all zone transfer queries (AXFR) queries I Index - Polyteknisk · authoritative answer, 4-21...

I-1

Index

Symbols and Numbers ; (semicolon), 4-36% Processor Time counter, 12-7* (wildcard), 15-7. (trailing dot), 4-13@ (at symbol), 5-353DES (Triple Data Encryption Standard), 10-8580/20 rule, 7-9 to 7-10

AA (host) resource records

default client update behavior, 4-59dynamic updates, 5-30 to 5-31multihomed computers, 5-48netmask ordering, 5-48overview of, 4-37zone delegations, 5-59, 5-60

AAAA (QuadA) records, IPv6, 14-1ABRs (area border routers), 9-64access control

Allow Access setting, 10-24 to 10-25, 10-29 to 10-30, 10-35

Control Access Through Remote Access Policy setting, 10-24, 10-25, 10-32

Deny Access setting, 10-24, 10-25, 10-29, 10-36account policies, 11-23ACK (acknowledgement) messages, 8-4, 8-5, 8-11 to

8-12Action tab, Performance Logs and Alerts, 12-12Activate menu command, scopes, 7-14Active Directory

DHCP server authorization, 7-5Load Zone Data On Startup option, 5-46, 5-52 to

5-53RADIUS server configuration, 10-80SRV (service) resource record verification, 5-15 to

5-18Active Directory Client Extensions pack, 15-19Active Directory–integrated zones

defining, 4-33 to 4-34dynamic updates, 5-27 to 5-31

overview of, 5-23replication, 5-23, 5-24 to 5-25Replication Monitor, 6-20 to 6-24

active leases, 7-32Add Or Remove Programs tool, 4-26address block size, 2-22 to 2-30

in /n terms, 2-22lesson review, 2-30 to 2-31lesson summary, 2-31practice exercises, 2-23 to 2-30w.x.y.z subnet mask, 2-23

address conflicts, 8-28 to 8-29address pools

defined, 7-9static, 10-6 to 10-7

Address Resolution Protocol (ARP)defined, 2-57overview of, 2-3troubleshooting TCP/IP connections, 3-28 to 3-29

addressing. See IP addressesadjacency, OSPF, 9-63administrators

DHCP Administrators group, 7-26, 7-53DHCP server installation, 7-4Enterprise Admins group, 7-5, 7-53network security. See security administration

security alertsadvertisements, 9-37aging, zones, 5-31 to 5-32alerts

Network Monitor, 12-17 to 12-18Performance console, 12-9 to 12-14, 12-19 to 12-20See also Performance Logs and Alerts

algorithmsIKE security, 11-67, 11-95RSA RC4 (Riveset-Shadmir Adleman), 10-30, 10-85Shortest Path First (SPF) algorithm, 9-63

alias (CNAME) resource records, 4-15, 4-37 to 4-38All Names name-checking method, 5-52all zone transfer queries (AXFR) queries

DNS performance counters for, 6-26

all zone transfer queries (AXFR) queries

Z02I622884.fm Friday, March 31, 2006 1:20 PM

Microsoft Press

Note

MCSA/MCSE Self-Paced Training Kit (Exam 70-291): Implementing, Managing, and Maintaining a Microsoft® Windows Server™ 2003 Network Infrastructure, Sec (ISBN 0-7356-2288-4) by J.C. Mackin and Ian McLean. Published by Microsoft Press. Copyright © 2006 by Microsoft Corporation.

I-2

overview of, 5-39 to 5-39Allow Access setting, remote access, 10-24 to 10-25,

10-29 to 10-30, 10-35Always Use Message Authenticator, 10-77American Registry for Internet Numbers (ARIN),

2-12AND function, Calculator, 8-31APIPA (Automatic Private IP Addressing), 1-22, 1-25

to 1-29address ranges, 13-4, 13-6, 13-9defined, 1-37DCHP addresses, 8-29DHCP client migration, 7-14DHCP leases and, 8-3overview of, 1-25remote access through DHCP, 10-6troubleshooting, 1-27

APNIC (Asia-Pacific Network Information Center), 2-12

AppleTalk routing, 9-4, 9-19application directory partitions, 5-25 to 5-27

defined, 5-80application layer, TCP/IP, 2-2, 2-4

Network Monitor and, 3-11, 3-12overview of, 2-5

application startup, Computer Management console, 12-32 to 12-33

area border routers (ABRs), 9-64areas, OSPF, 9-64ARIN (American Registry for Internet Numbers),

2-12ARP (Address Resolution Protocol)

defined, 2-57overview of, 2-3troubleshooting TCP/IP connections, 3-28 to 3-29

ARP –a command, 2-3ARP –d command, 2-3Asia-Pacific Network Information Center (APNIC),

2-12at symbol (@), 5-35attributeSchema, 6-21, 6-33audit logging, DHCP, 8-20 to 8-26

event codes, 8-23lesson review, 8-25 to 8-26log event codes 50 and above, 8-23 to 8-24

overview of, 8-20 to 8-22server authorization events, 8-23server logs, 8-22 to 8-25

auditingInternet Key Exchange (IKE), 11-80IPSec, 11-82 to 11-83

authenticationauthorization vs., 10-7defined, 10-7demand-dial router-to-router, 9-38mutual authentication, 16-36network security and, 11-9remote access, 10-7 to 10-18RIP, 9-61See also IAS (Internet Authentication Service)

Authentication Header (AH), 11-42Authentication Methods dialog box, 10-16authentication protocols

CHAP, 10-10 to 10-13choosing, 10-9 to 10-10configuring client side, 10-12 to 10-15configuring server side, 10-16 to 10-18EAP, 16-8, 16-16 to 16-17EAP-MD5 CHAP, 10-10 to 10-13EAP-TLS, 10-9 to 10-13, 10-16 to 10-17, 10-58,

10-87features of, 10-11 to 10-12MS-CHAP v1, 10-10 to 10-13, 10-15MS-CHAP v2, 10-10 to 10-13, 10-15, 16-16 to

16-17, 16-39, 16-45operating system support, 10-12 to 10-13PAP, 10-10, 10-11 to 10-15RADIUS, 10-8, 10-26 to 10-27, 10-32, 10-38, 10-67

to 10-81SPAP, 10-10, 10-11 to 10-14unauthenticated access, 10-10

Authentication tab, Edit Dial-In Profile dialog box, 10-17, 10-30

Authentication-Type dialog box, 10-28authoritative answer, 4-21authorization

authentication vs., 10-7demand-dial router-to-router, 9-38DHCP servers, 7-5Kerberos and, 11-53 to 11-54

all zone transfer queries (AXFR) queries


I-3

network security, 11-4troubleshooting DHCP, 13-31

automatic addressing, DHCP servers, 1-25, 1-28Automatic Private IP Addressing (APIPA)

address ranges, 13-4, 13-6, 13-9defined, 1-37DCHP addresses, 8-29DHCP client migration, 7-14DHCP leases and, 8-3overview of, 1-25remote access through DHCP, 10-6troubleshooting, 1-27

Automatic Updates, 15-2, 15-18autostatic routes, 9-36, 9-79Autostatic Update, 16-33AXFR (all zone transfer) queries

DNS performance counters for, 6-26overview of, 5-39 to 5-39

BBackup command, DHCP console, 7-32 to 7-34backups

DHCP server database, 7-32 to 7-34, 7-38disabling NetBIOS, 4-8

BACP (Bandwidth Allocation Control Protocol), 9-11, 9-12, 9-79

bandwidth, 9-12, 17-1Bandwidth Allocation Control Protocol (BACP),

9-11, 9-12, 9-79BAP (Bandwidth Allocation Protocol)

defined, 9-11dynamic bandwidth control, 9-12port and device properties, 9-34remote access policies, 10-30

Basic Firewall/NAT, 9-7, 9-48troubleshooting, 9-50

Batch mode, 7-25binary notation, 2-7, 2-9 to 2-10, 2-16, 2-18

converting manually, 2-9 to 2-10converting with calculator, 2-18defined, 2-7exercise converting, 2-18 to 2-19, 2-60

BIND Secondaries, Advanced tab of DNS server properties, 5-46, 5-47 to 5-48

Bindings dialog box, 8-30, 8-31

block size, 2-22 to 2-30in /n terms, 2-22lesson review, 2-30 to 2-31lesson summary, 2-31practice exercises, 2-23 to 2-30w.x.y.z subnet mask, 2-23

blocking policiescreating, 11-60 to 11-64troubleshooting, 11-81, 11-103

BOOTP (Boot Protocol) forwardingdefined, 9-79DHCP Relay Agent, 9-65, 9-66, 9-84

bridges, routers compared with, 9-3broadcasts

limited broadcast addresses, 9-17, 9-18RRAS name resolution, 9-10 to 9-11subnetting and, 2-42traffic, 2-35

browsing, 4-3, 4-7 to 4-8 without NetBIOS, 4-7

brute force attack, 11-6

Ccables, crossover, 1-25Cached Lookups folder, 4-41Cache.dns file, 5-10, 5-11caching-only servers, 4-34 to 4-35

DNS client cache, 4-22, 4-58DNS resolver cache, 4-58DNS server cache, 4-23, 4-40 to 4-41forwarding and, 5-5overview, 4-22 to 4-23Secure Cache Against Pollution option,

5-51Caching Memory counter, DNS, 6-26Calculator

AND function, 8-31calculating host IDs per subnet, 2-42, 2-43notation conversions and, 2-16

callbacks, 9-12, 9-33defined, 9-79remote access permissions and, 10-25

called router, 9-38Called-Station-ID attribute, 9-34Caller ID, remote access permissions, 10-25

Caller ID, remote access permissions


I-4

calling router, 9-38canonical names (CNAME), 4-15, 4-22, 4-35, 4-37 to

4-38Capture Trigger dialog box, 12-18Capture window, Network Monitor, 3-7CAs (certificate authorities), 10-58case-sensitivity, DNS names, 4-49certificate authorities (CAs), 10-58Certificate Services component, 1-12certificates

L2TP/IPSec and, 10-58 to 10-59overview of, 1-12

Cfg setting, Secedit, 11-34Chaddr (Client Ethernet Address) field

DHCP ACK, 8-11 to 8-12DHCP Discover, 8-7 to 8-8DHCP NACK, 8-12 to 8-13DHCP Offer, 8-8 to 8-9DHCP Request, 8-9 to 8-11

Challenge Handshake Authentication Protocol (CHAP)

defined, 10-10 features/exam tips, 10-11 to 10-12operating system support, 10-12 to 10-15

Change Zone Replication Scope dialog box, 5-24, 5-26, 5-27

Change Zone Type dialog box, 5-22 to 5-23CHAP (Challenge Handshake Authentication

Protocol), 10-10 to 10-13defined, 10-10 features/exam tips, 10-11 to 10-12operating system support, 10-12 to 10-15

Ciaddr (Client IP Address) field, 8-7, 8-11 CIDR (classless interdomain routing), 2-9CIFS (Common Internet File System)

defined, 1-37functions of, 1-9Kerberos and, 11-46NetBIOS and, 1-9

Class field, 4-36classes

IP address, 2-10user, 7-35 to 7-37

classless interdomain routing (CIDR), 2-9classSchema, 6-21, 6-33

clean install, 15-2, 15-7client configuration,

authentication protocols, 10-12 to 10-15demand-dial router-to-router, 9-40DHCP server, 7-13 to 7-14, 7-16 to 7-19network, 1-22PPTP on VPN, 10-56 to 10-57RADIUS, 10-75, 10-77RADIUS proxy, 10-73 to 10-75remote access, 10-3 to 10-22troubleshooting DHCP, 8-27 to 8-36troubleshooting IP addressing, 13-31

Client Ethernet Address field (Chaddr) fieldDHCP ACK, 8-11 to 8-12DHCP Discover, 8-7 to 8-8DHCP NACK, 8-12 to 8-13DHCP Offer, 8-8 to 8-9DHCP Request, 8-9 to 8-11

Client For Microsoft Networks, 1-19, 3-11Client IP Address (Ciaddr) field, 8-7, 8-11Client Service For Netware, 1-18CNAME (alias) resource records, 4-15, 4-22, 4-35,

