WEBVTT

00:00.350 --> 00:09.700
Manage in the stop zones stop DNS zones contain the necessary records to locate zones name search song.

00:09.810 --> 00:15.610
They do it maintains the records of other devices or computers in their home.

00:15.660 --> 00:23.850
They are a useful way to keep track of which servers are currently authoritative for a child zone without

00:23.850 --> 00:32.130
maintain full records for the child long stop zone can be file based or Active Directory integrated

00:32.310 --> 00:41.970
and can be used to for both forward lookup zones and reverse lookup zones seconder loans are a significant

00:41.970 --> 00:50.340
security concern because they expose all of their records so they don't potentially provide an attacker

00:50.340 --> 00:56.920
with important information that would facilitate further attack with Stobbs zones.

00:56.940 --> 01:04.600
The only exposure is the names and IP addresses or the designed to name servers.

01:04.620 --> 01:14.900
Further stop DNS loans don't require that the primary zone allow zone transfers the DNS servers Oblon

01:15.080 --> 01:24.790
pair of common Plath's is used to display and manage stub zones and use tab zone for lab dot com whose

01:24.810 --> 01:31.690
master server is one and two to one sixty eight Sutin three.

01:31.800 --> 01:35.550
And to replicate the Stobbs zone across the domain.

01:35.550 --> 01:37.740
Use the following command.

01:37.770 --> 01:42.710
Does DNS server stop zone Desch name lab dot com.

01:42.780 --> 01:51.930
And also these three options master server or application scope and pass through parameter to change

01:51.930 --> 02:02.220
the properties of the DNS tab zone for lap dot com to use local array of monster servers stored in the

02:02.220 --> 02:03.750
Windows registry.

02:03.750 --> 02:05.960
Use the following command set.

02:06.060 --> 02:14.850
Does DNS servers stop zone name Lepp dot com and the foreign parameter local mobster's.

02:14.940 --> 02:21.680
And in my case it's 1 9 2 2 1 6 8 13 3 and 6.

02:21.810 --> 02:24.280
And as Omers pass through perimeter.

02:24.330 --> 02:30.960
Well let's move on and talk about configure and conditional forwarders use conditional forwarders to

02:30.960 --> 02:36.550
specify where to forward DNS request for a specific DNS domain.

02:36.630 --> 02:44.820
When you have multiple internal DNS domain side chairs after a merger or acquisition for example you

02:44.820 --> 02:49.770
might need to resolve DNS names from another internal domain.

02:49.770 --> 02:57.370
You could maintain a stop long for that DNS but you also use conditional forwarders.

02:57.390 --> 03:07.920
For example if your DNS domain is web dot com and your DNS server is one 192 168 so t and 3 receives

03:07.920 --> 03:12.420
a request for a connection to all Gleb dot com.

03:12.420 --> 03:21.270
The DNS server would first look to find out whether it hosted the domain either as a primary or secondary

03:21.270 --> 03:30.510
alone or as a stub though after failing that it would check the DNS cache to find out whether it had

03:30.600 --> 03:33.600
recently Low-Carb the address for it.

03:33.600 --> 03:41.750
If it still didn't have an address for all Gleb dot com it would forward the address to another server.

03:41.790 --> 03:49.510
The first server that would forward the request to is and any can get conditional forwarders for lap

03:49.530 --> 03:50.500
dot com.

03:50.580 --> 03:52.580
If it didn't have any.

03:52.650 --> 04:01.240
However the address would be forwarded to the Internet either to configure it for Virgen address or

04:01.240 --> 04:06.520
the root servers E-flat dot com is on your internal network.

04:06.570 --> 04:13.110
You don't want to be resolving addresses on the Internet by set certain a conditional forward.

04:13.110 --> 04:21.330
You ensure that your internal traffic stays internal to a conditional format for lap dot com we can

04:21.330 --> 04:28.560
use the following command at the DNS server or conditional forwarders zone and the form and parameters

04:28.680 --> 04:37.730
name Mostert servers forwarder Time-Out replication scope recursion and pass through parameter to see

04:37.750 --> 04:38.760
the results.

04:38.760 --> 04:43.060
This command creates a conditional forwarded for Lebda to.

04:43.170 --> 04:48.230
Each server in the monster servers is well-written tone.

04:48.240 --> 04:57.600
If a server hasn't onset in 5 seconds that is lvalue or forward a timeout the next server is it because

04:57.870 --> 05:06.770
recursion parameter is have filed as false if non of the master's servers specified answers the request

05:07.010 --> 05:16.090
the DNS Low-Carb fails to change the setting of an existing DNS conditional forward use that set does

05:16.100 --> 05:20.120
DNS server conditional forwarders zone command left.

05:20.240 --> 05:28.010
For example to change the conditional forward for Labbe dot com to specify a new Mostert servers we

05:28.010 --> 05:36.320
can use the following syntax at the DNS server conditional for a design with the following parameters

05:36.470 --> 05:39.140
name and master source.

05:39.140 --> 05:43.400
In my case it's 192 168 dirt.

05:43.440 --> 05:51.250
So 10 dot 6 just for example and pass through parameter conditional forwarders.

05:51.290 --> 05:59.990
I'll start with zones and can be stored either in the Windows registry or as active directory integrated

05:59.990 --> 06:05.710
zones user application scope or directory partition are specified.

06:05.810 --> 06:14.720
The zone is torturing the registry to remove a conditional forward use the remove DNS server with zone

06:14.890 --> 06:15.830
command let.