Interview Questions on Bind-DNS
1.Why Free DNS servers are free ?
2.Who Defines TTL Value ?
Ans :- DNS Server
3.What is a Non-Autorative Server ?
Ans : If we get DNS resolution from cache tehn we call it as resolution
Non authoritative servers do not contain copies of any domains. Instead they have a cache file that is constructed from all the DNS lookups it has performed in the past for which it has gotten an authoritative response. When a non-authoritative server queries an authoritative server and receives an authoritative answer, it passes that answer along to the querier as an authoritative answer. Thus, non-authoritative servers can answer authoritatively for a given resolution request. However, non-authoritative servers are not authoritative for any domain they do not contain specific zone files for. Most often, a non-authoritative server answers with a previous lookup from its lookup cache. Any answer retrieved from the cache of any server is deemed non-authoritative because it did not come from an authoritative server.
NON-AUTHORITATIVE DNS RESPONSES
DNS servers cache responses so that if another local user requests the same host or IP address from the local nameserver, the answer will already be in the local nameserver’s DNS database. The server will not have to go outside the network to resolve that same host again.
4.What are the below options used in resolv.conf ? And why ?
search local domain
5.What is differnce betweeb bind8 v/s Bind 9
6. Why DNS Server’s Should be Secure
7.How to find if application is chrooted ?
Ans :- For example here we ar checking if bind is chrooted.
# ps -ef | grep -i bind
sample output :
root@rx2122 [/home/hotelroy/www]# ps -ef | grep -i bind
root 13557 24142 0 20:39 pts/1 00:00:00 grep -i bind
Now take the process ID from the above output go to the proc folder in /
# cd /proc/24142
after giving the above ls command all list of files which will appear should be only of the bind
application. No system files or folder such as dev etc proc var should appear.This confirms that the applicaiton
If The PID is pointing out to / (root) i.e. the root directory for application is not changed or chrooted.
This is a quick and dirty way to find out if application is chrooted or not w/o
The biggest benefit is a service that is re-rooted to another directory cannot access
files outside that directory. Basically you are going to set service in sandbox. Chrooting offers the following 2 benefits:
[a] Service Isolation
[b] Privilege Separation
8.What is SOA ?
A start of authority (SOA) record is information stored in a domain name system (DNS) zone about that zone and about other DNS records. A DNS zone is the part of a domain for which an individual DNS server is responsible. Each zone contains a single SOA record. SOA records are defined in IETF RFC 1035, Domain Names – Implementation and Specification.
Ans :- The SOA record stores information about the name of the server that supplied the data for the zone;
the administrator of the zone; the current version of the data file; the number of seconds a secondary
name server should wait before checking for updates; the number of seconds a secondary name server should
wait before retrying a failed zone transfer; the maximum number of seconds that a secondary name server can
use data before it must either be refreshed or expire; and a default number of seconds for the time-to-live file
on resource records.
9. What are the types of RR (Resource Records) ?
Ans :- NS, A,Cname,SOA,DNAME,MX,SRV,TXT
10. Will named start if we do not give priority for MX for a certain domain in zone file ?
Ans :- NO
11. How does the number in MX priority serves request ? Lower the Number higher the priority or Higher the number lower the priority
Ans : Lower the Number higher the priority
12. Why we use the standard Priority Numbers Like 5,10,15,20 for priority in MX records ?
Ans :- Cause it allows us to save the earlier numbers which can be used as priority if more MX server’s are added
to the domain in future. Basically we reserve those numbers for priority.
13. Is ARPA a TLD ?
14. What is abosulte DNS/FQDN ?
ANS : any domain
15.Does Dig command refers to /etc/hosts or /etc/nsswitch file ?
Ans : No it directly goes to /etc/resolv.conf file
16.Where does BIND DNS saves all Cache ?
Ans :- BIND DNS server saves all cache in memory hence DNS server’s Memory should be good ?
17. What can we do if we expect too much large caching ?
Ans :- We can integrate Bind to use Mysql or postgress like database to save caching results.
18 :- How to check the content of Cache in Caching server ?
Ans :- rndc dumpdb -all
The above command will save all the cached data in a file named_dump.db in the var folder in Bind’s Home directory
19 : How to Flus (Clearing) a Name Server’s Cache in Bind 9.2.0 or newer name server ?
Ans :- rndc flush
With older name servers(Bind 8), you need to kill the name server and restart it to flush the cache.
You can do that in one fell swoop with rndc restart or rndc exec.
20. What is the entire content of the zone file Called ?
Ans :- AXFR Record
21. What is the diffrence in zone transfers in Bind8 and Bind 9 ?
Ans :- Zone transfers from Bind9 Onwards are incremental
22. What is Negative Caching ?
A DNS resolver with negative caching will remember when it is told that a domain does not exist.