4-37 to 4-38comments, resource records, 4-36Common Internet File System protocol (CIFS)

defined, 1-37functions of, 1-9Kerberos and, 11-46NetBIOS and, 1-9

compatws security template, 11-23Computer Browser service, 4-7 to 4-8Computer Management console

application startup and, 12-34Services node, 12-32 to 12-33

computer namesDisable Round Ordering option, 5-50 to 5-51DNS clients, 4-48Enable Netmask Ordering option, 5-46, 5-48Enable Round Robin option, 5-50overview of, 4-4 to 4-5

computersAPIPA addresses and, 1-22, 1-25 to 1-29multihomed, 1-34

conditional forwarding, 5-5conditions, remote access policy, 10-27 to 10-28

calling router


I-5

confidentiality, network security, 11-26, 11-42configuration, client

authentication protocols, 10-12 to 10-15demand-dial router-to-router, 9-40DHCP server, 7-13 to 7-14, 7-16 to 7-19network, 1-22PPTP on VPN, 10-56 to 10-57RADIUS, 10-75, 10-77RADIUS proxy, 10-73 to 10-75remote access, 10-3 to 10-22troubleshooting DHCP, 8-27 to 8-36troubleshooting IP addressing, 13-31

configuration, server, authentication protocols, 10-16 to 10-18

Configure A DNS Server Wizard, 4-27, 4-29 to 4-31Configure Device dialog box

configuring VPN types, 10-54port and device properties, 9-34

Configure Option, DHCP servers, 7-12conflict detection, DHCP servers, 7-32connection endpoint addressing, 9-38connection request policies, 10-73 to 10-74, 10-87connection-specific DNS suffixes

configuring DNS client, 4-48overview of, 4-5

connectionless services, UDP, 2-5connections

New Connection wizard, 1-16, 10-60 to 10-61remote access policies, 10-28

connections, networkadding components to, 1-22 to 1-23advanced settings, 1-19 to 1-21APIPA, 1-25 to 1-29automatically configured, 1-25bridging, 1-30 to 1-32configuring, 1-22, 1-23 to 1-32default components, 1-17overview of, 1-16provider order, 1-20 to 1-21TCP/IP settings, 1-32 to 1-34viewing, 1-16 to 1-32

connections, TCP/IP, 3-22 to 3-34ARP tool, 3-28 to 3-29case scenario, 3-34 to 3-36faulty configuration, 3-22

further reading, 13-8lesson review, 3-32 to 3-33lesson summary, 3-33 to 3-34monitoring. See Network MonitorNetwork Diagnostics, 3-23 to 3-26overview of, 13-31PathPing, 3-26 to 3-27Ping, 3-26 to 3-27practice exercises, 3-29 to 3-34Tracert, 3-27, 3-28

connectivity, Internet, 12-22 to 12-31case scenario, 12-57 to 12-58further reading, 17-5identifying issues, 12-22 to 12-25lesson review, 12-30 to 12-31lesson summary, 12-31name resolution issues, 12-22 to 12-25network settings verification, 12-25 to 12-28overview of, 12-22practice exercise, 12-28 to 12-29tested skills/suggested practices, 17-2troubleshooting, 17-13

constraints, 10-86, 10-87Control Access Through Remote Access Policy

setting, 10-24, 10-25counters, performance

% Processor Time, 12-8Average Disk Queue Length, 12-8AXFR (all zone transfer) queries, 6-26DNS (Domain Name Services), 6-26 to 6-27IXFR (incremental zone transfer) queries, 6-26list, 6-26 to 6-27Total Query Received, 6-27Total Response Sent, 6-27

Create IP Security Rule Wizard, 11-67 to 11-68 credentials

remote access authentication, 10-7 to 10-8Set Credentials command, 9-32

crossover cables, 1-25cryptography. See encryption; public key

cryptographyCustom Templates

applying, 11-34 to 11-35creating, 11-32 to 11-35modifying, 11-32 to 11-34

Custom Templates


I-6

Ddata capture, 3-6Data Encryption Standard (DES)

defined, 10-85remote access and, 10-30

data integrity, 10-55data stream, 3-6data types, 6-7database restore flag, 8-40databases, DHCP

backups, 7-31 to 7-33reconciling, 8-33 to 8-34troubleshooting, 13-39

DC security template, 11-23Debug Logging tab, DNS server

configuring log file, 6-11 to 6-12overview of, 5-11

debuggingDNS log, 6-3, 6-11 to 6-12, 6-16 to 6-18Nslookup, 6-5

decimal notationconverting manually, 2-10 to 2-13converting with calculator, 2-13defined, 2-9exercise converting, 2-18 to 2-19lesson review, 2-19 to 2-20

default gateways, 2-13, 2-34default routes, 9-16 to 9-18, 9-21default update behavior, 4-56defltdc security template, 11-24delegation, zone, 5-57 to 5-66

case scenario, 5-75 to 5-77creating, 5-61 to 5-64example of, 5-59 to 5-60lesson review, 5-64 to 5-66lesson summary, 5-66New Delegation Wizard, 5-58, 5-61overview of, 5-58 to 5-60records, 5-59when to use, 5-58

Demand-Dial Interface Wizard, 9-31demand-dial interfaces, 9-30 to 9-37

defined, 9-6Dial-Out Hours command, 9-32extranet/router-to-router VPNs, 10-49 to 10-50

IP routing, 9-35 to 9-37NAT, 9-49 to 9-51network interface properties, 9-32 to 9-34overview of, 9-30 to 9-31port and device properties, 9-33 to 9-34Routing and Remote Access, 9-7Set Credentials command, 9-32Set IP Demand-Dial Filters command, 9-32shortcut menu commands, 9-31 to 9-32Unreachability Reason command, 9-32

demand-dial routing, 9-30 to 9-46case scenario, 9-75 to 9-77defined, 9-30exam highlights, 9-79IIS installation and, 9-41interfaces. See demand-dial interfaceslesson review, 9-45router-to-router, 9-38 to 9-39RRAS configuration, 9-41 to 9-43testing configuration, 9-44troubleshooting, 9-39 to 9-40troubleshooting lab, 9-77 to 9-78

Deny Access setting, 10-24 to 10-25Dependencies tab, Remote Access Connection

Manager, 12-33 to 12-34DES (Data Encryption Standard)

defined, 10-85remote access data encryption, 10-31

details pane, Frame Viewer window, 3-9 to 3-11device configuration

port and device properties, 9-35virtual private networks (VPNs), 10-49

DFS (Distributed File System), 4-7DHCP ACK (Acknowledgement) message

DHCP leases and, 8-5overview of, 8-11 to 8-12

DHCP Administration Tool, 13-42 to 13-43, 13-47 to 13-48

DHCP Client Identifier fields, 8-7 to 8-9DHCP console

creating DHCP scopes, 7-6 to 7-7disabling audit logging, 8-21migrating DHCP servers, 7-32reconciling DHCP databases, 8-35server status, 7-22 to 7-23

data capture


I-7

verifying server installation, 7-4DHCP databases

backups, 7-31 to 7-33reconciling, 8-33 to 8-34troubleshooting, 13-39

DHCP Discover messagedefined, 8-42DHCP leases and, 8-3NACK messages and, 8-13overview of, 8-7 to 8-8

DHCP Discover packets, 9-65, 9-66DHCP leases

analyzing DHCP messages, 8-5 to 8-7exclusion ranges, 7-8 to 7-9initial processes, 8-3 to 8-4lesson review, 8-18overview of, 7-6 to 7-7, 13-16remote access and, 10-5renewal, 8-4 to 8-5reservations, 7-10Shutdown /i command, 8-29troubleshooting, 8-29

DHCP management, 7-22 to 7-40, 13-19 to 13-30audit logging, 8-20 to 8-26, 8-45 to 8-46case scenario, 7-46 to 7-47, 7-54 to 7-55command-line, 7-24 to 7-25connecting clients to remote servers, 7-26database backups, 7-31 to 7-33further reading, 13-7host (A) resource records and, 4-34lesson review, 7-39 to 7-40manual compaction, 7-33 to 7-34migrating, 7-32 to 7-33options classes, 7-34 to 7-36overview of, 13-19 to 13-20servers, 7-22 to 7-24subnet addresses, 7-30 to 7-31superscopes, 7-26 to 7-30tested skills/suggested practices, 13-4troubleshooting lab, 7-48

DHCP messagesanalyzing, 8-5 to 8-7DHCP ACK, 8-11 to 8-12DHCP Discover, 8-7 to 8-8DHCP NACK, 8-12 to 8-14

DHCP Offer, 8-8 to 8-9DHCP Request, 8-9 to 8-11header fields, 8-6 to 8-7lesson review, 8-18

DHCP NACK (Negative Acknowledgement) message

defined, 8-42initial lease process and, 8-5overview of, 8-12 to 8-13

DHCP Offer messages, 8-3 to 8-4DHCP Option field, 8-8DHCP options

assigning, 7-11 to 7-12overview of, 13-15troubleshooting, 13-35user classes and, 7-34 to 7-36

DHCP Relay Agentconfiguring, 9-65 to 9-66, 13-15 to 13-16lesson review, 9-67overview of, 9-63 to 9-65verifying functioning of, 9-66

DHCP Request messages, 8-9 to 8-10, 8-31DHCP scopes, 80/20 rule, 7-9 to 7-10

Activate menu command, 7-14activating, 7-13configuring, 7-6 to 7-11deactivating, 7-13DHCP options, 7-12exclusion ranges, 7-8 to 7-9IP address range, 7-7 to 7-8lesson review, 7-20 to 7-21New Scope Wizard, 7-6 to 7-7obtaining address from incorrect, 8-30overview of, 7-6 to 7-7reconciling, 8-35redeployment, 8-29reservations, 7-10 to 7-11Scope Options dialog box, 7-12subnet addresses and, 7-32troubleshooting DHCP client, 8-29 to 8-30verifying, 8-31 to 8-33

DHCP Server events, 8-22DHCP server logs

event codes, 8-23lesson review, 8-25 to 8-26

DHCP server logs


I-8

overview of, 8-22 to 8-23sample excerpts from, 8-24 to 8-25server authorization events, 8-23 to 8-24

DHCP Server Properties dialog box, 7-23 to 7-24, 7-31, 8-20 to 8-21

DHCP Server role, 7-4, 7-16 to 7-18DHCP servers, 7-3 to 7-21

audit logs, 13-36authorization, 7-5automatic addressing, 1-20, 7-3benefits of, 7-3case scenario, 7-46 to 7-47, 7-54 to 7-55clients and, 7-13 to 7-14connectivity problems, 12-24 to 12-26DNS updates, 7-41 to 7-47, 7-53 to 7-54dynamic IP addressing, 2-8 to 2-9dynamic updates, 5-28finding location, address, or name of, 8-31installing, 7-4IP addressing problems, 13-27lesson review, 7-20 to 7-21Manage Your Server window, 7-4options, 7-11 to 7-13Relay Agent configuration, 9-66remote access, 10-5scopes, 7-6 to 7-11, 7-13verifying configuration, 7-14 to 7-15, 8-32 to 8-34

DHCP traffic, 8-3 to 8-19case scenario, 8-38 to 8-39, 8-46 to 8-47DHCP ACK, 8-11 to 8-12DHCP Discover, 8-7 to 8-8DHCP header fields, 8-6 to 8-7DHCP messages, 8-5 to 8-7DHCP NACK, 8-12 to 8-14 DHCP Offer, 8-8 to 8-9DHCP Request, 8-9 to 8-11exam highlights, 8-41 to 8-42initial lease process, 8-3 to 8-4lease renewal process, 8-4 to 8-5lesson review, 8-18

DHCP, troubleshootingaudit logging. See audit logging, DHCPcase scenario, 8-38 to 8-39, 8-46 to 8-47client configuration, 8-27 to 8-31

DHCP database, 8-34 to 8-35Event Viewer and, 8-35 to 8-37further reading, 13-5lab, 8-40, 8-48lesson review, 1-35 to 1-40, 8-37 to 8-38overview of, 13-35 to 13-36server configuration, 8-32 to 8-34tested skills/suggested practices, 13-4traffic analysis. See DHCP traffic

Dhcploc.exe utility, 8-29, 8-30, 12-27dial-back security, 13-30, 13-35Dial-In Constraints tab, remote access policy, 10-29dial-in properties, user accounts

configuring, 10-23 to 10-26remote access authorization, 10-32 to 10-37remote access permissions, 10-24 to 10-26

Dial-Out Hours, demand-dial interface, 9-32dial-up networking

applying, 10-3authentication, 10-13 to 10-17client-side configuration, 10-13 to 10-17practice exercises, 10-19 to 10-22remote access authentication, 10-8troubleshooting, 10-39 to 10-40

dialog boxesAdd/Remove Snap-In, 11-30Add Standalone Snap-Ins, 11-30, 11-60Authentication Methods, 10-16Authentication tab, Edit Dial-In Profile, 10-17,

10-30Authentication-Type, 10-28Bindings, 8-30, 8-31Capture Trigger, 12-18Change Zone Replication Scope, 5-24, 5-26, 5-27Change Zone Type, 5-22 to 5-23Configure Device, 9-34, 10-54DHCP Server Properties, 7-23 to 7-24, 7-31, 8-20

to 8-21DNS Events Properties, 6-9 to 6-10DNS Suffix And NetBIOS Computer Name, 4-50Edit Dial-In Profile, 10-17, 10-29Filter tab, DNS Events Properties, 6-10Local Area Connection Status, 8-33Neighbors tab, RIP Properties, 9-63

DHCP server logs


I-9

Network Connection Details, 8-33New Reservation, 7-10 to 7-11New Routing Protocol, 9-67Port Status, 9-35Reconcile All Scopes, 8-34Reconcile, 8-34Scope Options, 7-12Select Attribute, 10-27 to 10-28Select Network Component Type, 1-22 to 1-23System Properties, 4-49Zone Aging/Scavenging Properties, 5-31 to 5-32

Diffie-Hellman Group, 11-67directory partitions, 6-21 to 6-22Disable Recursion, Advanced tab of DNS server

properties, 5-8 to 5-9Disabled option, Services console, 7-24Distributed File System (DFS), 4-7DNS (Domain Name System)

caching, 4-22 to 4-23capturing name resolution traffic, 4-9case scenario, 4-64components, 4-14 to 4-15DHCP client configuration, 7-14 to 7-15DHCP server updates, 7-42 to 7-47domain names, 4-12 to 4-13lesson review, 4-10, 4-24 to 4-25namespace, 4-12NetBIOS and, 4-3 to 4-8private domain namespace, 4-14queries, 4-16 to 4-22resolver cache, 4-17 to 4-18, 4-22 to 4-23, 4-58 to

4-59roots, 4-13troubleshooting, 4-65 to 4-66

DNS client cacheoverview of, 4-22 to 4-23viewing/clearing, 4-58 to 4-59

DNS clients, 4-48 to 4-63case scenario, 4-64client settings, 4-48 to 4-55computer names, 4-49connection-specific suffixes, 4-50 to 4-51default update behavior, 4-56DHCP troubleshooting and, 13-31dynamic updates, 4-55 to 4-56

exam highlights, 4-67 to 4-68lesson review, 4-62 to 4-63lesson summary, 4-63name resolution, 4-3 to 4-4, 5-13 to 5-14NetBIOS names, 4-49overview of, 4-48primary suffixes, 4-50queries, 4-16 to 4-19recursion, 4-60 to 4-62servers list, 4-52 to 4-54suffix searches, 4-54 to 4-55TCP/IP settings, 4-57 to 4-58troubleshooting lab, 4-65 to 4-66viewing/clearing resolver cache, 4-58 to 4-59

