70-291

Saturday, November 29, 2008, 21:04
Exam Topics
2,602 views
8 comments

Preparation Guide for Exam 70-291
Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure
Updated: July 5, 2007

Exam news
Audience profile
Credit toward certification
Preparation tools and resources
Skills being measured

Exam news
Exam 70-291 became available on August 14, 2003.

Donwload Free PassGuide Braindumps-The Most Realistic Practice Questions and Answers,Help You Pass any Exams

Audience profile
The Microsoft Certified Systems Administrator (MCSA) on Windows Server 2003 credential is intended for IT professionals who work in the typically complex computing environment of medium to large companies. An MCSA candidate should have 6 to 12 months of experience administering client and network operating systems in environments that have the following characteristics:

PassGuide Cisco Exams Questions & Training Materials

Share
Delicious Digg Design Float Mixx Reddit StumbleUpon Technorati

Tags: microsoft

About the Author

Free Certification Exam Download has written 10085 stories on this site.

If you have any doubts about legality of content or you have another suspicions, feel free to contact us:CertGuard@Gmail.com

8 Comments on “70-291”

certificate wrote on 20 May, 2009, 18:55
Microsoft exam 70-291 preparation guide
Contents:
Part 1: Understanding Windows networks and TCP/IP
Part 2: Troubleshooting and monitoring TCP/IP
Part 3: Implementing, configuring and troubleshooting DNS servers
Part 4: Implementing, configuring and troubleshooting DHCP servers
Part 5: Implementing, configuring and troubleshooting routing and remote access in Windows networks
Part 6: Managing network infrastructure and security
Preface
I have written this short preparation guide as a way for myself to ease studying for the Mcirosoft 70-291 exam titled: “Implementing, managing and maintaining a Microsoft Windows Server 2003 network infrastructure”. I provide this guide as is, without any guarantees, explicit or implied, as to its contents. You may use the information contained herein in your computer career, however I take no responsibility for any damages you may incur as a result of following this guide. You may use this document freely and share it with anybody as long as you provide the whole document in one piece and do not charge any money for it. If you find any mistakes, please feel free to inform me about them Tom Kitta. Legal stuff aside, let us start.

