IP address

From Wikipedia, the free encyclopedia

Jump to: navigation, search

An Internet Protocol (IP) address is a numerical label that is assigned to devices

participating in a computer network utilizing the Internet Protocol for communication
between its nodes.[1] An IP address serves two principal functions in networking: host or
network interface identification and location addressing. The role of the IP address has
also been characterized as follows: "A name indicates what we seek. An address indicates
where it is. A route indicates how to get there."[2]

The original designers of TCP/IP defined an IP address as a 32-bit number[1] and this
system, known as Internet Protocol Version 4 or IPv4, is still in use today. However, due
to the enormous growth of the Internet and the resulting depletion of available addresses,
a new addressing system (IPv6), using 128 bits for the address, was developed in 1995[3]
and last standardized by RFC 2460 in 1998.[4] Although IP addresses are stored as binary
numbers, they are usually displayed in human-readable notations, such as 208.77.188.166
(for IPv4), and 2001:db8:0:1234:0:567:1:1 (for IPv6).

The Internet Protocol also has the task of routing data packets between networks, and IP
addresses specify the locations of the source and destination nodes in the topology of the
routing system. For this purpose, some of the bits in an IP address are used to designate a
subnetwork. The number of these bits is indicated in CIDR notation, appended to the IP
address, e.g., 208.77.188.166/24.

With the development of private networks and the threat of IPv4 address exhaustion, a
group of private address spaces was set aside by RFC 1918. These private addresses may
be used by anyone on private networks. They are often used with network address
translators to connect to the global public Internet.

The Internet Assigned Numbers Authority (IANA) manages the IP address space
allocations globally. IANA works in cooperation with five Regional Internet Registries
(RIRs) to allocate IP address blocks to Local Internet Registries (Internet service
providers) and other entities.
What is a Subnet Mask?
A subnet mask allows you to identify which part of an IP address is reserved for the
network, and which part is available for host use. If you look at the IP address alone,
especially now with classless inter-domain routing, you can't tell which part of the
address is which. Adding the subnet mask, or netmask, gives you all the information you
need to calculate network and host portions of the address with ease. In summary,
knowing the subnet mask can allow you to easily calculate whether IP addresses are on
the same subnet, or not.

What is ARP?
ARP is the Address Resolution Protocol.

The ARP protocol maps addresses

between the Data Link Layer and the Network Layer of the OSI Model.

The Data Link layer of TCP/IP networks utilizes MAC addresses; the Network Layer of
TCP/IP networks utilizes IP addresses.

ARP and RARP

The ARP protocol is used to map IP addresses to MAC addresses.

RARP, the Reverse ARP Protocol, is used to map MAC addresses to IP addresse

What is ARP Cache Poisoning?

Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP
Poison Routing (APR), is a technique used to attack an Ethernet
http://wiki.answers.com/wiki/Ethernet or
http://wiki.answers.com/wiki/Wireless_network. ARP Spoofing may allow an attacker to
http://wiki.answers.com/wiki/Packet_sniffer http://wiki.answers.com/wiki/Data_frame on
a http://wiki.answers.com/wiki/Local_area_network (LAN), modify the traffic, or stop
the traffic altogether (known as a http://wiki.answers.com/wiki/Denial-of-service_attack).
The attack can only be used on networks that actually make use of ARP and not another
method of address resolution.
5 What is the ANDing process?
In order to determine whether a destination host is local or remote, a computer will
perform a simple mathematical computation referred to as an AND operation. While the
sending host does this operation internally, understanding what takes place is the key to
understanding how an IP-based system knows whether to send packets directly to a host
or to a router.

What happens if don't have one default

gateway?
A Default gateway is a node (a router) on a TCP/IP Network that serves as an access
point to another network.a default geteway is used by a host when the ip's packet
destination address belongs to someplace outside the local subnet,

Can a workstation computer be

configured to browse the Internet and
yet NOT have a default gateway?
If we are using public ip address, we can browse the internet. If it is having an intranet
address a gateway is needed as a router or firewall to communicate with internet.

What is a Subnet?
A subnet is a logical organization of network address ranges used to separate hosts and
network devices from each other to serve a design purpose. In many cases, subnets are
created to serve as physical or geographical separations similar to those found between
rooms, floors, buildings, or cities.

