What should you include in your plan?

Your company has a main office and a branch office. Your network contains a single Active Directory
domain. An Active Directory site exists for each office. All domain controllers run Windows Server
2008 R2. You plan to modify the DNS infrastructure. You need to plan the new DNS infrastructure to
meet the following requirements:
·Ensure that the DNS service is available even if a single server fails
·Encrypt the synchronization data that is sent between DNS servers
·Support dynamic updates to all DNS servers
What should you include in your plan?

Your company has a main office and a branch office. Your network contains a single Active Directory
domain. An Active Directory site exists for each office. All domain controllers run Windows Server
2008 R2. You plan to modify the DNS infrastructure. You need to plan the new DNS infrastructure to
meet the following requirements:
·Ensure that the DNS service is available even if a single server fails
·Encrypt the synchronization data that is sent between DNS servers
·Support dynamic updates to all DNS servers
What should you include in your plan?

A.
Install the DNS Server server role on two servers. Create a primary zone on the DNS server in the
main office. Create a secondary zone on the DNS server in the branch office.

B.
Install the DNS Server server role on a domain controller in the main office and on a domain
controller in the branch office. Configure DNS to use Active Directory integrated zones.

C.
Install the DNS Server server role on a domain controller in the main office and on a Readonly
Domain Controller (RODC) in the branch office. Configure DNS to use Active Directory integrated
zones.

D.
Install the DNS Server server role on two servers. Create a primary zone and a GlobalNames zone
on the DNS server in the main office. Create a GlobalNames zone on the DNS server in the branch
office.

Explanation:

http ://searchwindowsserver.techtarget.com/tip/DNS-Primer-Tips-for-understanding-ActiveDirectory-integratedzone-design-and-configuration
http ://technet.microsoft.com/en-us/library/cc772101.aspx
In an ADI primary zone, rather than keeping the old zone file on a disk, the DNS records are stored in
the AD, and Active Directory replication is used rather than the old problematic zone transfer. If all
DNS servers were to die or become inaccessible, you could simply install DNS on any domain
controller (DC) in the domain. The records would be automatically populated and your DNS server
would be up without the messy import/export tasks of standard DNS zone files.
Windows 2000 and 2003 allow you to put a standard secondary zone (read only) on a member
server and use one of the ADI primary servers as the master.

When you decide which replication scope to choose, consider that the broader the replication scope,
the greater the network traffic caused by replication. For example, if you decide to have AD DS–
integrated DNS zone data replicated to all DNS servers in the forest, this will produce greater
network traffic than replicating the DNS zone data to all DNS servers in a single AD DS domain in that
forest.
AD DS-integrated DNS zone data that is stored in an application directory partition is not replicated
to the global catalog for the forest. The domain controller that contains the global catalog can also
host application directory partitions, but it will not replicate this data to its global catalog.
AD DS-integrated DNS zone data that is stored in a domain partition is replicated to all domain
controllers in its AD DS domain, and a portion of this data is stored in the global catalog. This setting
is used to support Windows 2000.
If an application directory partition’s replication scope replicates across AD DS sites, replication will
occur with the same intersite replication schedule as is used for domain partition data.

By default, the Net Logon service registers domain controller locator (Locator) DNS resource records
for the application directory partitions that are hosted on a domain controller in the same manner as
it registers domain controller locator (Locator) DNS resource records for the domain partition that is
hosted on a domain controller.
Close integration with other Windows services, including AD DS, WINS (if enabled), and DHCP
(including DHCPv6) ensures that Windows 2008 DNS is dynamic and requires little or no manual
configuration. Windows 2008 DNS is fully compliant with the dynamic update protocol defined in
RFC 2136. Computers running the DNS Client service register their host names and IPv4 and IPv6
addresses (although not link-local IPv6 addresses) dynamically. You can configure the DNS Server
and DNS Client services to perform secure dynamic updates. This ensures that only authenticated
users with the appropriate rights can update resource records on the DNS server. Figure 2-22 shows
a zone being configured to allow only secure dynamic updates.

Figure 2-22Allowing only secure dynamic updates
MORE INFODynamic update protocol
For more information about the dynamic update protocol, see http ://www.ietf.org/rfc/rfc2136.txt
and http ://www.ietf.org/rfc/rfc3007
NOTE Secure dynamic updates
Secure dynamic updates are only available for zones that are integrated with AD DS.



Leave a Reply 0

Your email address will not be published. Required fields are marked *