DNS consoledefined, 4-23general properties, 6-9 to 6-10resource records, 4-35 to 4-40server configuration, 4-29zones, 4-29 to 4-31

DNS debug log, 6-11 to 6-12DNS Events log

accessing, 5-11troubleshooting, 6-9 to 6-10

DNS Events Properties dialog box, 6-9 to 6-10DNS forwarders,

conditional, 5-7 to 5-8 disabling recursion, 5-8 to 5-9interfaces, 5-4overview of, 5-3recursion and, 5-47stub zones and, 5-70when to use, 5-5 to 5-6

DNS management, 14-17DNS monitoring, 6-20 to 6-29

case scenario, 6-29 to 6-31further reading, 14-4lesson review, 6-28lesson summary, 6-28 to 6-29overview of, 14-28Replication Monitor, 6-20 to 6-24System Monitor, 6-24 to 6-27tested skills/suggested practices, 14-2 to 14-3troubleshooting lab, 6-31 to 6-32

DNS monitoring


I-10

DNS naming system, NetBIOS compared to, 4-3 to 4-7

DNS Namespace, 4-12DNS performance counters, 6-26 to 6-27DNS queries, 4-16 to 4-22

example, 4-20 to 4-21local resolver, 4-17 to 4-18overview of, 4-16querying DNS server, 4-18 to 4-19recursion, 4-19resolution methods, 4-16 response types, 4-22root hints, 4-19 to 4-20

DNS Server log, 6-9 to 6-10DNS server properties, 5-3 to 5-20

Advanced, 5-9case scenario, 5-75 to 5-77Debug Logging, 5-11Event Logging, 5-11exam highlights, 5-80Forwarders, 5-4 to 5-9Interfaces, 5-4lesson review, 5-18 to 5-19lesson summary, 5-19 to 5-20Monitoring, 5-12 to 5-13practice exercises, 5-13 to 5-18properties tabs, 5-3 to 5-13Root Hints, 5-10Security, 5-13troubleshooting, 5-78

DNS server properties, advancedBIND Secondaries, 5-47 to 5-48case scenario, 5-75 to 5-77default settings, 5-46Disable Recursion, 5-46 to 5-47Enable Automatic Scavenging Of Stale Records,

5-53Enable Netmask Ordering, 5-48 to 5-50Enable Round Robin, 5-50Fail On Load If Bad Zone data, 5-48lesson review, 5-53 to 5-55lesson summary, 5-56Load Zone Data On Startup, 5-52 to 5-53Name Checking, 5-51 to 5-52

overview of, 5-45performing scavenging, 5-33recursion and, 5-7 to 5-8Secure Cache Against Pollution, 5-51

DNS servers, properties tabs, 4-26 to 4-47cache, viewing and clearing, 4-40 to 4-41caching-only, 4-34 to 4-35case scenario, 4-64configuring, 4-29 to 4-31DNS client, 4-48 to 4-52installing, 4-26 to 4-29lesson review, 4-46lesson summary, 4-47practice exercises, 4-42 to 4-46querying, 4-16 to 4-22recursion, 4-16, 4-19, 4-60 to 4-62resource records, 4-15, 4-35 to 4-40tested skills/suggested practices, 14-2troubleshooting, 4-65 to 4-66zones, 4-31 to 34

DNS servers, troubleshooting, 4-65 to 4-66, 5-78, 6-3 to 6-19

DNS Suffix And NetBIOS Computer Name dialog box, 4-50

DNS suffixesconnection-specific, 4-50 to 4-52search lists, 4-54 to 4-55

DNS troubleshooting, 6-3 to 6-19case scenario, 6-29 to 6-31DNS Debug log, 6-11 to 6-12DNS Events log, 6-9 to 6-10DNS infrastructure, 5-78Internet connectivity, 12-22 to 12-24lesson review, 6-18 to 6-19Nslookup, 6-3 to 6-8

DNS updates, 7-42 to 7-47DnsUpdateProxy security group, 7-43 to 7-44lesson review, 7-45

DNS zones. See zone transfersDnscmd utility, 5-26, 5-40Dns.log file, 6-11, 6-17 to 6-18DnsUpdateProxy security group, 13-39

DHCP server and, 7-43 to 7-44secure dynamic updates and, 5-30 to 5-31

DNS naming system, NetBIOS compared to


I-11

Domain Controller Security Policy setting, 12-36domain controllers

adding to Replication Monitor console, 6-22DHCP server installation and, 7-5

Domain Name System. See DNS (Domain Name System)

domain namesfully qualified, 4-4Name Checking option, 5-51 to 5-52overview of, 4-12 to 4-13

DomainDnsZones, 5-25 to 5-26, 6-22domains

geographical, 4-13Internet, 4-13 to 4-14logging onto with VPN connection, 10-62 to 10-63names, 4-12 to 4-13organizational, 4-13private, 4-14reverse, 4-13

dotted-decimal notationanalyzing, 2-16 to 2-17converting, 2-10 to 2-13, 2-19defined, 2-9lesson review, 2-30 to 2-31

drivers, Network Monitor, 3-5Dynamic Bandwidth Control Using BAP Or BACP,

9-12dynamic IP internetwork, 9-60dynamic routing, vs. static routing, 9-18 to 9-19dynamic updates

DNS clients, 4-55 to 4-56Kerberos and, 5-30nonsecure dynamic updates, 5-79performance counters and, 6-26secure, 5-30 to 5-31triggers, 5-30zone configuration, 5-27 to 5-28

EEAP (Extensible Authentication Protocol)

Protected EAP (PEAP), 10-72EAP-MD5 CHAP (Extensible Authentication

Protocol-Message Digest 5 Challenge Handshake Authentication Protocol), 10-10 to 10-13

EAP-RADIUS, 16-8EAP-TLS (Extensible Authentication Protocol-

Transport Level Security)defined, 10-9encryption, 10-30features/exam tips, 10-11 to 10-12operating system support, 10-14 to 10-15PPTP used with, 10-55 to 10-57smart card authentication, 10-15

Edit Dial-In Profile dialog box, 10-17, 10-29EKU (enhanced key usage) extensions, 10-58Enable Automatic Scavenging Of Stale Records,

DNS, 5-33, 5-53Enable Broadcast Name Resolution, RRAS, 9-10Enable Fragmentation Checking check box, RRAS,

9-36Enable IP Router Manager check box, RRAS, 9-37Enable Netmask Ordering, DNS, 5-46, 5-48Enable Round Robin, DNS, 5-48, 5-50Enable Router Discovery Advertisements check box,

9-37encapsulation, 16-36encryption

3DES, 10-31, 10-85authentication protocols and, 10-9 to 10-10, 10-11,

10-13Basic Encryption setting, 10-31CHAP, 10-10DES, 10-30, 10-85EAP-MD5 CHAP, 10-10EAP-TLS, 10-9, 10-72MPPE, 10-31MPPE 56-Bit, 10-31MPPE 128-Bit, 10-31MS-CHAP v1, 10-10MS-CHAP v2, 10-10No Encryption setting, 10-31PAP, 10-10PPP, 10-14PPTP connections, 10-55 to 10-56SPAP, 10-10remote access policy profiles, 10-14 to 10-15,

10-30types, 10-31VPN, 10-47

encryption


I-12

Encryption tab, remote access policies, 10-14 to 10-15, 10-30

endpoint addressing, 9-38Enforce Logon Restrictions setting, 16-16enhanced key usage (EKU) extensions, 10-58Enterprise Admins group, DHCP, 7-5, 7-52event ID codes, DHCP server logs, 8-22 to 8-23Event log, DNS

accessing, 5-11troubleshooting, 6-9 to 6-10

Event Logging tab, DNS server properties, 5-11event logs

DNS, 5-11, 6-9 to 6-10IKE, 11-80Kerberos at computer boot, 11-50 to 11-51Kerberos at user logon, 11-48, 11-51 to 11-53Kerberos monitoring, 11-58, 11-82troubleshooting IPSec policies, 11-87troubleshooting with, 11-79 to 11-80

Event Vieweraddress conflict warning, 8-28 to 8-29DNS event logging, 5-11troubleshooting DHCP, 8-34 to 8-35

exclusion ranges, DHCP leases, 7-8 to 7-9Expires After text box, SOA tab, 5-34Extensible Authentication Protocol. See EAPExtensible Authentication Protocol-Message Digest 5

Challenge Handshake Authentication Protocol. See EAP-MD5 CHAP

Extensible Authentication Protocol-RADIUS, 16-8Extensible Authentication Protocol-Transport Level

Security. See EAP-TLS extranets, 16-2

FFail On Load If Bad Zone data, DNS, 5-48failover protection, DHCP, 13-20fast transfer format, 5-47fault tolerance, 9-26, 9-66File and Printer Sharing For Microsoft Networks,

1-18file names, zones, 5-27File or Folder Access, auditing, 11-7file system, security templates, 11-9filter actions

blocking, 11-71overview of, 11-41

security associations, 11-42filter lists

blocking, 11-64creating, 11-62, 11-67

Filter tab, DNS Events Properties dialog box, 6-10filtered synchronization, 12-48filters

IP Filter Wizard, 11-68IPSec policies, 11-41 to 11-42peer filtering, RIP, 9-61 to 9-62, 16-35Set IP Demand-Dial Filters command, 9-32Task Manager, 12-5See also packet filters

firewallsBasic Firewall, 9-48, 9-50, 16-6ICMP, 2-4VPNs and, 16-50

Flags tab, Kerbtray, 11-55, 11-57ForestDnsZones, 5-25 to 5-26forwarders, DNS

conditional, 5-7 to 5-8 disabling recursion, 5-8 to 5-9interfaces, 5-4overview of, 5-3recursion and, 5-47stub zones and, 5-70when to use, 5-5 to 5-6

Forwarders tab, DNS server properties, 5-4 to 5-9FQDNs (fully qualified domain names)

defined, 4-68Disable Recursion server option and, 5-46 to 5-47multihomed host, 4-51 to 4-52overview of, 4-16 to 4-17partitions and, 5-25 to 5-26

fragmentation checking, RRAS, 9-37Frame Viewer window, Network Monitor

details pane, 3-10hexadecimal pane, 3-10overview of, 3-9summary pane, 3-9

framesdata capture, 3-8defined, 3-3IPX (NWLink) protocol, 1-17

full computer name, 4-5, 4-48fully qualified domain names. See FQDNs

Encryption tab, remote access policies


I-13

GGateway column, IP routing tables, 9-17 to 9-18gateways

comparing gateway addresses, 9-17defaults, 2-13IP addresses and, 2-33IP routing tables and, 9-18

Generic Routing Encapsulation (GRE) header, 10-56geographical domains, 4-13Getmac utility, 8-33Giaddr field, 8-30, 8-40Globally Unique Identifier (GUID), 3-8, 3-37glue chasing, 5-60glue records, 5-60Gpedit.msc, 12-37Gpupdate command-line utility, 15-15, 15-16Grant Remote Access Permission, 10-29graphs, System Monitor, 6-25, 6-26GRE (Generic Routing Encapsulation) header,

10-56GUID (Globally Unique Identifier), 3-8, 3-37

Hheader fields, DHCP, 8-6 to 8-7Help And Support Center, 3-23hexadecimal pane, Frame Viewer window,

3-10hisecdc security template, 11-23hisecws security template, 11-23hops, routing, 9-18, 9-60host (A) resource records

default client update behavior, 4-59dynamic updates, 5-30 to 5-31multihomed computers, 5-48netmask ordering, 5-48overview of, 4-37zone delegations, 5-59, 5-60

host capacity, network, 2-19 to 2-21host IDs

IP addresses and, 2-7 to 2-9per subnet, 2-20subnetting and, 2-34, 2-36

host names, 4-4, 14-1host route, 9-15

IIANA (Internet Assigned Numbers Authority), 2-12IAS (Internet Authentication Service), 10-67 to 10-82

deploying as RADIUS server, 10-75 to 10-78lesson review, 10-81lesson summary, 10-81 to 10-82overview of, 10-67practice exercises, 10-78 to 10-81 RADIUS proxy scenarios, 10-73 to 10-75RADIUS server scenarios, 10-67 to 10-70troubleshooting lab, 10-83

ICANN (Internet Corporation for Assigned Names and Numbers), 4-13 to 4-14

ICMP (Internet Control Message Protocol)defined, 2-57firewalls and, 2-4overview of, 2-4

ICS (Internet Connection Sharing) dynamic DNS updates, 4-56migrating clients for DHCP server, 7-14 to 7-16NAT and, 9-48private IP addresses and, 2-12

ID strings, 7-36IDs, network,

CIDR and, 2-9host IDs and, 2-8 to 2-9IP addresses and, 2-7, 2-9subnet mask notations compared, 2-11subnet masks and, 2-9 to 2-10

iesacls security template, 11-23IIS (Internet Information Services), 9-41

securing intranet traffic with, 11-46 to 11-47IKE (Internet Key Exchange)

auditing, 11-80IPSec connections, 11-42, 11-69main mode, 11-42quick mode, 11-42security algorithms, 11-67

importing security templates, 11-27, 11-35incremental zone transfer (IXFR) queries

overview of, 5-38 to 5-39performance counters, 6-26

infrastructurelogical, 1-6 to 1-7physical, 1-5 to 1-6

infrastructure


I-14

security, 1-11 to 1-13update, 1-13 to 1-14See also network infrastructure

input filters, packet filteringadvanced, 9-73 to 9-74basic, 9-73creating, 9-71 to 9-72defined, 9-70overview of, 9-70