Most modern subnet definitions

are created according to 3 main factors. These include:

1. the number of hosts that needs to exist on the subnet now and in the future;
2. the necessary security controls between networks; and
3. the performance required for communications between hosts.
Legacy Subnets

Legacy subnets were not flexible because they had predefined limitations on their size
and numbers. These were called "classful" networks because each network could be
easily identified and placed into a specific class. Shown below is a table containing the
original "classful" definitions for IP addresses :

CIDR Total # of
IP Address Range Purpose RFC Class
Equivalent Addresses
0.0.0.0 -
0.0.0.0/8 Zero Addresses 1700 A 16,777,216
0.255.255.255
10.0.0.0 -
10.0.0.0/8 Private IP addresses 1918 A 16,777,216
10.255.255.255
127.0.0.0 - Localhost Loopback
127.0.0.0/8 1700 A 16,777,216
127.255.255.255 Address
169.254.0.0 -
169.254.0.0/16 Zeroconf / APIPA 3330 B 65,536
169.254.255.255
172.16.0.0 -
172.16.0.0/12 Private IP addresses 1918 B 1,048,576
172.31.255.255
192.0.2.0 - Documentation and
192.0.2.0/24 3330 C 256
192.0.2.255 Examples
192.88.99.0 - IPv6 to IPv4 relay
192.88.99.0/24 3068 C 256
192.88.99.255 Anycast
192.168.0.0 - 192.168.
192.168.0.0/16 Private IP addresses 1918 C 65,536
255.255
198.18.0.0 - Network Device
198.18.0.0/15 2544 C 131,072
198.19.255.255 Benchmark
224.0.0.0 -
224.0.0.0/4 Multicast 3171 D 268,435,456
239.255.255.255
240.0.0.0 - 255.255.25
240.0.0.0/4 Reserved 1700 E 268,435,456
5.255

Classless IP Addresses

With the advent of CIDR (Classless Inter-Domain Routing), the "classful" definition of
subnet divisions was lifted. Any network address could be defined just as any of the
"classful" subnet of the past could be defined. All that is required is enough neighboring
address space to cover all the IP addresses needed. Classless addresses also assist in
reducing the overall size of the global routing tables on network devices.
WHAT IS APIPA?
Understanding APIPA
Automatic Private IP Addressing (APIPA) Overview

DHCP is a service that functions at the application layer of the TCP/IP protocol stack.
One of the primary tasks of the DHCP service is to automatically assign IP addresses to
DHCP clients. A server running the DHCP service is called a DHCP server. The DHCP
service automates the configuration of TCP/IP clients because IP addressing occurs
through the system. The DHCP server assigns IP addresses from a predetermined IP
address range(s), called a scope. To summarize, the DHCP server dynamically assigns IP
addresses to DHCP clients, and also allocates TCP/IP configuration information to DHCP
clients, such as DNS server IP address and WINS server IP address.

To uniquely identify computers on a

TCP/IP based network, each computer must have a unique IP address. To communicate
on the Internet and private TCP/IP network, all hosts defined on the network must have
IP addresses. When the DHCP client boots up on the network, a negotiation process
called the DHCP lease process occurs between the DHCP server and client. During the
DHCP lease process, IP address and any additional TCP/IP configuration parameters are
provided to DHCP clients by the DHCP server. Prior to the Automatic Private IP
Addressing (APIPA) feature, a DHCP client received no notification if the DHCP lease
process was unsuccessful in allocating an IP address to a DHCP client. The client was
also not able to configure its own IP address if it could not obtain an IP address because
the DHCP server was unavailable.

With the introduction of Automatic Private IP Addressing (APIPA) feature, a DHCP

client that cannot obtain an IP address from a DHCP server is able to configure its own
IP address.

How APIPA works

1. A client is configured to automatically obtain an IP address from the DHCP

server.
2. The client is however unable to contact the DHCP server for dynamic IP address
assignment because the DHCP server is unavailable.
3. The client computer uses the APIPA feature to assign and configure its own
private IP address.
4. The IP address which the client assigns to itself is a private IP address in the
address range of 169.254.0.0 to 169.254.255.255. This address range is reserved
by Internet Assigned Numbers Authority (IANA).
5. The client continues to check whether the DHCP server is available at 5 minute
intervals.
 6. When the DHCP is available again, the client that assigned itself an IP address
through APIPA initiates the DHCP lease process to request and obtain an IP
address from the DHCP server.
7. When the DHCP server assigns an IP address to the client, the client replaces the
APIPA address with the one it obtained from the DHCP server.

