Your network contains an Active Directory forest named contoso.com. The forest contains two domains named
contoso.com and child.contoso.com. The forest contains two domain controllers. The domain controllers are
configured as shown in the following table.
You need to ensure that DC2 can provide authoritative responses for queries to the contoso.com namespace.
What should you do?
A.
On DC1, create a delegation.
B.
On DC1, change the replication scope of the contoso.com zone.
C.
On DC2, create a forwarder.
D.
On DC2, modify the Zone Transfers settings.
i didnt understood this answer
B
yea why B? any explanation… thanks
any link to this answer or explanation?
The answer is C
http://technet.microsoft.com/en-us/library/cc730756.aspx
DNS has to be installed first on DC2.
C is incorrect.
I think it’s B.
Authoritative Response means, the server needs to respond with a record, which means the server doesn’t forward the query. So in this case, I assume DC1 is configured to replicate with DC2 for the zone(not delegation of the child domain zone to DC2). Replication setting needs to be configured on DC1 to Forest wide from default domain wide.
What is authoritative response:
http://www.inetdaemon.com/tutorials/internet/dns/servers/authoritative.shtml
What doesn’t make sense on the question to me, still is that DC2 doesn’t have DNS server installed. I assume in setting up replication, the first step is to change the replication scope, then add the new DNS server on DC2.
In your reference, it said,
“In other words, it IS possible for a DNS server that is NOT an authoritative server for a domain to give an ‘authoritative response’ to a DNS query for a domain it does not serve. – See more at: http://www.inetdaemon.com/tutorials/internet/dns/servers/authoritative.shtml#sthash.932aRuD9.dpuf”
and DNS forwarder does use cache, so I think C is correct answer.
To add, delegation and forwarding should go together.
You delegate the child domain zone to child domain DNS server, then you configure forwarder on child dns server.
Answer is B: Change the replication scope of the zone. This is the only answer that does not require DC2 to have a DNS. When changing the replication scope choose “TO all domain controllers.”
stef,
this is to replicate zone data to another DNS server which provides authoritative response. So, later it requires to have a DNS server in DC2.
And since the DC2 should provide the parent domain’s DNS records, it should have a copy of the zone data. So the replication should bet set to forest wide, ‘To all DNS servers running on domain controllers in this forest Contoso.com’. Am I right?
I agree with you, there is no chance in this world and in this Galaxy that a Microsoft Domain Controller can “provide an authoritative” response without having DNS service installed, the graphic is either wrong or it is a tricky question by Microsoft. We have to assume DNS is installed at some point, but it doesn’t matter, by actually stating “provide answer” it means DNS queries are going to this DC2 server. So yes DNS service is installed, port 53 is opened so it can be answered.
Delegation: on my test I can only see I could delegate a child domain but not the root domain
Forwarder : it will provide a non-authoritative answer
Modify zone transfer on DC2? Zone transfer from what if the zone isn’t even created or copied on DC2.
So as you are poitning, changing replication to all dns servers in the forest should produce the requested authoritative answer. Dc2 will receive a copy of the zone, and any query to dc2 for example nslookup server1.contoso.com dc2 (nslookup host-to-look DNS-server-that-will-reply) will produce an authoritative answer.
since A, C, D requires that DC2 be DNS server, only choice I think left is B. however, on “change zone replication scope”, I believe “To all domain controllers in domain (for Windows 2000 compatibility” needs to be selected since other two requires DC2 to be DNS server.
I just checked this out on my lab and I believe you are correct.
Thanks for verifying this, Steve.
I agree, replication scope is the only option that does not require DC2 to already have DNS installed. By default replication scope is for contuse.com will only be set to “All DNS servers in this domain”, this needs to be changed to “All DNS servers in this forest” before any DNS servers in child.contoso.com could provide authoritative responses.
one more thing, the premium version I bought has A as answer, w/o explanation. but I think it’s wrong.
to be a option using delegation, we need to use DNS Manager or command line but, the DC2 need to be a DNS server too complete the configuration, i’m not sure if am i right…
http://technet.microsoft.com/en-us/library/cc770984.aspx#BKMK_winui
@panda : wanne share your prem VCE file? We can trade ..
wardcoysman(@)hotmail.c0m
see https://4sysops.com/archives/microsoft-exam-70-640-configuring-dns-zone-transfers-and-replication/
It appears that (b) works, since you can configure replication of a DNS zone to all domain controllers, not just DNS servers.
I think it’s A
When you delegate zones within your namespace, remember that for each new zone that you create, you need delegation records in other zones that point to the authoritative DNS servers for the new zone. This is necessary both to transfer authority and to provide correct referral to other DNS servers and clients of the new servers that are being made authoritative for the new zone
https://technet.microsoft.com/en-us/library/cc771640.aspx
@Ward, Believe me, you realy don’t want the premium VCE file for the 70-410 exam. It has an awful lot of wrong answers.
That said I would go for answer B, replicate the scope to all DC’s in the forest.
Agreed…found more than 15 wrong answers in premium VCE.
B is correct.
I copied the following from 70-410 book.
You can also modify the scope of zone database replication to keep copies on all domain controllers throughout the enterprise or on all domain controllers in the AD DS domain, regardless of whether they are running the DNS server.
73004 25953hey was just seeing in case you minded a comment. i like your internet site and the theme you picked is super. I is going to be back. 579607
Its A you need delegation!
I really enjoyed the standard info an individual supply for your guests. I gonna be again often to check up on new posts
http://forum.humanistyczna.pl/profile.php?mode=viewprofile&u=joanna80edyta
1) Authoritative -> DNS. -> SRV1.
2) Replication -> Forest
Answer : On DC1, change the replication scope of the contoso.com zone.