W2008 RESOLUCAO NOMES

Configuring Windows Server 2008 Network Infrastructure

Question Number (ID) : 1 (642P_2.3_01)

______________________________________________________________________________________________________________________________________________

You need to add a record to your DNS server (running Windows Server 2008) so that clients can look up the host name based on the IPv6 address.

What type of record should you add?

1. Start Of Authority (SOA) record

2. IPv4 host name (A) record

3. IPv6 host name (AAAA) record

4. Pointer (PTR) record <Correct>

Explanation:Reverse lookup records, whether for IPv6 or IPv4, use the PTR record type.

The A record is used for standard IPv4 host records, and the AAAA record is used for IPv6 host records.

The SOA record is indicates the Start Of Authority.

Objective:Configuring Name Resolution

Sub Objective(s):Configure DNS records.

References:

MCTS Self-Paced Training Kit (Exam 70-642): Configuring Windows Server 2008 Network InfrastructureChapter 2 - Lesson 2

Windows Server 2008 Networking and Network Access Protection (NAP)Chapter 7

DNS Server RoleMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/533a1cfc-5173-4248-914c-433bd018f66d1033.mspx?mfr=true

Configuring DNS for IPv6/IPv4 CoexistenceMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/4e4c3fed-a591-4744-8331-0c23c164262f1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are attempting to add a Windows Vista client computer to your domain, contoso.com. The client reports that it cannot find the domain controller.

You would like to verify that DNS is correctly configured.

Which type of DNS record should you examine?

1. SRV <Correct>

2. A

3. CNAME

4. SOA

Explanation:Clients find domain controllers by looking up an SRV record. SRV records are a special type of DNS record used to identify network services.

The SOA record specifies the authoritative DNS server.

A records are used to identify hosts. Although the domain controller should also have an A record, clients actually look up the SRV record.

CNAME records act as an alias for an existing A or AAAA record.



References:



Troubleshooting Active Directory-Related DNS ProblemsMicrosoft TechNetLink: http://technet.microsoft.com/en-us/library/bb727055.aspx



______________________________________________________________________________________________________________________________________________

IT has created a private domain, contoso.pvt, for testing DNS name resolution scenarios. You want clients on your internal network to be able to resolve names in the contoso.pvt domain, but you do not want to modify client configuration.

The contoso.pvt domain does not allow zone transfers.

How should you configure your DNS servers?

1. Create a forward lookup zone.

2. Create a conditional forwarder. <Correct>

3. Create a stub zone.

4. Create a reverse lookup zone.

Explanation:You can create conditional forwarders to send DNS requests for a specific domain to another DNS server. In this case you would create a conditional forwarder for the contoso.pvt domain to send requests to the contoso.pvt DNS server.

A stub zone provides a similar function but requires zone transfers.

Reverse lookup zones resolve IP addresses to host names, and forward lookup zones resolve host names to IP addresses. Neither can be used to forward requests to a different name server.


Sub Objective(s):Configure a Domain Name System (DNS) server.

References:




Understanding forwardersMicrosoft TechNetLink: http://technet2.microsoft.com/WindowsServer/en/Library/a3cf0184-0594-4e78-8247-609f038434381033.mspx



______________________________________________________________________________________________________________________________________________

You manage a DNS server running Windows Server 2008 Server Core. You want to enable aging and scavenging for the contoso.com domain and ensure that records are not removed until at least one week after they have been updated.

Which commands should you run? (Each correct answer presents part of the solution. Choose two.)

1. dnscmd /Config contoso.msft /Aging 1 <Correct>

2. dnscmd /Config contoso.msft /Aging 0

3. dnscmd /Config contoso.msft /RefreshInterval 168 <Correct>

4. dnscmd /Config contoso.msft /RefreshInterval 7

5. dnscmd /Config contoso.msft /RefreshInterval 1

Explanation:You can enable aging and scavenging by running the command "dnscmd /Config <zone> /Aging 1". Setting the /Aging parameter to 0 disables aging and scavenging.

To define the refresh interval (which defines how long before a record can be removed), run Dnscmd again, also with the /Config parameter. However, add the /RefreshInterval parameter, with the interval in hours. 168 hours is equal to one week.


Sub Objective(s):Configure DNS zones.

References:




Set aging/scavenging properties for a zoneMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/1d135ea9-ac0c-4819-8e20-c02ceb8b5cdf1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

Recently, your IT department increased the DHCP lease renewal interval to 20 days. You manage a DNS server running Windows Server 2008 with aging and scavenging enabled. You want to ensure that dynamic DNS records are not removed while a DHCP lease is still valid.

You have aging and scavenging intervals set at their default values.

Which of the following should you do?

1. Decrease the no-refresh interval.

2. Clear the Scavenge Stale Resource Records check box.

3. Decrease the refresh interval.

4. Increase the refresh interval. <Correct>

Explanation:The refresh interval defines the amount of time before a record can be scavenged. The total time before a record can be scavenged is equal to the refresh interval plus the no-refresh interval. By default, both values are set to 7 days, meaning records cannot be removed before 14 days. Increasing the refresh interval to 13 days would provide a total period of 20 days before records might be scavenged, ensuring that a record would not be removed while the DHCP lease is valid.

Decreasing either the refresh interval or the no-refresh interval would shorten the time before a record might be scavenged.

Clearing the Scavenge Stale Resource Records check box would prevent dynamic records from being removed, decreasing the accuracy of the DNS database.



References:






______________________________________________________________________________________________________________________________________________

You need to provide encryption for zone replication traffic between DNS servers.

Which of these options can you use? (Choose all that apply.)

1. Create a Windows Firewall exception for UDP port 53.

2. Allow only zone transfers between servers that are configured to require secure DNS updates.

3. Use Active Directory-integrated zones. <Correct>

4. Require IPsec for all communications between DNS servers. <Correct>

Explanation:Active Directory replication is always encrypted. Therefore, using Active Directory-integrated zones automatically encrypts replication traffic. You can also use IPsec to encrypt communications between DNS servers.

Requiring secure DNS updates does not encrypt replication traffic; it only requires client authentication before accepting dynamic DNS updates.

Creating a Windows Firewall exception for UDP port 53 would allow DNS requests but would not encrypt the requests.


Sub Objective(s):Configure DNS replication.

References:



Secure DNS Zone ReplicationMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/8c719341-faf5-4022-a369-2437b705c7211033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are creating a script to configure client computers with the IP address of a new DNS server, 10.5.1.213.

Which command should you run?

1. netsh lan addnew dnsserver interface="Local Area Connection" 10.5.1.213

2. netsh interface ipv4 add dnsserver "Local Area Connection" 10.5.1.213 <Correct>

3. netsh add dns 10.5.1.213

4. netsh set ipv4 dnsserver interface="Local Area Connection" 10.5.1.213

Explanation:To configure client IPv4 settings, use the Netsh Interface IPv4 Add DnsServer context. Then specify both the interface name and the IP address of the DNS server.