Guide version 0.006 last updated on 17/06/2004

Part 1: Understanding Windows networks and TCP/IP
[1.1] Basic networking definitions
Network infrastructure – set of physical and logical components that allow for, among other futures, security, management and connectivity
Physical infrastructure – is also known as network’s topology, the physical layout of hardware components and the type of hardware as well as the technology used with hardware for data transmission.
Logical infrastructure – is the software that allows for communication over physical infrastructure, it includes services that run on the network like DNS
Network connection – is a logical interface between software and hardware layers
Network protocol – is the language used for communication between networked computers
Network service – is a program that provides features to hosts or protocols on the network
Network client – is a program that allows a computer to connect to a network operating system
Addressing – is the practice of maintaining a coherent system of addresses within organization’s network that allow all computer to communicate
Name resolution – is the process of translating a computer name into an address and the other way around
Workgroup – is a simple grouping of resources which by default uses NetBIOS naming system. NetBIOS is used together with Common Internet File System (CIFS), an extension of Server Message Block (SMB) protocol, to provide file sharing. There is no centralized security in a workgroup environment. The default workgroup name is WORKGROUP. In the absence of a WINS server the NetBIOS names are resolved using broadcasts to local network segment.
Domain – is a collection of computers that share a common directory, security policies and relationships with other domains. The name ‘domain’ is used both by grouping of computers in AD and as names in DNS, they are different things.
Active directory – is a distributed database that provides directory service
Remote access – is a connection that is configured for users that want to access resources from non-local site. There are two types, VPN and dial-up.
Network Address Translation (NAT) – is the system which allows computers with private addresses to communicate with computers on the internet
NWLink – Microsoft implementation of Novell IPX/SPX protocol used by NetWare networks
Certificate – is used for public key cryptography
NetBT – NetBIOS over TCP/IP, provides for higher level communications such as SMB (Server Message Blocks) and CIFS
CIFS – an extension of the SMB protocol that is used with basic file sharing. One of the advantages of CIFS over SMB is the ability to operate directly over DNS without the use of NetBIOS.
TCP/IP – most popular, scalable, routable and based on open standards protocol.
Redirector – client component that decides whatever the request is to be serviced locally or remotely. In Windows the redirector is called Client for Microsoft Networks. It uses SMB/CIFS for communication.
[1.2] Network connection
Components that make up a connection: network clients, services and protocols
Connections by themselves don’t provide communication, it occurs through components bound to the connection
Client for Microsoft Networks is by default bound to all local area connections, it allows client computers to perform CIFS related tasks
TCP/IP protocol is bound to all connections by default
File and printer sharing for Microsoft Windows is installed and bound to all connections by default
Advanced connection settings allow administrator to change the priority of each connection
Provider order tab in advanced settings dialog box allows administrator to change the network providers order. This setting is for all connections. By default, Microsoft Terminal Services is given priority over the Microsoft Network because Terminal Services are meant to be used in place of all other connections.
In the provider tab one also finds print provider order, by default LanMan Print Services is given priority over HTTP Print Services
[1.3] Default TCP/IP Settings, APIPA
APIPA stands for automatic private IP addressing
By default the IP address and DNS servers are to be obtained automatically from the DHCP server
If the computer cannot get address automatically it uses APIPA to assign itself one
APIPA assigns PC address from the range 169.254.0.1 to 169.254.255.254, in use since Windows 98
Administrators can combine APIPA with alternate configuration, when IP can be obtained from DHCP, APIPA turns itself off – no one can override DHCP obtained address with APIPA
To disable APIPA administrator can either configure alternative IP address or edit registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\interface registry entry IPAutoconfigurationEnabled set to 0 and reboot
An all zero address might indicate that the IP has been released and never renewed
When a computer fails to obtain APIPA address in the absence of DHCP server and static address, the administrator should look for a hardware problem
[1.4] Management and monitoring tools
Connection Manager – allows creation of customized remote access connections
Connection Point Services – Phone Book Service that needs IIS
Network Monitor – pocket analyzer
SNMP – Simple network management protocol, agents that monitor activity in network devices and report to network management console. For use with both Windows and UNIX, works with almost any network device.
WMI SNMP Provider – lets client applications to access static and dynamic SNMP information through WMI
[1.5] TCP/IP model
The TCP/IP model is the newer networking model, OSI Open System Interconnection model is an older model
Network interface – is the layer in the communications process that describes standards for physical media, for example ethernet. In OSI model it is both Physical layer and Data link layer.
Internet – is the layer in the communications process during which information is packaged, addressed and routed to other network destinations. ARP is used for address resolution, IP for addressing and routing data and ICMP for reporting errors and exchanging limited control/status information. In OSI model this layer is called the Network layer.
Transport – is the layer in the communications process during which the standards of data transport are determined. TCP protocol with its guarantees of delivery and connectionless unguaranteed but fast UDP protocol. This layer has the same name in the OSI model.
Application – is the layer in the communications process during which end user data is changed, packaged and sent to and from transport layer, for example telenet. In OSI we have three layers, Session, Presentation and Application.
[1.6] OSI model
OSI stands for Open System Interconnection model, it is an older networking model
7 Application layer
6 Presentation layer
5 Session layer
4 Transport layer
3 Network layer
2 Data link layer
1 Physical layer
Layers 7, 6, and 5 correspond to Application layer in TCP/IP model
Layer 4 correspond to Transport layer in TCP/IP model
Layer 3 corresponds to Internet layer in TCP/IP model
Layer 2 and 1 correspond to Network Interface layer in TCP/IP model
Protocols that were not originally part of the TCP/IP specifications are referred not by position in TCP/IP model but by OSI model. For example NetBT is a session (or layer 5) protocol.
[1.7] Protocols, their port numbers and layers in TCP/IP model they are in
Protocol number – is used to define a stream of data associated with a specific service
The transport is provided by TCP and UDP protocols
Internet layer protocols are ARP, IP and ICMP
HTTP – hypertext transfer protocol TCP port 80 (application layer)
SSL – Secure socket layers TCP port 443
SMTP – TCP port 25. Files stored in LocalDrive:\Inetpub\Mailroot
SNMP – simple network management protocol used to provide information about TCP/IP hosts, UDP port 161.
FTP – only basic authentication allowed, TCP port 20 (data) TCP port 21 (control). Files stored in LocalDrive:\Inetpub\Ftproot (application layer)
POP – TCP port 110
DNS – UDP port 53 (query) TCP port 53 (zone transfer)
NNTP – TCP port 119. Files stored in LocalDrive:\Inetpub\Nntpfile\Root
PPTP – Point to point tunneling protocol TCP port 1723; protocol number 47
L2TP/IPSec – UDP ports 500, 1701 and 4500; protocol number 50
ARP, ICMP and IP (internet layer)
[1.8] IP addressing
Internet Assigned Numbers Authority (IANA) divides up non reserved portions of IP address space
IANA gives address blocks to local authorities such as ARIN which in turn give it to large ISP
Private addresses are in ranges 10.0.0.0 – 10.255.255.254, 172.16.0.0 – 172.31.255.254, 192.168.0.0 – 192.168.255.254
IP addresses are just a representation of a 32 bit number broken into 8 bit parts for ease of visualization by the administrator
IP address is made up of two parts, network address and host address. Network prefix is the number of bits in network id.
IP class assignments
Class A 1-126.x.x.x, hosts supported 16777214, with mask 255.0.0.0
Class B 128-191.x.x.x, hosts supported 65534, with mask 255.255.0.0
Class C 192-223.x.x.x, hosts supported 254, with mask 255.255.255.0
