> What are the properties of DNS server?
INTERFACES, FORWARDERS, ADVANCED, ROUTINGS, SECURITY, MONITORING, LOGGING, DEBUG LOGGING.
> Properties of a Zone ?
General, SOA, NAMESERVER, WINS, Security, and ZONE Transfer.
> What is the 220.127.116.11 address used for ?
WINS server group address. Used to support auto discovery and dynamic configuration of replication for
WINS servers. For more information, see WINS replication overview WINS server group address. Used to
support auto discovery and dynamic configuration of replication for WINS servers.
> Why do we need to "sign the root" ?
Recently discovered vulnerabilities in the DNS combined with technological advances have greatly
reduced the time it takes an attacker to hijack any step of the DNS lookup process and thereby take
over control of a session to, for example, direct users to their own deceptive Web sites for account
and password collection. The only long-term solution to this vulnerability is the end-to-end-deployment
of a security protocol called DNS Security Extensions – or DNSSEC.
> What is DNSSEC ?
DNSSEC is a technology that was developed to, among other things, protect against such attacks by
digitally 'signing' data so you can be assured it is valid. However, in order to eliminate the
vulnerability from the Internet, it must be deployed at each step in the lookup from root zone to final
domain name (e.g., www.techievalley.com). Signing the root (deploying DNSSEC on the root zone) is a
necessary step in this overall processii. Importantly it does not encrypt data. It just attests to the
validity of the address of the site you visit.
> What is the "in-addr.arpa" zone used for?
In a Domain Name System (DNS) environment, it is common for a user or an application to request a Reverse Lookup of a host name, given the IP address. This article explains this process. The following is quoted from RFC 1035: "The Internet uses a special domain to support gateway location and Internet address to host mapping. Other classes may employ a similar strategy in other domains. The intent of this domain is to provide a guaranteed method to perform host address to host name mapping, and to facilitate queries to locate all gateways on a particular network on the Internet.
"The domain begins at IN-ADDR.ARPA and has a substructure which follows the Internet addressing structure. "Domain names in the IN-ADDR.ARPA domain are defined to have up to four labels in addition to the IN-ADDR.ARPA suffix. Each label represents one octet of an Internet address, and is expressed as a character string for a decimal value in the range 0-255 (with leading zeros omitted except in the case of a zero octet which is represented by a single zero).
"Host addresses are represented by domain names that have all four labels specified." Reverse Lookup files use the structure specified in RFC 1035.
For example, if you have a network which is 18.104.22.168, then the Reverse Lookup file for this network would be 10.150.IN-ADDR.ARPA. Any hosts with IP addresses in the 22.214.171.124 network will have a PTR (or 'Pointer') entry in 10.150.IN- ADDR.ARPA referencing the host name for that IP address. A single IN- ADDR.ARPA file may contain entries for hosts in many domains. Consider the following scenario. There is a Reverse Lookup file 10.150.IN-ADDR.ARPA with the following contents: Exp : 1.20 IN PTR WS1.ACME.COM.