APIPA addresses are invalid on the Internet, and computers that are using APIPA
addresses can only communicate with other computers using APIPA addresses on the
same network segment.

The APIPA feature configures the client with the following:

• IP address
• Subnet mask

The APIPA feature cannot configure the client with any other TCP/IP configuration:

• Default gateway
• DNS server IP address
• WINS server IP address

You have to use an alternate configuration to provide the above TCP/IP configuration
information to a client when no DHCP server is available for the client.

APIPA is supported in the following Microsoft Windows operating systems:

• Windows 98
• Windows Millennium Edition (Me)
• Windows 2000
• Windows XP
• Windows Server 2003

How to check whether APIPA is enabled

1. At a command prompt, enter ipconfig /all to view IP address information.

2. Verify that Autoconfiguration Enabled is displayed with Yes.
3. Verify that the IP address is within the address range of 169.254.0.0 to
169.254.255.255.

How to disable APIPA

You can disable the APIPA feature for only one adapter, or you can disable APIPA for
all adapters. The APIPA feature is disabled by editing certain Registry keys in the
Windows Registry.

How to disable APIPA on one adapter

 1. Open the Registry Editor.
2. In the
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\InterfaceAdapterK
ey subkey, add the IPAutoconfigurationEnabled entry with a value of 0.
3. Restart the computer.

How to disable APIPA for all adapters

1. Open the Registry Editor.

2. In the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Param
eters subkey, set the IPAutoconfigurationEnabled entry with a value of 0.
3. Restart the computer.

What is an RFC Name a few if possible

not necessarily the numbers just the
idea behind them?
A Request For Comments (RFC) document defines a protocol or policy used on the
Internet. An RFC can be submitted by anyone. Eventually, if it gains enough interest, it
may evolve into an Internet Standard Each RFC is designated by an RFC number. Once
published, an RFC never changes. Modifications to an original RFC are assigned a new
RFC number.

WHAT IS RFC 1918 ?

• RFC 1918
Private IP address space has been allocated via RFC 1918. This means the addresses are
available for any use by anyone and therefore the same RFC 1918 IP addreses can be reused.
However they are defined as not routeable on the public Internet. They are used extensively in
private networks due to the shortage of publicly registerable IP addresses and therefore NAT is
required to connect those networks to the Internet.

Private IP addresses also provide a basic form of security as in a typical network configuation
of this type it is not possible for the outside world (Internet) to establish a connection directly
to a host using these addresses.

Specifically the networks are:

Name start IP address end IP address classful description largest CIDR block
24-bit block 10.0.0.0 10.255.255.255 single class A 10.0.0.0/8
20-bit block 172.16.0.0 172.31.255.255 16 contiguous class Bs 172.16.0.0/12
16-bit block 192.168.0.0 192.168.255.255 256 contiguous class Cs 192.168.0.0/16

RFC 1597 was the original specification but is now for historical purposes onl

WHAT IS CIDR?
Definition: CIDR is an efficient method for specifying IP addresses to Internet routers. CIDR
was developed to cope with the surge in demand for IPv4 Internet addresses in the 1990s.

Before CIDR, Internet routers used an inefficient IP addressing scheme based on classes.
Organizations like ISPs reserved address blocks in large "Class A," "Class B," or "Class C"
chunks that wasted much of the IP address range.

In contrast, CIDR makes the IP addressing space classless. CIDR associates network masks
with IP network numbers independent of their traditional class. Routers that support CIDR
recognize these networks as individual routes, even though they may represent an
aggregation of several traditional subnets.

Also Known As: Classless Inter-Domain Routing, Classless Internet Domain Routing,
supernetting
Examples:
CIDR shorthand notation writes an IP address and its associated network mask in the form
xxx.xxx.xxx.xxx/n, where 'n' is a number between 1 and 31 that is the number of '1' bits in
the mask.

What is DHCP What are the benefits and

drawbacks of using it?
Benefits:

1. DHCP minimizes configuration errors caused by manual IP address

configurationDHCP minimizes configuration errors caused by manual IP address
configuration

2. Reduced network administration.

Disadvantage

Your machine name does not change when you get a new IP address. The DNS (Domain
Name System) name is associated with your IP address and therefore does change. This
only presents a problem if other clients try to access your machine by its DNS name.
Benefits:

1. DHCP minimizes configuration errors caused by manual IP address

configurationDHCP minimizes configuration errors caused by manual IP address
configuration

2. Reduced network administration.

Disadvantage

Your machine name does not change when you get a new IP address. The DNS (Domain
Name System) name is associated with your IP address and therefore does change. This
only presents a problem if other clients try to access your machine by its DNS name.