Integrated Services Digital Network. See ISDN demand-dial links

integrity, network security, 11-26, 11-40interactive mode, Nslookup

command-line options, 6-5 to 6-6data types, 6-7overview of, 6-3 to 6-5practice exercise, 6-13 to 6-16querying other name servers, 6-8

interfaces, demand-dial, 9-30 to 9-37defined, 9-6Dial-Out Hours command, 9-32extranet/router-to-router VPNs, 10-49 to 10-50IP routing, 9-35 to 9-37NAT, 9-49 to 9-51network interface properties, 9-32 to 9-34overview of, 9-30 to 9-31port and device properties, 9-33 to 9-34Routing and Remote Access, 9-7Set Credentials command, 9-32Set IP Demand-Dial Filters command, 9-32shortcut menu commands, 9-31 to 9-32Unreachability Reason command, 9-32

interfaces, DNS server, 5-4interfaces, network, 9-6interfaces, router

adding in RRAS console, 9-6 to 9-7enabling DHCP Relay Agent on, 9-65 to 9-68overview of, 9-6Route command, 9-22

interfaces, RRASadding, 9-6 to 9-7configuring, 9-30 to 9-37defined, 9-6enabling routing protocols, 9-5New Interface command, 9-60

shortcut menus, 9-31 to 9-32intermittent problems, 12-3Internet Assigned Numbers Authority (IANA), 2-12Internet Authentication Service. See IAS (Internet

Authentication Services)Internet Connection Sharing. See ICS (Internet

Connection Sharing) Internet connectivity, 12-22 to 12-31

case scenario, 12-57 to 12-58further reading, 17-5identifying issues, 12-22 to 12-25lesson review, 12-30 to 12-31lesson summary, 12-31name resolution issues, 12-22 to 12-25network settings verification, 12-25 to 12-28overview of, 12-22practice exercise, 12-28 to 12-29tested skills/suggested practices, 17-2troubleshooting, 17-13

Internet Control Message Protocol (ICMP)defined, 2-57firewalls and, 2-4overview of, 2-4

Internet Corporation for Assigned Names and Numbers (ICANN), 4-13 to 4-14

Internet domain namespace, 4-13 to 4-14Internet Information Services (IIS), 9-41

securing intranet traffic with, 11-46 to 11-47Internet Key Exchange (IKE). See IKE (Internet Key

Exchange)Internet layer, TCP/IP

Network Monitor and, 3-12overview of, 2-3 to 2-4

Internet Protocol (TCP/IP) Properties. See TCP/IP properties

Internet Protocol Security (IPSec). See IPSec (Internet Protocol Security)

Internet Service Providers (ISPs), 10-26Intranets, 4-6IP addresses

APIPA and, 1-25 to 1-27blocks, 2-7 to 2-31decimal/binary notation, 2-7, 2-9 to 2-10, 2-16,

2-18DHCP advantages, 7-3

infrastructure


I-15

further reading, 13-8gateways, 2-13lesson review, 2-5, 2-30overview of, 13-1private, 2-12public, 2-12remote access, 9-10, 10-4, 10-6 to 10-7resolving to host names, 6-3 to 6-4scope configuration for, 7-7 to 7-8structure, 2-7 to 2-11subnets, 2-15 to 2-16tested skills/suggested practices, 13-4 to 13-5

IP addresses, configuring, 2-32 to 2-53automatically, 2-42case scenario, 2-53 to 2-55lesson review, 2-30 to 2-31practice exercises, 2-59 to 2-60

IP addresses, troubleshooting, 13-31 to 13-38answers, 13-35 to 13-38further reading, 13-8overview of, 13-31tested skills/suggested practices, 13-5 to 13-6

IP Filter Wizard, 11-68IP (Internet Protocol), RRAS and, 9-9 to 9-10IP Router Manager, 9-37IP routing

general properties, 9-13 to 9-14interface, 9-36 to 9-37overview, 9-3RRAS and, 9-13 to 9-14

IP Routing node, RRAS console, 9-6 to 9-7general properties, 9-35packet filters, 9-72routing tables and, 9-16using, 9-7

IP Routing Tablesdefault route, 9-16host route, 9-15network route, 9-15reading, 9-16 to 9-18static and dynamic routing, 9-18 to 9-19viewing, 9-16

IP Security Monitor (Ipsecmon)IPSec connections and, 11-42monitoring IPSec with, 11-44, 11-73

Network Monitor and, 15-25overview of, 15-25practice exercises, 11-59 to 11-76statistics, 11-43 to 11-44troubleshooting IPSec policies, 11-80 to 11-81

Ipconfig, 1-21, 3-22Ipconfig /all

APIPA and, 1-25, 1-26ARP and, 3-29case scenario, 1-36example, 3-22DHCP server configuration, 7-14 to 7-15, 7-19 to

7-20DHCP troubleshooting, 8-29, 8-30overview of, 3-19 to 3-20Ping and PathPing, 3-26

Ipconfig /displaydns, 4-58Ipconfig /flushdns

flushing DNS client cache, 4-58, 4-59practice exercise, 4-9

Ipconfig /registerdnsdefault client update behavior, 4-56host (A) resource records and, 4-37

Ipconfig /release, 7-32, 8-14Ipconfig /renew

APIPA client migration, 7-14, 7-15APIPA troubleshooting, 1-27DHCP addresses, 8-29DHCP leases, 8-4

subnet address changes, 7-32Ipconfig /setclassid, 7-35 to 7-37IPSec (Internet Protocol Security), 11-40 to

11-78default policies, 11-43establishing connections, 11-42overview of, 11-41 to 11-42security associations, 11-42Security Monitor and, 11-43 to 11-44

See also L2TP/IPSec (Layer2 Tunneling Protocol/IP Security)

IPSec policies, default, 11-43IPSec, Quick Mode

defined, 11-95overview of, 11-42, 15-25viewing IP statistics, 11-73

IPSec, Quick Mode


I-16

Ipsecmon. See IP Security Monitor (Ipsecmon)IPX (NWLink) protocol, 1-17IPX/SPX protocol, 1-9 to 1-10ISDN (Integrated Services Digital Network) demand-

dial linksoverview of, 10-4Q & A, 16-48, 16-50

ISPs (Internet Service Providers), 10-26iteration (iterative queries), 4-16, 4-19, 5-47

secure, 5-7IXFR (incremental zone transfer) queries

overview of, 5-38 to 5-39performance counters, 6-25 to 6-27

JJetpack utility, 13-20

KKDC (Kerberos Key Distribution Center), 11-50 to

11-51, 11-53Kerberos

authorization and, 11-53 to 11-54, 15-1boot up and, 11-48 to 11-50dynamic updates and, 5-30further reading, 15-5, 15-6Kerbtray, 11-54 to 11-57Klist, 11-57 to 11-58monitoring network security, 15-25Netdiag and, 11-58 to 11-59NTLM and, 11-47, 11-50, 11-81 to 11-82overview of, 11-47 to 11-48practice exercises, 11-75 to 11-76security paradigms, 11-6tracking logon, 11-48user logon and, 11-51 to 11-53

Kerberos Key Distribution Center (KDC), 11-50 to 11-51, 11-53

Kerbtray.exe, 11-47 to 11-50Kerberos at user logon, 11-51 to 11-53Kerberos authentication role, 11-47overview of, 11-47 to 11-48practice exercise, 11-75 to 11-76tracking logon, 11-48

key exchangesecurity methods, 11-42, 11-66settings, 11-65 to 11-66

See also IKE (Internet Key Exchange)keys

master key, 11-65, 11-67preshared keys, 10-59, 10-64

Klist.exeKerberos’ role in authentication, 11-54overview of, 11-57 to 11-58practice exercise, 11-76tracking logon, 11-48

LL2TP/IPSec (Layer2 Tunneling Protocol/IP Security)

applying, 10-57 to 10-58computer certificates, 10-58 to 10-59disabling connections, 10-59encryption and, 10-31lesson review, 9-66lesson summary, 9-66packet filtering, 9-74PPTP vs., 10-56, 10-57practice exercises, 10-63 to 10-66preshared keys and, 10-59VPN connections, 10-54 to 10-55

LAN routing, 9-3 to 9-29case scenario, 9-75 to 9-77lesson review, 9-28lesson summary, 9-29overview, 9-3 to 9-4practice exercise, 9-27routing tables, 9-15 to 9-19

RRAS. See RRASscenarios, 9-19 to 9-20static routes, 9-20 to 9-26

“layer 2” devices, 9-3“layer 3” devices, 9-3Layer2 Tunneling Protocol/IP Security. See L2TP/

IPSeclayers, TCP/IP, 1-12, 2-3 to 2-5

application layer, 2-5internet layer, 2-3 to 2-4

network interface layer, 2-3transport layer, 2-4 to 2-5

LCP (Link Control Protocol) Extensionsdefined, 9-12enabling, 10-25

LDAP (Lightweight Directory Access Protocol)

Ipsecmon


I-17

Kerberos at computer boot and, 11-48 to 11-49SRV resource records and, 4-39

leases. See DHCP leasesleast privilege principle, 11-12 to 11-14legacy programs, running, 15-19Lightweight Directory Access Protocol. See LDAPlimited broadcast addresses, 9-17, 9-18 Link Control Protocol. See LCP (Link Control

Protocol) Extensionslink state database, 9-63loading, DNS zones

Fail On Load If Bad Zone data, 5-46, 5-48Load Zone Data On Startup, 5-46, 5-52 to 5-53

Local Area Connection Status dialog box, 8-33local policies, security templates, 11-32Local Security Policy, 11-8, 15-7Local System account, 12-34LocalNetPriority setting, 5-48logging

auditing. See audit logging, DHCPDNS servers, 5-11, 6-11 to 6-12event logs, 12-12, 12-35 to 12-36RRAS (Routing and Remote Access), 9-7 to 9-8,

9-13logical infrastructure, 1-6 to 1-7logon

alerts, 12-9auditing, 11-6 to 11-7, 11-80rights, 12-35 to 12-36to Windows, 10-7tracking with Kerberos, 11-6, 11-48 to 11-49, 11-51

to 11-52troubleshooting with Network Monitor, 11-79 to

11-80unauthorized access, 11-6VPN connections and, 10-62 to 10-63

Logon Events, auditing, 11-6logs, performance

actions, 12-12 to 12-14alerts, 12-10 to 12-11general properties, 12-11 to 12-12lesson review, 12-20schedules, 12-14

loopback addresses, 9-17Ls command, Nslookup, 6-8, 6-9Lserver command, Nslookup, 6-8

MMAC (Media Access Control) addresses

overview of, 13-19verifying for reservations, 8-33

mail exchanger (MX) resource records, 4-15, 4-35, 4-38

Main Mode node, IPSecdefined, 11-95IKE and, 11-42practice exercises, 11-72, 11-73

managementDHCP. See DHCP managementDNS. See DNS managementIP Router Manager, 9-37IP routing, 16-29 to 16-35IP security policies, 11-59 to 11-64Netsh and, 10-78, 11-59, 11-69 to 11-72remote access, 16-20 to 16-28remote access clients, 10-40 to 10-41

master key, 11-65, 11-67masters, defined, 4-32Maximum Ports setting, 10-54, 10-59Media Access Control. See MAC addressesMetric column, IP routing tables, 9-18Microsoft

Calculator. See CalculatorPoint-to-Point Encryption. See MPPESMS (Systems Management Server), 12-17Terminal Services, 1-13, 1-20Web site information. See Web site information,

MicrosoftWindows Explorer, 4-7, 4-8

Microsoft Encyclopedia of Networking, Second Edition

IP addressing, 13-7name resolution, 14-4

Microsoft Network Monitor online help, 17-4Microsoft Web site information

IP addressing, 13-7IPSec features for 2003, 11-41Kerberos, 11-48network infrastructure, 17-4Registry settings, adding to security templates,

11-9RRAS, 16-5 to 16-6security templates, 11-5 to 11-6

Microsoft Web site information


I-18

Microsoft Windows 2000DHCP leases, 8-3DNS and, 4-6replication, 5-26 to 5-27zone transfers, 5-37

Microsoft Windows Components WizardDHCP server installation, 7-4DNS server installation, 4-26

Microsoft Windows NT 4 domains, 15-9, 15-11 to 15-14

Microsoft Windows Server 2003Resource Kit, 17-5security white paper, 11-23Web Edition, 1-5

Microsoft Windows Server 2003, Online Helpnetwork infrastructure, 17-4network security, 15-5Routing and Remote Access, 16-5 to 16-6

Microsoft Windows Updateaccessing Catalog, 15-18overview of, 15-18

Microsoft Windows XP, 15-2, 15-18 to 15-19modems, 9-12, 9-16, 9-32, 9-34monitoring, DNS server properties, 5-12 to

5-13monitoring, network traffic

case scenario, 12-57 to 12-58counters, 12-6DNS. See DNS monitoringfurther reading, 17-4 to 17-5lesson review, 12-20 to 12-21lesson summary, 12-21Netstat, 12-14 to 12-16Network Monitor. See Network MonitorNetworking tab of Task Manager, 12-3 to 12-6overview of, 17-6 to 17-7Performance Console, 12-6 to 12-14practice exercises, 12-18 to 12-20tested skills/suggested practices, 17-2 to 17-4

MPPE (Microsoft Point-to-Point Encryption)defined, 10-85encryption settings, 10-30 to 10-31PPP connections, 10-14PPTP connections, 10-55

MS-CHAP v1 authentication protocoldefined, 10-10

encryption, 10-13 to 10-14features/exam tips, 10-11 to 10-12operating system support, 10-12

MS-CHAP v2 authentication protocoldefined, 10-10encryption, 10-13 to 10-14features/exam tips, 10-11 to 10-12operating system support, 10-12

