Module: 13 Networking

with Windows Server

Installing and configure DNS server

1. Describe DNS operation

Ans. DNS  acts like a phonebook for the internet. Whenever people type domain names, like Fortinet.com or
Yahoo.com, into the address bar of web browsers, the DNS finds the right IP address. The site's IP address is
what directs the device to go to the correct place to access the site's data.

2. DNS query—Iterative and Recursive

Ans. A recursive DNS lookup is where one DNS server communicates with several other DNS servers to hunt
down an IP address and return it to the client. This is in contrast to an iterative DNS query, where the client
communicates directly with each DNS server involved in the lookup.

3. what is forward lookup zone and its resource type

Ans. Forward Lookup Zones allow the DNS Server to resolve queries where the client sends a name to the
DNS Server to request the IP address of the requested host.

The forward lookup zone contains A type resource records that can point out an IP address for a given host
name.

4. what is reverse lookup zone and its resource type

Ans. a reverse lookup zone is an authoritative DNS zone that is used primarily to resolve IP addresses to
network resource names. This zone type can be primary, secondary, or Active Directory—integrated.

5. what is conditional forwarder

Ans. Adding multiple DNS Servers as Forwarders or Conditional Forwarders allows DNS names to continue
to be resolved in the event of failures of the only configured Server, of the underlying network link or the
supporting network infrastructure.

6. what is primary zone, secondary zone and stub zone

Ans. Primary (Master) DNS zone – holder of the original zone file (all the DNS records for the zone). You can
manage a host through this zone. Secondary (Slave) DNS zone – holds a copy of the zone file. You can use them
for better performance, for hiding your Primary, for backup and redundancy. Primary (Master) DNS zone –
holder of the original zone file (all the DNS records for the zone). You can manage a host through this zone.
Secondary (Slave) DNS zone – holds a copy of the zone file. You can use them for better performance, for
hiding your Primary, for backup and redundancy.

7. what is active directory integrated zone

Ans. AD-integrated DNS zones are  stored in directory partitions within Active Directory. These directory
partitions replicate along with the rest of AD; therefore, no extra configuration (i.e., zone transfer setup) is
required for DNS replication. Further, AD-integrated zones allow the use of secure dynamic updates.

8. primary server, secondary server, cache only server

Ans. A primary server is a server that acts as the first source for Domain Name System (DNS) data and
responds to queries. It can be contrasted to the secondary server, which acts like the primary server but does
not have the same access to data. Advertisements. A caching-only server saves data in a cache file until the
data expires. Expiration occurs based on a ``time-to-live'' field attached to data received from another server.
A caching-only server answers data from its cache if it has the information, or requests it from authoritative
servers if it does not.

9. what is aging and scavenging

Ans. DNS aging and scavenging are used to automatically clean up dynamic DNS records after a certain
period of time. DNS aging and scavenging work in concert. You need to configure both! DNS aging is a zone
setting. DNS scavenging is a server setting.

10.What is MX record

Ans. A DNS MX record directs email to a mail server. Learn more about mail exchange (MX) records and
how they are used in the email sending process.

 Practical
 1. install active directory integrated dns

Ans. Done in lab.

2. create secondary dns and zone transfer

Ans. Done in lab.

3. create “A” record

Ans. Done in lab.

4. create alias

Ans. Done in lab.

5. create reverse lookup zone

Ans. Done in lab.

6. make a pointer

Ans. Done in lab.

7. apply conditional forwarder between two different domains

Ans. Done in lab.

8. nslookup command

Ans. Done in lab.

DHCP
1. purpose of DHCP

Ans. Dynamic Host Configuration Protocol (DHCP) is a network protocol that is used to configure network
devices to communicate on an IP network. A DHCP client uses the DHCP protocol to acquire configuration
information, such as an IP address, a default route, and one or more DNS server addresses from a DHCP
server.
 2. What is the DORA process?

Ans. Broadcast-based DORA (Discover, Offer, Request, Acknowledgement). This process consists of the
following steps: The DHCP client sends a DHCP Discover broadcast request to all available DHCP servers
within range. A DHCP Offer broadcast response is received from the DHCP server, offering an available IP
address lease.

3. What is an authorized DHCP server?

Ans. An authorized DHCP server is a server that has been given permission to lease IP addresses to DHCP
clients on a network. DHCP gives administrators the ability to centrally manage and automatically assign IP
addresses to devices on the same subnet.