Describe the steps taken by the client and

DHCP server in order to obtain an IP
address?
At least one DHCP server must exist on a network. Once the DHCP server software is installed,
you create a DHCP scope, which is a pool of IP addresses that the server manages. When clients
log on, they request an IP address from the server, and the server provides an IP address from its
pool of available addresses.

DHCP was originally defined in RFC 1531 (Dynamic Host Configuration Protocol, October 1993)
but the most recent update is RFC 2131 (Dynamic Host Configuration Protocol, March 1997).
The IETF Dynamic Host Configuration (dhc) Working Group is chartered to produce a protocol
for automated allocation, configuration, and management of IP addresses and TCP/IP protocol
stack parameters.

What is the dhcpnack and when do you

get one name 2 scenarios?
Recently I saw a lot of queries regarding when the Microsoft DHCP server issues a NAK
to DHCP clients.
For simplification purposes, I am listing down the possible scenarios in which the server
should NOT issue a NAK. This should give you a good understanding of DHCP NAK
behavior.

When a DHCP server receives a DHCPRequest with a previously assigned address

specified, it first checks to see if it came from the local segment by checking the
GIADDR field. If it originated from the local segment, the DHCP server compares the
requested address to the IP address and subnet mask belonging to the local interface that
received the request.

DHCP server will issue a NAK to the client ONLY IF it is sure that the client, "on the
local subnet", is asking for an address that doesn't exist on that subnet.

The server will send a NAK EXCEPT in the following scenarios:-

1. Requested address from possibly the same subnet but not in the address pool of the
server:-

This can be the failover scenario in which 2 DHCP servers are serving the same subnet so
that when one goes down, the other should not NAK to clients which got an IP from the
first server.

2. Requested address on a different subnet:-

If the Address is from the same superscope to which the subnet belongs, DHCP server
will ACK the REQUEST

What ports are used by DHCP and the

DHCP clients?
Requests are on UDP port 68, Server replies on UDP 67
Describe the process of installing a DHCP
server in an AD infrastructure?
Terms you'll need to understand:

• DHCP
• Lease duration
• Scopes
• Superscopes
• Multicast scopes
• Scope options

Techniques you'll need to master:

• Installing DHCP
• Understanding the DHCP lease process
• Creating scopes, superscopes, and multicast scopes
• Configuring the lease duration
• Configuring optional IP parameters that can be assigned to DHCP clients
• Understanding how DHCP interacts with DNS
• Configuring DHCP for DNS integration
• Authorizing a DHCP server in Active Directory
• Managing a DHCP server
• Monitoring a DHCP server

Introduction

The TCP/IP protocol is an Active Directory operational requirement. This means that all
computers on a Windows 2000 network require a unique IP address to communicate with
the Active Directory. Static IP addresses can add a lot of administrative overhead. Not
only can management of static IP addresses become time consuming, but such
management also increases the chances of misconfigured parameters. Imagine having to
manually type 10,000 IP addresses and not make a single error. The Dynamic Host
Configuration Protocol (DHCP) can be implemented to centralize the administration of
IP addresses. Through DHCP, many of the tasks associated with IP addressing can be
automated. However, implementing DHCP also introduces some security issues because
anyone with physical access to the network can plug in a laptop and obtain IP
information about the internal network.

In this chapter, you'll learn how to implement a DHCP server, including the installation
process, authorization of the server, and the configuration of DHCP scopes. The chapter
ends by looking at how to manage a DHCP server and monitor its performance.
What is DHCPINFORM?
DHCPInform is a DHCP message used by DHCP clients to obtain DHCP options. While
PPP remote access clients do not use DHCP to obtain IP addresses for the remote access
connection, Windows 2000 and Windows 98 remote access clients use the DHCPInform
message to obtain DNS server IP addresses, WINS server IP addresses, and a DNS
domain name. The DHCPInform message is sent after the IPCP negotiation is concluded.

The DHCPInform message received by the remote access server is then forwarded to a
DHCP server. The remote access server forwards DHCPInform messages only if it has
been configured with the DHCP Relay Agent..

