What should you include in your plan?

Your company has a main office and a branch office. Your network contains a single Active Directory domain.

An Active Directory site exists for each office. All domain controllers run Windows Server 2008 R2. You plan to modify the DNS infrastructure. You need to plan the new DNS infrastructure to meet the following requirements:

Ensure that the DNS service is available even if a single server fails

Encrypt the synchronization data that is sent between DNS servers

Support dynamic updates to all DNS servers

What should you include in your plan?

Your company has a main office and a branch office. Your network contains a single Active Directory domain.

An Active Directory site exists for each office. All domain controllers run Windows Server 2008 R2. You plan to modify the DNS infrastructure. You need to plan the new DNS infrastructure to meet the following requirements:

Ensure that the DNS service is available even if a single server fails

Encrypt the synchronization data that is sent between DNS servers

Support dynamic updates to all DNS servers

What should you include in your plan?

A.
Install the DNS Server server role on two servers. Create a primary zone on the DNS server in the main office. Create a secondary zone on the DNS server in the branch office.

B.
Install the DNS Server server role on a domain controller in the main office and on a domain controller in the branch office. Configure DNS to use Active Directory integrated zones.

C.
Install the DNS Server server role on a domain controller in the main office and on a Readonly Domain Controller (RODC) in the branch office. Configure DNS to use Active Directory integrated zones.

D.
Install the DNS Server server role on two servers. Create a primary zone and a GlobalNames zone on the DNS server in the main office. Create a GlobalNames zone on the DNS server in the branch office.

Explanation:

http://searchwindowsserver.techtarget.com/tip/DNS-Primer-Tips-for-understanding-Active-Directory-integrated-zone-design-and-configuration
http://technet.microsoft.com/en-us/library/cc772101.aspx
MCITP Self-Paced Training Kit Exam 70-646 Windows Server Administration:

In an ADI primary zone, rather than keeping the old zone file on a disk, the DNS records are stored in the AD, and Active Directory replication is used rather than the old problematic zone transfer. If all DNS servers were to die or become inaccessible, you could simply install DNS on any domain controller (DC) in the domain. The records would be automatically populated and your DNS server would be up without the messy import/export tasks of standard DNS zone files.

Windows 2000 and 2003 allow you to put a standard secondary zone (read only) on a member server and use one of the ADI primary servers as the master.

When you decide which replication scope to choose, consider that the broader the replication scope, the greater the network traffic caused by replication. For example, if you decide to have AD DSintegrated DNS zone data replicated to all DNS servers in the forest, this will produce greater network traffic than replicating the DNS zone data to all DNS servers in a single AD DS domain in that forest.

AD DS-integrated DNS zone data that is stored in an application directory partition is not replicated to the global catalog for the forest. The domain controller that contains the global catalog can also host application directory partitions, but it will not replicate this data to its global catalog.

AD DS-integrated DNS zone data that is stored in a domain partition is replicated to all domain controllers in its AD DS domain, and a portion of this data is stored in the global catalog. This setting is used to support Windows 2000.
If an application directory partition’s replication scope replicates across AD DS sites, replication will occur with the same intersite replication schedule as is used for domain partition data.

By default, the Net Logon service registers domain controller locator (Locator) DNS resource records for the application directory partitions that are hosted on a domain controller in the same manner as it registers domain controller locator (Locator) DNS resource records for the domain partition that is hosted on a domain controller.

Close integration with other Windows services, including AD DS, WINS (if enabled), and DHCP (including DHCPv6) ensures that Windows 2008 DNS is dynamic and requires little or no manual configuration. Windows 2008 DNS is fully compliant with the dynamic update protocol defined in RFC 2136. Computers running the DNS Client service register their host names and IPv4 and IPv6 addresses (although not link-local IPv6 addresses) dynamically. You can configure the DNS Server and DNS Client services to perform secure dynamic updates. This ensures that only authenticated users with the appropriate rights can update resource records on the DNS server. Figure 2-22 shows a zone being configured to allow only secure dynamic updates.

Figure 2-22Allowing only secure dynamic updates

MORE INFODynamic update protocol
For more information about the dynamic update protocol, see http://www.ietf.org/rfc/rfc2136.txt and http://www.ietf.org/rfc/rfc3007

NOTE Secure dynamic updates
Secure dynamic updates are only available for zones that are integrated with AD DS.



Leave a Reply 0

Your email address will not be published. Required fields are marked *