Busy. Please wait.

show password
Forgot Password?

Don't have an account?  Sign up 

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
Don't know
remaining cards
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
restart all cards
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

IST 164 CH3

Configuring Advanced DNS

Zone Delegation The transfer of authority for a subdomain to a new zone, which can be on the same server as the parent zone or another server.
Stale Resource Record A DNS record that is no longer valid, either because the resource is offline for an extended period or permanently, or because the resource's name or address has changed.
Scavenging The process whereby the DNS server periodically checks the zone file for stale records periodically and deletes those meeting the criteria for a stale record.
Stub Zone A DNS zone containing a read-only copy of only the zone's SOA and NS records and the necessary A records to resolve NS records. A stub zone forwards queries to a primary DNS server for that zone and is not authoritative for the zone.
Zone Replication The transfer of zone changes from the DNS server to another.
Zone Replication Scope A scope that determines which Active Directory partition the zone is stored in and which DCs the zone information is replicated to.
Active Directory Partition A special file that Active Directory uses to store domain information.
Unknown Record Support A new feature of DNS in Windows Server 2016 that has the ability to support resource records of a unknown to the DNS server on Windows Server 2016.
DNS Policy A new feature in Windows Server 2016 that allows you to manage DNS traffic, filter queries, and load balance your applications based on a number of criteria.
Query Resolution Policy A DNS policy that specifies how DNS queries are handled by the DNS server
Zone Transfer Policy A DNS policy that specifies whether a zone transfer is allowed. For example, you can allow or deny zone transfers to particular subnets
Client Subnet A named subnet that has a value in the format a.b.c.d/y, for example
Zone Scope A subset of a zone where a zone can contain multiple zone scopes and each zone scope has its own set of resource records.
Recursion Scope A scope that defines which queries will use DNS recursion.
DNS Recursion Scope A DNS feature that allows you to specify which DNS queries will use recursion and which will not.
Domain Name System Security Extension (DNSSEC) A suite of features and protocols for validating DNS server responses.
Zone Signing A DNSSEC feature that uses digital signatures contained in DNSSEC-related resource records to verify DNS responses. See also Domain Name System Security Extension (DNSSEC)
DNSKEY The public key for the zone that DNS resolvers use to verify the digital signature in Resource Record Signature (RRSIG) records.
Resource Record Signature (RRSIG) A key containing the signature for a single resource record, such as an A or MX record.
Next Secure (NSEC) A DNSSEC record returned when the requested resource record does not exist. See also Domain Name System Security Extension (DNSSEC).
Next Secure 3 (NSEC3) An alternative to NSEC records. NSEC3 can prevent zone-walking, which is a technique of repeating NSEC queries to get all the names in a zone. See also Next secure (NSEC).
Next Secure 3 (NSEC3) Parameter DNSSEC records used to determine which NSEC3 records should be included in responses to queries for nonexistent records. See also Next Secure 3 (NSEC3).
Delegation Signer (DS) A DNSSEC record that holds the name of a delegated zone and is used to verify delegated child zones. See also Domain Name System Security Extension (DNSSEC).
key-signing key (KSK) A DNSSEC key that has a private and public key associated with it. The private key is used to sign all DNSKEY records and the public key is used as a trust anchor for validating DNS responses. See also Domain Name System Security Extension (DNSSEC).
Trust Anchor A DNSKEY that is usually for a zone but can also be a DS key for a delegated zone. Public keys are used as trust anchors for validating DNS responses.
Zone-Signing Key (ZSK) A public and private key combination stored in a certificate used to sign the zone.
DNS socket pool A pool of port numbers used by a DNS server for DNS queries to protect against DNS cache poisoning. See also DNS cache poisoning.
DNS cache poisoning An attack on DNS servers in which false data is introduced into the DNS server cache, causing the server to return incorrect IP addresses.
DNS cache locking A DNS security feature that allows you to control whether data in the DNS cache can be overwritten.
Response Rate Limiting (RRL) A new DNS Server role feature in Windows Server 2016 that mitigates a type of distributed denial of service (DDoS) attack called a DNS amplification attack.
DNS amplification attack A type of DDoS attack that uses public DNS servers to overwhelm a target with DNS responses by sending DNS queries with spoofed IP addresses.
DNS-based Authentication of Named Entities (DANE) A new feature in Windows Server 2016 that is used to provide information about the certification authority (CA) used by your domain when a client is requesting DNS information for your domain.
Zone-Level Statistics A feature in Windows Server 2016 that provides detailed statistics for each zone to show how a DNS server is used.
Created by: cswilloughby15