Class D 224-239.x.x.x, reserved for multicast addressing
Class E 240-254.x.x.x, reserved for experimental use
Subnet mask is used to determine whatever the packet is destined for the current network or not. It does that by masking the network part of the IP address. The PC proceeds by finding his own network address using his IP and subnet mask in a bitwise AND operation. Then the PC does a bitwise AND operation on the destination IP and his subnet mask to determine foreign network address. If the addresses match then the packet is to travel on the local network, if the don’t then the packet is destined to a foreign address.
CIDR – this is a shorthand notation for a subnet mask, classless interdomain routing notation. It counts the number of 1′s in the subnet masks binary representation and is displayed after the ip address, for example 192.168.2.12/24 means that the subnet mask is 255.255.255.0 since we have 24 1′s in the subnet mask. It is not compatible with RIP v.1. It is the name administrators commonly refer to when talking about supernetting since CIDR is used to shorten routing tables.
Default gateway is the IP address of a routing device that accepts packets destined to other networks. Other networks are subnets that are not within the broadcast range of the PC that contacts default gateway (itself it is within broadcast range).
Follow these simple steps to spot an IP address that is invalid:
Host without a subnet mask
No unique network ID (per WAN) or no unique host name per LAN
Neither network ID nor host ID can be all 1 (since that is the broadcast address)
[1.9] Subnetting and supernetting IP networks
Subnetting – occurs when one needs to divide default A,B or C class address space into smaller spaces. The logical division is accomplished by extending the string of 1′s in the subnet mask.
Subnetting is used for: accommodating security needs, physical topology, limitation of broadcasting
Number of hosts on a subnet = 2^(32-subnets # of 1′s)-2. We subtract 2 since one address is needed for network ID and one for network broadcast
Host ID with all 0′s is the network ID and host ID with all 1′s is broadcast address
Supernetting – occurs when one wants to combine default A, B or C class address spaces into one large space. This method allows for more efficient allocation of network address space.
In supernetting’s major difference from subnetting is the removal of 1′s from the network address. Thus one might have /23 /22 /21 /20 supernet masks.
Conversion from binary to decimal and back is based on the power each system uses, 2 for binary 10 for decimal and so on. The position of a digit in a number, starting from zero, determines to which power the base is raised. The value of the digit is the number by which the base to the power is multiplied by. Sum all the digits to get the number in decimal. For example number 123 in base 8 is 1*8^2+2*8^1+3*8^0 = 83 in decimal. To minimize errors it is best to use a calculator.
Variable length subnet masks (VLSMs) – allow for subnets to be subnetted themselves making the use in large organizations of network address space more efficient. They allow administrators to create subnets of varying sizes.
Classless Inter-Domain Routing (CIDR – defined in RFC 1519) using variable length subnet masks (VLSM) was created to allow for greater flexibility with routed IP networks, to allow for the accelerating expansion of the Internet.
VLSMs use Subnet IDs to create subnets of different sizes, they are not compatible with old routing protocols like RIP 1
[1.10] Other points
Administrator can install on a computer file and print services for Macintosh but only print services for Unix
TCP/IP is installed by default by Windows setup
The following are installed as part of simple TCP/IP services: Character Generator, Daytime, Discard, Echo, Quote of the day
The MAC address cache on a computer can be cleared manually (it refreshes itself every 2 minutes) by issuing arp -d command
Most computers on the network use DHCP for addressing as it produces less human error than static addressing. Static addressing is used by servers.
Part 2: Troubleshooting and monitoring TCP/IP
[2.1] Analyzing traffic using network monitor
Frame is an encapsulation of network interface layer (layer 2) data. Each frame contains source and destination computer addresses, header of the protocol used to send data and data itself.
Packet is an encapsulation of internet layer (layer 3) data
There are two versions of Network Monitor, the basic version ships with Windows Server 2003. Network administrator needs to purchase the advanced version from Microsoft. Advanced version can capture data from all devices on a network provided the administrator used hubs not more common switches.
Network Monitor is made up of two components, administrative tool called Network Monitor and an agent called Network Monitor Driver
Network Monitor Driver can be installed by itself on windows XP/2000/2003 PCs in the same manner as one installs a new protocol
The monitor can be used to find NIC’s MAC address, computers GUID and many other useful information
Parsing is the process of reading, analyzing and describing the contents of frames. Administrator can add new parsers to network monitor by adding parser dll files into %systemroot%\system32\Netmon\Parsers folder and modifying parser.ini file in %systemroot%\system32\Netmon folder. By default network monitor supports over 90 protocols.
[2.2] Problems with TCP/IP connections
Network diagnostics is a graphical tool that administrator can access from help and support tools menu. Users can save output to a file for examination by network administrator.
Netdiag is a command line tool that is used to run different network tests. Administrator needs to install the tool first from the Windows CD, the support tools file is called suptools.msi.
Tracert – shows the path a packet takes to reach given destination, this is done by setting different TTL values in the IP header of ICMP echo requests. Up to 30 hops, tells administrator when connectivity stops.
Pathping – as tracert but shows the path that a packet takes to reach a given destination, however it also shows detailed analysis of traffic. Used to troubleshoot erratic network behaviour such as packets being delayed, where tracert is used for network connectivity.
Arp – used to show the Arp cache on the PC. Sometimes local network computers can have wrong MAC addresses of each other cached and thus cannot communicate, use arp to check whatever addresses are correct. To cleat arp cache use arp -d command. Arp -a is used to check hardware address mappings, if it checks out look for hardware problem
If the administrator is able to ping loopback address, PC own address and the local gateway but no other PCs the problem is most likely with arp cache being corrupted.
Troubleshooting steps: loopback, local PC, default gateway, remote host by IP, remote host by name.
Part 3: Implementing, configuring and troubleshooting DNS servers
[3.1] Differences between DNS and NetBIOS
NetBIOS (Network Basic Input Output System) is not a naming system, it is an API that provides naming and name resolution services
DNS is the preferred name resolution system in Windows, but it needs configuration unlike NetBIOS
NetBIOS is used for browsing Microsoft Windows Network through My Network Places and connecting to shares using UNC paths (File and Print for Microsoft Networks)
NetBIOS name space is flat, while DNS is hierarchical
NetBIOS name – used to identify a NetBIOS service that is listening on the first IP that is bound to the adapter
Maximum computer name length in NetBIOS is 15 bytes (characters) while in DNS host name can be up to 63 bytes and FQDN up to 255. When the computer name is longer than 15 characters then the NetBIOS name is the computer name’s first 15 characters.
To view NetBIOS PC name go to system properties, network identification, properties and more button
Host name – the first label of a FQDN, it is just about any network interface with an IP bound to it
Primary DNS suffix – also known as primary domain name or the domain name, specified on the computer name tab
FQDN – DNS name that uniquely identifies the computer on the network. It is concatenation of the host name, primary DNS suffix and a period. The full computer name is a type of FQDN, the same computer can be identified by more than one FQDN but only the FQDN that concatenates the host name and primary DNS suffix represents the full computer name.
NetBIOS resolves names through WINS server, Local NetBIOS cache, NetBIOS broadcast, LMHOSTS file
DNS resolves names through DNS server or Hosts file (which is part of client cache). Entries added to the hosts file are immediately loaded into resolver cache.
Both LMhosts and hosts files are located in %systemroot%\system32\drivers\etc folder
Nbtstat is used to interact with NetBIOS from command line, -c switch lists local cache contents, -R purges the cache, view cache, use nbstat -n
DNS is required for Windows 2000/2003 domains (AD) and internet
NetBIOS is needed by older Windows operating systems, workgroups in Windows 95/98/Me/NT
