Overview

Introduction

The Installing and Configuring DNS Servers Part 2 module provides you with the instruction and server hardware to develop your hands-on skills in the defined topics. This module includes the following exercises:

  • Configuring DNS Socket Pool
  • Managing DNS Cache Locking
  • Creating a GlobalNames Zone
  • Enabling Response Rate Limiting in DNS
  • Managing DNS Logging

Lab time: It will take approximately 1.5 hour to complete this lab.

Exam Objectives

The following exam objectives are covered in this lab:

  • Changing DNS Socket Pool settings
  • Modifying system values of DNS Cache Locking
  • Configuring a GlobalNames Zone
  • Turning on DNS Response Rate Limiting
  • Setting up DNS Logging

Exercise 1 - Configuring DNS Socket Pool

DNS Socket Pool provides source port (TCP or UDP) randomization when issuing DNS queries. The Windows DNS server does not use a predictable source port when answering queries; it uses a random port number from a Socket Pool. This feature protects your DNS server from cache poisoning attacks. In this exercise, you will set the DNS Socket Pool to a desired value.

Exercise 2 - Managing DNS Cache Locking

The DNS Cache Locking feature allows you to specify whether DNS cache information can be overwritten. When DNS Cache Locking is enabled, the DNS server will not allow cached Resource Records to be overwritten for the duration of the time to live (TTL) value. This protects the DNS from cache poisoning attacks. In this exercise, you will manage the Cache Locking parameter for the DNS server on the Practice Labs network.

Exercise 3 - Creating a GlobalNames Zone

Windows Internet Name Service (WINS) is a legacy name resolution service that uses a flat file database to resolve a computer name or a NetBIOS name to its numeric IP address or vice-versa. The move to use the Domain Name System (DNS) started with Windows Server 2000 and later versions, as DNS provides hierarchical databases called “zones” that contain Resource Records (RRs) for resolving a host name or a fully qualified domain name to its IP address and vice-versa. Although largely associated with the Internet, DNS can be used to resolve internal hostnames in an Active Directory domain and to resolve host names on the Internet.

To ease your company’s transition to the use of single names in the network, DNS supports the use of a special zone called “GlobalNames.” The GlobalNames zone feature streamlines the task of migrating a network that needs to locate computers by using just a single name without relying on Windows Internet Name Service. In this exercise, you will enable GlobalNames zone support on the DNS server for the Practice Labs network.

Exercise 4 - Enabling Response Rate Limiting in DNS

Windows Server 2016 provides support for Response Rate Limiting (RRL) to minimize the risks of DNS amplification attacks. DNS amplification is a form of distributed denial of service (DDoS) that utilizes a publicly accessible DNS server to flood the victim network with DNS response traffic.

In this exercise, you will learn how to enable Response Rate Limiting on Windows Server DNS.

Exercise 5 - Managing DNS Logging

Like other Windows services and features that can be installed and managed, DNS has Event Logs and Debug Logging features that are used to monitor activity and diagnose errors related to name resolution. In this exercise, you will implement DNS Logging to study the activity of DNS servers on a network.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.