Describe the integration between DHCP

and DNS?
Traditionally, DNS and DHCP servers have been configured and managed one at a time.
Similarly, changing authorization rights for a particular user on a group of devices has
meant visiting each one and making configuration changes. DHCP integration with DNS
allows the aggregation of these tasks across devices, enabling a company's network
services to scale in step with the growth of network users, devices, and policies, while
reducing administrative operations and costs.

This integration provides practical operational efficiencies that lower total cost of
ownership. Creating a DHCP network automatically creates an associated DNS zone, for
example, reducing the number of tasks required of network administrators. And
integration of DNS and DHCP in the same database instance provides unmatched
consistency between service and management views of IP address-centric network
services data.

What options in DHCP do you regularly

use for an MS network?
Automatic providing IP address

Subnet mask

DNS server

Domain name Default getaway or router

How do you configure a client machine

to use a specific User Class?
The command to configure a client machine to use a specific user class is

ipconfig /setclassid "<Name of your Network card>" <Name of the class you created on
DHCP and you want to join (Name is case sensitive)>

Eg:

ipconfig /setclassid " Local Area Network" Accounting

What are User Classes and Vendor

Classes in DHCP?
Microsoft Vendor Classes

The following list contains pre-defined vendor classes that are available in Windows
2000 DHCP server.

Collapse this tableExpand this table

MSFT 5.0 Microsoft Windows 2000 options Class that

includes all Windows 2000 DHCP clients. MSFT 98
Microsoft Windows 98 options Class that includes all
Class Class
Description Windows 98 and Microsoft Windows Millennium Edition
Data Name
(Me) DHCP clients. MSFT Microsoft options Class that
includes all Windows 98, Windows Me, and Windows 2000
DHCP clients.

If you have non-Microsoft DHCP clients, you can define other vendor-specific classes on
the DHCP server. When you define such classes, make sure the vendor class identifier
that you define matches the identifier used by the clients.

Back to the top

User Classes

The following list contains pre-defined user classes that are available in Windows 2000
DHCP server.

Collapse this tableExpand this table

Class Class Description Unspecified Default user class All DHCP clients that have no
ID Type user class specified. RRAS.Microsoft Default Routing and
Remote Access class All Dial-Up Networking (DUN) clients.
 Bootp Default Bootp class All Bootp clients

In addition to these pre-defined classes, you can also add custom user classes for
Windows 2000 DHCP clients. When you configure such classes, you must specify a
custom identifier that corresponds to the user class defined on the DHCP server.

For additional information about how to create other user and vendor classes, click the
article number below to view the article in the Microsoft Knowledge Base:

What is the BOOTP protocol used for

where might you find it in Windows
network infrastructure?
BootP (RFC951) provides

• a unique IP address to the requester (using port 67) similar to the DHCP request
on port 68 AND
• can provide (where supported) the ability to boot a system without a hard drive
(ie: a diskless client)

Apple OS X 10.* Server supports BootP (albeit) renamed as NetBoot. The facility allows
the Admin to maintain a selected set of configurations as boot images and then assign
sets of client systems to share(or boot from) that image. For example Accounting,
Management, and Engineering departments have elements in common, but which can be
unique from other departments. Performing upgrades and maintenance on three images is
far more productive that working on all client systems individually.

Startup is obviously network intensive, and beyond 40-50 clients, the Admin needs to
carefully subnet the infrastructure, use gigabit switches, and host the images local to the
clients to avoid saturating the network. This will expand the number of BootP servers and
multiply the number of images, but the productivity of 1 BootP server per 50 clients is
undeniable :)

Sunmicro, Linux, and AIX RS/600 all support BootP.

Todate, Windows does not support booting "diskless clients".

DNS zones describe the differences between the 4 types?

DNS zones describe the differences

between the 4 types?
 Dns zone is actual file which contains all the records for a specific domain.

i)Forward Lookup Zones :-

This zone is responsible to resolve host name to ip.

ii)Reverse Lookup Zones :-

This zone is responsible to resolve ip to host name.

iii)Stub Zone :-

Stubzone is read only copy of primary zone.but it contains only 3 records viz

the SOA for the primary zone, NS record and a Host (A) record.