Msconfig.exe (System Configuration utility), 17-24multihomed computers, 1-34Multibyte (UTF-8), 5-51 to 5-52Multilink connections

defined, 9-12overview of, 9-11remote access policies, 10-30

multinetsdefined, 7-51overview of, 7-28superscope supporting, 7-28 to 7-32

multipath IP internetwork, 9-60mutual authentication, 16-36MX (mail exchanger) resource records, 4-15, 4-35,

4-38My Network Places, 4-3, 4-7

NNACK (negative acknowledgement) messages

DHCP leases, 8-5overview of, 8-12 to 8-14superscopes, 7-31

Name Checking, DNS server properties, 5-51 to 5-52

name resolutioncomputer names and, 4-4 to 4-5disabling NetBIOS, 4-7 to 4-8DNS vs. NetBIOS, 4-3 to 4-7further reading, 14-3 to 14-4Internet connection, 12-22 to 12-25lesson review, 4-10lesson summary, 4-10 to 4-11name suffixes and, 4-4 to 4-5overview of, 1-11practice exercises, 4-9procedures, 4-6tested skills/suggested practices, 14-2 to 14-3traffic, capturing with Nbstat, 4-9

Microsoft Windows 2000


I-19

troubleshooting Internet connectivity, 12-22 to 12-25

troubleshooting lab, 4-65 to 4-66See also DNS (Domain Name System)

name resolution, NetBIOScapturing traffic, 4-9defined, 1-11disabling, 4-7 to 4-8DNS vs. NetBIOS, 4-3 to 4-8lesson review, 4-10lesson summary, 4-10 to 4-11

Name Server resource records. See NS (Name Server) resource records

name suffixes, 4-4 to 4-5names, computer

Disable Round Ordering option, 5-50 to 5-51

DNS clients, 4-48Enable Netmask Ordering option, 5-46, 5-48Enable Round Robin option, 5-50overview of, 4-4 to 4-5

namespaceDNS, 4-12Internet domains, 4-13 to 4-14private domains, 4-14

NAT (Network Address Translation)advantages, 13-6case scenario, 9-75 to 9-77configuring, 9-47 to 9-58DHCP Relay Agent and, 9-67ICS compared with, 9-48incoming calls and, 9-49 to 9-50lesson review, 9-57 to 9-58lesson summary, 9-58overview of, 1-11, 9-47 to 9-48packet filters and, 9-71practice exercises, 9-51 to 9-57troubleshooting, 9-50 to 9-51troubleshooting lab, 9-77 to 9-78

NBT Connection performance object, 12-8negative acknowledgement messages. See NACK

messagesNeighbors tab, RIP Properties dialog box, 9-63NetBIOS

defined, 4-68disabling, 4-7 to 4-8

DNS name resolution compared with, 4-3 to 4-7NetBT (NetBIOS over TCP/IP), 1-9, 1-37Netcap, 11-44 to 11-46

syntax, 11-45Netdiag utility

defined, 3-25displaying IPSec information, 11-41overview of, 3-25practice exercise, 3-29reloading SRV records, 4-39 to 4-40tests, 3-26verifying Kerberos with, 11-58 to 11-59

Netlogon.dns, 4-39, 4-40Netmask column, IP routing tables, 9-17netmask ordering, DNS, 5-9, 5-48 to 5-50Netsh utility

dynamic mode, 11-72managing IPSec, 11-69 to 11-72monitoring IPSec, 11-72 to 11-73overview of, 7-25 to 7-27practice exercises, 11-59 to 11-64Show All command, 11-81Show Gpoassignedpolicy command, 11-80Show Mmsas All command, 11-72Show Qmsas All command, 11-72

Netstat utilitylesson review, 12-20 to 12-21monitoring network traffic, 12-14 to 12-16

NetWare Network, 1-10, 1-17, 1-20Network Address Translation. See NAT (Network

Address Translation)network bridging, 12-57network clients, 1-18 to 1-19Network Connection Details dialog box, 8-33network connections

adding components to, 1-22 to 1-23advanced settings, 1-19 to 1-21APIPA, 1-25 to 1-29automatically configured, 1-25bridging, 1-30 to 1-32configuring, 1-22, 1-23 to 1-32default components, 1-17overview of, 1-16provider order, 1-20 to 1-21TCP/IP settings, 1-32 to 1-34viewing, 1-16 to 1-32

network connections


I-20

network countersadding, 12-8 to 12-9Performance console, 12-9 to 12-10Task Manager, 12-8 to 12-9

Network Destination column, IP routing tablescomparing gateway address with, 9-17overview of, 9-17

Network Diagnosticsdefined, 3-23

Netdiag utility, 3-25Netdiag tests, 3-25 to 3-26

overview of, 3-23 to 3-24practice exercise, 3-29 to 3-30

network IDsCIDR and, 2-9host IDs and, 2-8 to 2-9IP addresses and, 2-7, 2-9subnet mask notations compared, 2-11

subnet masks and, 2-9 to 2-10network infrastructure, 1-5 to 1-14

Active Directory, 1-11addressing, 1-10case scenario, 1-35 to 1-36certificates, 1-12defining, 1-8 to 1-14group policy, 1-12 to 1-13lesson review, 1-14 to 1-15lesson summary, 1-14 to 1-15logical, 1-6 to 1-7name resolution, 1-10 to 1-11network clients, 1-18network computer groups, 1-12 to 1-13network connections, 1-16 to 1-23network protocols, 1-17network services, 1-18 to 1-19physical, 1-5 to 1-6public key and certificates, 1-12remote access, 1-11repair actions, 12-26routing and Network Address Translation, 1-11security, 1-11 to 1-13update, 1-13 to 1-14

network infrastructure, maintainingcase scenario, 12-57 to 12-58

configuring update infrastructure, 12-32 to 12-57further reading, 17-4 to 17-5monitoring network performance, 12-3 to 12-21overview of, 17-1 to 17-2tested skills/suggested practices, 17-2 to 17-4troubleshooting Internet connectivity, 12-22 to

12-31troubleshooting server services, 12-32 to 12-41

network interface layer, TCP/IPbridges, 9-3Network Monitor and, 3-3overview of, 2-3 to 2-4

network interfaces, RRASadding, 9-6 to 9-7configuring, 9-30 to 9-37defined, 9-6enabling routing protocols, 9-5New Interface command, 9-60shortcut menus, 9-31 to 9-32

Network Monitor, 3-3 to 3-21administrative tool, 3-4 to 3-5advanced features, 3-15 to 3-16analyzing captured data, 3-8 to 3-10analyzing DHCP messages, 8-5 to 8-6capture window, 3-7case scenario, 3-34 to 3-36components, 3-4 to 3-5data capture, 3-8, 3-16DHCP Discover, 8-7 to 8-8DHCP header fields, 8-6 to 8-7DHCP messages, 8-5 to 8-7DHCP NACK, 8-12 to 8-14 DHCP Offer, 8-8 to 8-9DHCP Request, 8-9 to 8-11driver installation, 3-5filters, 3-12 to 3-13frames, 3-10 to 3-11, 3-16installing, 3-4 to 3-5interface, 3-6 to 3-7lease renewal, 8-4 to 8-5lesson review, 3-20lesson summary, 3-20 to 3-21“lite” and “full”, 12-17 to 12-18Netcap and, 11-44 to 11-46

network counters


I-21

Online Help, 17-3OSI (Open Systems Interconnection) model, 3-11

to 3-12Overview of, 3-3parsers, adding, 3-15practice exercises, 3-16 to 3-19Select A Network window, 3-6 to 3-7troubleshooting IPSec policies, 11-80 to 11-81troubleshooting logon, 11-81 to 11-82usage scenarios, 3-14 to 3-15versions of, 3-4

network performance. See monitoring, network traffic

network prefix subnet masksconverting between dotted-decimal and, 2-17 to

2-19overview of, 2-17

network protocolsIPSec. See IPSec (Internet Protocol Security)Kerberos. See Kerberoslesson review, 1-14lesson summary, 1-15monitoring with Network Monitor, 3-11 to 3-12overview of, 1-8 to 1-10security, 11-3 to 11-4traffic capture, 11-41 to 11-42viewing connection components, 1-17 to 1-20

network providers, Provider Order tab, 1-20 to 1-22network route, 9-15network security. See securitynetwork services, 1-8, 1-18Network Shell utility (Netsh.exe). See Netsh utilityNetwork Solutions, 4-14networking components

addressing, 1-10case scenario, 1-35 to 1-36connections, 1-16 to 1-32lesson review, 1-14lesson summary, 1-15logical infrastructure, 1-6 to 1-7name resolution, 1-10 to 1-11network protocols, 1-8 to 1-10physical infrastructure, 1-5 to 1-6remote access, 1-11routing, 1-11

security infrastructure, 1-11 to 1-13update infrastructure, 1-13 to 1-14

networking, dial-upapplying, 10-3authentication, 10-13 to 10-17client-side configuration, 10-13 to 10-17practice exercises, 10-19 to 10-22remote access authentication, 10-8troubleshooting, 10-39 to 10-40

networking performance objectsNBT Connection, 12-8Network Interface, 12-8RAS Port, 12-8RAS Total, 12-9Server, 12-9TCPv4, 12-8TCPv6, 12-8

Networking Services component, 1-12New Technology Local Area Network Manager

(NTLM)Kerberos and, 11-47, 11-50, 11-81 to 11-82protocol, 16-8

no-refresh intervals, 5-32Nodebug option, Nslookup, 6-5Nominet, 4-14Non RFC name-checking method, 5-52None dynamic updates, 5-27noninteractive mode, Nslookup, 6-3 to 6-4nonsecure dynamic updates, 5-27notation, binary, 2-7, 2-9 to 2-10, 2-16, 2-18

converting manually, 2-9 to 2-10converting with calculator, 2-18defined, 2-7exercise converting, 2-18 to 2-19, 2-60

notation, decimalconverting manually, 2-10 to 2-13converting with calculator, 2-13defined, 2-9exercise converting, 2-18 to 2-19lesson review, 2-19 to 2-20

notation, dotted-decimalanalyzing, 2-16 to 2-17converting, 2-10 to 2-13, 2-19defined, 2-9lesson review, 2-30 to 2-31

notation, dotted-decimal


I-22

notification settings, zone transfersoverview of, 5-36 to 5-37performance counters, 6-29 to 6-30practice exercise, 5-38 to 5-39

NS (Name Server) resource recordsconfiguring, 5-35 to 5-36zone delegations and, 5-58

Nslookup utility, 6-3 to 6-8data types, 6-7defined, 6-3interactive mode, 6-4 to 6-5noninteractive mode, 6-3 to 6-4options, 6-5 to 6-6overview of, 6-3practice exercises, 6-12 to 6-16, 6-34querying other name server, 6-8Set All command, 6-5 to 6-6Set Querytype (set q) command, 6-7Set Type command, 6-7troubleshooting Internet connectivity, 12-23viewing zone data, 6-8

NTLM (New Technology Local Area Network Manager)

Kerberos and, 11-47, 11-50, 11-81 to 11-82protocol, 16-8

NWLink protocol. See IPX (NWLink) protocol

OOnline Help

network infrastructure, 17-3Network Monitor, 17-3network security, 15-4Routing and Remote Access, 16-8 to 16-9

Open Shortest Path First. See OSPF (Open Shortest Path First) routers

Open Systems Interconnection (OSI) model, 3-11 to 3-12

options classes, 7-35 to 7-37organizational domains, 4-13OSI (Open Systems Interconnection) model, 3-11 to

3-12OSPF (Open Shortest Path First) routers

areas, 9-64lesson review, 9-68 to 9-69overview of, 9-63 to 9-64RIP and, 9-63 to 9-64

routing, 9-18 to 9-20, 9-26, 9-59, 16-1, 16-29output filters, packet filtering, 9-37

basic, 9-73creating, 9-71 to 9-72defined, 9-70

Owner field, resource records, 4-36

Ppacket filters, 9-37, 9-71 to 9-77, 10-52

advanced, 9-73 to 9-74basic, 9-73 to 9-74case scenario, 9-75 to 9-77, 9-84 to 9-85creating, 9-71 to 9-72defined, 9-70IP Routing properties, 9-37lesson review, 9-76 to 9-77mixed VPNs with firewall and, 10-52overview of, 9-70remote access policies and, 9-72review of, 16-20Routing and Remote Access console and, 9-72

Pages/Sec counter, Performance console, 12-7PAP (Password Authentication Protocol)

defined, 10-10exam highlights, 10-11 to 10-12operating systems supported, 10-12 to 10-13security and, 10-14 to 10-15

parsersadding to Network Monitor, 3-15defined, 3-35

partitions, Active Directory–integrated zones, 6-21 to 6-22

Password Authentication Protocol. See PAP (Password Authentication Protocol)

PathPing utility, 3-26 to 3-27defined, 3-37overview of, 3-26 to 3-27troubleshooting Internet connectivity, 12-23Tracert compared to, 3-28

Pause button, zone status, 5-22PEAP (Protected EAP), 16-10, 16-12, 16-17peer filtering, RIP, 9-61perfmon.exe command, 12-8Performance console, 12-7 to 12-14

alerts, 12-10 to 12-14, 12-19 to 12-20general properties, 12-11 to 12-12

notification settings, zone transfers


I-23

lesson review, 12-20NBT Connection object, 12-9network counters, 6-26, 12-9Network Interface object, 12-9Pages/Sec counter, 12-8RAS Port performance object, 12-9 to 12-10starting, 12-8System Monitor in, 6-25Task Manager and, 12-8, 12-10See also monitoring, network traffic

performance counters% Processor Time, 12-8Average Disk Queue Length, 12-8AXFR (all zone transfer) queries, 6-26DNS, 6-26 to 6-27IXFR (incremental zone transfer) queries, 6-26list, 6-26 to 6-27Total Query Received, 6-27Total Response Sent, 6-27

