Configuring DNS for Active Directory
Chapter 1
Configuring DNS for Active Directory
1.
You are the network administrator for your company, a marketing research firm in
Chicago. After returning from a Microsoft Windows Server 2008 training course,
you are convinced that upgrading from Windows Server 2003 to Windows Server
2008 would be of great benefit. Since your company has a very large network with
five domains, it will be hard to convince the CIO that the return on investment will
be worth the effort.One main selling point of 2008 is the improvements made to
DNS. One of these improvements, in particular, could almost definitely help
improve response time to client queries when those clients restart, because the zone
data is loaded in the background. Currently, many of the clients are restarted at the
same time, after performing updates. When these clients come back up, hundreds
of DNS queries to the server are made at the same time, causing slow response
times.What DNS improvement made in 2008 could help with the slow response
times currently experienced?
❍ A.
❍ B.
❍ C.
❍ D.
Background zone loading is an improvement made to DNS that
would improve the performance of the DNS server responding to
client queries.
IP version 6 support added to DNS for Server 2008 allows the DNS
server to respond to client queries more efficiently by utilizing the
new IP stack.
The addition of the GlobalNames zone to DNS on Server 2008
allows the server to respond quicker to client queries since it caches
the MAC address of all the domain's client computers.
The global query block list is an improvement that has been added
to DNS on Windows Server 2008. This query list blocks out slow
responding clients, allowing for other clients' queries to be
responded to more quickly.
Find the Answer p. 170
2
Configuring DNS for Active Directory
2.
Kyle is the systems administrator for TeeTime Incorporated, a manufacturing
company based out of San Francisco. Kyle has just returned from an information
security conference in Las Vegas and is now very concerned about the overall
security of the company's network. In particular, the speakers at the conference
spoke of DNS cache poisoning and illegitimate DNS updates made to the DNS
server that enter false addresses into zones.Kyle wants to ensure that only secure,
dynamic DNS updates are made to the server. When Kyle clicks on the General
tabs of the zones he wants to check, he only sees the following dynamic updates
options of None, or nonsecure and secure. He expects there to be a Secure Only
option, as he saw at the security conference he attended.Why is Kyle only seeing
these two options for dynamic updates?
❍ A.
❍ B.
❍ C.
❍ D.
Kyle must set up aging/scavenging on the zones before it will give
him the option of Secure Only dynamic updates.
The Secure Only option is not available using the windows
interface; it must be changed through the command line.
The zones he is trying to change are not Active
Directory-integrated zones.
Kyle is only seeing these two options because the server has not
been set up to use NTLMv2 which is what secure DNS updates
utilize to communicate.
Find the Answer p. 170
Exhibit(s):
3
Configuring DNS for Active Directory
3.
Victor is the senior systems administrator for Lee Time, an ISP that provides
Internet connection for all schools in Montana. Victor has been working with a
remote school to help them create and maintain their own website for information
sharing between teachers and students. Victor has helped them install their own
DNS and IIS servers to host the website. Since this site will not be available to
anyone outside of the school's network, there is no need to register a domain
name.To make the site as easy as possible for students and teachers to get to,
Victor has named the site "website" on the IIS server. Victor wants the students
and teachers to only have to type in "website" in a web browser for the site to come
up.What type pf record must Victor create on the DNS server for this to work
properly?
❍ A.
❍ B.
❍ C.
❍ D.
Victor must create a CNAME record that points the iisstart.htm to
"website".
Victor must create an MX record on the DNS server. This record
will be cached on all the local workstations in the network and
point the "website" name to the IP address of the IIS server.
Victor must create a PTR record on the DNS server so that the
"website" name when typed in will resolve to the IP address of the
IIS server.
Victor must create an A record on the DNS server so that the
"website" address when typed in a browser will resolve to the IP
address of the IIS server.
Find the Answer p. 170
Exhibit(s):
4
Configuring DNS for Active Directory
4.