Sub Objective(s):Configure name resolution for client computers.

References:



TCP/IP Registry Values for Microsoft Windows Vista and Windows Server 2008Microsoft TechNetLink: http://download.microsoft.com/download/c/2/6/c26893a6-46c7-4b5c-b287-830216597340/TCPIP_Reg.doc

The Netsh Command-Line UtilityMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/fd1e2fbe-15a6-413b-b712-28afb312c92f1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

After you updated the IP address of a Web server, your Windows Vista client computer became unable to connect to the Web server. After troubleshooting, you discovered that the client is attempting to connect to the old IP address.

You would like to clear the DNS client cache.

How can you do this?

1. nslookup /reset

2. ipconfig /flushdns <Correct>

3. netsh interface ipv4 dns reset

4. arp -d *

Explanation:The Ipconfig /Flushdns command clears the DNS resolver cache.

You can use Netsh to view or change network configuration settings, but you cannot use it to clear the DNS cache.

Nslookup is useful for troubleshooting name resolution problems, but you cannot use it to clear the DNS cache.

Running the command Arp -d * will clear the ARP cache but will not clear the DNS resolver cache.



References:



Chapter 7 - Host Name ResolutionMicrosoft TechNetLink: http://technet.microsoft.com/en-us/library/bb727005.aspx

DNS (Domain Name System): frequently asked questionsWindows Help and How-toLink: http://www.windowshelp.microsoft.com/Windows/en-US/Help/835f7bba-684a-46f4-9eda-1b482b21ca5f1033.mspx



______________________________________________________________________________________________________________________________________________

You are planning to configure a DNS server to host a secondary zone for contoso.com. You want to verify that the primary DNS server (which has the IP address 192.168.1.189) is configured to allow zone transfers to your server.

Which commands can you run to perform a zone transfer?

1. dnscmd /IpValidate contoso.com

2. nslookupserver 192.168.1.189ls contoso.com <Correct>

3. dnscmd /ZoneInfo contoso.com

4. nslookupserver 192.168.1.189lserver contoso.com

Explanation:After entering Nslookup interactive mode by running Nslookup with no parameters, you can use the Server command to change the default DNS server. Then attempt a zone transfer using the Ls command.

The Lserver command in Nslookup interactive mode sets the default server. It does not attempt a zone transfer.

You cannot use the DnsCmd command to attempt a zone transfer.



References:



Nslookup: lsMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/6f1b929b-6d6e-4fcb-a672-e13f1f395be71033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

Recently, network administrators added the 192.168.10.12 subnet to your internal network. They are planning to begin deploying client computers to that network, and you want to ensure that DNS clients can resolve IP addresses on that network to host names.

In Server Manager, which node should you use?

1. Roles\DNS Server\DNS\DCSRV1\Forward Lookup Zones

2. Roles\DNS Server\DNS\DCSRV1\Global Logs

3. Roles\DNS Server\DNS\DCSRV1\Reverse Lookup Zones <Correct>

4. Roles\DNS Server\DNS\DCSRV1\Conditional Forwarders

Explanation:Reverse lookup zones handle IP address to host name resolution. You should have a reverse lookup zone for every subnet in your organization.

Forward lookup zones resolve host names to IP addresses.

The Global Logs node allows you to view DNS server events but does not allow you to make configuration changes.

The Conditional Forwarders node allows you to configure other DNS servers that will handle name resolution under specific circumstances. It does not provide reverse name lookup.



References:






______________________________________________________________________________________________________________________________________________

Your organization has recently begun deploying IPv6. You need to add a resource record to allow DNS clients to resolve the host name server.contoso.com to the IP address FEC0::2AA:FF:FE3F:2A1C.

Which record type should you add?

1. IPv6 host name (AAAA) record <Correct>

2. Mail Exchanger (MX) record

3. IPv4 host name (A) record

4. Pointer (PTR) record

Explanation:IPv6 hosts should have AAAA records to allow clients to resolve the host name to an IP address.

A records are for IPv4 addresses.

PTR records provide reverse lookup capabilities when clients need to resolve an IP address to a host name.

MX records indicate the mail server for a domain.



References:







______________________________________________________________________________________________________________________________________________

You manage a DNS server running Windows Server 2008. You create the primary zone fabrikam.com and clear the Store The Zone In Active Directory check box.

You need to manually copy the zone file to a backup server.

Where is the zone file located?

1. %windir%\system32\dns\fabrikam.com.dns <Correct>

2. C:\dns\fabrikam.com.xml

3. %windir%\dns\fabrikam.com.txt

4. %windir%\Resources\dns\com.fabrikam.xml

Explanation:When you disable Active Directory-integration, zone files are stored at %windir%\system32\dns\ with a .dns file extension. Zone files are stored in text format and can be opened in Notepad.



References:




Migrating serversMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/6b03afbc-3d4f-4e3a-bda0-8fc4087708371033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

Your organization, Contoso, is merging with a second organization, Fabrikam. Your organization uses the domain contoso.com, while Fabrikam uses fabrikam.com.

Your IT department connects your two internal networks using a VPN. However, client computers in the contoso.com domain cannot resolve internal host names in the fabrikam.com domain. You are not yet ready to merge the two domains into a single Active Directory directory service forest.

What is the easiest way to allow client computers in the contoso.com domain to resolve internal names in the fabrikam.com domain?

1. In the contoso.com domain, configure a stub zone for fabrikam.com. <Correct>

2. Configure contoso.com DNS servers to act as secondary servers for the fabrikam.com domain.

3. Configure the contoso.com DNS servers to be clients of the fabrikam.com DNS servers.

4. Configure contoso.com DNS servers to act as primary servers for the fabrikam.com domain.

Explanation:Stub zones configure DNS servers to send requests for domains directly to that domain's DNS servers rather than finding the authoritative DNS servers using root hints. By configuring a stub zone, the contoso.com DNS servers would forward requests for the fabrikam.com domain directly to Fabrikam's internal DNS servers.

Configuring DNS servers as primary or secondary servers would require replication, which would accomplish the goals outlined in the scenario but with much more configuration than required by a stub zone.

Configuring the contoso.com DNS servers to be clients of the Fabrikam.com DNS servers would allow only the DNS servers to resolve fabrikam.com domains. Clients in the contoso.com domain would still be unable to resolve fabrikam.com names.



References:






______________________________________________________________________________________________________________________________________________

You manage a DNS server running Windows Server 2008. You need to allow a UNIX-based DNS server to host a secondary zone.

How can you configure the primary zone on your server to allow this? (Choose all that apply.)

1. In the zone Properties dialog box, select the Security tab. Add the DNS server.

2. In the zone Properties dialog box, select the Zone Transfers tab. Select Only To The Following Servers and then add the DNS server. <Correct>

3. In the zone Properties dialog box, select the Name Servers tab. Add the DNS server. Then select the Zone Transfers tab and select Only To Servers Listed on The Name Servers tab. <Correct>

4. In the zone Properties dialog box, select the Start Of Authority tab. Add the DNS server. Then select the Zone Transfers tab and select To Any Server.