Performance Logs and Alertsactions, 12-12 to 12-14alerts, 12-10 to 12-11general properties, 12-11 to 12-12lesson review, 12-20schedules, 12-14

performance objects, networkingNBT Connection, 12-8Network Interface, 12-8RAS Port, 12-8RAS Total, 12-9Server, 12-9TCPv4, 12-8TCPv6, 12-8

peripheral routers, 9-26permissions

DHCP server authorization, 7-5least privilege principle, 11-12 to 11-14remote access, 10-24 to 10-25

persistent connections, NAT configuration, 9-48physical infrastructure, 1-5 to 1-6physical topology, 2-34 to 2-35PIDs (Process Identifiers), 12-15 to 12-16Ping Capture, 3-18 to 3-19Ping utility

output, 3-18overview of, 3-26 to 3-27

troubleshooting Internet connectivity, 12-22 to 12-23

PKI (Public Key Infrastructure), 1-12, 1-13Point-to-Point Protocol (PPP)

dial-up networking and, 10-4encryption, 10-14PPP tab, RRAS, 9-12 to 9-14See also MPPE (Microsoft Point-to-Point

Encryption)Point-to-Point Tunneling Protocol. See PPTP (Point-

to-Point Tunneling Protocol)pointer (PTR) resource records

configuring Dynamic DNS updates, 4-55 to 4-56default client update behavior, 4-56defined, 4-30FQDNs and, 4-52overview of, 4-39

policiesaccount policies, 11-23authorization scenarios, 10-32 to 10-37blocking policies, 11-60 to 11-64connection request policies, 10-73 to 10-75, 10-87local policies, 11-32See also IPSec policies; remote access policies

portsconfiguring PPTP on VPN server, 10-56 to

10-57configuring VPNs, 10-54 to 10-65demand-dial, 9-34 to 9-35L2TP/IPSec connections and, 10-57 to 10-59Maximum Ports setting, 10-54, 10-59packet filtering, 9-73 to 9-75Port Status dialog box, 9-35RADIUS servers, 10-76RAS Port performance object, 12-8TCP, 2-4 UDP, 2-5

positive answer, 4-21Post-Setup Security Updates (PSSU), 11-28Power Users group, 15-19Powers of 2, 2-14 to 2-15PPP (Point-to-Point Protocol). See also MPPE

(Microsoft Point-to-Point Encryption)dial-up networking and, 10-4encryption, 10-14PPP tab, RRAS, 9-12 to 9-14

PPP (Point-to-Point Protocol)


I-24

PPTP (Point-to-Point Tunneling Protocol)overview of, 10-56 to 10-56packet filtering and, 9-74 to 9-75PPTP-type VPN connections, 10-57, 10-64VPN clients, 10-56 to 10-57VPN servers, 10-56

predefined security templates, 15-7preferences, IP Routing, 9-15 to 9-16preshared keys, 10-59, 10-64primary DNS suffix

configuring, 4-56DNS clients, 4-54overview of, 4-5search lists, 4-54 to 4-55setting, 4-50

primary domain name, 4-5primary servers

migrating, 5-23notification, 5-38 to 5-39Primary Server text box, SOA tab, 5-34secondary zones and, 4-32zone transfer initiation, 5-38 to 5-39

primary zonesoverview, 4-31reconfiguring zones as, 5-22standard, 4-33zone transfers and, 5-37, 5-38

principle of least privilege, 11-12 to 11-14printer sharing, 1-9, 1-14private domain namespace, 4-14private IP addresses

configuring TCP/IP addressing, 13-6local names resolved to, 14-1overview of, 2-12, 16-20

private networksICS. See ICS (Internet Connection Sharing)NAT. See NAT (Network Address Translation)overview of, 16-36

Process Identifiers (PIDs), 12-15 to 12-16Processes tab, Task Manager, 12-15 to 12-16profiles, remote access policies, 10-29 to 10-30properties

demand-dial, 9-31devices, 9-34 to 9-35DHCP Relay Agent, 9-68

IP addresses. See IP addresses, configuringIP routing, 9-14 to 9-16network interfaces, 9-32 to 9-34ports, 9-34 to 9-35user account dial-in, 10-23 to 10-26zone. See zone properties

properties tabs, DNS server, 5-3 to 5-13advanced, 5-9debug logging, 5-11event logging, 5-11forwarders, 5-4 to 5-9interfaces, 5-4monitoring, 5-12root hints, 5-10 to 5-11security, 5-13

Protected EAP (PEAP), 16-10, 16-12, 16-17protocols, authentication

CHAP, 10-10 to 10-13choosing, 10-9 to 10-10configuring client side, 10-12 to 10-15configuring server side, 10-16 to 10-18EAP, 16-8, 16-16 to 16-17EAP-MD5 CHAP, 10-10 to 10-13EAP-TLS, 10-9 to 10-13, 10-16 to 10-17, 10-58,

10-87features of, 10-11 to 10-12MS-CHAP v1, 10-10 to 10-13, 10-15MS-CHAP v2, 10-10 to 10-13, 10-15, 16-16 to

16-17, 16-39, 16-45operating system support, 10-12 to 10-13PAP, 10-10, 10-11 to 10-15RADIUS, 10-8, 10-26 to 10-27, 10-32, 10-38, 10-67

to 10-81SPAP, 10-10, 10-11 to 10-14unauthenticated access, 10-10

protocols, networkIPSec. See IPSec (Internet Protocol Security)Kerberos. See Kerberoslesson review, 1-14monitoring with Network Monitor, 3-11 to 3-12overview of, 1-8 to 1-10security, 11-3 to 11-4traffic capture, 11-41 to 11-42viewing connection components, 1-17 to 1-20

protocols, routing, 9-59 to 9-69

PPTP (Point-to-Point Tunneling Protocol)


I-25

adding and configuring, 9-59 to 9-60defined, 9-59deploying over VPNs, 10-51DHCP Relay Agent, 9-65 to 9-68exam highlights, 9-80 to 9-81lesson review, 9-69multiple-routers and, 9-21New Routing Protocol command, 9-59New Routing Protocol dialog box, 9-67OSPF overview, 9-63 to 9-64RIP, 9-60 to 9-63

provider order, network connections, 1-20PSSU (Post-Setup Security Updates), 11-28PSTN (Public Switched Telephone Network), 10-4PTR resource records. See pointer (PTR) resource

recordspublic IP addresses, 2-12public key cryptography, certificates and, 1-12Public Key Infrastructure (PKI), 1-12, 1-13Public Switched Telephone Network (PSTN), 10-4

QQuadA (AAAA) IPv6 records, 14-1queries, IXFR (incremental zone transfer)

overview of, 5-38 to 5-39performance counters, 6-25 to 6-27

query, recursive, 4-68, 6-33query response types

authoritative answer, 4-21negative answer, 4-22positive answer, 4-21referral answer, 4-21 to 4-22

Quick Mode, IPSecdefined, 11-95overview of, 11-42, 15-25viewing IP statistics, 11-73

RRADIUS (Remote Authentication Dial-In User

Service)configuring, 10-75, 10-77 to 10-78defined, 10-85deploying, 10-78 to 10-79IAS, 10-75 to 10-78lesson summary, 10-81 to 10-82

practice exercises, 10-78 to 10-81proxies, 10-73 to 10-75remote access authentication, 10-8 to 10-10remote access policies, 10-26 to 10-27scenarios, 10-67 to 10-72Send RADIUS Accounting On and Accounting Off

Messages, 10-77server groups, 10-73servers, 10-76, 10-77settings, 10-32specifying clients, 10-76 to 10-78support for WPS, 10-72

RAS Port performance object, 12-8RAS (remote access servers)

access beyond, 10-38 to 10-40authentication. See remote access, authenticationconfiguring Windows Server 2003 as, 16-1RAS Total performance object, 12-9

RDATA field, 4-36rebinding state, DHCP lease renewal, 8-5Reconcile All Scopes dialog box, 8-34Reconcile dialog box, 8-34recovery options, 12-34 to 12-38, 12-39 to 12-40recursion

configuring DNS server, 4-60 to 4-62defined, 4-68, 5-80disabling, 5-8 to 5-9 overview of, 4-19

recursive query, 4-68redirection, 14-22, 14-27referral answer, 4-21referrals, 5-47refresh intervals

modifying, 5-32no-refresh, 5-32Refresh Interval box, SOA tab, 5-34

registered IP addresses, 14-1Registry

APIPA and, 1-25security templates, 11-7, 11-9

Registry Key Access, auditing, 11-7Relay Agent. See DHCP Relay Agentremote access, authentication, 10-7 to 10-18

case scenario, 10-82 to 10-83, 10-88client-side protocols, 10-13 to 10-17

remote access, authentication


I-26

lesson review, 10-22, 16-7 to 16-8overview of, 10-7 to 10-8practice exercises, 10-19 to 10-22protocols, 10-10 to 10-13server-side protocols, 10-17 to 10-19through RADIUS, 10-8 to 10-9

remote access, authorization, 10-23 to 10-46access beyond remote access server, 10-38 to

10-40Allow Access setting, 10-24 to 10-25, 10-29case scenario, 10-82 to 10-83lesson review, 10-45 to 10-46lesson summary, 10-46managing clients, 10-40 to 10-41practice exercises, 10-41 to 10-45remote access policies, 10-26 to 10-32scenarios, 10-32 to 10-37troubleshooting, 10-37 to 10-38user dial-in properties, 10-23 to 10-26

remote access, configuringdial-up networking, 10-3 to 10-4IP address assignments, 10-4 to 10-5private networks, 16-36 to 16-40remote client addressing, 10-4 to 10-7troubleshooting client access to, 16-41 to 16-51troubleshooting RRAS routing, 16-47 to 16-51

Remote Access Connection Manager, 12-33 to 12-34remote access, connections, 1-11remote access policies

authorization scenarios, 10-32 to 10-37client management, 10-40 to 10-41conditions, 10-27 to 10-28configuring, 16-1creating, 10-42 to 10-44defined at server, 10-32extranet/router-to-router VPNs, 10-49 to 10-50overview of, 10-26 to 10-27permissions, 10-29PPTP configuration on VPN server, 10-56 to 10-57profiles, 10-29 to 10-32Remote Access Policies node, RRAS, 10-17removing, 10-26Select Attribute dialog box, 10-27 to 10-28

remote access servers (RAS)access beyond, 10-38 to 10-40

authentication. See remote access, authenticationconfiguring Windows Server 2003 as, 16-1

Remote Authentication Dial-In User Service. SeeRADIUS (Remote Authentication Dial-In User Service)

renewal process, DHCP leases, 8-4 to 8-5Repair button, 8-29Repair feature, DHCP servers, 12-25 to 12-27replica, defined, 6-33replication

directory partitions and, 5-25 to 5-26overview of, 5-23 to 5-26zone, 5-24 to 5-25

Replication Monitor (replmon.exe) Active Directory–integrated zones, 6-21 to 6-24lesson review, 6-28overview, 6-20 to 6-21

Request for Comments. See RFCs (Request for Comments)

Request Security, IPSec, 11-43Require Security, IPSec, 11-43Réseaux IP Européens (RIPE NCC), 2-12reservations, DHCP

creating, 7-10 to 7-11New Reservation dialog box, 7-10 to 7-11options for, 7-12 to 7-13verifying, 8-33

resolver, DNS, 4-15Resource Kit, Microsoft Windows Server 2003, 17-3resource records

alias (CNAME), 4-15, 4-22, 4-35, 4-37 to 4-38CNAME (alias), 4-15, 4-22, 4-35, 4-37 to 4-38creating, 4-35 to 4-40defined, 4-15DNS console, 4-35 to 4-40formats, 4-36host (A), 4-37, 4-59, 5-30 to 5-31, 5-48, 5-59, 5-60mail exchanger (MX), 4-15, 4-35, 4-38name server (NS), 5-35 to 5-36, 5-38netmask ordering, enabling, 5-48 to 5-50Owner field, 4-36pointer (PTR), 4-30, 4-32, 4-52, 4-55 to 4-56root hints, 4-19scavenging stale, 5-32 to 5-33service location (SRV), 5-15 to 5-18

remote access, authentication


I-27

start-of-authority (SOA), 4-35, 5-33TTLs for, 5-34 to 5-35types, 4-36 to 4-40verification, 5-15 to 5-18

restricted groups, security templates, 11-9Resultant Set of Policy (RSoP), 11-4, 11-5, 11-44,

11-80retry intervals, SOA, 5-32reverse domains, 4-13reverse lookups, Nslookup, 6-4RFCs (Requests for Comments)

DNS names (RFC 1123), 4-49IPSec, 11-41Kerberos, 11-47Non RFC name-checking method, 5-52

router compliance (RFC 1542), 7-27, 9-65RIP (Routing Information Protocol), 9-58 to 9-71

advantages/disadvantages, 9-60authentication, 9-61configuring neighbors, 9-63configuring routing tables, 16-1deploying over VPNs, 10-51environment, 9-60lesson review, 9-68 to 9-69lesson summary, 9-69metric for, 9-19neighbors, 9-63OSPF vs., 9-64 to 9-65peer filtering, 9-61route filtering in, 9-62security and, 9-61static routing and, 9-27

