>What are the benefits and scenarios of using Conditional Forwarding?
Rather than having a DNS server forward all queries it cannot resolve to forwarders, the DNS server can forward queries for different domain names to different DNS servers according to the specific domain names that are contained in the queries. Forwarding according to these domain-name conditions improves conventional forwarding by adding a second condition to the forwarding process.
A conditional forwarder setting consists of a domain name and the IP address of one or more DNS servers. To configure a DNS server for conditional forwarding, a list of domain names is set up on the Windows Server 2003-based DNS server along with the DNS server IP address. When a DNS client or server performs a query operation against a Windows Server 2003- based DNS server that is configured for forwarding, the DNS server looks to see if the query can be resolved by using its own zone data or the zone data that is stored in its cache, and then, if the DNS server is configured to forward for the domain name that is designated in the query (a match), the query is forwarded to the IP address of a DNS Server that is associated with the domain name. If the DNS server has no domain name listed for the name that is designated in the query, it attempts to resolve the query by using standard recursion.
> What is the root zone ?
The DNS translates domain names that humans can remember into the numbers used by computers to look up its destination (a little like a phone book is used to look-up a phone number). It does this in stages. The first place it 'looks' is the top level of the directory service - or "root zone". So to use www.google.com as an example, your computer 'asks' the root zone directory (or top level) where to find information on ".com".
After it gets a response it then asks the ".com" directory service identified by the root where to find information on .google.com (the second level), and finally asking the google.com directory service identified by ".com" what the address for www.google.com is (the third level). After that process – which is almost instantaneous – the full address is provided to your computer. Different entitiesi manage each one of these directory services: google.com by Google, ".com" by VeriSign Corporation (other top level domains are managed by other organizations), and the root zone by ICANN.
>What is the 220.127.116.11 address used for ?
WINS server group address. Used to support auto discovery and dynamic configuration of replication for WINS servers. For more information, see WINS replication overview WINS server group address. Used to support auto discovery and dynamic configuration of replication for WINS servers.
> Why do we need to "sign the root" ?
Recently discovered vulnerabilities in the DNS combined with technological advances have greatly reduced the time it takes an attacker to hijack any step of the DNS lookup process and thereby take over control of a session to, for example, direct users to their own deceptive Web sites for account and password collection. The only long-term solution to this vulnerability is the end-to-end-deployment of a security protocol called DNS Security Extensions – or DNSSEC.
> What is DNSSEC ?
DNSSEC is a technology that was developed to, among other things, protect against such attacks by digitally 'signing' data so you can be assured it is valid. However, in order to eliminate the vulnerability from the Internet, it must be deployed at each step in the lookup from root zone to final domain name (e.g., www.techiebird.com). Signing the root (deploying DNSSEC on the root zone) is a necessary step in this overall processii. Importantly it does not encrypt data. It just attests to the validity of the address of the site you visit.
> What is Zone Transfer ?
A primary server has the "master copy" of a zone, and secondary servers keep copies of the zone for redundancy. When changes are made to zone data on the primary DNS server, these changes must be distributed to the secondary DNS servers for the zone. This is done through zone transfers.
Most DNS servers automatically notifies secondary servers whenever changes are made through a NOTIFY request, and most DNS servers will request a Zone Transfer whenever such a notification is received.
You can specify if Simple DNS Plus should send these NOTIFY requests to secondary DNS servers in the Options dialog / DNS / Miscellaneous section. For this to work correctly, NS-records and corresponding A-records for each secondary DNS server must exist in the zone.
Secondary servers also periodically check for changes by querying the primary server for the SOA-record of the zone, and checking the serial number.
> What is Caching Only Server?
Caching-only servers are those DNS servers that only perform name resolution queries, cache the answers, and return the results to the client. Once the query is stored in cache, next time the query in resolved locally from cached instead of going to the actual site.
> What is Aging and Scavenging?
DNS servers running Windows Server support aging and scavenging features. These features are provided as a mechanism to perform cleanup and removal of stale resource records from the server and zone. This feature removes the dynamically created records when they are stamped as stale.
By default, the aging and scavenging mechanism for the DNS Server service is disabled.
Scavenging and aging must be enabled both at the DNS server and on the zone.