You are an Enterprise administrator for ABC.com. The company consists of an Active Directory
domain called ad.ABC.com. All servers on the corporate network run Windows Server 2003. At
present there is no provision was made for Internet connectivity.
A server named ABC2 has the DNS server service role installed. The DNS zones on ABC2 are
shown below:
The corporate network also contains a UNIX-based DNS A server named ABC-SR25 hosts a
separate DNS zone on a separate network called ABC.com. ABC-SR25 provides DNS services to
the UNIX-based computers and is configured to run the latest version of BIND and the ABC.com
contains publicly accessible Web and mail servers.
The company has a security policy set, according to which, the resources located on the internal
network and the internal network’s DNS namespace should never be exposed to the Internet.
Besides this, according to the current network design, ABC-SR25 must attempt to resolve any
name resolution requests before sending them to name servers on the Internet.
The company plans to allow users of the internal network to access Internet-based resources. To
implement the security policy of the company, you decided to send all name resolution requests
for Internet-based resources from internal network computers through ABC2. You thus need to
devise a name resolution strategy for Internet access as well as configuring ABC2 so that it will
comply with the set criteria and restrictions.
Which two of the following options should you perform?
A.
Have the Cache.dns file copied from ABC2 to ABC-SR25.
B.
Have the root zone removed from ABC2.
C.
ABC2 should be set up to forward requests to ABC-SR25.
D.
Install Services for Unix on ABC2.
E.
The root zone should be configured on ABC-SR25.
F.
Disable recursion on ABC-SR25.
Explanation:
To plan a name resolution strategy for Internet access and configure ABC2 so that it
sends all name resolution requests for Internet-based resources from internal network computersthrough ABC2, you need to delete the root zone from ABC2. Configure ABC2 to forward requests
to ABC-SR25
A DNS server running Windows Server 2003 follows specific steps in its name-resolution process.
A DNS server first queries its cache, it checks its zone records, it sends requests to forwarders,
and then it tries resolution by using root servers.
The root zone indicates to your DNS server that it is a root Internet server. Therefore, your DNS
server does not use forwarders or root hints in the name-resolution process. Deleting the root
zone from ABC2 will allow you to first send requests to ABC2 and then forward requests to ABC-SR25 by configuring forward lookup zone. If the root zone is configured, you will not be able to use
the DNS server to resolve queries for hosts in zones for which the server is not authoritative and
will not be able to use this DNS Server to resolve queries on the Internet.
Reference: How to configure DNS for Internet access in Windows Server 2003
http://support.microsoft.com/kb/323380
Reference: DNS Root Hints in Windows 2003
http://www.computerperformance.co.uk/w2k3/services/DNS_root_hints.htm