You are the network administrator for a large company that has one main site and one
branch office.
Your company has a single Active Directory forest, ABC.com.
You have a single domain controller named ServerA in the main site that has the DNS role
installed.
ServerA is configured as a primary DNS zone.
You have decided to place a domain controller named ServerB in the remote site and
implement the DNS role on that server.
You want to configure DNS so that if the WAN link fails, users in both sites can still update
records and resolve any DNS queries.
How should you configure the DNS servers?
A.
Configure Server B as a secondary DNS server. Set replication to occur every 5 minutes.
B.
Configure Server B as s stub zone.
C.
Configure Server B as an Active Directory Integrated zone and convert Server A to an
Active Directory Integrated zone.
D.
Configure Server A as an Active Directory Integrated zone and configure Server B as a
secondary zone.
Explanation:
http://technet.microsoft.com/en-us/library/cc726034.aspx
Understanding Active Directory Domain Services Integration
The DNS Server service is integrated into the design and implementation of Active Directory
Domain Services (AD DS). AD DS provides an enterprise-level tool for organizing,
managing, and locating resources in a network.
How DNS integrates with AD DS
When you install AD DS on a server, you promote the server to the role of a domain
controller for a specified domain. As part of this process, you are prompted to specify a DNS
domain name for the AD DS domain which you are joining and for which you are promoting
the server, and you are offered the option to install the DNS Server role. This option is
provided because a DNS server is required to locate this server or other domain controllers
for members of an AD DS domain.
Benefits of AD DS integration
For networks that deploy DNS to support AD DS, directory-integrated primary zones are
strongly recommended. They provide the following benefits:
DNS features multimaster data replication and enhanced security based on the capabilities
of AD DS.
In a standard zone storage model, DNS updates are conducted based on a single-master
update model. In this model, a single authoritative DNS server for a zone is designated as
the primary source for the zone. This server maintains the master copy of the zone in a local
file. With this model, the primary server for the zone represents a single fixed point of failure.
If this server is not available, update requests from DNS clients are not processed for the
zone.
With directory-integrated storage, dynamic updates to DNS are sent to any AD DSintegrated DNS server and are replicated to all other AD DS-integrated DNS servers by
means of AD DS replication. In this model, any AD DS-integrated DNS servercan accept
dynamic updates for the zone. Because the master copy of the zone is maintained in the AD
DS database, which is fully replicated to all domain controllers, the zone can be updated by
the DNS servers operating at any domain controller for the domain. With the multimaster
update model of AD DS, any of the primary servers for the directoryintegrated zone can
process requests from DNS clients to update the zone as long as a domain controller is
available and reachable on the network.
Also, when you use directory-integrated zones, you can use access control list (ACL) editing
to secure a dnsZone object container in the directory tree. This feature provides detailed
access to either the zone or a specified resource record in the zone. For example, an ACL
for a zone resource record can be restricted so that dynamic updates are allowed only for a
specified client computer or a secure group, such as a domain administrators group. This
security feature is not available with standard primary zones.
Zones are replicated and synchronized to new domain controllers automatically whenever a
new one is added to an AD DS domain.By integrating storage of your DNS zone databases in AD DS, you can streamline database
replication planning for your network.
Directory-integrated replication is faster and more efficient than standard DNS replication.