specifies how routers
communicate with each other, disseminating information that
enables them to select routes between any two nodes on a
computer network, the choice of the route being done by
routing algorithms. Each router has a prior knowledge only
of networks attached to it directly. A routing protocol
shares this information first among immediate neighbors, and
then throughout the network. This way, routers gain
knowledge of the topology of the network. For a discussion
of the concepts behind routing protocols, see: Routing.

The term routing protocol may refer specifically to one
operating at layer three of the OSI model, which similarly
disseminates topology information between routers.

Many routing protocols used in the public Internet are
defined in documents called RFCs.[1][2][3][4]

Although there are many types of routing protocols, two
major classes are in widespread use in the Internet:
link-state routing protocols, such as OSPF and IS-IS; and
path vector or distance vector protocols, such as BGP, RIP
and EIGRP.

56. What are router interfaces? What types can they be?
Routers can have many different types of connectors; from
Ethernet, Fast Ethernet, and Token Ring to Serial and ISDN
ports.  Some of the available configurable items are logical
addresses (IP,IPX), media types, bandwidth, and
administrative commands.  Interfaces are configured in
interface mode which you get to from global configuration
mode after logging in.
The media type is Ethernet, FastEthernet, GigabitEthernet,
Serial, Token-ring, or other media types. You must keep in
mind that a 10Mb Ethernet interface is the only kind of
Ethernet interface called Ethernet. A 100Mb Ethernet
interface is called a FastEthernet interface and a 1000Mb
Ethernet interface is called a GigabitEthernet interface.

57. In Windows 2003 routing, what are the interface filters?
58. What is NAT?
Windows Server 2003 provides network address translation
(NAT) functionality as a part of the Routing and Remote
Access service. NAT enables computers on small- to
medium-sized organizations with private networks to access
resources on the Internet or other public network. The
computers on a private network are configured with reusable
private Internet Protocol version 4 (IPv4) addresses; the
computers on a public network are configured with globally
unique IPv4 (or, rarely at present, Internet Protocol
version 6 [IPv6]) addresses. A typical deployment is a small
office or home office (SOHO), or a medium-sized business,
that uses Routing and Remote Access NAT technology to enable
computers on the internal corporate network to connect to
resources on the Internet without having to deploy a proxy
59. What is the real difference between NAT and PAT?
Take NAT (Network Address Translation) and PAT (Port Address
Translation). NAT allows you to translate or map one IP
address onto another single ip address. PAT on the other
hand is what is most commonly referred to as NAT. In a PAT
system you have a single or group of public IP addresses
that are translated to multiple internal ip addresses by
mapping the TCP/UDP ports to different ports. This means
that by using some "magic" on a router or server you can get
around problems that you might have with two web browsers
sending a request out the same port.
60. How do you configure NAT on Windows 2003?
Configure Routing and Remote Access
To activate Routing and Remote Access, follow these steps:
   1. Click Start, point to All Programs, point to
Administrative Tools, and then click Routing and Remote Access.
   2. Right-click your server, and then click Configure and
Enable Routing and Remote Access.
   3. In the Routing and Remote Access Setup Wizard, click
Next, click Network address translation (NAT), and then
click Next.
   4. Click Use this public interface to connect to the
Internet, and then click the network adapter that is
connected to the Internet. At this stage you have the option
to reduce the risk of unauthorized access to your network.
To do so, click to select the Enable security on the
selected interface by setting up Basic Firewall check box.
   5. Examine the selected options in the Summary box, and
then click Finish.
Configure dynamic IP address assignment for private network
You can configure your Network Address Translation computer
to act as a Dynamic Host Configuration Protocol (DHCP)
server for computers on your internal network. To do so,
follow these steps:

