Your network contains an Active Directory domain named contoso.com. All domain
controllers run Windows Server 2012 R2. One of the domain controllers is named DC1.
The DNS zone for the contoso.com zone is Active Directory-integrated and has the default
settings.
A server named Server1 is a DNS server that runs a UNIX-based operating system.
You plan to use Server1 as a secondary DNS server for the contoso.com zone.
You need to ensure that Server1 can host a secondary copy of the contoso.com zone.
What should you do?
A.
From DNS Manager, modify the Advanced settings of DC1.
B.
From DNS Manager, modify the Zone Transfers settings of the contoso.com zone.
C.
From Windows PowerShell, run the Set-DnsServerForwardercmdlet and specify the
contoso.com zone as a target.
D.
From DNS Manager, modify the Security settings of DC1.
Explanation:
There are two ways that a secondary DNS server can be added. In both scenarios you will
need to add the new server to the Forwarders list of the primary Domain Controller.
1. The Set-DnsServerForwarder cmdlet changes forwarder settings on a Domain Name
System (DNS) server.
2. From the primary server, open DNS Manager, right click on the server name and select
Properties. Click on the Forwarders tab and click the Edit button in the middle of the
dialogue box.
Correct answer is B (C). We are configuring DNS secondary zone, not DNS forwarders.
Adding a secondary DNS server to a zone involves three steps:
1.On the primary DNS server, add the prospective secondary DNS server to the list of name servers that are authoritative for the zone.
2.On the primary DNS server, verify that the transfer settings for the zone permit the zone to be transferred to the prospective secondary DNS server.
3.On the prospective secondary DNS server, add the zone as a secondary zone.
C is wrong not forwarder , B is more like it
Only applies to legacy bind versions
I think the answer is A
http://mitigationlog.com/how-to-enable-bind-secondaries-in-windows-dns-server/
Seems to me it can’t get any clearer. Good work, mina.
Agree with nina…..first BIND needs to be enabled to work with Unix. Bind is disabled by default. Once Bind is enabled, you can make additional changes like Zone transfer, etc.
Since they even give that step as an option, it is pretty clear they want you to activate Bind first.
BIND was must 20 years ago, it’s old stuff that doesn’t play any role these days. B is right answer
It’s B .,.. you need to Allow the zone transfer on DC1 on Zone Transfer.
No dought!!
I ‘m pretty sure it is A. Enable bind secondaries is under Advanced Settings in DNS and is necessary to disallow high compression, which is the default setting (mentioned in the question)!! Unix is the Non-Bind, non-microsoft server related in the technet article.
A makes the most sense due to the fact that it’s Unix.
its B… zone transfer is jst the way DC1 will knw server1 is its secondary zone
I think its B
Although others are on the right track with A because of UNIX, due to the fact its an AD integrated zone means that BIND is not going to work. It would need to be done using zone transfers
I also searched for the “Explanation” on google and got no relevant results, so it is hand written by the person answering the question.
Also… See Question 44 below:
http://www.microsoft4shared.com/new-updated-microsoft-mcsa-70-411-real-exam-questions-and-answers-download-41-50.html
it’s A.
you can have bind secondaries to an AD integrated zone
http://blog.michael.kuron-germany.de/2011/10/integrating-bind-with-ad-integrated-microsoft-dns/
A little bit of research opened my eyes. BIND (being DNS server software distributed on Linux) require enabling to be supported with Microsoft DNS. As explained by James below is an option in advanced settings.
BIND is a must on Unix!
Bind might be a must on Unix, but so is enabling Zone Transfer for it to be able to work at all. Default settings has it unmarked. So my vote would go on B.
OK everyone is on the right track but read the question (There are always clues)
1. DC1 has DEFAULT DNS server settings and is DNS for contoso zone which is ADI
2. Server1 is UNIX (ie BIND) and will be a secondary for contoso
3. You MUST ENSURE that server1 can be a secondary for contoso
Without configuring the advanced DNS properties of server DC1 to “Enable BIND Secondaries” (Not configured by default – see point 1) even if you “Allow Zone Transfer” the transfer will not take place as you have NOT ENSURED that server1 can be a secondary
Therefore in my opinion A is correct
well to Ensure it “can host” a secondary host you’ll need to do A and B. You’ve not ensured that server1 can be a secondary if you don’t do them both.
