Busy. Please wait.
Log in using Clever

show password
Forgot Password?

Don't have an account?  Sign up 
Sign up using Clever

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
Didn't know it?
click below
Knew it?
click below
Don't know
Remaining cards (0)
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

IST 164 CH3

Configuring Advanced DNS

Zone Delegation The transfer of authority for a subdomain to a new zone, which can be on the same server as the parent zone or another server.
Stale Resource Record A DNS record that is no longer valid, either because the resource is offline for an extended period or permanently, or because the resource's name or address has changed.
Scavenging The process whereby the DNS server periodically checks the zone file for stale records periodically and deletes those meeting the criteria for a stale record.
Stub Zone A DNS zone containing a read-only copy of only the zone's SOA and NS records and the necessary A records to resolve NS records. A stub zone forwards queries to a primary DNS server for that zone and is not authoritative for the zone.
Zone Replication The transfer of zone changes from the DNS server to another.
Zone Replication Scope A scope that determines which Active Directory partition the zone is stored in and which DCs the zone information is replicated to.
Active Directory Partition A special file that Active Directory uses to store domain information.
Unknown Record Support A new feature of DNS in Windows Server 2016 that has the ability to support resource records of a unknown to the DNS server on Windows Server 2016.
DNS Policy A new feature in Windows Server 2016 that allows you to manage DNS traffic, filter queries, and load balance your applications based on a number of criteria.
Query Resolution Policy A DNS policy that specifies how DNS queries are handled by the DNS server
Zone Transfer Policy A DNS policy that specifies whether a zone transfer is allowed. For example, you can allow or deny zone transfers to particular subnets
Client Subnet A named subnet that has a value in the format a.b.c.d/y, for example
Zone Scope A subset of a zone where a zone can contain multiple zone scopes and each zone scope has its own set of resource records.
Recursion Scope A scope that defines which queries will use DNS recursion.
DNS Recursion Scope A DNS feature that allows you to specify which DNS queries will use recursion and which will not.
Domain Name System Security Extension (DNSSEC) A suite of features and protocols for validating DNS server responses.
Zone Signing A DNSSEC feature that uses digital signatures contained in DNSSEC-related resource records to verify DNS responses. See also Domain Name System Security Extension (DNSSEC)
DNSKEY The public key for the zone that DNS resolvers use to verify the digital signature in Resource Record Signature (RRSIG) records.
Resource Record Signature (RRSIG) A key containing the signature for a single resource record, such as an A or MX record.
Next Secure (NSEC) A DNSSEC record returned when the requested resource record does not exist. See also Domain Name System Security Extension (DNSSEC).
Next Secure 3 (NSEC3) An alternative to NSEC records. NSEC3 can prevent zone-walking, which is a technique of repeating NSEC queries to get all the names in a zone. See also Next secure (NSEC).
Next Secure 3 (NSEC3) Parameter DNSSEC records used to determine which NSEC3 records should be included in responses to queries for nonexistent records. See also Next Secure 3 (NSEC3).
Delegation Signer (DS) A DNSSEC record that holds the name of a delegated zone and is used to verify delegated child zones. See also Domain Name System Security Extension (DNSSEC).
key-signing key (KSK) A DNSSEC key that has a private and public key associated with it. The private key is used to sign all DNSKEY records and the public key is used as a trust anchor for validating DNS responses. See also Domain Name System Security Extension (DNSSEC).
Trust Anchor A DNSKEY that is usually for a zone but can also be a DS key for a delegated zone. Public keys are used as trust anchors for validating DNS responses.
Zone-Signing Key (ZSK) A public and private key combination stored in a certificate used to sign the zone.
DNS socket pool A pool of port numbers used by a DNS server for DNS queries to protect against DNS cache poisoning. See also DNS cache poisoning.
DNS cache poisoning An attack on DNS servers in which false data is introduced into the DNS server cache, causing the server to return incorrect IP addresses.
DNS cache locking A DNS security feature that allows you to control whether data in the DNS cache can be overwritten.
Response Rate Limiting (RRL) A new DNS Server role feature in Windows Server 2016 that mitigates a type of distributed denial of service (DDoS) attack called a DNS amplification attack.
DNS amplification attack A type of DDoS attack that uses public DNS servers to overwhelm a target with DNS responses by sending DNS queries with spoofed IP addresses.
DNS-based Authentication of Named Entities (DANE) A new feature in Windows Server 2016 that is used to provide information about the certification authority (CA) used by your domain when a client is requesting DNS information for your domain.
Zone-Level Statistics A feature in Windows Server 2016 that provides detailed statistics for each zone to show how a DNS server is used.
Created by: cswilloughby15



Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
restart all cards