When iteratively querying a server in the ancestral line of the record that:
1. Doesn’t have the record.
2. Has no relevant delegations.
The server will respond with an authoritative negative response. A resolver with negative caching will cache the
negative response for a set time period, usually ten minutes. The resolver will reply with a non-authoritative negatives
response to the query for that set period.
Consider a web browser which attempts to load a page while the network is unavailable. The browser will receive an error
code indicating the problem, and may display this error message to the user in place of the requested page. However, it
is incorrect for the browser to place the error message in the page cache, as this would lead it to display the error
again when the user tries to load the same page – even after the network is back up. The error message must not be cached
under the page’s URL; until the browser is able to successfully load the page, whenever the user tries to load the page,
the browser must make a new attempt.
A frustrating aspect of negative caches is that the user may put a great effort into troubleshooting the problem, and then
after determining and removing the root cause, the error still does not vanish.
There are cases where failure-like states must be cached. For instance, DNS requires that caching nameservers remember
negative responses as well as positive ones. If an authoritative nameserver returns a negative response, indicating that
a name does not exist, this is cached. The negative response may be perceived as a failure at the application level;
however, to the nameserver caching it, it is not a failure. The cache times for negative and positive caching may be
23.What is Non-Authoritative DNS Servers ?
Ans :- Non authoritative servers do not contain copies of any domains. Instead they have a cache file that is constructed
from all the DNS lookups it has performed in the past for which it has gotten an authoritative response.
When a non-authoritative server queries an authoritative server and receives an authoritative answer, it passes that
answer along to the querier as an authoritative answer. Thus, non-authoritative servers can answer authoritatively for a
given resolution request. However, non-authoritative servers are not authoritative for any domain they do not contain
specific zone files for. Most often, a non-authoritative server answers with a previous lookup from its lookup cache.
Any answer retrieved from the cache of any server is deemed non-authoritative because it did not come from an authoritative
NON-AUTHORITATIVE DNS RESPONSES
DNS servers cache responses so that if another local user requests the same host or IP address from the local nameserver,
the answer will already be in the local nameserver’s DNS database. The server will not have to go outside the network to
resolve that same host again.
24.How to Modify Zone Data Without Restarting the Name Server ?
Ans :- # rndc reload domain-name-of-zone
For BIND 8, run:
# ndc reload domain-name-of-zone
If you’ve modified multiple zones, just list them after reload. For example:
# rndc reload foo.example bar.example
25. What are the Types of DNS Sever’s
5.Stealth DNS ———–Same As Split DNS
*26. What is Match Destinations ?
27. What are the Types Of Zone’s ?
Basic Questions :-
1.What is the By Default Inode Size ?
Ans :- 4k
2.How to check inode usage on linux system ?
Ans :- df -i
3. Why does inode table gets full ?
Ans :- Inode table gets full due to inconsistency on drive,bad sectors, unclean shutdown etc.
4.How can we resolve the issue of inodes full error ?
Ans :- e2fsck -yc /dev/sda1
5. Does every file has a unique Inode Number ?
Ans :- Yes
6. Does a directory has Inode Number ?
Ans :- NO
5. How do we check the inode number of certain file ?
Ans :- ls -i filename
1)How to compile Apache?
2)Users come to you and they will be saying mail server is very slow, what are the necessary steps you will take to resolve this issue?
3)Which are the configuration files associate with DNS server and client?
4)Where you will provide ISP details for your network?
5)How you will configure Squid proxy?
6)How you will block pron sites using Squid proxy?
7)Give me details how to configure mail support for NAGIOS?
8)Can you use NAGIOS to send SMS? how to do that?
9)What is web-min?
A) Webmin is a web-based system configuration tool for OpenSolaris, Linux and other Unix-like systems.
10)How you will do kernel compilation? Explain each step?
11)What is the difference between SGID, SUID and sticky bit?
12)How to restrict users to set password with complexity ?
13)How do you monitor system performance?
14)Which are the configuration files of FTP server?
15)What are the different types of FTP servers?
16)What is the difference between active FTP and passive FTP?
17)How you will configure FTP in DMZ?
18)What is the use of htaccess file?
19)how do you configure website authentication for user logins?
20)Give me the steps to configure sendmail.
21)How to block particular network not to access my sendmail server?
22)How to send duplex/half duplex etc to the network card?
23)Can a web server have multiple ip add? if yes why? if no why?
24)How to configure multiple ip address for a web server?
25)What is the difference between VMWare and XEN?
26)Explain me the difference between ext2 and ext3
27)How do you configure route in Linux server?
28)How do you make routes permanent in Linux server?
29)Why you want to change your job?
30)What is an inode?
31)what is the difference between soft link and hard link?
32)How to get info about the files which are not accessed from last 30days?