NetBIOS is enabled by default for all local area connections, administrator can disable NetBIOS to increase security from TCP/IP properties screen, but users will no longer be able to use computer browser service
Windows Server 2003 client computer always tries to resolve names using DNS before NetBIOS
[3.2] DNS as part of Windows Network
DNS is a hierarchical system based on a tree structure called DNS namespace
Each DNS namespace has to have a root that can have unlimited number of subdomains. The root is an empty string
Every node in the DNS namespace has a specific address by which it can be identified, called a FQDN
The dot is the standard separator between domain lables. The dot also separates the root from the subdomains, but is usually omitted by end-user and automatically added by DNS client service during a query.
On the internet the DNS root and top-level domains are under control of Internet Corporation for Assigned Names and Numbers (ICANN)
There are three types of internet top-level domains, organizational, geographical and reverse (in-addr.arpa)
DNS server can be authorized for one or more zones which contain one or more domains. Server is said to be authorized for a zone if it hosts the zone as primary or secondary server.
When client or DNS service are stopped, their caches are cleared
DNS client is installed by default, server component is not
A forwarder is a DNS server that is used to resolve queries external to the server using it
A conditional forwarder is a DNS server that examines the domain name of the query and forwards it (the query) to specific server based on name asked in the query. All forwarder options are set from the forwarders tab on the DNS server properties dialog box.
[3.3] DNS components
DNS zone is a portion of a DNS namespace for which DNS server is authorative. A server can be authorative for one or more zones and each zone can contain one or more domains. Zone files store resource records, they are usually text files but on Windows 2000/2003 administrators have an option of active directory integrated zones.
DNS resolver is a service that uses DNS protocol to query for information from DNS servers. On Windows 2003 this is done by DNS Client Service
The third component is the DNS server itself. Above breakdown hold for any DNS implementation.
[3.4] DNS server query process
Each query message contains the following information:
DNS domain name as FQDN
Query type, resource record by type or specialized type of query operation
Specified class for the DNS domain name
When user wants to resolve an address the first place DNS client service looks in is user’s computer local cache and hosts file
If local resources don’t resolve the name, DNS client uses server search list to query preferred DNS server, if it is unavailable alternate DNS servers are used according to their positioning on the server preference list
The DNS server after receiving a query first checks to see whatever it is authorative for the domain in question, if it is not, it checks local cache for already performed queries. If that doesn’t resolve as well, a recursive query is performed.
For recursive queries DNS server needs to be configured with Root Hints, which by default are stored in file cache.dns in %systemroot%\system32\dns folder
Server asks the appropriate root server for an address of more knowledgeable server, then it asks that server etc. till it gets the answer. It is like walking the namespace tree.
The most common responses to the client are: An authorative answer, a positive answer, referral answer and negative answer.
If recursion is disabled on the server it will send a referral answer back to the client. The client will need to perform iteration (repeated query to different DNS servers – DNS tree walk) to get the answer it seeks.
After a query client gets a positive answer it is frequently authorative the first time around, while consecutive answers are non-authorative. This is due to DNS server caching of the original query.
Reverse query – is performed by taking an ip address in the form a.b.c.d and presenting query to the DNS server in the form d.c.b.a.in-addr.arpa. ARPA stands for Advanced Research Projects Agency. Due to luck of vision the first DNS implementation didn’t support reverse queries, PTR records are just pointers to A records.
[3.5] DNS client query process timeout
DNS client sends a query to preferred DNS server and waits for 1 second for response
If no response is received the client sends a query to the first server on all adapters and waits for 2 seconds
If there is still no response, client sends a query to all DNS servers on all adapters and waits for 2 seconds
If no response continues client sends query to all servers again and waits for 4 seconds, then again and waits for 8 seconds
If after performing all of above steps client didn’t get any response, it returns time out to the calling process
[3.6] Configuring DNS server
Network administrator can create two types of zones, forward or reverse lookup. In forward lookup zone the FQDN is mapped to an IP address, this is a conventional zone. In reverse lookup zone the IP address is mapped to FQDN
There are three types of DNS server roles with respect to a zone (i.e. we look at the zone and if our server is primary for that zone we say we have DNS server in primary role, however the same server can be secondary for a different zone (call it B) as well, in which case it is said to be in secondary role for zone B):
Primary – provides original data, can be updated
Secondary – provides a copy of original data, cannot be updated
Stub – copy of a zone containing only those resources records necessary to identify the authorative DNS server for the master zone, enables parent zone to keep updated list of name servers in the child zone
Caching only – no zones at all stored on the server
When administrator wants to decrease the amount of name resolution traffic while avoiding zone transfer traffic install caching only server
When DNS server is installed it is automatically configured to act as a caching only server
When a zone is created it automatically has in it SOA and NS records
To view the contents of the DNS server cache administrator needs to select ‘Advanced’ from view menu
In the resource record file lines that are blank or start with ; (semi-colon) are ignored by the DNS server
Master server is the server from which secondary server got zone information (can be a primary server or another secondary server)
When DNS server zone data is stored in AD (AD integrated) all DNS servers become peers
In non-Microsoft implementations of DNS server the secondary zone is also known as the slave zone, while the primary zone is also known as the master zone
[3.7] Resource records
Resource records have the following syntax: Owner TTL Class Type RDATA
Owner – the name of the host or the DNS domain to which this resource record belongs
Time to live (TTL) – A 32 bit integer representation of the time the record should be cached
Class – protocol family in use, optional field, IN (internet class) for Windows based DNS service
Type – for example A or TXT
RDATA – this is where actual resource record data is stored
[3.8] Basic resource record types
Host (A) – most common record type, used to associate computers to IP addresses. Administrator can add them manually, they can be added by DHCP Client service, updated by proxy for older Windows OS and DHCP on Windows Server 2003.
Alias (CNAME) – also known as canonical names. These records allow computers to use an alternative name to point to a host. They are quite often abused. They are recommended for use when a generic service such as ftp needs to resolve to a group of computers or when renaming a host.
MX – these are mail exchange records and they point to a mail servers for a given domain, more than one are used for fault tolerance (if the company can afford extra hardware and software needed)
PTR – pointer records are used to perform reverse lookup. Reverse lookups are performed in the zones with root in-addr.arpa. Same methods of creation as an A record – they are opposite of each other.
SRV – service locator records are used to specify location of services in a domain. Windows Server 2003 AD uses SRV records, all the records needed by AD can be found in Netlogon.dns in %systemroot\System32\Config folder, if the records need fixing use netdiag /fix.
NS – name server record is used to indicate which DNS server(s) are designated as authoritative for the zone. Any server specified in the NS record is considered an authoritative source by other servers for given zone. It is able to answer with certainty any queries made for names included in the zone.
SOA – start of authority indicates the name of origin for the zone and contains the name of the server that is the primary source for information about the zone. It also indicates other basic properties of the zone like the primary DNS server, responsible person, serial number, refresh interval, retry interval, expire interval and TTL. SOA record is always the first record in any standard zone.
[3.9] Configuring client computers for use of DNS