Explanation:To allow zone transfers to a secondary server that is not Active Directory-integrated, you can either list the server on the Zone Transfers tab or list it on the Name Servers tab and then allow zone transfers to servers listed on that tab.

The Start Of Authority tab configures refresh and retry intervals. You cannot use it to allow zone transfers.

Use the Security tab to configure user permissions for a zone. You cannot use the Security tab to configure zone transfers.



References:



Modify zone transfer settingsMicrosoft TechNetLink: http://technet2.microsoft.com/WindowsServer/en/library/b71b20c6-9e72-43e3-86dc-d591dcd42c9b1033.mspx



______________________________________________________________________________________________________________________________________________

You manage a DNS server on a computer running Windows Server 2008 Server Core. All zones are Active Directory-integrated.

One of your DNS servers is returning outdated IP addresses when queried by DNS clients. You would like to immediately attempt replication of the DNS records and force the DNS server to use the freshest data.

Which commands should you use? (Choose all that apply.)

1. NsLookup

2. ReplMon

3. DnsCmd <Correct>

4. RepAdmin <Correct>

Explanation:You can use the RepAdmin command with the /replicate parameter to immediately begin Active Directory replication. Because Active Directory-integrated zones rely on Active Directory replication, this will also replicate DNS updates.

You can use DnsCmd with the /ZoneRefresh parameter to force the DNS server to update data from the Active Directory.

The NsLookup command can initiate a zone transfer, but it cannot force a DNS server to perform replication.

ReplMon is a support tool used to monitor Active Directory replication, but you cannot use it to initiate replication.



References:



Repadmin OverviewMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/Library/24d8a2dd-2596-46cb-9b0f-179f977d434a1033.mspx

Dnscmd SyntaxMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/D652A163-279F-4047-B3E0-0C468A4D69F31033.mspx



______________________________________________________________________________________________________________________________________________

You have just completed an installation of Windows Server 2008 Server Core. You would like to add the DNS Server role.


1. Run the command "net start dnsserver".

2. Run the command "dnscmd /install".

3. Run the command "ocsetup DNS-Server-Core-Role". <Correct>

4. Launch Server Manager. Right-click Roles and then click Add Roles.

Explanation:Use the Ocsetup command to add server roles, including the DNS Server role.

You cannot use Server Manager, nor any graphical tool, from Server Core.

The command "net start dnsserver" starts the DNS Server service, but the role must already be installed.

You can use the Dnscmd command to manage the DNS Server role after it is installed, but you cannot use it to install the server role.



References:




OCSetup Command-Line OptionsMicrosoft TechNetLink: http://technet2.microsoft.com/WindowsVista/en/library/9a9fe5ed-5cfb-47f0-99e3-af4ef1442ee71033.mspx



______________________________________________________________________________________________________________________________________________

You manage a DNS server running Windows Server 2008. You create a stub zone.

Which of the following record types will be replicated? (Choose all that apply.)

1. Mail Exchanger (MX)

2. Name Server (NS) <Correct>

3. Canonical Name (CNAME)

4. Start Of Authority (SOA) <Correct>

Explanation:Stub zones replicate only NS, SOA, and possibly glue A records. They do not replicate CNAME or MX records.



References:



Understanding stub zonesMicrosoft TechNetLink: http://technet2.microsoft.com/WindowsServer/en/library/648f2efd-0ad4-4788-80c8-75f8491f660e1033.mspx



______________________________________________________________________________________________________________________________________________

You create an Active Directory-integrated DNS zone on a server running Windows Server 2008 and select the To All DNS Servers In This Domain replication type.

Which Active Directory partition will be used for replication?

1. ForestDnsZones

2. Schema

3. DomainDnsZones <Correct>

4. Configuration

Explanation:Selecting the To All DNS Servers In This Domain replication type stores DNS replication in the DomainDnsZones Active Directory partition, which is replicated to all DNS servers in the domain.

The ForestDnsZones Active Directory partition is replicated to all DNS servers in the forest.

The Schema and Configuration partitions do not store DNS information.



References:



Application directory partitionsMicrosoft TechNetLink: http://technet2.microsoft.com/WindowsServer/en/library/ed363e83-c043-4a50-9233-763e6f4af1f21033.mspx

The Cable Guy: DNS Enhancements in Windows Server 2008Microsoft TechNetLink: http://www.microsoft.com/technet/technetmag/issues/2008/01/CableGuy/?loc=en



______________________________________________________________________________________________________________________________________________

You manage an enterprise business with a large headquarters and several remote offices. Currently, you are planning name resolution for a small remote office.

You want clients in the remote office to be able to resolve internal names while minimizing the number of requests that must be sent across the WAN link. You want to avoid replication traffic across the WAN. You do not plan to assign the remote office its own subdomain.

What should you do?

1. Configure a caching-only DNS server at the office. <Correct>

2. Configure clients to resolve queries to the DNS server of the ISP.

3. Configure a secondary DNS server at the office.

4. Configure a DNS server with its own zone and configure a forwarder to the DNS server at the headquarters.

Explanation:Caching-only DNS servers forward all requests to another DNS server and keep a copy of the resolved names and IP addresses locally to allow them to quickly resolve future requests for the same name. This allows you to minimize the number of requests sent across the WAN link without requiring replication traffic.

The ISP's DNS server would be able to resolve only Internet host names. It would be unable to resolve your internal host names.

A secondary DNS server would need to send replication traffic from the primary DNS server, which you want to avoid in this scenario.

Configuring the DNS server with its own zone would require you to create a domain for the remote office, which you want to avoid in this scenario.



References:






______________________________________________________________________________________________________________________________________________

Recently, the IT department added the subnet 10.25.83.0/24 to your internal network. You need to add a reverse lookup zone to your DNS server.

What should you name the zone?

1. 10.25.83.in-addr.arpa

2. 83.25.10.in-addr.arpa <Correct>

3. 10.25.83

4. 83.25.10

Explanation:Reverse lookup zones are named based on the IPv4 network address in reverse order, with the suffix in-addr.arpa.



References:




Reverse lookupMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/edf68cca-86f1-4b89-8e44-79f768963e951033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are attempting to add a Windows Vista client computer to your domain, contoso.com. The client reports that it cannot find the domain controller.

You would like to verify that DNS is correctly configured.

Which record should you examine?

1. srv.contoso.com

2. _ldap._tcp.pdc._msdcs.contoso.com <Correct>

3. _srv._tcp.pdc._msdcs.contoso.com

4. _gc._tcp._msdcs.contoso.com

Explanation:The _ldap._tcp.pdc._msdcs.contoso.com record identifies the domain controller that clients would contact while attempting to join the domain.

