The ABC.com network consists of a single Active Directory domain named ABC.com. All servers
on the ABC.com network run Windows Server 2003 and all client computers run Windows XP
Professional.
A domain controller named ABC-DC1 is configured as a DNS server. DC1 hosts the DNS zone for
the ABC.com internal LAN.
An external DNS server named ABC-DNS1 hosts the DNS zone for the ABC.com external website
and is configured with root hints. ABC-DNS1 is outside of the network firewall.
You need to protect the client computers by minimizing the risk of DNS-related attacks from the
Internet, without impacting on their access to Internet-based sites.
How should you configure the DNS servers and client computers?
A.
DNS forwarding should be configured on ABC-DNS1 for ABC-DC1 and client computers must
be configured to use ABC-DC1.
B.
The firewall should be configured to block all DNS traffic.
C.
DNS forwarding should be configured on ABC-DC1 for ABC-DNS1 and client computers must
be configured to use ABC-DNS1.
D.
A root zone should be added to ABC-DC1 and client computers must be configured to use
ABC-DC1.
Explanation:
Install one server on your perimeter network, for Internet name resolution, and
another on your internal network, to host your private namespace and provide internal name
resolution services. Then configure the internal DNS server to forward all Internet name resolution
requests to the external DNS server. This way, no computers on the Internet communicate directly
with your internal DNS server, making it less vulnerable to all kinds of attacks.
Reference:
Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft
Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, 2004,
Chapter 4.