In order to configure DNS on a client system an administrator needs to do three things:
Administrator needs to set host name for each computer that is going to use DNS, it can have up to 63 bytes (for NetBIOS compatibility up to 15 bytes (characters)) and can only contain letters numbers and ‘-’, it is not case sensitive
Administrator also needs to set primary DNS suffix for each computer, the suffix together with the host name forms a FQDN, it is selected from the system properties -> computer name -> change button -> More, by default it is the same as the AD name in which the PC resides
Finally, administrator need to write a list of DNS servers that the clint is to use in order, starting with preferred DNS server
Administrator may configure connection specific DNS suffix for each adapter on the DNS client PC, this is done from Advanced TCP/IP settings dialog box, it gives to different FQDN to the same computer so it can communicate on different subnet in addition to its full DNS computer name. For each FQDN and for computer name an A and PTR records are created in appropriate zones and DNS servers.
If network administrator configures DNS suffix search list then the computer will be able to resolve single-label unqualified names and multiple label unqualified names. By default, the search is performed using primary domain suffix and, if applicable, connection specific suffixes.
The ipconfig /displaydns command shows DNS cache on client, ipconfig /flushdns clears DNS cache
When a query is submitted with an unqualified name the client service by default adds to it the primary DNS suffix and checks the query. If that doesn’t work the client adds connection specific DNS suffixes and retries. If there is still no positive response, client adds the parent suffix of the primary DNS suffix to the name and does the final check.
If the administrator is only able to ping the user computer by IP (from another PC), he can try to use ipconfig /registerdns on Windows XP/2000/2003
[3.10] Updating of client records in the DNS
Windows server 2000/2003 and BIND 8.1.2 or later can accept dynamic updates of A and PTR records performed by clients or on behalf of clients by DHCP server.
By default, clients with static IP address attempt to update both A and PTR records for all IPs. Registration is based on domain membership settings.
Windows 2000/XP/2003 computers with dynamic address (assigned by DHCP) attempt only to update their A records (PTR left for DHCP server to update if needed). The client contacts the server every 24h to update the mapping unless one of the following occurs:
Computer name changes
Member computer is promoted to the role of DC
One of the commands listed is used: ipconfig /release, ipconfig /renew, ipconfig /registerdns
When the local IP address changes, including IP address lease from the DHCP server
Computers with operating system earlier than Windows 2000 (i.e. 95/98/Me) that use dynamic address have the DHCP server do all the work (both A and PTR records due to client unaware of dynamic update functionality). User can force registration by client using ipconfig /registerdns
[3.11] DNS server properties
Interfaces – which IP addresses should server computer listen for requests, by default all IP addresses
Forwarders – allows for setting up upstream DNS servers that current DNS server will forward queries to. The process of forwarding selected queries is called conditional forwarding. This tab allows the administrator to disable recursion (on per domain basis) on queries that have been sent to forwarder (by default if forwarder fails to resolve local server tries to resolve using recursion). When DNS server A has forwarder server B set and server A has disabled recursion then server A is called a slave server since it is totally dependant on server B (forwarder) for queries it cannot resolve locally. The default timeout for forwarded query is 5 seconds.
Advanced tab – allows enabling and disabling of special futures. If administrator disables recursion then it is disabled for all queries and forwarders are disabled as well.
Root hints – this tab contains copy of information found in %systemroot%\system32\dns\cache.dns file. The list of root servers rarely changes, network administrators can get the latest file one from ftp://rs.internic.net/domain/named.cache. Administrator should delete this file if the DNS server is a root server, in which case this screen is disabled.
Debug logging – allows network administrator to troubleshoot his DNS server by logging selected incoming and outgoing pockets. Debug logging in processor and resource intensive operation.
Event logging – allows network administrator to restrict the events written to the DNS event log
Monitoring – basic functionality tests (2) are performed here. The first test is reverse query targeted at self, the second test does reverse query targeted at root DNS server. Administrators are allowed to schedule these tests to be performed between certain time intervals.
Security – this tab is available only if the DNS server is also a domain controller and allows one to set the settings for the users that are given permission to view edit and set DNS zones data.
[3.12] Configuring Zone properties
General tab – used to configure zone type, zone file name, dynamic updates and aging. Administrators can pause name resolution for a zone. AD integrated zones have replication settings enabled, administrator can select to which servers DNS replication data is being sent. There are three dynamic update settings for AD integrated zones, none, non-secure and secure. Aging is the process of placing a time stamp on a dynamically registered resource record and then tracking record age. Scavenging is the process of deleting outdated records. When aging and scavenging are enabled then the zone files are not compatible with Windows DNS servers that are not at least Windows 2000.
Start of authority (SOA) tab – administrator can set a serial number which acts as a revision number, this is used to synchronize zone transfers. Primary server box contains the full name of the server, it must end with a period. Responsible person is the domain mailbox name for the responsible person, should always end with a period. Refresh interval is the amount of time the secondary server will wait before checking the master server for an updated copy of the zone, by default it is 15 minutes. Retry interval is the amount of time, default 10min secondary server waits before re-trying zone transfer. Expires after is the amount of time secondary server without contact with master server continues to answer queries, default is 1 day after that data is unreliable. Minimum (default) TTL this is the time to live applied to all resource records in the zone, default is 1 hour. TTL for this record is the TTL for the SOA resource record, overrides general TTL setting above this box.
Name Servers tab – this tab allows administrator to create NS resource records, they can be created only here (unless manually created). Every zone must contain at least one NS record. In Windows Server 2003 for primary zones the zone transfer is allowed by default only to the servers specified in the Name Servers tab.
Security tab – ACL that defines who can manage and modify zone file data.
WINS tab – used to configure WINS servers to aid in name resolution. When administrator configures WINS, a WINS resource record is added to the zone database. If WINS and DNS servers are set for forward and revers zones, then data is added to both forward and revers zones.
Zone transfer tab – allows the system administrator to restrict the servers to which zone data will be transferred. Primary servers have zone transfers either disabled or limited to the NS tab servers. Administrator can also specify the servers they want data to be transferred to by IP address. Secondary servers by default don’t allow zone transfers, need to enable them 1st. The ‘to any server’ setting was enabled on Windows 2000, but was a huge security hole. Administrator can also notify the secondary servers of a zone file change, notification is enabled by default. There is no need for notification in AD integrated zones. If the server to which DNS data is to be transferred has multiple IP addresses on the same subnet, then they all have to be included for transfers to be successful.
[3.13] Configuring Zone properties – AD integration
Application directory – is replicated among DC, applicable to DNS application directories are DomainDnsZones and ForestDnsZones. The name of each application directory is the previous name concatenated with the FQDN, for example DomainDnsZone.microsoft.com. The domain application directory is replicated to domain servers, forest application directory is replicated to all servers in the forest. Administrator can add new application directories for the use of DNS server using dnscmd [server] /createdirectorypartition [full partition name (FQDN)] to enlist other DNS servers in the partition, administrator needs to issue command dnscmd [server] /enlistdirectorypartition [full partition name (FQDN)] There are no application directories on Windows 2000 (this is new to Windows 2003) To work with application directories administrator needs to be a member of the enterprise administrators security group.