The _gc._tcp.pdc._msdcs.contoso.com record identifies the global catalog, which is another critical record for finding domain resources. The answer is missing the pdc zone, however.

The srv.contoso.com and _srv._tcp.pdc._msdcs.contoso.com records would not exist by default. SRV is the DNS record type used by domain controllers, however.



References:



Troubleshooting Active Directory-Related DNS ProblemsMicrosoft TechNetLink: http://technet.microsoft.com/en-us/library/bb727055.aspx



______________________________________________________________________________________________________________________________________________

Your organization uses three different domain names: contoso.com, fabrikam.com, and nwtraders.com. Many users are accustomed to using single label names to access computers. For example, users in the contoso.com domain connect to their mail server using the name MAIL.

Different client computers are configured to use different domains by default. When users in different domains work together, they can run into problems because their computers cannot resolve names in different domains. For example, computers in the fabrikam.com domain cannot resolve the MAIL host name.

All client computers use IPv4.

How can you resolve the name resolution problem? (Choose all that apply.)

1. Run the Netsh command.

2. Run the Ipconfig command.

3. Define the HKLM\System\CurrentControlSet\Services\TCPIP\Parameters\SearchList registry value. <Correct>

4. Define the Computer Configuration\Policies\Administrative Templates\Network\DNS Client\DNS Suffix Search List policy. <Correct>

Explanation:To resolve the problem, you must define a DNS suffix search list. You can do this using Group Policy settings or by directly editing the registry, depending on the client operating system.

You cannot configure a DNS suffix search list using Ipconfig or Netsh.



References:



Configuring DNS client settingsMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/5fe46cef-db12-4b78-94d2-2a0b62a282711033.mspx?mfr=true

How to configure a domain suffix search list on the Domain Name System clientsMicrosoft SupportLink: http://support.microsoft.com/kb/275553



______________________________________________________________________________________________________________________________________________

You manage 30 DNS servers running Windows Server 2003 and Windows Server 2008 in an Active Directory directory service forest. Currently, all DNS zones are Active Directory-integrated. However, because you are currently replicating thousands of frequently updated client host records, replication traffic is impacting network performance on your WAN.

You would like to replicate host records only to specific domain controllers.

Which replication type should you select?

1. To All Domain Controllers In This Domain

2. To All DNS Servers In This Forest

3. To All Domain Controllers In The Scope Of This Directory Partition <Correct>

4. To All DNS Servers In This Domain

Explanation:Choosing the To All Domain Controllers In The Scope Of This Directory Partition option allows you to create a directory partition that is replicated only to specific domain controllers. This can include Windows Server 2003 computers in addition to computers running Windows Server 2008.

Selecting any of the other replication options would replicate records to all DNS servers or domain controllers.



References:





______________________________________________________________________________________________________________________________________________

You manage a DNS server running Windows Server 2008. You have aging and scavenging enabled.

You would like to reduce the number of updates to Active Directory directory service that are caused by records being refreshed for an Active Directory-integrated zone.


1. Decrease the refresh interval.

2. Increase the refresh interval.

3. Decrease the no-refresh interval.

4. Increase the no-refresh interval. <Correct>

Explanation:The no-refresh interval defines the minimum amount of time that must elapse before a record can be refreshed. Each refresh requires a write operation to the Active Directory database. By default, the no-refresh interval is set to seven days. Though it is rarely necessary, you can decrease the number of updates to the Active Directory database by increasing the no-refresh interval.

Decreasing the no-refresh interval could increase the number of updates to the Active Directory database.

The refresh interval defines the time before a record can be scavenged after its no-refresh interval has expired. Adjusting this number would change how quickly records are scavenged but would not change the number of Active Directory updates caused by records being refreshed.



References:






______________________________________________________________________________________________________________________________________________

Your organization has two domains: contoso.com and nwtraders.com. You would like all single-label names to be resolved to the contoso.com domain, regardless of which domain clients computers are a member.

You use Active Directory directory service Group Policy settings to manage client computers.

Which policy should you define?

1. Register DNS records with connection-specific DNS suffix

2. Update Top Level Domain Zones

3. Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries

4. Primary DNS Suffix <Correct>

Explanation:Windows clients attempt to resolve single-label names by appending the primary DNS suffix. For example, if you have configured the primary DNS suffix as contoso.com and a client attempts to resolve the name myserver, the DNS client will query the host name myserver.contoso.com. The Primary DNS Suffix defines the default domain name used by clients.

The Register DNS Records With Connection-Specific DNS Suffix policy defines whether dynamic DNS updates include the DNS suffix. It does not define the DNS suffix, however.

The Update Top Level Domain Zones policy defines whether computers send dynamic updates to top-level domains such as .com or .org.

The Allow DNS Suffix Appending To Unqualified Multi-Label Name Queries policy configures whether clients use DNS suffixes to resolve single-label names. It is enabled by default.



References:



New group policies for DNS in Windows Server 2003Microsoft TechNetLink: http://support.microsoft.com/kb/294785

DNS Tools and SettingsMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/099d4168-4ac1-441d-81b7-0f3f4909fbd41033.mspx?mfr=true

Configuring IP Addressing and Name ResolutionMicrosoft TechNetLink: http://technet.microsoft.com/en-us/library/bb457118.aspx



______________________________________________________________________________________________________________________________________________

You manage a DNS server running Windows Server 2008 Server Core named DNS1. The DNS server hosts the primary zone hq.contoso.com.

Recently, a representative of your computer security group warned you that outside attackers had attempted to perform a zone transfer for the hq.contoso.com zone. You would like to prevent all zone transfers.

While logged on locally to the computer, which command should you run?

1. Dnscmd DNS1 /NodeDelete ZoneTransfers

2. Dnscmd . /ZoneResetSecondaries hq.contoso.com /NoXfr <Correct>

3. Dnscmd . /ZoneResetMasters hq.contoso.com /NoXfr

4. Dnscmd DNS1 /ZoneResetMasters hq.contoso.com /NoXfr

Explanation:Run the Dnscmd command on a zone's primary DNS server with the /ZoneResetSecondaries parameter to configure whether zone transfers are allowed. The /NoXfr parameter specifies that all zone transfers are blocked.

The first parameter for Dnscmd must be the name of the DNS server. However, to specify the local computer, you can also use ".".

The /ZoneResetMasters parameter should be run on secondary DNS servers to configure which primary DNS servers they communicate with.

The /NodeDelete command deletes all records at a name and does not configure zone transfers.



References:




Modify DNS zone transfer settingsMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/a4ee49ad-baf3-42d9-8f09-aa19d4980be11033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are configuring a computer running Windows Server 2008 to be the primary DNS server for the contoso.com domain. You plan to use a computer running Linux with a BIND DNS server as the secondary DNS server for the domain, but you do not want other computers to be able to perform a zone transfer.

How can you allow the secondary DNS server to perform zone transfers?