RIPE NCC (Réseaux IP Européens), 2-12Riveset-Shadmir Adleman (RSA RC4), 10-30rogue servers

defined, 7-50detection, 3-15troubleshooting Internet connectivity, 12-27

root domains, 4-23, 4-70root hints

DNS server properties, 5-10overview of, 4-19

rootsec security template, 11-23round robin, DNS, 5-50Route command, 9-25

route filtering, RIP, 9-62router discovery, 9-37router-to-router VPNs

overview of, 10-49 to 10-51troubleshooting, 10-52 to 10-54

routerscalled, 9-38calling, 9-38 default gateways, 2-13overview of, 16-20peripheral, 9-26solicitations, 9-37

routingdemand-dial. See demand-dial routingLAN. See LAN routing loopsNAT. See NAT (Network Address Translation)network infrastructure and, 1-11overview of, 9-4packet filters. See packet filterspreferences, 16-29 to 16-35protocols. See protocols, routingremote access, 9-4 to 9-13remote DHCP servers and, 7-27TCP/IP, 16-29 to 16-35troubleshooting RRAS, 16-47 to 16-51

Routing and Remote Access. See RRAS (Routing and Remote Access)

Routing Information Protocol. See RIP (Routing Information Protocol)

routing, LAN, 9-3 to 9-29case scenario, 9-75 to 9-77lesson review, 9-28lesson summary, 9-29overview of, 9-3 to 9-4practice exercise, 9-27routing tables, 9-15 to 9-19

RRAS. See RRASscenarios, 9-19 to 9-20static routes, 9-20 to 9-26

routing protocols, 9-59 to 9-69adding and configuring, 9-59 to 9-60defined, 9-59deploying over VPNs, 10-51DHCP Relay Agent, 9-65 to 9-68exam highlights, 9-80 to 9-81

routing protocols


I-28

lesson review, 9-69multiple-routers and, 9-21New Routing Protocol command, 9-59New Routing Protocol dialog box, 9-67OSPF overview, 9-63 to 9-64RIP, 9-60 to 9-63

routing tablesdefault route, 9-16host route, 9-15network route, 9-15reading, 9-16 to 9-18static and dynamic routing, 9-18 to 9-19viewing, 9-16

routing tables, columnsgateway, 9-17 to 9-18interface, 9-18metric, 9-18netmask, 9-17network destination, 9-17

RRAS (Routing and Remote Access)authentication. See remote access, authenticationauthorization. See remote access, authorizationbroadcast name resolution, 9-9 to 9-10clients vs. routers, 9-37configuring. See remote access, configuringdefined, 9-3demand-dial interfaces, 9-30 to 9-37demand-dial routing and, 9-41 to 9-44enabling, 9-5further reading, 16-5 to 16-7IAS deployment. See IAS (Internet Authentication

Service)IP addresses, 9-9, 10-4 to 10-5IP (Internet Protocol) and, 9-9 to 9-10IP Routing, 9-13 to 9-14IP routing properties, 9-13 to 9-15lesson review, 16-1 to 16-2logging, 9-12managing, 16-20 to 16-28Microsoft Windows Server 2003, 16-8 to 16-9overview of, 9-4 to 9-5PPP and, 9-10 to 9-12practice exercise, 9-27 to 9-28private networks and, 16-36 to 16-40properties, 9-7 to 9-12routing tables, 9-16 to 9-20

Static Address Pool option, 9-9static routing, 9-24TCP/IP routing, 16-29 to 16-35tested skills/suggested practices, 16-2 to 16-4troubleshooting, 16-41 to 16-51VPNs. See VPNs (virtual private networks)

RRAS (Routing and Remote Access), consoleadding network interfaces, 9-6 to 9-7configuring access beyond remote access server,

10-38 to 10-40 demand-dial properties, 9-31DHCP Relay Agents, 9-67 to 9-68IP Routing interface properties, 9-37IP Routing node, 9-71 to 9-72Network Interfaces node, 9-32overview of, 9-7 to 9-10packet filters, 9-71 to 9-72RADIUS authentication, 10-8 to 10-10RADIUS clients, 10-75RADIUS servers, 10-76 to 10-77remote access clients, 10-40 to 10-41remote access policies, 10-26 to 10-32routing protocols, 9-59 to 9-60routing protocols over VPNs, 10-51 to 10-52server side authentication, 10-16 to 10-18

RSA RC4 (Riveset-Shadmir Adleman), 10-30RSoP (Resultant Set of Policy), 11-4, 11-5, 11-44,

11-80Run As shortcut menu, 1-4Runas command, 1-4

SSafe Mode With Command Prompt, 17-21,

17-23SAM (Security Accounts Manager), 10-8Save To File feature, Network Diagnostics, 3-25scavenging

overview of, 5-31 to 5-32performing, 5-33stale records, 5-32

Sc.exe (Service Controller utility), 17-22, 17-24schedules, Performance Logs and Alerts, 12-15schema, defined, 6-33scopes, 7-6 to 7-11

80/20 rule, 7-9 to 7-10Activate menu command, 7-14

routing protocols


I-29

activating, 7-13configuring, 7-6 to 7-11deactivating, 7-13DHCP options, 7-12exclusion ranges, 7-8 to 7-9IP address range, 7-7 to 7-8lesson review, 7-20 to 7-21New Scope Wizard, 7-6 to 7-7obtaining address from incorrect, 8-30overview of, 7-6 to 7-7reconciling, 8-35redeployment, 8-29reservations, 7-10 to 7-11Scope Options dialog box, 7-12subnet addresses and, 7-32troubleshooting DHCP client, 8-29 to 8-30verifying, 8-31 to 8-33

Secedit, 15-7secondary servers

notification/zone transfer initiation, 5-38 to 5-39secondary zones

defined, 5-23zone transfers and, 5-37

Secret field, RADIUS servers, 10-76Secure Cache Against Pollution, DNS server

properties, 5-51secure dynamic updates, overview of, 5-30 to 5-31Secure Sockets Layer. See SSL (Secure Sockets Layer)securedc, security templates, 11-23 security

advanced settings, 10-13 to 10-17DHCP servers, 7-4, 7-5dial-back security, 13-32, 13-35disabling NetBIOS and, 4-7 to 4-8further reading, 15-5Group Policy settings, 15-7group policy and, 11-3 to 11-12IKE algorithms, 11-67infrastructure, 1-11 to 1-13key exchange, 11-42, 11-65 to 11-66locked-down packet filtering, 9-73 to 9-74Microsoft Windows Server 2003, 15-5Microsoft Windows Server 2003 white paper,

11-23network interfaces, 9-33network protocol. See network protocols

overview of, 15-1 to 15-2RAS servers and, 16-1RIP properties, 9-60 to 9-62software updates, 15-18 to 15-21tested skills/suggested practices, 15-3 to 15-5

Security Accounts Manager (SAM), 10-8security administration

group policy and, 11-3 to 11-12lesson review, 11-37 to 11-38lesson summary, 11-38 to 11-39network security protocols, 11-3 to 11-4overview of, 15-7 to 15-8practice exercises, 11-29 to 11-37principle of least privilege, 11-12 to 11-14security templates, 11-21 to 11-29

Security Configuration and Analysis snap-inmonitoring compliance with, 11-24 to 11-25overview of, 11-3practice exercises, 11-29 to 11-37secure networks, 15-7

Security Configuration Wizard, 11-26 to 11-27security event logs

Kerberos at computer boot, 11-48 to 11-50Kerberos at user logon, 11-51 to 11-53Kerberos in use, 11-48troubleshooting IPSec policies, 11-43 to 11-44

security, networkgroup policy and, 11-3 to 11-12least privilege, 11-12 to 11-14lesson review, 11-37 to 11-38lesson summary, 11-38 to 11-39practice lessons, 11-29 to 11-37protocol, 11-40 to 11-76

PSSU, 11-28Security Configuration Wizard, 11-26 to

11-27templates and, 11-21 to 11-26Windows Firewall, 11-27

security, RRASclient side authentication protocols, 10-12 to

10-15DNS servers, 5-13overview of, 9-8 to 9-10RADIUS clients, 10-67 to 10-72server side authentication protocols, 10-16 to

10-18

security, RRAS


I-30

Security Settings nodeAccount Lockout Policy, 11-6Audit Policy, 11-6Kerberos Policy, 11-6Password Policy, 11-6

security templates, 11-21 to 11-29baselines, 11-22 to 11-23list of, 11-23 to 11-24monitoring compliance, 11-24 to 11-25network security and, 11-25 to 11-26snap-in and, 11-22

Select Network Component Type dialog box, 1-22 to 1-23

semicolon (;), 4-36Serial Line Internet Protocol (SLIP), 16-42, 16-45Serial Number text box, SOA tab, 5-33 to 5-35Server command, Nslookup, 6-8Server Message Block (SMB). See SMB (Server

Message Block) protocolserver services, 12-32 to 12-41

dependency options, 12-32 to 12-34further reading, 17-3lesson review, 12-40 to 12-41overview of, 17-20practice exercises, 12-39 to 12-40recovery options, 12-34 to 12-38tested skills/suggested practices, 17-2

serversDHCP. See DHCP serversDNS. See DNS serversprimary, 4-32, 5-34, 5-38, 5-86RADIUS, 10-73, 10-76, 10-77RAS, 10-38 to 10-40, 16-1rogue, 3-15, 7-50, 12-27secondary, 5-23, 5-33, 5-38 to 5-39slave, 5-9

Service Controller utility (Sc.exe), 17-22, 17-24service dependencies

configuring, 12-38 to 12-39overview of, 12-32 to 12-33

service location (SRV) resource recordsoverview of, 4-39 to 4-40verifying for Active Directory in DNS, 5-15 to 5-18

services. See network servicesServices console

DHCP server status, 7-24 to 7-25migrating DHCP server, 7-34

Services node, Computer Management console, 12-32 to 12-33

session ticket, 11-88Set All command, Nslookup, 6-5 to 6-6Set command, options available with, 6-6Set Credentials command, demand-dial interface,

9-32Set IP Demand-Dial Filters command, demand-dial

interface, 9-32Set Querytype (set q) command, Nslookup, 6-7Set Type command, Nslookup, 6-7Shared Secret authentication, 11-104Shiva Password Authentication Protocol (SPAP)

defined, 10-10operating system support, 10-12

shortcut menu commands, demand-dial interfaces, 9-31 to 9-32

Shortest Path First (SPF) algorithm, 9-63Show All command, Netsh utility, 11-81Show Gpoassignedpolicy command, Netsh utility,

11-80Show Mmsas All command, Netsh utility, 11-72Show Qmsas All command, Netsh utility, 11-72Shutdown /i command, DHCP leases, 8-29, 8-37slave servers, 5-9slave zones, 5-9SLIP (Serial Line Internet Protocol), 16-42, 16-45smart cards

EAP-TLS authentication protocol and, 10-15 to 10-16

Use Smart Card setting, 10-15 to 10-16SMB (Server Message Block) protocol

CIFS as extension of, 1-9, 1-37Network Monitor and, 3-12

SMS (Systems Management Server), 12-17snap-ins

Add/Remove Snap-In dialog box, 11-30Add Standalone Snap-Ins dialog box, 11-30, 11-60IP security, 11-43 to 11-44, 11-60 to 11-64RSoP, 11-4Security Configuration And Analysis, 11-25Security Templates, 11-22, 11-24, 11-29

SOA (start-of-authority) record

Security Settings node


I-31

configuring, 5-33 to 5-35new zones and, 4-35

Software Update Services (SUS), 15-18 to 15-19software updates, 15-18 to 15-21solicitations, router, 9-37SPAP (Shiva Password Authentication Protocol)

defined, 10-10operating system support, 10-12

SPF (Shortest Path First) algorithm, 9-63split horizon, 16-30, 16-33SRV (service location) resource records

overview of, 4-39 to 4-40verifying for Active Directory in DNS, 5-15 to 5-18

SSL (Secure Sockets Layer), 1-12stack, TCP/IP, 1-17standard primary zones, 4-32 to 4-33start-of-authority (SOA) record

configuring, 5-33 to 5-35new zones and, 4-35

static IP addressesapplyng, 10-25creating reservations, 7-11dial-up remote access connections, 10-37 to 10-38pools, 9-7, 10-6 to 10-7RRAS, 9-7

Static mode, Netsh utility, 11-70, 11-72static routes

adding, 9-23 to 9-25advantages, 9-25designing, 9-26disadvantages, 9-25 to 9-26dynamic routes compared with, 9-18guidelines, 9-20 to 9-22linking to dial-on-demand connections, 9-39multiple-routers using, 9-20overview, 9-20 to 9-22RIP vs., 9-26Update Routes command, 9-36

statisticsIKE, 11-72IP Security Monitor, 11-88 to 11-89Quick Mode, 11-44, 11-73

Strict RFC name-checking method, 5-52Strongest Encryption (MPPE 128-Bit), 10-31stub areas, 9-64

stub zones, 5-67 to 5-75benefits of, 5-68case scenario, 5-75 to 5-77defined, 4-68DNS servers hosting, 4-32lesson review, 5-74 to 5-75lesson summary, 5-75overview of, 5-67 to 5-68practice exercise, 5-73 to 5-74reconfiguring zone as, 5-22updating, 5-72when to use, 5-68 to 5-72

subnet ID, 2-36variable length, 2-47

subnet masksaddress location, 2-45address ranges, 2-40 to 2-45address space, 2-48advantages of, 2-34 to 2-35case scenario, 2-53 to 2-55CIDR, 2-9converting, 2-17 to 2-19defining, 2-23determining number, 2-37, 2-38 to 2-40host capacity, 2-38host IDs, 2-8ID, 2-36lesson review, 2-51 to 2-52lesson summary, 2-52 to 2-53list of common, 2-17network prefixes and, 2-9notations, 2-9 to 2-10octet values, 2-15 to 2-16overview of, 2-9 to 2-11powers of 2, 2-14 to 2-15practice exercises, 2-49 to 2-51remote access authorization and, 10-7, 10-39TCP/IP addressing, 13-3 to 13-7variable-length, 2-46 to 2-48

suite, TCP/IP, 1-8summary pane, Frame Viewer window, 3-9supernetting

advantages, 2-34 to 2-35overview of, 2-32 to 2-34TCP/IP addressing, 13-9 to 13-10

supernetting


I-32

superscopes, 7-28 to 7-32creating, 7-28 to 7-29for two local DHCP servers, 7-30 to 7-32local multinets and, 7-29 to 7-30New Superscope menu command, 7-29overview of, 7-28practice exercise, 7-39 to 7-41remote multinets, 7-30