There are four options for zone data replication when the administrator chooses to use AD-integrated zones. On the general tab of zone properties a button is available to change zone replication scope when the zone is AD-integrated. Zone data can be replicated
To all DNS servers in the AD forest – broad scope of replication
To all DNS servers in the AD domain
To all DC in AD domain [domain here] – select if Windows 2000 DNS servers are to load AD zone
To all DC specified in the scope of the following application directory – replicates as the application directory specified, if zone is to be stored in specified application directory partition the DNS server hosting the zone must enlist in the application directory partition that contains that zone.
Secure dynamic updates can be performed only in AD-integrated zones, they use Kerberos for security. Only computers that have Windows XP/2000/2003 are capable of secure updates.
DnsUpdateProxy group – used to solve a problem that occurs with secure dynamic updates. The computer that registered the record becomes its owner and it is the only PC that can update it. Thus, for example if DHCP server registers A record for a PC, it becomes its owner, not the PC to which A record points. When DHCP server is a member of DnsUpdateProxy group it is prevented from taking the ownership of the record – secure less entry exists till the real owner takes its ownership.
Only primary zones can be AD-integrated. Secondary zones are always stored as text files, there are no AD-integrated secondary zones since AD-integration makes all servers into peers.
[3.14] Advanced DNS server properties
Disable recursion – DNS server uses recursion to resolve client queries if the disabled default state is left as is. When the option is enabled the DNS server does not answer the query for the client but instead provides the client with referrals. When recursion is disabled the DNS server will not be able to use forwarders.
BIND Secondaries – DNS server does not use fast transfer format when performing a zone transfer to a secondary server based on BIND. This allows for a compatibility with older versions of BIND, versions 4.9.4 and later support fast zone transfer and this option should be disabled for these. The fast transfer format is efficient, it allows data compression and multiple record transfer per TCP message, it is always used among Windows based DNS servers. This option is enabled by default.
Fail on Load if Bad Zone Data – when this option is disabled (default setting) the DNS server will load zone even if errors are found in the database file. Any errors that occur will be logged. When option is enabled damaged zone database does stop load operation dead cold.
Enable netmask ordering – when selected (default setting) this option makes sure that when a client query matches multiple A records the one in client’s subnet is returned first in a response list that contains all matching records. This option is also sometimes referred to as LocalNetPriority option (this comes from same referral in dnscmd utility).
Enable round robin – this setting (enabled by default) ensures that for a query that matches multiple A records the first entries in the returned response list rotate. This method is used as a poor man’s network load balancing. Local subnet priority is taken into consideration before round robin is. When round robin is disabled records are returned in the order they are in the zone file.
Secure cache against pollution – this setting (enabled by default) prevents the DNS server form accepting referrals that might be polluting its cache or be insecure. The server will cache only these records that have a name that corresponds to the domain for which the original queried name was made, any other are discarded.
Name checking – the default setting of Multibyte (UTF8) ensures that the DNS server verifies that all domain names confirm to the Unicode Transformation Format (UTF). Use strict RFC if the server cannot work with UTF, other two options are only for special circumstances (they are: all names and non-RFC).
Load zone data on startup – specifies from where initial zone data is to be loaded from, by default it is from active directory and registry. Another storage option is to use the registry or a file. The file is from BIND based DNS servers and is usually named Named.boot in older BIND 4 format (not BIND 8).
Enable automatic scavenging of stale records – this option is disabled by default, when enabled DNS server will perform scavenging of stale records automatically in pre-defined time intervals.
[3.15] Creating zone delegations
When administrator delegates a zone he assigns a portion of authority over main DNS namespace to subdomains within main namespace. The responsibility is passed from the parent domain to the subdomain.
Network administrator should consider delegation when:
There is a need for hosts whose names are structured around department affiliation
Central company administrative body wants departments to handle their own business
Network traffic is creating the need to distribute query load on multiple DNS databases
The parent zone will need to contain the A record and the NS record of the child zone, both records are created automatically when new delegation is created. The glue record (A resource record) is hidden from view of the administrator, but it is still there.
The NS record is known as the delegation record, it is used for advertising of the name server and performs the actual delegation. The A resource record is known as the glue record, it is needed if the authorized server is also in the delegated zone.
Delegation takes precedence over forwarding, i.e. if a server knows of a child that can answer the query it will contact it not do a forwarding query request.
[3.16] Stub Zones
Stub zone is a shrunk copy of a zone updated at regular intervals that contains only the NS records belonging to the master zone. As a result of that, the server that hosts the stub zone doesn’t answer queries directly, instead it directs queries to name servers specified in stub zone’s NS records.
Stub zone keeps all NS records from master zone current. When administrator configures a stub zone he needs to specify at least one name server whose IP address doesn’t change. Any further name servers added to the zone will be added automatically through zone transfer. The administrator is unable to modify the stub zone data directly, the data is modified automatically when the parent zone changes.
When delegating control for a zone to another server the master server will not learn of new servers added to the child zones. Administrator needs to setup a stub zone for the child on the master server to ensure that the master server will learn of the new name servers in the child zone.
Stub zones can also be used to provide additional connectivity across domains without redundancy provided by secondary servers. Enhanced connectivity is achieved without increase in replication traffic.
A stub zone contains SOA, NS and A glue resource records for authorative DNS servers in the zone. The SOA record points to the master server while NS records point to other name servers, the A record hold IP addresses of authorative servers.
The stub zone name resolution process: client queries a server with a stub zone, DNS server uses stub zone resource records in resolution. Authorative servers in the stub zone are contacted , if they cannot be a standard recursion is performed. The response from stub zone’s authorative server is not placed in the stub zone but cached with TTL as in stub zone SOA record.
Stub zones offer the following advantages
Stub zones improve the name resolution by allowing the server to perform recursion without using the root servers
Keep foreign zone information current by updating the stub zone at regular intervals the zone keeps an accurate list of the name servers in the child zone.
Simplify DNS administration by distributing zone information without the need for secondary zones.
[3.17] Understanding DNS troubleshooting tools
Nslookup is a command line tool used in querying the DNS server. In the interactive mode the commands entered are case sensitive. Here is a short description of more advanced options available:
The command set q=[recordtype|any] is used to search for specific records
To use a different server use “server new_server_name”
Network administrator can use the ‘ls’ command to simulate a zone transfer, all data can be listed. Note that by default on Windows Server 2003 zone transfers are restricted to approved hosts only. The -a switch returns alias and canonical names, -d returns all data, -t filters by type
DNS debug log is found in %systemroot%\system32\dns folder and is named Dns.log. Administrator should view this file when the DNS service is stopped. The default file format is RTF, to open it user need WordPad (not notepad or other basic text editor). By default only DNS errors are logged but administrator can change that from the DNS server properties Debug logging tab.