DNS record types describe the most

important ones?
Type of Record What it does

A (Host) Classic resource record. Maps hostname to IP(ipv4)

PTR Maps IP to hostname (Reverse of A (Host)

AAAA Maps hostname to ip (ipv6)

Cname Canonical name, in plain English an alias.such as

Web Server,FTP Server, Chat Server

NS Identifies DNS name servers. Important for forwarders

MX Mail servers, particularly for other domains.MX records

required to deliver internet email.

_SRV Required for Active Directory. Whole family of

underscore service,records, for example, gc = global catalog.

SOA Make a point of finding the Start of Authority (SOA) tab at the

DNS Server.
For more knowledge

Srv records :- A SRV or Service Record is a category of data in the DNS specifying
information on available services. When looking up for a service, you must first lookup
the SRV Record for the service to see which server actually handles it. Then it looks up
the Address Record for the server to connect to its IP Address.

Authoritative Name Server [NS] Record :-A Zone should contain one NS Record for
each of its own DNS servers (primary and secondary). This mostly is used for Zone
Transfer purposes (notify). These NS Records have the same name as the Zone in which
they are located.

SOA :-This record is used while syncronising data between multiple computers.A given
zone must have precisely one SOA record which contains Name of Primary DNS
Server,Mailbox of the Responsible Person,Serial Number: Used by Secondary DNS
Servers to check if the Zone has changed. If the Serial Number is higher than what the
Secondary Server has, a Zone Transfer will be initiated,Refresh Interval: How often
Secondary DNS Servers should check if changes are made to the zone,Retry Interval:
How often Secondary DNS Server should retry checking, if changes are made - if the first
refresh fails,Expire Interval: How long the Zone will be valid after a refresh. Secondary
Servers will discard the Zone if no refresh could be made within this interval.Minimum
(Default) TTL: Used as the default TTL for new Records created within the zone. Also
used by other DNS Server to cache negative responses (such as Record does not exist,
etc.).

Describe the process of working with an

external domain name?
Serving Sites with External Domain Name Servers

If you host Web sites on this server and have a standalone DNS server acting as a
primary (master) name server for your sites, you may want to set up your control panel's
DNS server to function as a secondary (slave) name server:

To make the control panel's DNS server act as a secondary name server:

1. Go to Domains > domain name > DNS Settings (in the Web Site group).
2. Click Switch DNS Service Mode.
3. Specify the IP address of the primary (master) DNS server.
4. Click Add.
5. Repeat steps from 1 to 5 for each Web site that needs to have a secondary name
server on this machine.

To make the control panel's DNS server act as a primary for a zone:

1. Go to Domains > domain name > DNS Settings (in the Web Site group).
2. Click Switch DNS Service Mode. The original resource records for the zone will
be restored.

If you host Web sites on this server and rely entirely on other machines to perform the
Domain Name Service for your sites (there are two external name servers - a primary and
a secondary), switch off the control panel's DNS service for each site served by external
name servers.

To switch off the control panel's DNS service for a site served by an external name
server:

1. Go to Domains > domain name > DNS Settings (in the Web Site group).
2. Click Switch Off the DNS Service in the Tools group. Turning the DNS service
off for the zone will refresh the screen, so that only a list of name servers remains.

Note: The listed name server records have no effect on the system. They are only
presented on the screen as clickable links to give you a chance to validate the
configuration of the zone maintained on the external authoritative name servers.

1. Repeat the steps from 1 to 3 to switch off the local domain name service for each
site served by external name servers.

If you wish to validate the configuration of a zone maintained on authoritative name

servers:

1. Go to Domains > domain name > DNS Settings (in the Web Site group).
 2. Add to the list the entries pointing to the appropriate name servers that are
authoritative for the zone: click Add, specify a name server, and click OK.
Repeat this for each name server you would like to test.

The records will appear in the list.

1. Click the records that you have just created. Parallels Plesk Panel will retrieve the
zone file from a remote name server and check the resource records to make sure
that domain's resources are properly resolved.

The results will be interpreted and displayed on the screen.

Describe the importance of DNS to AD?