SUS (Software Update Services), 15-18 to 15-19System Configuration utility (Msconfig.exe), 17-24system error log, DHCP, 8-35 to 8-37System log, Event Viewer

Network Monitor and, 15-31troubleshooting server services, 12-35 to 12-36

System Monitor, DNS performance monitoring, 6-24 to 6-27

System Properties dialog box, 4-49system services, security templates, 11-6System Shutdown event, 11-6Systems Management Server (SMS), 12-17

TTask Manager

networking options, 12-3 to 12-6overview of, 12-3 to 12-6Performance console and, 12-9PIDs and, 12-15 to 12-16practice exercise, 12-18 to 12-19

TCP/IP (Transmission Control Protocol/Internet Protocol)

case scenario, 2-53 to 2-55configuring, 2-46, 2-50configuring for DNS clients, 4-48 to 4-55exam highlights, 2-56layers, 2-2 to 2-5monitoring network traffic. See Network Monitoroverview of, 1-8, 1-18, 2-2 to 2-5routing, 16-29 to 16-35subnetting. See subnet maskssupernetting, 2-32 to 2-35variable-length subnet masks, 2-46 to 2-48viewing advanced connection settings, 1-19 to

1-21viewing default settings, 1-17 to 1-19

viewing network connection components, 1-16 to 1-32

TCP/IP, addressingAPIPA and, 1-25 to 1-27

blocks, 2-7 to 2-31decimal/binary notation, 2-7, 2-9 to 2-10, 2-16,

2-18DHCP advantages, 7-3further reading, 13-8gateways, 2-13lesson review, 2-5, 2-30overview of, 13-1private, 2-12public, 2-12remote access, 9-10, 10-4, 10-6 to 10-7resolving to host names, 6-3 to 6-4scope configuration for, 7-7 to 7-8structure, 2-7 to 2-11subnets, 2-15 to 2-16

tested skills/suggested practices, 13-4 to 13-5TCP/IP connections, 3-22 to 3-34

ARP tool, 3-28 to 3-29case scenario, 3-34 to 3-36faulty configuration, 3-22further reading, 13-8lesson review, 3-32 to 3-33lesson summary, 3-33 to 3-34monitoring. See Network MonitorNetwork Diagnostics, 3-23 to 3-26overview of, 13-31PathPing, 3-26 to 3-27Ping, 3-26 to 3-27practice exercises, 3-29 to 3-34Tracert, 3-27, 3-28

TCP/IP propertiesalternate configuration options, 2-46connection-specific DNS suffixes, 4-50 to 4-51custom DNS suffix search lists, 4-54 to 4-55default client update behavior, 4-54DHCP clients, 7-12 to 7-13DNS servers, 4-48 to 4-49IP addressing, 2-7 to 2-12

TCP/IP Statistics command, 9-36

superscopes


I-33

TCP (Transmission Control Protocol), fast zone transfer and, 4-34

TCPv4 performance object, 12-8TCPv6 performance object, 12-8telephone lines, PSTN, 10-4templates, 11-5 to 11-6, 11-21 to 11-26. See also

security templatesTerminal Services, 1-13, 1-20test skills and suggested practices

DHCP management, 13-5DHCP troubleshooting, 13-6 to 13-7DNS management, 14-2 to 14-3DNS monitoring, 14-3

DNS server installation, 14-2Internet connectivity, 17-3network protocol security, 15-4 to 15-5network security, 15-3network traffic, 17-2Remote Access management, 16-3 to 16-4Remote Access routing, 16-5Remote Access user authentication, 16-2 to 16-3secure access, 16-4server services, 17-3 to 17-4software update installation, 15-3 to 15-4TCP/IP configuration, 13-4 to 13-5TCP/IP routing, 16-4

TCP/IP troubleshooting, 13-5 to 13-6user access to remote access services, 16-5

TGT (Ticket Granting Ticket)defined, 11-95Kerberos at computer boot, 11-50 to 11-51Kerberos at user logon, 11-51 to 11-53Kerberos authentication, 11-53 to 11-54

Time-Out (Second) field, RADIUS servers, 10-76time skew, 11-53Time to Live (TTL) values

Minimum (Default) TTL box, 5-34overview of, 4-23resource record formats, 4-36resource records and, 5-34SOA resource record and, 5-34stub zones and, 5-72

troubleshooting with Tracert, 3-28Times options, Kerbtray, 11-53

topologydefined, 1-5physical, 2-34 to 2-35

Total Query Received, DNS performance counter, 6-27

Total Query Received/Sec, DNS performance counter, 6-27

Total Response Sent, DNS performance counter, 6-27

Total Response Sent/Sec, DNS performance counter, 6-27

Tracert utilityoverview of, 3-27, 3-28troubleshooting TCP/IP addressing, 13-31

traffic, broadcast, 2-35traffic, DHCP, 8-3 to 8-19case scenario, 8-38 to 8-39, 8-46 to 8-47

DHCP ACK, 8-11 to 8-12DHCP Discover, 8-7 to 8-8DHCP header fields, 8-6 to 8-7DHCP messages, 8-5 to 8-7DHCP NACK, 8-12 to 8-14 DHCP Offer, 8-8 to 8-9DHCP Request, 8-9 to 8-11exam highlights, 8-41 to 8-42initial lease process, 8-3 to 8-4lease renewal process, 8-4 to 8-5lesson review, 8-18

trailing dot (.), 4-13transfer format, fast, 5-47transient problems, 12-3Transmission Control Protocol/Internet Protocol

(TCP/IP). See TCP/IP (Transmission Control Protocol/Internet Protocol)

transport layer, TCP/IPNetwork Monitor and, 3-11 to 3-12overview of, 2-4

triggersdynamic update, 5-30Network Monitor, 12-17 to 12-18Performance console alerts, 12-9 to 12-13

Triple Data Encryption Standard (3DES), 10-85troubleshooting

APIPA, 1-27ARP, 3-28 to 3-29

troubleshooting


I-34

Basic Firewall/NAT, 9-50blocking policies, 11-81, 11-103client configuration, 8-27 to 8-36, 13-31DHCP. See DHCP, troubleshooting DHCP authorization, 13-31DCHP databases, 13-39DHCP leases, 8-29DHCP options, 13-35demand-dial routing, 9-39 to 9-40dial-up connections, 10-37 to 10-38dial-up networking, 10-39 to 10-40DNS. See DNS troubleshootingevent logs and, 11-86 to 11-87intermittent problems, 12-3Internet connectivity. See Internet connectivityIP addresses, IP addressing, troubleshootingIPSec, 11-44, 11-82 to 11-83Kerberos, 11-75logon issues, 11-85 to 11-86NAT, 9-50 to 9-51network protocols. See network protocols,

troubleshootingnetwork traffic. See Network MonitorRAS clients, 16-41server services. See server servicesTCP/IP connections. See TCP/IP connectionsVPNs, 10-52 to 10- 10-54

troubleshooting labsdemand-dial routing, 9-39 to 9-40DHCP, 7-49, 8-38 to 8-39DNS, 6-31 to 6-32IAS, 10-83IPSec, 11-90 to 11-93name resolution, 4-65 to 4-66NAT configuration, 9-77 to 9-78

TTL (Time to Live) valuesMinimum (Default) TTL box, 5-34overview of, 4-23resource record formats, 4-36resource records and, 5-34SOA resource record and, 5-34stub zones and, 5-72troubleshooting with Tracert, 3-28

tunneling, VPN, 16-36Type field, resource records, 4-36

UUDP (User Datagram Protocol) ports, 2-5Unauthenticated Access option, PAP, 10-10, 10-11unicast messages, RIP, 9-63Unicode, 5-51unnumbered connections, 9-25Unreachability Reason command, demand-dial

interface, 9-32update infrastructure, 1-13 to 1-14Update Routes command, IP routing, 9-36updates

default client, 4-56DNS. See DNS updates Dynamic DNS, 4-55 to 4-56software, 15-18 to 15-19

updates, dynamicDNS clients, 4-55 to 4-56Kerberos and, 5-30nonsecure dynamic updates, 5-79performance counters and, 6-26secure, 5-30 to 5-31triggers, 5-30zone configuration, 5-27 to 5-28

upgrades, predefined security templates, 15-7user accounts, dial-in properties

authorization, 10-32 to 10-37practice exercises, 10-41 to 10-45remote access permissions, 10-24 to 10-25

user classes, 7-35 to 7-37User Datagram Protocol (UDP) ports, 2-5UTF-8 (Multibyte), 5-52

Vvariable-length subnet masks (VLSMs)

lesson review, 2-51 to 2-52lesson summary, 2-52 to 2-53overview of, 2-46 to 2-48practice exercises, 2-49 to 2-51

vendor classes, 7-35virtual private networks (VPNs), 10-47 to 10-66

case scenario, 10-82 to 10-83configuring, 10-54 to 10-59deploying routing protocols over, 10-51deployment scenarios, 10-48extranet/router-to-router, 10-49 to 10-51

troubleshooting


I-35

lesson review, 10-66lesson summary, 10-66mixed, 10-52overview of, 10-47 to 10-50remote access, 10-49troubleshooting, 10-52 to 10-54

VLSMs (variable-length subnet masks)lesson review, 2-51 to 2-52lesson summary, 2-52 to 2-53overview of, 2-46 to 2-48practice exercises, 2-49 to 2-51

VPNs, 10-47 to 10-66case scenario, 10-82 to 10-83configuring, 10-54 to 10-59deploying routing protocols over, 10-51deployment scenarios, 10-48extranet/router-to-router, 10-49 to 10-51lesson review, 10-66lesson summary, 10-66mixed, 10-52overview of, 10-47 to 10-50remote access, 10-49troubleshooting, 10-52 to 10-54

VPNs (virtual private networks), practice exercisesadding VPN access as remote policy condition,

10-59 to 10-60creating connection through L2TP/IPSec, 10-63 to

10-64creating PPTP-type VPN connection, 10-60 to

10-62logging onto domain through, 10-62 to 10-63 testing L2TP/IPSec configuration, 10-65

WWANs (wide area networks)

managing DHCP with Netsh, 7-25security, 16-2static routing and, 9-19

WAP (Wireless Access Point), 10-69 to 10-70Web Edition, Microsoft Windows Server 2003, 1-5Web site information, Microsoft

IP addressing, 13-7IPSec features for 2003, 11-41Kerberos, 11-48network infrastructure, 17-4

Registry settings, adding to security templates, 11-9

RRAS, 16-5 to 16-6security templates, 11-5 to 11-6

wide area networks (WANs)managing DHCP with Netsh, 7-25security, 16-2static routing and, 9-19

wildcard (*), 15-7Windows Explorer, 4-7 to 4-8Windows Update

catalog, 15-18overview of, 15-18

WINS tab, zone properties, 5-36WINS (Windows Internet Name Service)

configuring with WINS tab, 5-36lookup counters, 6-26

Wireless Access Point (WAP), 1-69 to 10-70Windows Firewall, 11-27wireless networks

authentication, 10-70 to 10-72ISP, 10-72 to 10-73

policies, 11-9workgroups, 4-7

YYiaddr (Your IP Address) field, 8-7, 8-8 to 8-9

ZZone Aging/Scavenging Properties dialog box, 5-31

to 5-32zone delegation, 5-57 to 5-66

case scenario, 5-75 to 5-77creating, 5-61 to 5-64example of, 5-59 to 5-60lesson review, 5-64 to 5-66lesson summary, 5-66New Delegation Wizard, 5-58, 5-61overview of, 5-58 to 5-60records, 5-59when to use, 5-58

zone properties, 5-21 to 5-44aging, 5-31 to 5-32case scenario, 5-75 to 5-77dynamic updates, 5-27 to 5-31

zone properties


I-36

exam highlights, 5-80file names, 5-27lesson review, 5-43 to 5-44lesson summary, 5-44name server (NS) options, 5-35 to 5-36no-refresh intervals, 5-32opening dialog box, 5-22 to 5-23practice exercises, 5-39 to 5-42refresh intervals, 5-32replication, 5-25 to 5-27scavenging, 5-33start-of-authority (SOA) tab, 5-33 to 5-35transfer options, 5-36 to 5-39WINS options, 5-36zone status, 5-22zone type, 5-22 to 5-23

zone transfersBIND compatibility and, 5-47 to 5-48configuring, 5-39 to 5-41DNS performance counters for, 6-25 to 6-27Fail On Load If Bad Zone data, 5-46Microsoft Windows 2000, 5-37notification settings, 5-36 to 5-39, 6-29 to 6-30Nslookup and, 6-8

zonesActive Directory–integrated, 4-33, 5-23 to 5-25,

5-27, 5-38, 5-39creating, 4-30 to 4-31 DomainDnsZones, 5-25 to 5-26, 6-22, 6-30file names, 5-27ForestDnsZones, 5-25 to 5-26forward lookup, 4-29 to 4-30loading on startup, 5-46New Zone Wizard, 4-31primary, 4-31, 5-22 to 5-23, 5-36 to 5-37reverse lookup, 4-29 to 4-30secondary, 4-32, 5-7, 5-9, 5-22 to 5-23, 5-33 to

5-34slave, 5-9standard, 4-32 to 4-33status of, 5-22stub, 4-32, 5-67 to 5-75

zone properties


all zone transfer queries (AXFR) queries I Index - Polyteknisk · authoritative answer, 4-21...

Documents

Transcript of all zone transfer queries (AXFR) queries I Index - Polyteknisk · authoritative answer, 4-21...