1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ipsec

Discussion in 'Network Infrastructure' started by ravnil, May 21, 2010.

  1. ravnil

    ravnil Bit Poster

    30
    0
    28
    I am preparing to attempt 70-291 for the 3rd time. My weakness are in "Implement,Manager, and Manage Network Security". Also weak in Name Resolution" . Any suggestions, tips, study source is highly appreciated. Right now I am studying through Self-pace Training Kit by J.C.Mackin and Ian Mclean(Microsoft Press). subnetting tips on this forum was very helpful. thanks in advance. :rolleyes:
     
    Certifications: MCP, A+, Net+
    WIP: SQL Server 2008
  2. delorean

    delorean Megabyte Poster

    959
    15
    64
    I'm using CBT Nuggets 70-291 (which I find more helpful than) reading the MS Press 70-291 and the O'Reilly DNS & Bind (3rd edition) books.
     
    Certifications: A+, MCP 70-270, 70-290, 70-291
    WIP: 70-680, S+, MCSA, MCSE, CCNA
  3. AllanWallace

    AllanWallace Bit Poster

    22
    2
    20
    I can't help, but i am also after some advice similarly, although i passed 70-291 this week, my week areas were:

    DNS
    Subnetting

    One thing i can tell you, is about CNAME, eg.

    you have a vpn server, on a dynamic ip address.
    you set up dynamic dns for it (eg myvpnserver.dynamicdns.org)
    but you want a client to access it via say vpn.company.com

    so you use a CNAME to point vpn.mycompany.com to myvpnserver.dynamicdns.org

    that's probably a bit towards the basic end, BUT one thing I would suggest to watch out for is read the questions very carefully - in the practice tests i did, there were questions that had one word added, changing the context of the question and indeed the answer.

    If anyone has any hints and tips on conditional vs stub zone vs primary vs secondary, can someone post it and make it a sticky please!
     
    Certifications: MCSA, MCTS 70-680, MCP 70-291, 70-290, 70-270, NVQ3, NVQ2
    WIP: MCITP, ITIL
  4. ravnil

    ravnil Bit Poster

    30
    0
    28
    awallace,
    I believe that VPN server should have a static IP instead of dynamic as per your reply. Clients will not be able to connect if the IP changes (dynamic). your quote about CNAME seems to be correct.
     
    Certifications: MCP, A+, Net+
    WIP: SQL Server 2008
  5. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Um.. that is what dyndns.org does.. it enables you to use a web facing server that has a dynamic IP address to be reliably accessed even though the IP address changes. The mapping is done by dyndns.orgs software.. it keeps track of the changes in IP and maps the FQDN to it.

    More info here..

    http://en.wikipedia.org/wiki/DynDNS
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  6. AndreK

    AndreK Bit Poster

    49
    7
    8
    From what I understand its as follows;

    Standard zone: All zones start out as standard zones, standard zones store their data in a text file on the server where are active directory integrated zones store their data in active directory.

    Primary zone: The main read and write zone. Contains several records(A,CNAME, PTR e.t.c) . Primary zones can only be AD integrated on dns servers which are also domain controllers. There is more to this zone.

    Secondary zone: A read only copy of a primary zone, contains the same info that is in the primary zone but you can't update a single entry here, you have to transfer the whole zone data in the primary zone, so depending on your network size this could be alot of traffic. One advantage of secondary zones is they provide redundancy in the event that the dns server with the primary zone goes down.

    Stub zone: This zone provides some of the functionality of secondary zones, it overcomes the problem of increased zone transfer traffic when a change happens in the primary zone, this zone contains just the necessary files to identify a primary zone and its name servers, one of these files you should be aware of is the start of authority(SOA) which contains a serial number, when its time to refresh the records a comparison is made with the SOA in the primary zone, if the serial no. in the primary zone is greater than the one in the stub zone an update happens in the stub zone. What you need to remember here is that stub zones don't provide the redundancy of secondary zones.

    Conditional forwarding: This is for making sure that when your dns server get a request to resolve a pre-defined domain name they will just forward that request on to another dns server instead of trying to resolve it themselves.

    Good luck on your exam
     
  7. AllanWallace

    AllanWallace Bit Poster

    22
    2
    20
    Thanks AndreK, it is starting to seem a bit clearer to me now! :)
     
    Certifications: MCSA, MCTS 70-680, MCP 70-291, 70-290, 70-270, NVQ3, NVQ2
    WIP: MCITP, ITIL

Share This Page

Loading...