Lyle is a systems administrator for HughesNet-Python, a software game
manufacturer in Las Vegas. The company's network uses all Windows Server 2008
Enterprise servers. The network has three DNS servers - DNS1, DNS2, and DNS3
- all of which are in different zones. Lyle has just finished making a number of
changes to the DNS on DNS3 and wants the changes to be replicated as soon as
possible to the other zones. However, Lyle does not want to open another MMC
other than the DNS window he has up currently, and he does not want to use a
command line tool.How can Lyle force the DNS server to replicate?
❍ A.
❍ B.
❍ C.
❍ D.
Lyle can press the Increment button on the SOA DNS page to
increase the serial number. This will notify the other DNS servers
that there has been a change, and they will replicate.
If Lyle changes the Serial number on the SOA page to zero, the
DNS changes he made will replicate immediately.
Lyle can click on the General tab, click on the Aging button, and
change the refresh interval to zero days.
Lyle can click on the General tab, press the Pause button, wait 5
seconds, and press the Start button. This will initiate an immediate
replication to the other DNS servers.
Find the Answer p. 170
Exhibit(s):
5
Configuring DNS for Active Directory
6
Configuring DNS for Active Directory
5.
Oliver is the network administrator for his company, an employee staffing firm in
Oklahoma City. The company's network is currently comprised of 20 servers
running Windows Server 2008 Enterprise and 250 workstations running Windows
Vista. Of those 20 servers, 5 of them are domain controllers; the rest are running
customized applications for the company.There is a very high turnover rate at the
company, since many of the employees are temporary and move on to other
positions. The company policy calls for every computer to be re-imaged once an
employee has left.Oliver notices that the A records on the company servers have
increased tremendously in the last 6 months. He can see over 500 A records in the
forward lookup zone, even though he knows there are no more than 270 computers
in the entire network. Oliver does not want to start manually deleting these records,
knowing that many of them are valid records being used.What can Oliver do to
clean up the excessive amount of A records on his DNS servers?
❍ A.
❍ B.
❍ C.
❍ D.
Oliver should run the replmon GUI to automatically delete all A
records that are not currently being used.
Oliver should turn on record scavenging on the DNS servers. This
will periodically check the DNS zones for stale records and delete
those that are not needed.
In order to clean up the excessive amounts of records on the DNS
servers, Oliver should right-click the specific zone and choose
Reload.
Oliver should navigate to the properties page of the network card
for the DNS servers. Once at the network cards' configuration page,
he should choose the option to clear stale records, and then click
Apply.
Find the Answer p. 170
7
Configuring DNS for Active Directory
Answers: Chapter 1
1. A
Review Question p. 2
Detailed Explanation p. 181
2. C
Review Question p. 3
Detailed Explanation p. 181
3. D
Review Question p. 4
Detailed Explanation p. 181
4. A
Review Question p. 6
Detailed Explanation p. 182
5. B
Review Question p. 7
Detailed Explanation p. 182
6. B, C
Review Question p. 9
Detailed Explanation p. 183
7. D
Review Question p. 10
Detailed Explanation p. 183
8. A
Review Question p. 11
Detailed Explanation p. 183
9. B
Review Question p. 12
Detailed Explanation p. 184
10. D
Review Question p. 13
Detailed Explanation p. 184
11. B
Review Question p. 13
Detailed Explanation p. 184
12. D
Review Question p. 14
Detailed Explanation p. 185
13. C
Review Question p. 15
Detailed Explanation p. 185
14. C
Review Question p. 16
Detailed Explanation p. 185
15. B
Review Question p. 16
Detailed Explanation p. 186
16. A
Review Question p. 17
Detailed Explanation p. 186
17. D
Review Question p. 17
Detailed Explanation p. 186
18. C, D
Review Question p. 18
Detailed Explanation p. 187
19. B
Review Question p. 18
Detailed Explanation p. 187
20. B
Review Question p. 19
Detailed Explanation p. 188
21. D
Review Question p. 20
Detailed Explanation p. 188
22. D
Review Question p. 21
Detailed Explanation p. 188
23. A
Review Question p. 21
Detailed Explanation p. 189
170
Configuring DNS for Active Directory
181
Explanations: Chapter 1
1.
Review Question p. 2
Answers: A
Explanation A. Correct. Background zone loading is an improved feature added to
DNS on Server 2008 that loads the zone data in the background in order to respond to
client queries more quickly.