When you install Active Directory on a server, you promote the server to the role of a
domain controller for a specified domain. When completing this process, you are
prompted to specify a DNS domain name for the Active Directory domain for which you
are joining and promoting the server.If during this process, a DNS server authoritative for
the domain that you specified either cannot be located on the network or does not support
the DNS dynamic update protocol, you are prompted with the option to install a DNS
server. This option is provided because a DNS server is required to locate this server or
other domain controllers for members of an Active Directory domain

Few methods of finding an MX record for

a remote domain on the Internet?
In order to find MX Records for SMTP domains you can use Command-line tools such as
NSLOOKUP or DIG. You can also use online web services that allow you to perform
quick searches and display the information in a convenient manner

What does Disable Recursion in DNS

mean?
In the Windows 2000/2003 DNS console (dnsmgmt.msc), under a server's Properties ->
Forwarders tab is the setting Do not use recursion for this domain. On the Advanced
tab you will find the confusingly similar option Disable recursion (also disables
forwarders).

Recursion refers to the action of a DNS server querying additional DNS servers (e.g.
local ISP DNS or the root DNS servers) to resolve queries that it cannot resolve from its
own database. So what is the difference between these settings?

The DNS server will attempt to resolve the name locally, then will forward requests to
any DNS servers specified as forwarders. If Do not use recursion for this domain is
enabled, the DNS server will pass the query on to forwarders, but will not recursively
query any other DNS servers (e.g. external DNS servers) if the forwarders cannot resolve
the query.

If Disable recursion (also disables forwarders) is set, the server will attempt to resolve a
query from its own database only. It will not query any additional servers.

If neither of these options is set, the server will attempt to resolve queries normally:
... the local database is queried
... if an entry is not found, the request is passed to any forwarders that are set
... if no forwarders are set, the server will query servers on the Root Hints tab to resolve
queries beginning at the root domains.

What could cause the Forwarders and

Root Hints to be grayed out?

Win2K configured your DNS server as a private root server

What is a Single Label domain name and

what sort of issues can it cause?
Single-label names consist of a single word like "contoso".
• Single-label DNS names cannot be registered by using an Internet registrar.
• Client computers and domain controllers that joined to single-label domains require
additional configuration to dynamically register DNS records in single-label DNS zones.
• Client computers and domain controllers may require additional configuration to
resolve DNS queries in single-label DNS zones.
• By default, Windows Server 2003-based domain members, Windows XP-based domain
members, and Windows 2000-based domain members do not perform dynamic updates to
single-label DNS zones.
• Some server-based applications are incompatible with single-label domain names.
Application support may not exist in the initial release of an application, or support may
be dropped in a future release. For example, Microsoft Exchange Server 2007 is not
supported in environments in which single-label DNS is used.
• Some server-based applications are incompatible with the domain rename feature that is
supported in Windows Server 2003 domain controllers and in Windows Server 2008
domain controllers. These incompatibilities either block or complicate the use of the
domain rename feature when you try to rename a single-label DNS name to a fully
qualified domain name.

What is the in-addrarpa zone used for?

