Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
IST 164 CH3
Configuring Advanced DNS
| Term | Definition |
|---|---|
| Zone Delegation | The transfer of authority for a subdomain to a new zone, which can be on the same server as the parent zone or another server. |
| Stale Resource Record | A DNS record that is no longer valid, either because the resource is offline for an extended period or permanently, or because the resource's name or address has changed. |
| Scavenging | The process whereby the DNS server periodically checks the zone file for stale records periodically and deletes those meeting the criteria for a stale record. |
| Stub Zone | A DNS zone containing a read-only copy of only the zone's SOA and NS records and the necessary A records to resolve NS records. A stub zone forwards queries to a primary DNS server for that zone and is not authoritative for the zone. |
| Zone Replication | The transfer of zone changes from the DNS server to another. |
| Zone Replication Scope | A scope that determines which Active Directory partition the zone is stored in and which DCs the zone information is replicated to. |
| Active Directory Partition | A special file that Active Directory uses to store domain information. |
| Unknown Record Support | A new feature of DNS in Windows Server 2016 that has the ability to support resource records of a unknown to the DNS server on Windows Server 2016. |
| DNS Policy | A new feature in Windows Server 2016 that allows you to manage DNS traffic, filter queries, and load balance your applications based on a number of criteria. |
| Query Resolution Policy | A DNS policy that specifies how DNS queries are handled by the DNS server |
| Zone Transfer Policy | A DNS policy that specifies whether a zone transfer is allowed. For example, you can allow or deny zone transfers to particular subnets |
| Client Subnet | A named subnet that has a value in the format a.b.c.d/y, for example 192.168.0.0/24 |
| Zone Scope | A subset of a zone where a zone can contain multiple zone scopes and each zone scope has its own set of resource records. |
| Recursion Scope | A scope that defines which queries will use DNS recursion. |
| DNS Recursion Scope | A DNS feature that allows you to specify which DNS queries will use recursion and which will not. |
| Domain Name System Security Extension (DNSSEC) | A suite of features and protocols for validating DNS server responses. |
| Zone Signing | A DNSSEC feature that uses digital signatures contained in DNSSEC-related resource records to verify DNS responses. See also Domain Name System Security Extension (DNSSEC) |
| DNSKEY | The public key for the zone that DNS resolvers use to verify the digital signature in Resource Record Signature (RRSIG) records. |
| Resource Record Signature (RRSIG) | A key containing the signature for a single resource record, such as an A or MX record. |
| Next Secure (NSEC) | A DNSSEC record returned when the requested resource record does not exist. See also Domain Name System Security Extension (DNSSEC). |
| Next Secure 3 (NSEC3) | An alternative to NSEC records. NSEC3 can prevent zone-walking, which is a technique of repeating NSEC queries to get all the names in a zone. See also Next secure (NSEC). |
| Next Secure 3 (NSEC3) Parameter | DNSSEC records used to determine which NSEC3 records should be included in responses to queries for nonexistent records. See also Next Secure 3 (NSEC3). |
| Delegation Signer (DS) | A DNSSEC record that holds the name of a delegated zone and is used to verify delegated child zones. See also Domain Name System Security Extension (DNSSEC). |
| key-signing key (KSK) | A DNSSEC key that has a private and public key associated with it. The private key is used to sign all DNSKEY records and the public key is used as a trust anchor for validating DNS responses. See also Domain Name System Security Extension (DNSSEC). |
| Trust Anchor | A DNSKEY that is usually for a zone but can also be a DS key for a delegated zone. Public keys are used as trust anchors for validating DNS responses. |
| Zone-Signing Key (ZSK) | A public and private key combination stored in a certificate used to sign the zone. |
| DNS socket pool | A pool of port numbers used by a DNS server for DNS queries to protect against DNS cache poisoning. See also DNS cache poisoning. |
| DNS cache poisoning | An attack on DNS servers in which false data is introduced into the DNS server cache, causing the server to return incorrect IP addresses. |
| DNS cache locking | A DNS security feature that allows you to control whether data in the DNS cache can be overwritten. |
| Response Rate Limiting (RRL) | A new DNS Server role feature in Windows Server 2016 that mitigates a type of distributed denial of service (DDoS) attack called a DNS amplification attack. |
| DNS amplification attack | A type of DDoS attack that uses public DNS servers to overwhelm a target with DNS responses by sending DNS queries with spoofed IP addresses. |
| DNS-based Authentication of Named Entities (DANE) | A new feature in Windows Server 2016 that is used to provide information about the certification authority (CA) used by your domain when a client is requesting DNS information for your domain. |
| Zone-Level Statistics | A feature in Windows Server 2016 that provides detailed statistics for each zone to show how a DNS server is used. |
Created by:
cswilloughby15
Popular Computers sets