Explanation B. Incorrect. IP version 6 support has been added to DNS, but this does
not allow it to respond to client queries quicker.
Explanation C. Incorrect. The GlobalNames zone feature has been added to DNS on
Windows Server 2008 but does not allow the server to respond to client queries quicker.
The GlobalNames zone provides single-label name resolution for large enterprise
networks that do not deploy WINS.
Explanation D. Incorrect. The global query block list is an addition to DNS but does
not allow for client query response to become faster. This list reduces the vulnerability
of illegitimate servers attempting to register themselves as legitimate DNS servers for
clients.
PrepLogic Question: 12415-114
2.
Review Question p. 3
Answers: C
Explanation A. Incorrect. Setting the aging/scavenging option for zones has nothing to
do with the way dynamic updates are received.
Explanation B. Incorrect. Although changing the dynamic updates option is available
through a command line, it is also possible to change to the Secure Only option through
the windows interface.
Explanation C. Correct. To have the Secure Only option available for dynamic updates,
a zone must be an Active Directory-integrated zone.
Explanation D. Incorrect. Secure DNS updates do not utilize NTMLv2.
PrepLogic Question: 12415-115
3.
Review Question p. 4
Answers: D
Configuring DNS for Active Directory
182
Explanation A. Incorrect. CNAME records are used to create an alias record on a DNS
server.
Explanation B. Incorrect. MX records are used for Exchange Mail records, not name
resolution.
Explanation C. Incorrect. PTR records are used to resolve IP addresses to names, not
names to IP addresses.
Explanation D. Correct. An A (Host) record helps to resolve names stored on the DNS
server to specific IP addresses.
PrepLogic Question: 12415-116
4.
Review Question p. 6
Answers: A
Explanation A. Correct. Incrementing the serial number indicates that the SOA has
more recent changes than those with lower serial numbers, forcing replication.
Explanation B. Incorrect. The higher the serial number, the more up-to-date a zone is.
Explanation C. Incorrect. This will not force replication; this will change the scavenge
records setting on the DNS server.
Explanation D. Incorrect. This action only stops the zone and restarts the zone; it does
not initiate replication.
PrepLogic Question: 12415-117
5.
Review Question p. 7
Answers: B
Explanation A. Incorrect. Replmon is a command line tool used for replication, not for
cleaning up records on a DNS server.
Explanation B. Correct. Scavenging is a feature built into DNS that allows for old, stale
records to be deleted automatically on a periodic basis.
Explanation C. Incorrect. Reloading zones does not clear them of stale records; it
simply refreshes the information contained in the zone.
Explanation D. Incorrect. There is no such option on the configuration for a network
card.
Configuring DNS for Active Directory
183
PrepLogic Question: 12415-118
6.
Review Question p. 9
Answers: B, C
Explanation A. Incorrect. Making the zones secondary will not allow for users to log in
without issues. There must also always be at least one primary zone.
Explanation B. Correct. Active Directory-integrated zones store their zone data in
Active Directory and allow for fast data retrieval by DNS servers. A zone must also be
Active Directory-integrated to allow for secure dynamic updates.
Explanation C. Correct. This will ensure that all dynamic updates use secure channels.
Explanation D. Incorrect. This will help if there are name resolution issues but would
not help in this situation.
PrepLogic Question: 12415-119
7.
Review Question p. 10
Answers: D
Explanation A. Incorrect. This can be accomplished centrally by applying GPOs to the
different domains.
Explanation B. Incorrect. This will set the primary DNS domain name for the clients
but will not allow them to resolve computer names in a different domain without using
the actual domain name.
Explanation C. Incorrect. This setting will clients to resolve hostnames but will not
help them to resolve if new domains are added to the forest.
Explanation D. Correct. This will automatically set the DNS suffix for clients, so they
can resolve computer names properly.
PrepLogic Question: 12415-120
8.
Review Question p. 11
Answers: A
Explanation A. Correct. If she creates a stub zone on NS1, that DNS server will store a
partial copy of the northwest.listen.com domain to resolve queries in the listen.com
domain.