The DNS event log logs everything by default, administrator can change that default behaviour by using the Event Logging tab in the DNS server properties. This is a Windows standard log file and all size and filtering options are the same as for any other log.
Commands entered into nslookup during interactive mode are case sensitive
Support tools include utility called DNSLint which is useful when troubleshooting delegation issues
The dnscmd tool includes two useful troubleshooting switches, /clearcache and /info (whose actions are self explanatory)
[3.18] Stale records
Stale records (records that are no longer valid) can be left on the server. One common way this can happen if client PC is not allowed to clean after itself, it is improperly disconnected from the network.
The following futures of the DNS server in Windows 2003 help system administrators get rid of stale records:
Records can have a time stamp attached to them in primary zone (as per DNS server time), manually added records have time stamp value of zero indicating that they don’t age
Records are aged as per TTL. Secondary zones are scavenged by the primary server.
If stale records persists on the system, they may cause following problems:
Improper name resolution, a FQDN prevented from being used by another PC
Poor server performance, too many records to search and very large zone files to transfer
[3.19] Using DNS monitoring tools
To monitor the resource impact of DNS server on the PC use performance monitor, perfmon.exe. The DNS object includes 62 different counters that computer can keep track of.
For AD integrated zones there is an option of using AD native monitoring to trace the replication traffic. Replmon.exe from Windows support tool is used to monitor and troubleshoot AD replication.
The replication monitor will display 5 or more directory partitions, administrator needs to find out in which one is DNS zone data stored. The command dnscmd /zoneinfo [domain name] can be used to find zone information. Once directory partition is known, administrator can use replication monitor to force zone replication – r-click the directory and choose synchronize with all servers. Any general replication errors are displayed by the replication monitor.
For more advanced AD debugging use repadmin utility provided as part of Windows support tools.
[3.20] Improving DNS server performance
By installing a caching only server close to the clients the load on the primary and secondary server’s is greatly decreased
[3.21] Other points
DNS cache is cleared each time DNS service is restarted. DNS cache can also be cleared using dnscmd /clearcache from command line
DNS server test consist of a single reverse lookup of loopback device, if it fails make sure you have record named ’1′ in reverse lookup zone 0.0.127.in-addr.arpa. Another test checks for recursive DNS.
Zone transfer can be started if one of the four events occurs:
Refresh interval of the primary zone SOA record expires
The secondary server boots up (DNS service is restarted)
Change occurs in the configuration of the zone records on the primary server and it notifies the secondary of the change
DNS console is used at the secondary server for the zone to manually initiate a transfer from its master server
When zone transfer occurs it is by default incremental zone transfer (IXFR) which transfers only changed records, it is described in Request for Comments (RFC) 1995. Some older DNS servers that don’t support IXFR will use all zone transfer (AXFR) which is also supported by Windows Server 2003. The older standard transfers the whole DNS database.
Stub and secondary zone update operations explained
Reload – reloads the zone from the local storage of the DNS server hosting it
Transfer from Master – the server hosting the zone checks its SOA record for expired data and performs a zone transfer from zones master server
Reload from Master – this operation performs a zone transfer from the zone master server regardless of the serial number expire date in the zone’s SOA record
Part 4: Implementing, configuring and troubleshooting DHCP servers
[4.1] Configuring DHCP server
DHCP server allows system administrator to automatically assign IP addresses, subnet masks and other configuration information like DNS and WINS servers to client computers on local network.
Through the use of DHCP server network administrators save time required for configuration and re-configuration of computers.
Administrator should install DHCP service on a computer that was assigned a static IP address (this prevents clients to look all over the subnet to get their addresses renewed)
You need to have administrative privileges to install and administer DHCP server
You need to authorize your DHCP server if it is to be integrated in AD network (Person authorizing the DHCP server needs to be a member of the enterprise administrators security group). Stand alone DHCP servers can still be deployed but they should not share subnet with authorized DHCP servers. Stand alone servers that are deployed together with authorized servers are called rogue servers. The rogue server will automatically stop its DHCP service when it detects authorized server on the subnet.
DHCP scope is a pool of IP addresses within a logical subnet which DHCP server assigns to its clients. Scopes provide for IP address management.
When an IP is offered for a client it is said that IP address is a lease. When the lease is made it is said to be active. Leases are renewed for different reasons, client will try to renew when 50% of old lease expires.
The DHCP server has to have IP address compatible with the scope it is assigned, i.e. the server itself has to be in the scope.
The 80/20 rule – to provide for fault tolerance in an environment with two DHCP servers, the first server (A) should have 80% of the addresses for his local subnet, 20% of addresses for the subnet on which another DNS server (B) is present. The same assignment is repeated on server (B) which gets 80% of addresses in its own subnet and 20% of addresses in the subnet on which server (A) is present. This concept is applied when 2 or more DHCP servers are present.
Reservations are placements in the scope reserved for specific computers. You reserve IP address for a specific network adapter using its MAC address. To create new reservation open the scope in which you want to create new reservation r-click Reservations and select New Reservation. Reservations cannot be used interchangeably with manual static configurations. Reservations don’t work when address is simultaneously reserved and excluded. Reservations are used as an alternative to static addresses for computers that are no essential to network function (i.e. not critical servers).
The scope needs to be activated before the server can hand out addresses (for AD integration it also need to be authorized). To activate a scope open the DHCP console, select scope you want to activate, from actions menu select Activate.
Exclusion range – group of IP addresses residing in the scope that administrator doesn’t wish to be leased to DHCP clients
DHCP is na extension of the Boot Protocol (BOOTP). Microsoft DHCP server can assign addresses to BOOTP clients.
[4.2] DHCP scope options
DHCP options can be configured on reservation, scope and server level. To configure options for reservation, select it and from the actions menu choose ‘Configure options’. To configure options for a scope select scope options folder and then ‘Configure options’. To configure server options select server options folder and then ‘Configure options’
There are more than 60 different options available for the DHCP server, the most common (important ones are):
003 Router – IP addresses of routers on the same as client subnet, used by client for packet forwarding
006 DNS servers – IP addresses of DNS servers
015 DNS domain name – domain name DHCP clients should use when resolving unqualified names during DNS domain name resolution; allows for client dynamic DNS update
044 WINS/NBNS servers – IP addresses of WINS servers
051 Lease – special lease option for remote clients
Options set on the DHCP server take effect when clients renew or obtain new lease
[4.3] DHCP scope futures
Scope name page – you can give your scope a name
IP address range – you can define starting and ending IP address of the scope and the subnet mask. You should choose consecutive address range of the subnet and later exclude the computers with static addresses.
Add exclusions – these are the addresses that will not be leased to DHCP clients
Lease duration – length of lease
Configure DHCP options – whatever to configure DHCP options for the scope through further pages in the wizard or later in the DHCP console, you can configure options at the reservations level, scope level or server level. There are more than 60 different DHCP options.
Router (Default Gateway) – optional, which default gateway should be assigned to DHCP clients
