You are the systems engineer for Contoso, Ltd. The network consists of a single Active Directory domain named contoso-ad.com. All servers run Windows Server 2003. A Windows Server 2003 computer named DNSSRV1 functions as the internal DNS server and has zones configured as shown in the exhibit.
The network is not currently connected to the Internet. The company maintains a separate network that contains publicly accessible Web and mail servers. These Web and mail servers are members of a DNS domain named contoso.com.
The contoso.com zone is hosted by a UNIX-based DNS server named UNIXDNS, which is running the latest version of BIND. The company plans to allow users of the internal network to access Internet-based resources. The company’s written security policy states that resources located on the internal network must never be exposed to the Internet.
The written security policy also states that the internal network’s DNS namespace must never be exposed to the Internet. To meet these requirements, the design specifies that all name resolution requests for Internet-based resources from computers on the internal network must be sent from DNSSRV1.
The current design also specifies that UNIXDNS must attempt to resolve any name resolution requests before sending them to name servers on the Internet. You need to plan a name resolution strategy for Internet access. You need to configure DNSSRV1 so that it complies with company requirements and restrictions.
What should you do?
Exhibit:
A.
Add a name server (NS) resource record for UNIXDNS to your zone. Configure UNIXDNS with current root hints.
B.
On DNSSRV1, configure a secondary zone named contoso.com that uses UNIXDNS as the master server. Configure UNIXDNS to forward requests to your ISP’s DNS servers.
C.
Delete the root zone from DNSSRV1. Configure DNSSRV1 to forward requests to UNIXDNS.
D.
Copy the Cache.dns file from the Windows Server 2003 installation CD-ROM to the C:\Windows\System32\Dns folder on DNSSRV1.
Explanation:
We need to delete the root zone from the internal DNS server. This will enable us to configure the server to forward internet name resolution requests to the external DNS server (UNIXDNS). A DNS server configured to use a forwarder will behave differently than one that is not configured to use it. A DNS server configured to use a forwarder behaves as follows:
When the DNS server receives a query, it attempts to resolve this query using the primary and secondary zones that it hosts and its cache.“A Composite Solution With Just One Click” – Certification Guaranteed 16 Microsoft 70-293 Exam
If the query cannot be resolved using this local data, then it will forward the query to the DNS server designated as a forwarder.
The DNS server will wait briefly for an answer from the forwarder before attempting to contact the DNS servers specified in its root hints.Reference:
Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, 2004, p.