Which additional name suffix entry should you add from the Remote Access Setup wizard?

Your network contains an Active Directory domain named contoso.com. All domain
controllers run Windows Server 2012 R2.
The domain contains an Edge Server named Server1. Server1 is configured as a
DirectAccess server. Server1 has the following settings:

You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)

You need to ensure that client computers on the Internet can establish DirectAccess
connections to Server1.
Which additional name suffix entry should you add from the Remote Access Setup wizard?

Your network contains an Active Directory domain named contoso.com. All domain
controllers run Windows Server 2012 R2.
The domain contains an Edge Server named Server1. Server1 is configured as a
DirectAccess server. Server1 has the following settings:

You run the Remote Access Setup wizard as shown in the following exhibit. (Click the Exhibit button.)

You need to ensure that client computers on the Internet can establish DirectAccess
connections to Server1.
Which additional name suffix entry should you add from the Remote Access Setup wizard?

A.
A Name Suffix value of dal.contoso.com and a blank DNS Server Address value

B.
A Name Suffix value of Server1.contoso.com and a DNS Server Address value of
65.55.37.62

C.
A Name Suffix value of dal.contoso.com and a DNS Server Address value of 65.55.37.62

D.
A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value

Explanation:
Split-brain DNS is the use of the same DNS domain for both Internet and intranet resources.
For example, the Contoso Corporation is using split brain DNS; contoso.com is the domain
name for intranet resources and Internet resources. Internet users use http:
//www.contoso.com to access Contoso’s public Web site and Contoso employees on the
Contoso intranet use http: //www.contoso.com to access Contoso’s intranet Web site. A
Contoso employee with their laptop that is not a DirectAccess client on the intranet that
accesses http: //www.contoso.com sees the intranet Contoso Web site. When they take their
laptop to the local coffee shop and access that same URL, they will see the public Contoso
Web site.
When a DirectAccess client is on the Internet, the Name Resolution Policy Table (NRPT)
sends DNS name queries for intranet resources to intranet DNS servers. A typical NRPT for
DirectAccess will have a rule for the namespace of the organization, such as contoso.com

for the Contoso Corporation, with the Internet Protocol version 6 (IPv6) addresses of intranet
DNS servers. With just this rule in the NRPT, when a user on a DirectAccess client on the
Internet attempts to access the uniform resource locator (URL) for their Web site (such as
http: //www.contoso.com), they will see the intranet version. Because of this rule, they will
never see the public version of this URL when they are on the Internet.
For split-brain DNS deployments, you must list the FQDNs that are duplicated on the
Internet and intranet and decide which resources the DirectAccess client should reach, the
intranet version or the public (Internet) version. For each name that corresponds to a
resource for which you want DirectAccess clients to reach the public version, you must add
the corresponding FQDN as an exemption rule to the NRPT for your DirectAccess clients.
Name suffixes that do not have corresponding DNS servers are treated as exemptions.
http: //technet. microsoft. com/en-us/library/ee382323(v=ws. 10). aspx



Leave a Reply 6

Your email address will not be published. Required fields are marked *


armegatron

Zack

Zack

No, the DirectAccess users are on the internet and server1.contoso.com is only an internal DNS record; the external DNS record is da1.contoso.com. However, internal name resolution is set by the contoso.com suffix so the DNS is left blank for da1.contoso.com to facilitate split-tunneling.

hombre

hombre

This is joke, but almost serious one:
As it is written here …. there is no good solution offered 🙂
server for solution dal.contoso.com and external name of server is da1.contoso.com

ROBBER

ROBBER

that are just common mistakes when dumping/copying/parsing these questions.

A is correct.

Luis

Luis

Correct answer is D:
A Name Suffix value of Server1.contoso.com and a blank DNS Server Address value
Explanation:
when you put a server1.contoso.com and blank dns value, you are telling your internal clients to use the internal dns for resolution. so a user will try to connect to direct access using server1.contoso.com and that will resolve to the internal ip, in this case the ipv6 address.

On the flip side of the coin, for the external users, they would try to connect using the external name da1.contoso.com, since that name would not be located in the NRPT, you would be telling them, use whatever configuration of dns you have in your local network card, that would resolve to the external ip 65.55.37.62