Domain name and DNS servers – optional, which domain will be assigned as parent and which DNS servers will be given to the DHCP client
WINS servers – optional, addresses of WINS servers that are to be assigned to the DHCP client
Activate scope – optional, whatever the scope will be activated after the DHCP wizard finishes
[4.4] Managing DHCP server
To change the DHCP server status open the DHCP console, go to actions menu and select one of Start, Stop, Pause, Restart and Resume
You can also use the Net command to change the status of DHCP server, the command line syntax is Net [operation like start/stop/pause/continue] DHCP_server
You can manage DHCP server from command line using netsh command line tool, with dhcp subcommand option.
Superscope is an administrative grouping of scopes that is used to support multiple logical subnets also known as multinets on a single network segment. They exist on 1 physical network and work with multiple logical networks. This method is used for DHCP server to provide clients with addresses from multiple scopes. Administrator needs to delete the superscope before deleting any scope that is contained within it. Superscopes group scopes that can be activated together, it doesn’t carry any details about the scopes.
To move a scope to a new addressing range first create a new scope with new range and then activate it and deactivate the old scope. Either manually or by waiting make sure all clients move to the new scope, delete old scope.
If a superscope is not defined on a server then only one scope can be active at a time.
In order for the DHCP server to not assign already assigned IP address to a new client DHCP has conflict detection (advanced tab of DHCP server properties) in which the server pings the address it is about to assign in order to check whatever it is free.
Multicast scope – regular DHCP scopes to provide client configurations by allocating ranges of IP addresses from the standard classes (A, B, or C). The multicast address range uses an extra address class, D, IP addresses from 224.0.0.0 to 239.255.255.255 for use in IP multicasting. In every TCP/IP network, each host is gets own IP address, from regular address classes. The unicast IP address is assigned before host can support and use secondary IP addresses, such as a multicast IP address. Multiple PCs can share the same multicast IP address. On private networks it is recommended to start with 239.192.0.0 range. When a packet is sent with destination that is a multicast address it gets delivered to all PCs that have it. Multicast scopes are supported through the use of MADCAP (Multicast Address Dynamic Client Allocation Protocol).
DHCP server performs backup by itself up every 60 minutes, you can also do manual backup. Manual backup is performed from Backup command in the DHCP console. When the backup is made the whole DHCP database is saved. Some things, like credentials are not saved. The manual backup default location is %systemroot%\system32\dhcp\backup. The following data is backed up: all scope information including superscopes and multicast scopes, reservations, leases, all options. The database backup file is called DHCP.mdb.
To change backup behaviour of DHCP server, one needs to edit the following registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters\BackupInterval\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters\BackupDatabasePath\
To migrate DHCP server all you need to do is move the database, simply back it up and then restore it on the new computer
Jetpack.exe is a tool that allows support for offline compaction and repair of Jet databases such as DHCP or WINS. You can use dynamic compacting of DHCP server database without the need to bring server offline, but offline defragmentation is more efficient. Compacting should be done whenever the database size grows beyond 30 Mb or you get corruption errors.
Option class – they way DHCP server manage provided to clients within a scope. When an option class is added, clients of that class can get class specific configuration options. There are two types of classes, Vendor classes and User classes.
Vendor class is used to assign vendor specific options to clients that share common vendor
User class is used to assign options to clients that share user defined similarities
The DHCP server has a default user class called ‘Default routing and remote access’. Options in this class apply only to clients that request address while connecting through Routing and Remote access. You can set different options, for example you can assign shorter leases to the clients connected remotely (this is option number 051 Lease).
To create your own user or vendor class open DHCP console and r-click the DHCP server and select ‘Define User classes’. After defining a new class you need to assign ID to it and options. On the client side you need to make sure that the clients know in what class they are, you do this by executing ipconfig /setclassid. To view all classes allowed by the DHCP server execute ipconfig /showclassid
[4.5] DHCP and DNS working together
Windows 2000 and later computers try to register their own A record but they ask DHCP server to register PTR record
By default the DHCP server only attempts to update client records if such operation is requested by the client computer
You can also configure the DHCP server to attempt to update A and PTR records regardless of clients requests
By default the DHCP server discards the A and PTR records when the lease expires (you can set it so they are kept)
By default DHCP server will not perform dynamic updates on behalf of older Windows clients that don’t request updates to be done
The update settings are configured on the DNS tab of DHCP server properties
DnsUpdateProxy is a security group that sets records updated/created by its members in security less setting (objects created by members of this group have no security related settings). When a DHCP server that is not a member of the group modifies or creates an entry in the DNS, it becomes the owner of that entry and only it can change the entry. This might create problems when for example, client cannot modify a record because server took ownership of the record. The membership of the DHCP server in this group solves stale record problems.
Usage of the DnsUpdateProxy group also might cause some problems if the DHCP service is installed on a DC since all records created are not secure (same holds for the A records of the non-DC DHCP servers, but one can modify these manually giving them an owner). In particular, the records created by DC netlogon service are not secure.
[4.6] Analyzing DHCP server traffic
Communication between DHCP server and DHCP client for lease:
Client seeking IP address brodcasts on the network DHCPDISCOVER message
Any DHCP server that receives the message and has available IP addresses sends a DHCPOFFER for a period of time called lease
If no DHCP servers are available, the client can use APIPA or use alternative configuration, older clients fail to initialize and continue to send DHCPDISCOVER messages every 4 times per 5 minutes
Client selects one of the offers and brodcasts DHCPREQUEST indicating its selection
DHCP server sends DHCPACK message to the client with possible configuration information like DNS server IPs
Communication between DHCP server and DHCP client for lease renewal:
Client computer sends DHCP Request message to the server that leased it the IP address, it contains the FQDN of the client computer. The DHCP request message is also used by the client to request dynamic updates from the DHCP server.
If the DHCP server can be reached, it sends DHCPACK message back indicating renewal of the current lease (or remains silent)
If the DHCP server cannot be reached then the client waits until it reaches the rebinding state which usually occurs 7 days after last lease renewal. When the state is reached the clients attempts to renew with any available DHCP server.
If the server responds with DHCP offer message the client renews the lease and continues its operation
If the lease expires and client doesn’t renew it ceases to use the leased IP address. It then tries to obtain new IP address lease.
DHCP Server can also issue DHCPNACK response indicating that the requested IP address is unavailable. In this case lease renewal fails and client is forced to initiate new lease request process.
[4.7] DHCP audit logging
In its default configuration the DHCP server writes daily audit logs to the folder %systemroot%\system32\dhcp. The text files that are created there are named after the day of the week they were created on. You can modify file location from the advanced tab of the DHCP server properties. The files are in the format DhcpSrvLog-[3-letter day of the week abbreviation].
You can turn logging off on the general tab of DHCP server propert

Trackbacks

Write a Comment

Gravatars are small images that can show your personality. You can get your gravatar for free today!

70-291

PassGuide Cisco Exams Questions & Training Materials

About the Author

8 Comments on “70-291”

Trackbacks

Write a Comment

Subscribe

Categories

Blogroll

Meta

Archives

News Categories

Site Pages