Yet another crappy question, which i probably will answer with A.
Agree with that.
This clearly explains why it’s A
http://mitigationlog.com/how-to-enable-bind-secondaries-in-windows-dns-server/
B
A.
Thanks for your helpful answer
all you “enable BIND” answer A guys: you only need this if you use BIND version from about 20 years ago, check this:
https://technet.microsoft.com/en-us/library/cc940771.aspx
it says “Enables the Domain Name System (DNS) server to communicate with non-Microsoft DNS servers that use an earlier, slower version of the DNS BIND service” and refer to versions below 4.9.4!
this is old stuff from the mid-90’s:
https://en.wikipedia.org/wiki/BIND#History
so the only way to get it done is enabling zone transfer, that’s why only B can be the correct answer. without enabling zone transfer you are lost…
after seeing dens’ reply you would have to go with B.
After reading this article it is also worth pointing out this
‘The default value of this entry is appropriate for most DNS servers. Change the value of this entry to 0 only if you have NEW BIND servers (or non-BIND, non-Windows servers) that are secondaries to a Microsoft DNS server and if transfer performance is a high priority.’
The default value is one which accommodates for earlier versions of BIND.
If the answer isn’t be.
Microsoft can DIAF because the question is BS
Only the question doesn’t mention what version of BIND the Unix machine is running. So assuming that it is new could be fatal. I would say a safe move would be to enable Bind first…answer A…… and then do any other necessary configs.
Look at this article. It explains tha with unix dns is not only a question of traqnfer performance, but there is also a problem with reverse lookup zone replication.
I Say “A”
http://mitigationlog.com/how-to-enable-bind-secondaries-in-windows-dns-server/
There is another version of this questions with the “modify the Zone Transfers settings” missing as an option. In that set the only logical answer is the “Advanced settings” option to enable BIND Secondaries.
This suggests that A might be the “right” answer, even though B seems to make the most sense.
Well guys this question is from a windows server administration exam.
Microsoft is testing our skills of windows administration and not unix server knowledge.
in this scenario Microsoft will not expect that the candidate possesses all the knowledge about unix as well, so what should a windows administrator do on windows server is more important which will be zone transfer settings.
later a unix administrator will try on his end and see if it works after zone transfer settings or not. I can bet 90% of candidates who solve this question will have no knowledge about unix bindings…
great answer but is it A or B
I say it’s A. The keyword is Unix (therefore, BIND) secondaries. In the official study guide, Microsoft is pretty clear that you need to enable BIND secondaries before you can do zone transfers to a Unix machine.
its c, A is the older answer
Just took my exam. A isn’t listed in the choices, but if it were I would have taken that as the answer. The right answer is C.
I passed my 70-411 exam this morning, got 868. Test was super easy. Went in there for literally 10 minutes and was finished. I didn’t even bother double checking my answers. This exam focuses a lot on NPS, RADIUS, etc. But in the actual exam, I’ve only had about 3~4 questions on those.
Dumps are still valid. Study AIOTestking v4~v6. Make notes and check the comments for right answers. That’s my advice.
That’s cool,but how could you even tell that that’s the correct answer?,
C could have been the wrong answer and you didn’t get 1000 on the test and had few wrong answers and this could be one of them.
this question is a F***ing pain in the ass!
Thank you for the update @Ricky.
Hi all,
the answer is A. If you have UNIX DNS that needs to hold a secondary copy of your DNS zone, your primary DNS (our windows server) must support BIND.
There are two variants of this question on the exam. One lists the correct answer as “go to advanced tab and check the BIND checkbox” and the other versions says “use set-dnsserversetting cmdlet”. These are the two correct answers depending which variant you get.
Check this article on how you can use set-dnsserversetting cmdlet to enable BIND.
https://msdn.microsoft.com/en-us/library/dn441287(v=vs.85).aspx
enable BIND
https://www.reddit.com/r/homelab/comments/3zqg2y/using_bind_linux_as_a_backup_dns_server_to_a/