When creating DNS records for your hosts, A records make sense. After all, how can the
world find your mail server unless the IP address of that server is associated with its
hostname within a DNS database? However, PTR records aren't as easily understood. If
you already have a zone file, why does there have to be a separate in-addr.arpa zone
containing PTR records matching your A records? And who should be making those PTR
records--you or your provider? Let's start by defining in-addr.arpa. .arpa is actually a
TLD like .com or .org. The name of the TLD comes from Address and Routing
Parameter Area and it has been designated by the IANA to be used exclusively for
Internet infrastructure purposes. In other words, it is an important zone and an integral
part of the inner workings of DNS. The RFC for DNS (RFC 1035) has an entire section
on the in-addr.arpa domain. The first two paragraphs in that section state the purpose of
the domain: "The Internet uses a special domain to support gateway location and Internet
address to host mapping. Other classes may employ a similar strategy in other domains.
The intent of this domain is to provide a guaranteed method to perform host address to
host name mapping, and to facilitate queries to locate all gateways on a particular
network in the Internet. Note that both of these services are similar to functions that could
be performed by inverse queries; the difference is that this part of the domain name space
is structured according to address, and hence can guarantee that the appropriate data can
be located without an exhaustive search of the domain space." In other words, this zone
provides a database of all allocated networks and the DNS reachable hosts within those
networks. If your assigned network does not appear in this zone, it appears to be
unallocated. And if your hosts don't have a PTR record in this database, they appear to be
unreachable through DNS. Assuming an A record exists for a host, a missing PTR record
may or may not impact on the DNS reachability of that host, depending upon the
applications running on that host. For example, a mail server will definitely be impacted
as PTR records are used in mail header checks and by most anti-SPAM mechanisms.
Depending upon your web server configuration, it may also depend upon an existing PTR
record. This is why the DNS RFCs recommend that every A record has an associated
PTR record. But who should make and host those PTR records? Twenty years ago when
you could buy a full Class C network address (i.e. 254 host addresses) the answer was
easy: you. Remember, the in-addr.arpa zone is concerned with delegated network
addresses. In other words, the owner of the network address is authoritative (i.e.
responsible) for the host PTR records associated with that network address space. If you
only own one or two host addresses within a network address space, the provider you
purchased those addresses from needs to host your PTR records as the provider is the
owner of (i.e. authoritative for) the network address. Things are a bit more interesting if
you have been delegated a CIDR block of addresses. The in-addr.arpa zone assumes a
classful addressing scheme where a Class A address is one octet (or /8), a Class B is 2
octets (or /16) and a Class C is 3 octets (or /24). CIDR allows for delegating address
space outside of these boundaries--say a /19 or a /28. RFC 2317 provides a best current
practice for maintaining in-addr.arpa with these types of network allocations. Here is a
summary regarding PTR records: • Don't wait until users complain about DNS
unreachability--be proactive and ensure there is an associated PTR record for every A
record. • If your provider hosts your A records, they should also host your PTR records. •
If you only have one or two assigned IP addresses, your provider should host your PTR
records as they are authoritative for the network those hosts belong to. • If you own an
entire network address (e.g. a Class C address ending in 0), you are responsible for
hosting your PTR records. • If you are configuring an internal DNS server within the
private address ranges (e.g. 10.0.0.0 or 192.168.0.0), you are responsible for your own
internal PTR records. • Remember: the key to PTR hosting is knowing who is
authoritative for the network address for your domain. When in doubt, it probably is not
you.

What are the requirements from DNS to

support AD?
DNS requirements for installing Active Directory

When you install Active Directory on a member server, the member server is promoted to
a domain controller. Active Directory uses DNS as the location mechanism for domain
controllers, enabling computers on the network to obtain IP addresses of domain
controllers.

During the installation of Active Directory, the service (SRV) and address (A) resource
records are dynamically registered in DNS, which are necessary for the successful
functionality of the domain controller locator (Locator) mechanism.

To find domain controllers in a domain or forest, a client queries DNS for the SRV and A
DNS resource records of the domain controller, which provide the client with the names
and IP addresses of the domain controllers. In this context, the SRV and A resource
records are referred to as Locator DNS resource records.

When adding a domain controller to a forest, you are updating a DNS zone hosted on a
DNS server with the Locator DNS resource records and identifying the domain
controller. For this reason, the DNS zone must allow dynamic updates (RFC 2136) and
the DNS server hosting that zone must support the SRV resource records (RFC 2782) to
advertise the Active Directory directory service. For more information about RFCs, see
DNS RFCs.

If the DNS server hosting the authoritative DNS zone is not a server running Windows
2000 or Windows Server 2003, contact your DNS administrator to determine if the DNS
server supports the required standards. If the server does not support the required
standards, or the authoritative DNS zone cannot be configured to allow dynamic updates,
then modification is required to your existing DNS infrastructure.

For more information, see Checklist: Verifying DNS before installing Active Directory
and Using the Active Directory Installation Wizard.

Important

The DNS server used to support Active Directory must support SRV resource records for
the Locator mechanism to function. For more information, see Managing resource
records.

It is recommended that the DNS infrastructure allows dynamic updates of Locator DNS
resource records (SRV and A) before installing Active Directory, but your DNS
administrator may add these resource records manually after installation.
After installing Active Directory, these records can be found on the domain controller in
the following location: systemroot\System32\Config\Netlogon.dns

How do you manually create SRV records

in DNS?
this is on windows server

go to run ---> dnsmgmt.msc

rightclick on the zone you want to add srv record to and choose "other new record"

and choose service location(srv).....

Name 3 benefits of using AD-integrated

zones?
1. you can give easy name resolution to ur clients.

2. By creating AD- integrated zone you can also trace hacker and spammer by creating
reverse zone.

3. AD integrated zoned all for incremental zone transfers which on transfer changes and
not the entire zone. This reduces zone transfer traffic.

4. AD Integrated zones suport both secure and dmanic updates.

5. AD integrated zones are stored as part of the active directory and support domain-wide
or forest-wide replication through application pertitions in AD.