4. describe scope, lease duration, DHCP option, exclude address

Ans. A scope is a consecutive range of IP addresses that a DHCP server can draw on to fulfill an IP address
request from a DHCP client. By defining one or more scopes on your DHCP server, the server can manage the
distribution and assignment of IP addresses to DHCP clients. The DHCP Lease Time, an important part of the
DHCP settings. But what is it, how long should you set it or can you leave it on the default settings? In this
article, I will explain how it works and what the recommended settings are for your network. Excluded
Addresses. By default, the DHCP server assumes that all pool addresses in a pool may be assigned to clients. A
single IP address or a range of IP addresses can be excluded. The excluded addresses are excluded from all
DHCP pools.

5. What is a reservation?

Ans. When you use DHCP IP reservation, you're telling your Wi-Fi network to assign the same IP address to
a specific device whenever that device connects to your network.

6. What is dhcp relay agent?

Ans. DHCP is a client server protocol that automatically provides IP hosts with IP addresses and other
related configuration information. A DHCP relay (agent) is a host that forwards DHCP packets between
clients and servers that are not on the same physical subnet.

7. describe ipconfig command

Ans. ipconfig (standing for "Internet Protocol configuration") is a console application program of some
computer operating systems that displays all current TCP/IP network configuration values and refreshes
Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings.
  Practical
1. install dhcp sever and make authorize

Ans. Done in lab.

2. create a scope and check on client by ipconfig

Ans. Done in lab.

3. dhcp database and take backup

Ans. Done in lab.

4. dhcp failover

Ans. Done in lab.

5. dhcp relay agent

Ans. Done in lab.

6. dhcp filter

Ans. Done in lab.

7. dhcp reservation

Ans. Done in lab.

IPAM
1. what is IPAM and purpose of IPAM

Ans. IP Address Management (IPAM) is an integrated suite of tools to enable end-to-end planning, deploying,
managing and monitoring of your IP address infrastructure, with a rich user experience.

IPAM (IP Address Management) is the administration of DNS and DHCP, which are the network services that
assign and resolve IP addresses to machines in a TCP/IP network. Simply put, IPAM is a means of planning,
tracking, and managing the Internet Protocol address space used in a network.
 2. why do we need dedicated server

Ans. Dedicated servers provide more reliability and stability than the shared hosting. It makes sure that you
are not sharing your space with any other malicious software or a potential spammer. Dedicated server leads
to enhanced security, this is the reason it is essential for companies taking transactions over FTP or SSL.

3. policy for ipam sever

Ans.

4. which service monitor and manage by IPAM

Ans. The IPAM server will communicate with managed servers using an RPC or WMI interface. IPAM
monitors domain controllers and NPS servers for IP address tracking purposes. In addition to monitoring
functions, several DHCP server and scope properties can be configured from the IPAM console.

 Practical
1. Install IPAM

Ans. Done in lab.

2. configure IPAM with six steps

Ans. Done in lab.

3. create dhcp scope using IPAM 4 create DNS zone

Ans. Done in lab.

4. check monitoring of service’s Remote connectivity and

Ans. Done in lab.

VPN
1. What is VPN?

Ans. VPN stands for "Virtual Private Network" and describes the opportunity to establish a protected network
connection when using public networks.
 2. type of VPN

Ans. 1. Remote Access VPN

2. Site to Site VPN
3. Cloud VPN
4. Mobile VPN
5. SSL VPN
6. PPTP (Point-to-Point Tunneling Protocol) VPN
7. L2TP (Layer 2 Tunneling Protocol) VPN
8. OpenVPN
3. tunneling protocol

Ans. In computer networks, a tunneling protocol is a communication protocol which allows for the movement
of data from one network to another.

4. authentication protocol

Ans. 1. Internet Protocol Security (IPsec)

2.Layer 2 Tunneling Protocol (L2TP)

3.Point–to–Point Tunneling Protocol (PPTP)

4.SSL and TLS

5.Secure Shell (SSH)

6.SSTP (Secure Socket Tunneling Protocol)

7.IKEv2 (Internet Key Exchange version 2)

8.OpenVPN

9.Wire Guard

5. what is routing
Ans. Network routing is the process of selecting a path across one or more networks. The principles of routing
can apply to any type of network, from telephone networks to public transportation. In packet-switching
networks, such as the Internet, routing selects the paths for Internet Protocol (IP) packets to travel from their
origin to their destination. These Internet routing decisions are made by specialized pieces of network
hardware called routers.

 Practical
1. install routing and remote access

Ans. Done in lab.

2. configure LAN routing

Ans. Done in lab.

3. configure vpn connection (VPN client)

Ans. Done in lab.

Network policy server

1. what is Radius server

Ans. The RADIUS (Remote Authentication Dial-In User Service) client-server protocol enables remote access
servers to communicate with a central server.

2. what is authentication authorization and accounting

Ans. Authentication –
The process by which it can be identified that the user, which wants to access the network resources, valid or
not by asking some credentials such as username and password. Common methods are to put authentication on
console port, AUX port, or vty lines.

