Your company, Contoso Ltd has a main officeand a branch office.
The offices are connected by a WAN link.
Contoso has an Active Directory forest that contains a single domainnamedad.contoso.com.
The ad.contoso.comdomain contains one domain controllernamed DC1that is located in the main office.
DC1is configured as a DNS serverfor the ad.contoso.comDNS zone.
This zone is configured as a standard primary zone.
You install a new domain controllernamed DC2in the branch office.
You install DNSon DC2.
You need to ensure that the DNS service can update records and resolve DNS queries in the event that a
WAN link fails.
What should you do?
A.
Create a new stub zone named ad.contoso.com on DC2.
B.
Create a new standard secondary zone named ad.contoso.com on DC2.
C.
Configure the DNS server on DC2 to forward requests to DC1.
D.
Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.
Explanation:
Answer.Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.
http://technet.microsoft.com/en-us/library/cc726034.aspx
Understanding Active Directory Domain Services Integration
The DNS Server service is integrated into the design and implementation of Active Directory Domain Services
(AD DS). AD DS provides an enterprise-level tool for organizing, managing, and locating resources in a
network.
How DNS integrates with AD DS
When you install AD DS on a server, you promote theserver to the role of a domain controller for a specified
domain. As part of this process, you are prompted to specify a DNS domain name for the AD DS domain which
you are joining and for which you are promoting theserver, and you are offered the option to install the DNS
Server role. This option is provided because a DNS server is required to locate this server or other domain
controllers for members of an AD DS domain.
Benefits of AD DS integration
For networks that deploy DNS to support AD DS, directory-integrated primary zones are strongly
recommended. They provide the following benefits:
DNS features multimaster data replication and enhanced security based on the capabilities of AD DS.
In a standard zone storage model, DNS updates are conducted based on a single-master update
model. In this model, a single authoritative DNS server for a zone is designated as the primary
source for the zone. This server maintains the master copy of the zone in a local file. With this model,
the primary server for the zone represents a singlefixed point of failure. If this server is not available,
update requests from DNS clients are not processed for the zone.
With directory-integrated storage, dynamic updates to DNS are sent to any AD DS-integrated DNS
server and are replicated to all other AD DS-integrated DNS servers by means of AD DS replication.
In this model, any AD DS-integrated DNS servercan accept dynamic updates for the zone. Because
the master copy of the zone is maintained in the ADDS database, which is fully replicated to all
domain controllers, the zone can be updated by the DNS servers operating at any domain controller
for the domain. With the multimaster update model of AD DS, any of the primary servers for the
directory-integrated zone can process requests fromDNS clients to update the zone as long as a
domain controller is available and reachable on thenetwork.
Also, when you use directory-integrated zones, you can use access control list (ACL) editing to
secure a dnsZone object container in the directory tree. This feature provides detailed access to
either the zone or a specified resource record in the zone. For example, an ACL for a zone resource
record can be restricted so that dynamic updates are allowed only for a specified client computer or a
secure group, such as a domain administrators group. This security feature is not available with
standard primary zones.
Zones are replicated and synchronized to new domaincontrollers automatically whenever a new one is
added to an AD DS domain.
By integrating storage of your DNS zone databases in AD DS, you can streamline database replication
planning for your network.
Directory-integrated replication is faster and more efficient than standard DNS replication.
Further information: