You work as an administrator at ABC.com. The ABC.com network consists of a single domain
named ABC.com. All servers in the ABC.com domain, including domain controllers, have Windows
Server 2012 R2 installed.
You have installed the DNS Server Role on a ABC.com server, named ABC-SR13. ABC.com’s
workstations make use of a web proxy to access the Internet, and refer to ABC-SR13 as a primary
DNS server.
You have been instructed to make sure that Internet host names for ABC.com’s workstations are
not resolved by ABC-SR13.
Which of the following actions should you take?
A.
You should consider configuring a primary zone on ABC-SR13.
B.
You should consider configuring a secondary zone on ABC-SR13.
C.
You should consider configuring a reverse lookup zone on ABC-SR13.
D.
You should consider configuring a forward lookup zone on ABC-SR13.
Explanation:
This is a really bad practice in a production environment.
configuring a (primary) root zone isn’t that bad as that prevents querying further.
I assume the bad practice would be installing a proxy on that server as well, but you could just use another Dns server in this server dns client settings. This way this server doesn’t use it’s own dns zone.
Not sure if i’d call this a good solution but it’s just a little bit uncommon 🙂
A
Open DNS Server Manager | Expand DNS Server | Expand Forward Lookup Zones | Right Click
on Forward Lookup Zones and select New Zone | Primary Zone | Zone Name: “.” (only dot, without
quotation marks) When you create such a zone, you are configuring the DNS server to be the
ultimate authority for the DNS namespace. The DNS server will no longer attempt to forward any
DNS requests that it is not authoritative for.
When you install DNS on a Windows server that does not have a connection to the Internet, the
zone for the domain is created and a root zone, also known as a dot zone, is also created. This
root zone may prevent access to the Internet for DNS and for clients of the DNS. If there is a root
zone, there are no other zones other than those that are listed with DNS, and you cannot configure
forwarders or roothint servers.
Root domain This is the top of the tree, representing an unnamed level; it is sometimes shown as
two empty quotation marks (“”), indicating a null value. When used in a DNS domain name, it is
stated by a trailing period (.) to designate that the name is located at the root or highest level of the
domain hierarchy. In this instance, the DNS domain name is considered to be complete and points
to an exact location in the tree of names. Names stated this way are called fully qualified domain
names (FQDNs).