You are an Enterprise administrator for contoso.com. The company consists of a head office and a branch office. The corporate network of the company consists of a single Active Directory domain and an Active Directory site exists for each office. All the domain controllers on the network run Windows Server 2008.
You have been assigned the task to modify the DNS infrastructure in such a way that the DNS service is available even if a single server fails, the synchronization data that is sent between DNS servers is encrypted and dynamic updates are supported on all DNS servers.
Which of the following options would you choose to accomplish the given task? (Select two. Each selected option will present a part of the answer.)
A.
Install the DNS server role on a domain controller in the head office and on a Read only Domain Controller (RODC) in the branch office.
B.
Install the DNS server role on a domain controller in the head office and on a domain controller in the branch office.
C.
Install the DNS server role on two servers. Create a primary zone on the DNS server in the head office.
D.
Configure DNS to use Active Directory integrated zones.
E.
Create a secondary zone on the DNS server in the branch office.
F.
Install the DNS server role on two servers. Create a primary zone and a GlobalNames zone on the DNS server in the head office.
G.
Create a GlobalNames zone on the DNS server in the branch office.
Explanation:
To modify the DNS infrastructure in such a way that the DNS service is available even if a single server fails, you need to install the DNS server role on a domain controller in the head office and on a domain controller in the branch office and then configure DNS to use Active Directory integrated zones.
This would also ensure that the synchronization data that is sent between DNS servers is encrypted and dynamic updates are supported on all DNS servers.
DNS servers running on domain controllers can store their zones in Active Directory. In this way, it is not necessary to configure a separate DNS replication topology that uses ordinary DNS zone transfers, because all zone data is replicated automatically by means of Active Directory replication. This simplifies the process of deploying DNS provides the following advantages:
Multiple masters are created for DNS replication. Therefore:
Any domain controller in the domain running the DNS server service can write updates to the Active Directory-integrated zones for the domain name for which they are authoritative. A separate DNS zone transfer topology is not needed.
Secure dynamic updates are supported. Secure dynamic updates allow an administrator to control which computers update which names, and prevent unauthorized computers from overwriting existing names in DNS.
ActiveDirectory-integrated DNS in Windows Server2008 stores zone data in application directory partitions. (There are no behavioral changes from WindowsServer2003-based DNS integration with ActiveDirectory.)