   1. Click Start, point to All Programs, point to
Administrative Tools, and then click Routing and Remote Access.
   2. Expand your server node, and then expand IP Routing.
   3. Right-click NAT/Basic Firewall, and then click Properties.
   4. In the NAT/Basic Firewall Properties dialog box, click
the Address Assignment tab.
   5. Click to select the Automatically assign IP addresses
by using the DHCP allocator check box. Notice that default
private network with the subnet mask of is automatically added in the IP address and the
Mask boxes. You can keep the default values, or you can
modify these values to suit your network.
   6. If your internal network requires static IP assignment
for some computers -- such as for domain controllers or for
DNS servers -- exclude those IP addresses from the DHCP
pool. To do this, follow these steps:
         1. Click Exclude.
         2. In the Exclude Reserved Addresses dialog box,
click Add, type the IP address, and then click OK.
         3. Repeat step b for all addresses that you want to
         4. Click OK.
Configure name resolution
To configure name resolution, follow these steps:

   1. Click Start, point to All Programs, point to
Administrative Tools, and then click Routing and Remote Access.
   2. Right-click NAT/Basic Firewall, and then click Properties.
   3. In the NAT/Basic Firewall Properties dialog box, click
the Name Resolution tab.
   4. Click to select the Clients using Domain Name System
(DNS) check box. If you use a demand-dial interface to
connect to an external DNS server, click to select the
Connect to the public network when a name needs to be
resolved check box, and then click the appropriate dial-up
interface in the list.
61. How do you allow inbound traffic for specific hosts on
Windows 2003 NAT?
You can use the Windows Server 2003 implementation of IPSec
to compensate for the limited protections provided by
applications for network traffic, or as a network-layer
foundation of a defense-in-depth strategy. Do not use IPSec
as a replacement for other user and application security
controls, because it cannot protect against attacks from
within established and trusted communication paths. Your
authentication strategy must be well defined and implemented
for the potential security provided by IPSec to be realized,
because authentication verifies the identity and trust of
the computer at the other end of the connection.

62. What is VPN? What types of VPN does Windows 2000 and
beyond work with natively?
L2TP (layer 2 tunneling protocol )
vpn server is also know as L2TP server in native mode & in
PPTP in mixed mode
PN gives extremely secure connections between private
networks linked through the Internet. It allows remote
computers to act as though they were on the same secure,
local network.

63. What is IAS? In what scenarios do we use it?
IAS is called as Internet Authentication Service. It's used
by for configuring centralised authentication using RADIUS
64. What's the difference between Mixed mode and Native mode
in AD when dealing with RRAS?
When you are in Mixed mode certain options in the dial-in
tab of the user proeprties are disabled. And some of the
RRAS policies are also disabled. So if you want high level
security with all the advanced feature then change the AD to
Native mode.
65. What is the "RAS and IAS" group in AD?
Used for managing security and allowing administration for
the respective roles of the server.
66. What are Conditions and Profile in RRAS Policies? 
The conditions and profiles are used to set some
restrictions based on the media type, connection method,
group membership and lot more. So if used matches those
conditions mentioned in the profile then he can allowed /
denied access to RAS / VPN server.
67. What types or authentication can a Windows 2003 based
RRAS work with?
It supports authentication methods like MSCHAPv2, MSCHAP,
SPAP, EAP, Digest authentication. ( You can check it by
going to properties of your server in RRAS )
68. How does SSL work? 
Internet communication typically runs through multiple
program layers on a server before getting to the requested
data such as a web page or cgi scripts.
The outer layer is the first to be hit by the request. This
is the high level protocols such as HTTP (web server), IMAP
(mail server), and FTP (file transfer).
Determining which outer layer protocol will handle the
request depends on the type of request made by the client.
This high level protocol then processes the request through
the Secure Sockets Layer. If the request is for a non-secure
connection it passes through to the TCP/IP layer and the
server application or data.
If the client requested a secure connection the ssl layer
initiates a handshake to begin the secure communication
process. Depending on the SSL setup on the server, it may
require that a secure connection be made before allowing
communication to pass through to the TCP/IP layer in which
case a non-secure request will send back an error asking for
them to retry securely (or simply deny the non-secure
69. How does IPSec work?
IPSec is an Internet Engineering Task Force (IETF) standard
suite of protocols that provides data authentication,
integrity, and confidentiality as data is transferred
between communication points across IP networks. IPSec
provides data security at the IP packet level. A packet is a
data bundle that is organized for transmission across a
network, and it includes a header and payload (the data in
the packet). IPSec emerged as a viable network security
standard because enterprises wanted to ensure that data
could be securely transmitted over the Internet. IPSec
protects against possible security exposures by protecting
data while in transit.