As network administrators, we can control how a user is authenticated if someone wants to access the network.
Some of these methods include using the local database of that device (router) or sending authentication
requests to an external server like the ACS server. To specify the method to be used for authentication, a
default or customized authentication method list is used.

Authorization –
It provides capabilities to enforce policies on network resources after the user has gained access to the network
resources through authentication. After the authentication is successful, authorization can be used to determine
what resources the user is allowed to access and the operations that can be performed.

For example, if a junior network engineer (who should not access all the resources) wants to access the device
then the administrator can create a view that will allow commands only to be executed by the user (the
commands that are allowed in the method list). The administrator can use the authorization method list to
specify how the user is authorized to network resources, i.e., through a local database or ACS server.

Accounting –
It provides means of monitoring and capturing the events done by the user while accessing the network
resources. It even monitors how long the user has access to the network. The administrator can create an
accounting method list to specify what should be accounted for and to whom the accounting records should be
sent.

3. RADIUS server operation method and radius client

Ans. A RADIUS Client (or Network Access Server) is a networking device (like a VPN concentrator, router,
switch) that is used to authenticate users. A RADIUS Server is a background process that runs on a UNIX or
Windows server. It lets you maintain user profiles in a central database.

4. RADIUS port number

Ans. The default port for RADIUS accounting is 1813.

5. What are network policies (NPS)?

Ans. Network Policy Server (NPS) uses network policies and the dial-in properties of user accounts to
determine whether a connection request is authorized to connect to the network. You can use this procedure to
configure a new network policy in either the NPS console or the Remote Access console.

 Practical
1. P1 configure RADIUS for wireless client

Ans. Done in lab.

2. configure NPS for remote access

Ans. Done in lab.

IPv4 addressing and IPv6 addressing
1. What is Ip address? And type of Ip address

Ans. An IP address allows computers to send and receive data over the internet. Most IP addresses are purely
numerical, but as internet usage grows, letters have been added to some addresses. There are four different
types of IP addresses: public, private, static, and dynamic.

2. class of Ip address

Ans. Currently there are three classes of TCP/IP networks. Each class uses the 32-bit IP address space
differently, providing more or fewer bits for the network part of the address. These classes are class A, class B,
and class C.

3. public Ip address and private Ip address

Ans. Public IP address is provided by the Internet Service Provider (ISP). A public IP address is a one-of-a-
kind numeric code that is never repeated by other devices, whereas a private IP address is a non-unique
numeric code that can be reused by other private network devices.

4. what is static Ip address, dhcp and APIPA

Ans. Static IP addresses are configured manually, directly on the client. Reserved IP addresses are leased
from the DHCP server, but the given client will always receive the same IP address. The DHCP service
identifies the client by MAC address, as seen below.

Automatic Private IP Addressing (APIPA) is a feature in operating systems (such as Windows) that enables
computers to automatically self-configure an IP address and subnet mask when their DHCP server isn't
reachable. The IP address range for APIPA is 169.254. 0.1-169.254. 255.254, with the subnet mask of 255.255.

5. What is ipv6 address?

Ans. An IPv6 address is 128 bits in length and consists of eight, 16-bit fields, with each field bounded by a
colon. Each field must contain a hexadecimal number, in contrast to the dotted-decimal notation of IPv4
addresses.

6. ipv6 dhcp process

Ans. The client sends a Request message to a specific DHCPv6 server to request IP addresses and
configuration parameters. The DHCPv6 server responds with a Reply message that contains the IP addresses
and configuration parameters. You can view statistics about the IPv6 messages on the Dashboard.1

7. What is NAT?

Ans. To access the Internet, one public IP address is needed, but we can use a private IP address in our
private network. The idea of NAT is to allow multiple devices to access the Internet through a single public
address. To achieve this, the translation of a private IP address to a public IP address is required. Network
Address Translation (NAT) is a process in which one or more local IP addresses is translated into one or more
Global IP addresses and vice versa to provide Internet access to the local hosts. Also, it does the translation of
port numbers i.e., masks the port number of the host with another port number, in the packet that will be routed
to the destination. It then makes the corresponding entries of IP address and port number in the NAT table.
NAT generally operates on a router or firewall.

8. What is the gateway address?

Ans. A gateway is a connecting device (node) that can connect two networks that employ different
transmission protocols. A piece of hardware responsible for accepting, analyzing, and transmitting data
packets to other networks. Transmit traffic from one network to another.

9. What is a loopback address?

Ans. A loopback address is a distinct reserved IP address range that starts from 127.0.0.0 ends at
127.255.255.255 though 127.255.255.255 is the broadcast address for 127.0.0.0/8. The loopback addresses are
built into the IP domain system, enabling devices to transmit and receive the data packets. The loopback
address 127.0.0.1 is generally known as localhost.

