Networking

🌐 DNS Interview Questions & Answers 🌐 If you’re preparing for a DNS-related interview, here are some key questions to master! 🔹 DNS Basics 1️⃣ What is DNS and why is it important? ✅ DNS (Domain Name System) resolves domain names (e.g., google.com) to IP addresses, enabling seamless internet communication. 2️⃣ Types of DNS Records? ✅ Common DNS records: • A Record → Maps domain to IPv4. • AAAA Record → Maps domain to IPv6. • CNAME → Alias for another domain. • MX → Mail server record. • TXT → Stores arbitrary text data (SPF, DKIM). 3️⃣ What is the difference between Recursive & Iterative DNS Queries? ✅ Recursive Query: DNS server fully resolves the query by contacting other servers. ✅ Iterative Query: DNS server responds with a referral instead of resolving the query itself. 4️⃣ What are Primary, Secondary & Stub Zones? ✅ Primary Zone → Stores original writable DNS records. ✅ Secondary Zone → Read-only copy of Primary DNS zone. ✅ Stub Zone → Contains only Name Server (NS) records. 5️⃣ What is Forward & Reverse DNS Lookup? ✅ Forward Lookup → Resolves domain name to IP. ✅ Reverse Lookup → Resolves IP to domain name (PTR record). 🔹 DNS Server & Configuration 6️⃣ What is a DNS Resolver? ✅ A DNS Resolver is the first point of contact for a client making a DNS request. It caches results to improve resolution speed. 7️⃣ What is TTL (Time to Live) in DNS? ✅ TTL defines how long a DNS record is cached before it expires. Lower TTL means faster updates, but higher TTL reduces queries. 8️⃣ What is Split-Horizon DNS? ✅ Split-Horizon DNS serves different DNS responses based on internal vs. external network location, enhancing security & customization. 9️⃣ How do you flush the DNS cache on a Windows system? ✅ Run the following command: ipconfig /flushdns 🔟 How do you test DNS resolution? ✅ Use: nslookup example.com Resolve-DnsName example.com 🔹 DNS Troubleshooting & Security 1️⃣1️⃣ How to troubleshoot DNS issues? ✅ Step-by-step approach: • Check network connectivity (ping & tracert). • Test name resolution (nslookup, Resolve-DnsName). • Verify DNS server settings (ipconfig /all). • Inspect DNS service status (Get-Service DNS). • Flush DNS cache (ipconfig /flushdns). 1️⃣2️⃣ What is DNS Poisoning & How to Prevent It? ✅ DNS Poisoning (Cache Poisoning) injects false DNS data into a resolver’s cache, redirecting traffic. ✅ Prevention: • Enable DNSSEC (Domain Name System Security Extensions). • Use encrypted DNS (DoH, DoT). • Restrict DNS cache TTL. 1️⃣3️⃣ What is DNSSEC? ✅ DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records to prevent spoofing & tampering. 1️⃣4️⃣ How to change the DNS server on a Windows machine? ✅ Run: Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses ("8.8.8.8","8.8.4.4")