70. How do I deploy IPSec for a large number of computers?
Just use this program Server and Domain Isolation Using
IPsec and Group Policy

71. What types of authentication can IPSec use?
 Deploying L2TP/IPSec-based Remote Access
Deploying L2TP-based remote access VPN connections using
Windows Server 2003 consists of the following:
* Deploy certificate infrastructure

* Deploy Internet infrastructure

* Deploy AAA infrastructure

* Deploy VPN servers

* Deploy intranet infrastructure

* Deploy VPN clients
Implantando L2TP/IPSec-based Acesso Remoto
Implantando L2TP com base em conexões VPN de acesso remoto
usando o Windows Server 2003 é constituída pelos seguintes
* Implantar certificado infra-estrutura
* Implantar infra-estrutura Internet
* Implantar infra-estrutura AAA
* Implementar VPN servidores
* Implantar intranet infra-estrutura
* Implementar clientes VPN
72. What is PFS (Perfect Forward Secrecy) in IPSec?
In an authenticated key-agreement protocol that uses public
key cryptography, perfect forward secrecy (or PFS) is the
property that ensures that a session key derived from a set
of long-term public and private keys will not be compromised
if one of the (long-term) private keys is compromised in the
Forward secrecy has been used as a synonym for perfect
forward secrecy [1], since the term perfect has been
controversial in this context. However, at least one
reference [2] distinguishes perfect forward secrecy from
forward secrecy with the additional property that an agreed
key will not be compromised even if agreed keys derived from
the same long-term keying material in a subsequent run are
73. How do I monitor IPSec?
To test the IPSec policies, use IPSec Monitor. IPSec Monitor
(Ipsecmon.exe) provides information about which IPSec policy
is active and whether a secure channel between computers is
 74. Looking at IPSec-encrypted traffic with a sniffer. What
packet types do I see?
You can see the packages to pass, but you can not see its
IPSec Packet Types
IPSec packet types include the authentication header (AH)
for data integrity and the encapsulating security payload
(ESP) for data confidentiality and integrity.
The authentication header (AH) protocol creates an envelope
that provides integrity, data origin identification and
protection against replay attacks. It authenticates every
packet as a defense against session-stealing attacks.
Although the IP header itself is outside the AH header, AH
also provides limited verification of it by not allowing
changes to the IP header after packet creation (note that
this usually precludes the use of AH in NAT environments,
which modify packet headers at the point of NAT). AH packets
use IP protocol 51.
The encapsulating security payload (ESP) protocol provides
the features of AH (except for IP header authentication),
plus encryption. It can also be used in a null encryption
mode that provides the AH protection against replay attacks
and other such attacks, without encryption or IP header
authentication. This can allow for achieving some of the
benefits of IPSec in a NAT environment that would not
ordinarily work well with IPSec. ESP packets use IP protocol 50.
75. What can you do with NETSH?
Netsh is a command-line scripting utility that allows you
to, either locally or remotely, display, modify or script
the network configuration of a computer that is currently
76. How do I look at the open ports on my machine?
Windows: Open a command prompt (Start button -> Run-> type
"cmd"), and type:
netstat -a
Linux: Open an SSH session and type:
netstat -an

No comments:

Post a Comment

Dear Reader, if you like My Blog content, feel free to comment on our blog posts.