TCP/IP protocol manages all the loopback addresses in the operating system. It mocks the TCP/IP server or
TCP/IP client on the same system. These loopback addresses are always accessible so that the user can use
them anytime for troubleshooting TCP/IP.

Whenever a protocol or program sends any data from a computer with any loopback IP address, that traffic is
processed by a TCP/IP protocol stack within itself, i.e., without transmitting it to the network. That is, if a user
is pinging a loopback address, they’ll get the reply from the same TCP/IP stack running on their computer. So,
all the data transmitted to any of the loopback addresses as the destination address will not pop up on the
network.
127.0.0.1 is the most commonly used loopback address; generally, 127.0.0.1 and localhost are functionally
similar, i.e., the loopback address 127.0.0.1 and the hostname localhost; are internally mapped. Though, other
loopback addresses are also accessible and can be used.

10.different type of ipv6 address

Ans. The three types of IPv6 addresses are: unicast, anycast, and multicast. Unicast addresses identify a
single interface.

11.ipv6 tunneling

Ans. What is IPv6 Tunneling? IPv6 Tunneling is a mechanism for encapsulating IPv4 and IPv6 packets inside
IPv6 packets. It is used to form a virtual point-to-point link between two IPv6 nodes. IPv6 Tunnels are stateless
and have no knowledge of the configuration or even existence of the remote tunnel endpoint.

 Practical
1. configure ipv6 address manually and test with ping

Ans. Done in lab.

2. IPv6 address automatically

Ans. Done in lab.

3. ping utility

Ans. Done in lab.

4. ipconfig

Ans. Done in lab.

5. tracert / traceroute

Ans. Done in lab.

6. dhcpv6

Ans. Done in lab.

DFS
1. What is DFS? And purpose of DFS

Ans. The Distributed File System (DFS) functions provide the ability to logically group shares on multiple
servers and to transparently link shares into a single hierarchical namespace. DFS organizes shared resources
on a network in a treelike structure.

2. Define DFS namespace and DFS replication

Ans. DFS Namespaces and DFS Replication are a part of the File and Storage Services role. The management
tools for DFS (DFS Management, the DFS Namespaces module for Windows PowerShell, and command-line
tools) are installed separately as part of the Remote Server Administration Tools.

3. What is folder target?

Ans. A folder target is the Universal Naming Convention (UNC) path of a shared folder or another
namespace that is associated with a folder in a namespace. Adding multiple folder targets increases the
availability of the folder in the namespace.

 Practical
1. install DFS namespace and replication

Ans. Done in lab.

2. configure common namespace

Ans. Done in lab.

3. configure replication and check

Ans. Done in lab.

4. configure branch cache

Ans. Done in lab.

Advance Network
 1. What is SDN?

Ans. Software-Defined Networking (SDN) is an approach to networking that uses software-based controllers
or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and
direct traffic on a network. This model differs from that of traditional networks, which use dedicated hardware
devices (i.e., routers and switches) to control network traffic. SDN can create and control a virtual network –
or control a traditional hardware – via software.

2. What is SCVMM?

Ans. System Center Virtual Machine Manager (SCVMM) forms part of Microsoft's System Center line of
virtual machine management and reporting tools, alongside previously established tools such as System Center
Operations Manager and System Center Configuration Manager. SCVMM is designed for management of
large numbers of Virtual Servers based on Microsoft Virtual Server and Hyper-V, and was released for
enterprise customers in October 2007.[1] A standalone version for small and medium business customers is
available.

System Center Virtual Machine Manager enables increased physical server utilization by making possible
simple and fast consolidation on virtual infrastructure. This is supported by consolidation candidate
identification, fast Physical-to-Virtual (P2V) migration and intelligent workload placement based on
performance data and user defined business policies (NOTE: P2V Migration capability was removed in
SCVMM 2012r2). VMM enables rapid provisioning of new virtual machines by the administrator and end users
using a self-service provisioning tool. Finally, VMM provides the central management console to manage all
the building blocks of a virtualized data center.

Microsoft System Center 2016 Virtual Machine Manager was released in September 2016. This product
enables the deployment and management of a virtualized, software-defined datacenter with a comprehensive
solution for networking, storage, computing, and security.

Microsoft System Center 2019 Virtual Machine Manager was released in March 2019. It added features in the
areas of Azure integration, computing, networking, security and storage.

The latest release is Microsoft System Center 2022 Virtual Machine Manager UR1, which was released on
November 15, 2022. It added features in the areas of support for Azure Stack HCI clusters 22H2, VMware
ESXI 7.0, SQL Server 2022.