1. In the Zone Transfers tab of the zone's properties dialog box, select the Allow Zone Transfers check box. Then select Only To Servers List On The Name Servers Tab.

2. Add the IP address of the secondary DNS server to the Security tab on the zone's properties dialog box.

3. In the Zone Transfers tab of the zone's properties dialog box, select the Allow Zone Transfers check box. Then select To Any Server.

4. Add the IP address of the secondary DNS server to the Name Servers tab in the zone's properties dialog box.<Correct>

Explanation:To allow a server to perform zone transfers when replication is not Active Directory-integrated, first add the IP address of the secondary DNS server to the Name Servers tab in the zone's properties dialog box. Then, in the Zone Transfers tab of the zone's properties dialog box, select the Allow Zone Transfers check box. Finally, select Only To Servers List On The Name Servers Tab, and click OK.

Selecting To Any Server in the Zone Transfers tab would allow attackers to perform a zone transfer, potentially revealing private information about your network infrastructure.

You should configure DNS servers allowed to perform zone transfers in the Name Servers tab. Use the Security tab to configure which users have privileges to manage the zone.



References:




Explanation of a DNS Zone TransferMicrosoft SupportLink: http://support.microsoft.com/kb/q164017/



______________________________________________________________________________________________________________________________________________

You are attempting to connect to a new Web server with the host name www.contoso.com. When your Web browser is unable to resolve the host name, you discover that it has not yet been registered in the DNS server.

You know that the IP address of the Web server is 192.168.15.12. However, you cannot access the website using the IP address because the Web server is configured to require host headers.

You need to configure your Windows Server 2008 computer to resolve the host name www.contoso.com to the IP address 192.168.15.12 without contacting the DNS server.

What should you do?

1. Run the Netsh Interface Ipv4 Add command.

2. Run the Route Add command.

3. Add the entry to the list of DNS servers in the client's network configuration.

4. Edit the %SystemRoot%\System32\Drivers\Etc\Hosts file. <Correct>

Explanation:You can add entries to the Hosts command to allow the DNS client to resolve host names without contacting the DNS server.

The Netsh Interface IPv4 Add command can be used to add IP addresses, DNS servers, WINS servers, or routes. However, you cannot use the command to add static host names.

Adding a DNS server would not allow the client to add a static host name; it would configure the client to send DNS requests to an additional DNS server.

The Route Add command configures network routing and does not affect name resolution.



References:



TCP/IP Fundamentals for Microsoft Windows: Chapter 7 - Host Name ResolutionMicrosoft TechNetLink: http://technet.microsoft.com/en-us/library/bb727005.aspx

Create HOSTS and LMHOSTS Files to Prevent Spoofing AttacksMicrosoft TechNetLink: http://www.microsoft.com/technet/prodtechnol/sms/smssp2/spsecurity/68359d63-8884-4327-9c75-5f2693cb4221.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

Your organization is changing company names. As part of that effort, you need to switch domain names from contoso.com to Fabrikam.com.

A user complains that he cannot send e-mail to his work e-mail address ([email protected]). The user forwards you the error message, which indicates that his ISP's mail server could not locate your mail server.

Which type of DNS record should you add?

1. Server (SRV) record

2. Mail Exchanger (MX) record <Correct>

3. Canonical Name (CNAME) record

4. Name Server (NS) record

Explanation:The MX record indicates the IP addresses for your mail servers. When another mail server needs to send a message to your domain, it performs a DNS lookup for the domain's MX record.

The NS record indicates DNS servers.

The CNAME record provides an alias for an A or AAAA record.

The SRV record indicates network services, such as domain controllers. SRV records are not used for mail services.



References:




Add an MX resource record to a zoneMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/9922b5b8-df6f-48bb-bf3c-cc873e900cd01033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are configuring NetBIOS name resolution for client computers. You would like client computers to query your WINS server first and then, if the WINS server cannot resolve the name, transmit a broadcast request.

Which node type should you select?

1. M-node

2. P-node

3. B-node

4. H-node <Correct>

Explanation:An H-node system queries the name server first and then transmits a broadcast query. H-node is the default setting for all recent versions of Windows that have a WINS server configured.

M-node first transmits a broadcast query and then sends a query to the WINS server.

P-node transmits a query to the WINS server but does not broadcast name resolution queries.

B-node broadcasts a name resolution query to the local network and does not send a query to the WINS server.



References:



Default Node Type for Microsoft ClientsMicrosoft SupportLink: http://support.microsoft.com/kb/160177



______________________________________________________________________________________________________________________________________________

You need to allow clients to look up an IPv6 Web server using the host name web.contoso.com.

Which type of record should you create?

1. AAAA <Correct>

2. A

3. PTR

4. NS

Explanation:AAAA records are IPv6 alias records.

A records are used for IPv4 hosts.

NS records identify DNS servers.

PTR records are used for reverse IP address lookup when clients need to resolve an IP address to a host name.



References:






______________________________________________________________________________________________________________________________________________

After examining log files, you discover many users are attempting to access your Web server (intranet.contoso.com) by typing www.contoso.com. You would like either name to resolve to the same server, even if you later change the IP address associated with intranet.contoso.com.

Which type of record should you add?

1. PTR

2. A

3. AAAA

4. CNAME <Correct>

Explanation:CNAME records act as an alias for an existing A or AAAA record. Because they point to the existing record, you can update the A or AAAA record's IP address and the CNAME record will automatically reflect the update.

If you were to create an A or AAAA record, you would need to specify the IP address separately. If you later changed the IP address associated with the intranet.contoso.com record, you would also need to update the www.contoso.com record.

PTR records are used to resolve IP addresses to host names.



References:



Add a CNAME resource record to a zoneMicrosoft TechNetLink: http://technet2.microsoft.com/WindowsServer/en/library/d7824444-cb49-4ba9-ad08-de1f65825f5b1033.mspx



______________________________________________________________________________________________________________________________________________

You have just completed an installation of Windows Server 2008 Server Core. You would like to add a record to the DNS Server.


1. Dnsstat.exe

2. Ocsetup.exe

3. Dnscmd.exe <Correct>

4. Dnsmgmt.msc

Explanation:You can use the Dnscmd.exe tool to manage the DNS Server role from the command-line or when using Server Core.

Dnsstat.exe was provided with the Windows NT Resource Kit and is no longer supported in Windows Server 2008.

Use Ocsetup to add or remove server roles from within Server Core. You cannot use it to manage the DNS Server role after installation, however.

Dnsmgmt.msc is the graphical console for managing the DNS Server role. You cannot use it within Server Core.



References:




Dnscmd OverviewMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/5c497b2e-3387-4ecf-adf5-562045620a961033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You manage a DNS server running Windows Server 2008 Server Core. You need to add the host name server.contoso.com to the contoso.com zone and associate it with the IP address 192.168.2.20.


1. netsh dns add record contoso.com server A 192.168.2.20

2. nslookup /add record contoso.com server A 192.168.2.20

3. dnscmd /recordadd contoso.com. server A 192.168.2.20 <Correct>

4. dns /add record contoso.com server A 192.168.2.20

Explanation:Use the DnsCmd command to add records.

You can use Netsh to configure networking on client computers, but you cannot use it to add DNS records.

Nslookup is useful for troubleshooting problems with DNS records, but you cannot use it to add DNS records.

The Dns.exe executable is used by the DNS service, and it cannot be called directly to add records.



References:



Dnscmd SyntaxMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/D652A163-279F-4047-B3E0-0C468A4D69F31033.mspx



______________________________________________________________________________________________________________________________________________

You are attempting to connect to an application server with the NetBIOS name SERVER. The application returns an error message indicating that the server could not be found. You manually query the WINS server and discover that the NetBIOS name has not been registered.

You open a support ticket with the group that manages the WINS server. Meanwhile, you need to configure your Windows Vista computer to resolve the NetBIOS name SERVER to the IP address 10.22.53.87 without contacting the WINS server.

What should you do?

1. Create or edit the %SystemRoot%\System32\Drivers\Etc\Hosts file.

2. Create or edit the %SystemRoot%\System32\Drivers\Etc\Lmhosts.sam file.

3. Create or edit the %SystemRoot%\System32\Drivers\Etc\Hosts.sam file.

4. Create or edit the %SystemRoot%\System32\Drivers\Etc\Lmhosts file. <Correct>

Explanation:To allow static, local NetBIOS name resolution, add entries to the %SystemRoot%\System32\Drivers\Etc\Lmhosts file. This file does not exist by default. You should copy the Lmhosts.sam template file, remove the file extension, and then add your static entry.

The Lmhosts.sam file is a template and must have the file extension removed before the client computer will use it.

The Hosts file is used for DNS host name resolution, not NetBIOS name resolution.

Hosts.sam does not exist by default and would not be used by the NetBIOS name resolution client.



References:



TCP/IP Fundamentals for Microsoft Windows: Chapter 7 - Host Name ResolutionMicrosoft TechNetLink: http://technet.microsoft.com/en-us/library/bb727005.aspx

Create HOSTS and LMHOSTS Files to Prevent Spoofing AttacksMicrosoft TechNetLink: http://www.microsoft.com/technet/prodtechnol/sms/smssp2/spsecurity/68359d63-8884-4327-9c75-5f2693cb4221.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You manage a DNS server on a computer running Windows Server 2008. All zones are Active Directory-integrated.

One of your DNS servers is returning outdated IP addresses when queried by DNS clients.

Which event log should you examine to determine whether replication problems are occurring?

1. DFS Replication

2. Directory Service <Correct>

3. System

4. Application

Explanation:Active Directory-integrated zones rely on the Active Directory directory service for replication. Therefore, replication-related problems are recorded in the Directory Service event log.

The DFS Replication event log stores events related to DFS replication, which replicates files, not DNS records.

The System event log stores general system-related events, but not Active Directory replication events.

The Application event log stores application events, but not Active Directory replication events.



References:



Troubleshooting replicationMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/22764CB5-9860-4F8F-95E7-337DF24EDF741033.mspx

Troubleshooting Active Directory Replication ProblemsMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/Library/4f504103-1a16-41e1-853a-c68b77bf3f7e1033.mspx



______________________________________________________________________________________________________________________________________________

Currently, your organization includes both a DNS server with a single forward lookup zone and a Windows Internet Naming Service (WINS) server. You are in the process of migrating away from using the WINS server.

You would like newly deployed client computers to perform all name resolution through your DNS server without sending requests to the WINS server. However, some names they need to resolve might exist only on the WINS server.

What is the best way to configure name resolution to meet your needs?

1. Create a GlobalNames zone.

2. Configure the DNS server to act as a WINS client.

3. Edit the DNS zone. In the WINS tab, select the Use WINS Forward Lookup check box and then specify the IP address of the WINS server. <Correct>

4. Import names from the WINS server into the Lmhosts file on all client computers.

Explanation:You can enable a DNS server to perform recursive queries to a WINS server by selecting the Use WINS Forward Lookup check box and specifying the IP address of the WINS server. With this option enabled, client computers will perform a DNS query for NetBIOS names and be able to indirectly resolve the names using the WINS server.

Configuring the DNS server to act as a WINS client would allow only the DNS server to resolve names on the WINS server.

Importing the names from the WINS server into the Lmhosts file would work, but it would be extremely labor-intensive and each time an IP address changed every Lmhosts file would need to be updated.

You need to use a GlobalNames zone only if you plan to remove your WINS server and still need to resolve single-label names.



References:






______________________________________________________________________________________________________________________________________________

You manage an organization with seven Active Directory directory service domains, all in a single forest. Currently, your organization has about 1200 client computers.

You would like client computers in any domain to be able to resolve the name SERVER to a computer in the contoso.com domain and the name PRINTER to a computer in the fabrikam.com domain.

What is the most efficient way to do this?

1. Configure all client computers to attempt to resolve all single-label names to each of the seven domains.

2. Create a GlobalNames zone and add the SERVER and PRINTER records to the zone. <Correct>

3. Add the names to the Lmhosts file on all client computers.

4. Configure client computers with one DNS server from each of the seven domains.

Explanation:The GlobalNames zone is a special DNS zone that provides single-label resolution, similar to WINS servers. When you manage multiple domains and need clients in any domain to resolve the same set of single-label names, you should add a GlobalNames zone.

You could configure all client computers with a list of the seven domain names. Clients would then add each domain name to all single-label names and then attempt to resolve the name. However, this would require up to seven DNS queries to resolve a name, causing slow name resolution for client computers.

Configuring client computers with one DNS server from each of the seven domains would not work because clients would attempt name resolution only for the first server that responded.

Adding the names to the Lmhosts file on all client computers would work, but each time you needed to change an IP address or add a name you would need to update the Lmhosts file on each of the 1200 client computers. The management effort required makes this a less-than-ideal solution.



References:



DNS Server GlobalNames Zone DeploymentMicrosoft Download CenterLink: http://www.microsoft.com/Downloads/details.aspx?FamilyID=1c6b31cd-3dd9-4c3f-8acd-3201a57194f1&displaylang=en




______________________________________________________________________________________________________________________________________________

You manage a DNS server running Windows Server 2008. You are troubleshooting a problem with loading the zone file shown in the exhibit.

What is the host name of the primary DNS server?

1. dns.contoso.msft

2. mail.contoso.pvt

3. smtp.contoso.msft

4. dcsrv1.contoso.pvt <Correct>

Explanation:NS records identify the DNS servers for a zone. In this zone file the NS record indicates that the primary DNS server is dcsrv1.contoso.pvt.

A records, such as the "dns" and "mail" records in the zone file, are simply resource records. Similarly, the canonical name (CNAME) record type provides an alias for a server.

The MX record type lists the mail servers for a domain.



References:






______________________________________________________________________________________________________________________________________________

Client computers in your organization occasionally resolve names unexpectedly. All client computers are configured to support NetBIOS name resolution, IPv4, and IPv6. In which order will Windows Vista clients attempt to resolve single-label names?

From the list on the right, select the steps involved in the name resolution process. Place your selections in the list on the left in the order in which name resolution occurs. Place your selections in the list on the left by clicking the items in the list on the right and clicking the arrow. You can also use the Up and Down buttons to rearrange items in the list on the left. You might not need to use all the items from the list on the right.

Explanation:When a user attempts to resolve a single-label name, a computer running Windows Vista that is using both IPv6 and IPv4 will use the following name resolution process:

* Perform normal DNS name resolution, which first checks the Hosts file and then sends a query to the DNS server.* If DNS name resolution fails, the client sends multicast LLMNR queries over both IPv6 and IPv4.* If NetBIOS is enabled and name resolution is still not successful, perform NetBIOS name resolution.



References:



The Cable Guy - November 2006: Link-Local Multicast Name ResolutionMicrosoft TechNetLink: http://technet.microsoft.com/en-us/library/bb878128.aspx



______________________________________________________________________________________________________________________________________________

You manage the DNS infrastructure for your organization. All DNS servers run Windows Server 2008.

After discussions with other members of your IT department, you decide you need to deploy a GlobalNames zone.

What do you need to do? (Each correct answer presents part of the solution. Choose two.)

1. Manually remove the default Start of Authority (SOA) record from the GlobalNames zone.

2. In the DNS console, right-click the DNS server name, and then click Configure A DNS Server. Use the wizard to create a GlobalNames zone.

3. Run the command "dnscmd /config /enableglobalnamessupport 1" on every authoritative DNS server. <Correct>

4. Create a forward lookup zone named GlobalNames. <Correct>

Explanation:You create the GlobalNames zone exactly like you would any other zone, but you must assign it the exact name GlobalNames. Then you must run the command "dnscmd /config /enableglobalnamessupport 1" on every authoritative DNS server. If the zone must be accessible from other forests, you must publish the location of the GlobalNames zone by adding SRV resource records to the forest-wide DNS application partition using the service name _globalnames._msdcs.

You cannot use Configure A DNS Server Wizard to add the GlobalNames zone.

You should not remove the SOA record from the GlobalNames zone.



References:






______________________________________________________________________________________________________________________________________________

Currently, your organization has a single DNS server, DNS1, which hosts the domain contoso.com. You want to configure a second DNS server, DNS2, to provide fault tolerance, but you want all updates to occur on DNS1.

What type of zone should you create on DNS2?

1. Active Directory-integrated zone

2. Secondary zone <Correct>

3. Primary zone

4. Stub zone

Explanation:Secondary zones keep a read-only copy of a zone, providing fault tolerance. If the primary zone cannot be brought back online, you can promote the secondary zone to a primary zone to also allow updates.

Primary zones allow updates.

Stub zones store only the Name Server (NS), Start of Authority (SOA), and some A (host name) records. Because they do not keep a copy of all records, they are not useful for fault tolerance.

Active Directory-integrated zones use a different method of replication and allow updates (except in the case of read-only DNS servers).



References:






______________________________________________________________________________________________________________________________________________

You have just completed an installation of Windows Server 2008 Server Core. You would like to add the primary forward lookup zone east.contoso.com to the DNS Server ns.contoso.com.


1. dnscmd ns.contoso.com /zoneadd east.contoso.com /dsprimary <Correct>

2. dnscmd east.contoso.com /recordadd ns.contoso.com /dsprimary

3. dnscmd ns.contoso.com /recordadd east.contoso.com /dsprimary

4. dnscmd east.contoso.com /zoneadd ns.contoso.com /dsprimary

Explanation:You can use the Dnscmd tool to add, update, and remove zones on a computer running Windows Server 2008 Server Core. The /zoneadd parameter adds a zone.

The first Dnscmd parameter should always be the name of the primary name server for the zone.



References:




Dnscmd OverviewMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/5c497b2e-3387-4ecf-adf5-562045620a961033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You manage a DNS server running Windows Server 2008. You need to provide a zone file for contoso.com, an Active Directory-integrated zone, so that it can be imported on a UNIX-based DNS server.

How can you accomplish this?

1. Run the command "dnscmd /ZoneExport contoso.com contoso.com.txt". <Correct>

2. Copy the %windir%\system32\dns\contoso.com.dns file.

3. Copy the %windir%\system32\dns\contoso.com.txt file.

4. Run the command "dnscmd /ZonePrint contoso.com contoso.com.txt".

Explanation:By default, Active Directory-integrated zones do not have zone files. You can use the Dnscmd command with the /ZoneExport parameter to export an Active Directory-integrated zone to a standard zone file.

The /ZonePrint parameter displays all records for a specific zone but does not create a proper zone file.



References:




Migrating serversMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/6b03afbc-3d4f-4e3a-bda0-8fc4087708371033.mspx?mfr=true

Extracting DNS Active Directory-Integrated Zone FilesMicrosoft SupportLink: http://support.microsoft.com/kb/304489



______________________________________________________________________________________________________________________________________________

You manage a DNS server running Windows Server 2008 Server Core. The DNS server is also a domain controller. You need to determine in which Active Directory directory service partition DNS data for the contoso.com zone is being stored.


1. dnscmd /EnlistDirectoryPartition contoso.com

2. dnscmd /ExportSettings contoso.com

3. dnscmd /ZoneInfo contoso.com <Correct>

4. dnscmd /IpValidate contoso.com

Explanation:The output from the DnsCmd /ZoneInfo command lists the directory partition, as well as other settings for the zone.

The /IpValidate parameter validates a remote DNS server's settings.

The /ExportSettings parameter creates a DnsSettings.txt file containing DNS server configuration information, not including the Active Directory partition.

The /EnlistDirectoryPartition command can be used to configure partition replication scope, but you cannot use it to display the partition used by a zone.



References:



SolutionBase: Using the Replication Monitor to monitor your DNS serversTechRepublicLink: http://articles.techrepublic.com.com/5100-6350_11-6107177.html



______________________________________________________________________________________________________________________________________________

You are configuring a computer running Windows Server 2008 to act as a DNS server for a small office. The server needs to resolve both internal and external host names. To resolve external host names on the Internet, you want the server to send requests to the DNS server of your ISP.

What should you do?

1. Configure your DNS server as a forwarder to your ISP's DNS server. <Correct>

2. Edit the root hints to use the IP address of your ISP's DNS server.

3. Configure your ISP's DNS server as the primary server and your DNS server as the secondary server.

4. Configure the IP settings on your DNS server so that your ISP's DNS server is the primary DNS server.

Explanation:To configure a DNS server to send all requests that cannot be resolved locally to a different DNS server, configure it as a forwarder.

Primary and secondary servers are used for zone replication. In this case there is no specific zone that needs to be replicated because you need to send requests for all domains that are not internally hosted to the ISP's DNS server.

The root hints allow your DNS server to resolve external queries and should not be edited (unless you are removing them to prevent external name resolution). Instead, you should configure your DNS server as a forwarder to the ISP's DNS server.

DNS servers should always be configured to be their own DNS client. Configuring the DNS server to use the ISP's DNS server would change only the server's DNS client behavior; it would not change the way the DNS server component resolved queries.



References:






______________________________________________________________________________________________________________________________________________

You manage a DNS server running Windows Server 2008. You have enabled aging and scavenging, with a no-refresh interval of 10 days and a refresh interval of 12 days.

After a dynamic DNS record is added, what is the minimum amount of time before the record is removed?

1. 12 days

2. 2 days

3. 22 days <Correct>

4. 10 days

Explanation:The minimum amount of time before a record can be removed is equal to the refresh interval plus the no-refresh interval.

The no-refresh interval defines the minimum amount of time before a record can be refreshed. Each refresh requires a write operation to the Active Directory directory service database. By default, the no-refresh interval is set to seven days. The refresh interval defines the time before a record can be scavenged after its no-refresh interval has expired.



References:






______________________________________________________________________________________________________________________________________________

You receive a notification that the IP address of one of the root DNS servers is changing.

In Server Manager, on your DNS server with the name DCSRV1, which node should you use to make the necessary change?

1. Roles\DNS Server\DNS\DCSRV1 <Correct>

2. Roles\DNS Server\DNS\DCSRV1\Global Logs

3. Roles\DNS Server\DNS\DCSRV1\Forward Lookup Zones

4. Roles\DNS Server\DNS\DCSRV1\Conditional Forwarders

Explanation:To configure the root hints, right-click the Roles\DNS Server\DNS\DCSRV1 node and then choose Properties.

Use the Forward Lookup Zones node to configure zones that resolve host names to IP addresses.

The Global Logs node allows you to view DNS server events but does not allow you to make configuration changes.

The Conditional Forwarders node allows you to configure other DNS servers that will handle name resolution under specific circumstances.



References:






______________________________________________________________________________________________________________________________________________

You have configured DNS1, a computer running Windows Server 2008 Server Core, as a DNS server. Currently, it hosts the contoso.com primary zone. However, you would like to configure a different server, DNS2, to host the primary zone and configure DNS1 to host the secondary zone.

DNS1 has the IP address 10.12.1.1, and DNS2 has the IP address 10.12.1.2.

What command should you run to configure DNS1?

1. dnscmd dns1 /ZoneResetType contoso.com /DsPrimary 192.168.1.1

2. dnscmd dns1 /ZoneResetType dns2 /DsPrimary contoso.com

3. dnscmd dns1 /ZoneResetType contoso.com /Secondary 192.168.1.2 <Correct>

4. dnscmd dns1 /ZoneResetType dns2 /Secondary contoso.com

Explanation:Use the /ZoneResetType parameter to change a zone from primary to secondary. When using this command, the first parameter must always be the name of the server you are configuring. After the /ZoneResetType parameter, specify the name of the zone. Then, specify /Secondary to switch the zone type to secondary. Finally, specify the IP address of the primary DNS server for the zone.



References:




Change the DNS zone typeMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/37e193ed-f526-49b5-8824-bdb9386350cf1033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You create an Active Directory-integrated DNS zone on a server running Windows Server 2008 and select the To All DNS Servers In This Forest replication type.

Which Active Directory partition will be used for replication?

1. DomainDnsZones

2. ForestDnsZones <Correct>

3. Schema

4. Configuration

Explanation:Selecting the To All DNS Servers In This Forest replication type stores DNS replication in the ForestDnsZones Active Directory partition, which is replicated to all DNS servers in the forest.

The DomainDnsZones Active Directory partition is replicated to all DNS servers in the domain.

The Schema and Configuration partitions do not store DNS information.



References:



Application directory partitionsMicrosoft TechNetLink: http://technet2.microsoft.com/WindowsServer/en/library/ed363e83-c043-4a50-9233-763e6f4af1f21033.mspx

The Cable Guy: DNS Enhancements in Windows Server 2008Microsoft TechNetLink: http://www.microsoft.com/technet/technetmag/issues/2008/01/CableGuy/?loc=en



______________________________________________________________________________________________________________________________________________

You manage a DNS server running Windows Server 2008 Server Core. You need to allow zone transfers for the contoso.com zone to a secondary DNS server with the IP address 10.12.3.27.


1. dnscmd /IpValidate contoso.com /SecureNs 10.12.3.27

2. dnscmd /ZoneAdd contoso.com /SecureNs 10.12.3.27

3. dnscmd /Config /EnumZones contoso.com 10.12.3.27

4. dnscmd /ZoneResetSecondaries contoso.com /SecureList 10.12.3.27 <Correct>

Explanation:Use the DnsCmd tool with the /ZoneResetSecondaries parameter to configure servers allowed to perform zone transfers. The /SecureList parameter requires you to list the allowed IP addresses.

The /ZoneAdd parameter creates a zone.

The /IpValidate parameter validates a remote DNS server's settings.

The /Config parameter resets server or zone configuration.



References:



Modify zone transfer settingsMicrosoft TechNetLink: http://technet2.microsoft.com/WindowsServer/en/library/b71b20c6-9e72-43e3-86dc-d591dcd42c9b1033.mspx



______________________________________________________________________________________________________________________________________________

Recently, the IT department added the subnet 2001:db8:ea27:83ee::/64 to your internal network. You need to add a reverse lookup zone to your DNS server.

What should you name the zone?

1. e.e.3.8.7.2.a.e.8.b.d.0.1.0.0.2.in-addr.arpa

2. ee38.72ae.8bd0.1002.in-addr.arpa

3. e.e.3.8.7.2.a.e.8.b.d.0.1.0.0.2.ip6.arpa <Correct>

4. ee38.72ae.8bd0.1002.ip6.arpa

Explanation:Reverse lookup zones for IPv6 networks are named from the least significant byte to the most significant byte, with each byte separated by a period. Then the suffix "ip6.arpa" is added to the zone name.



References:




Reverse lookupMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/edf68cca-86f1-4b89-8e44-79f768963e951033.mspx?mfr=true

TCP/IP Fundamentals for Microsoft Windows: Chapter 8 - Domain Name System OverviewMicrosoft TechNetLink: http://technet.microsoft.com/en-us/library/bb727007.aspx



______________________________________________________________________________________________________________________________________________

You are creating a new primary zone on a DNS server running Windows Server 2008. The DNS server is a domain controller. Other domain controllers are running Windows Server 2003 and Windows 2000 Server and also act as your DNS servers.

You would like all other DNS servers to provide fault tolerance for the new zone.

Which replication type should you choose?

1. All domain controllers in the Active Directory directory service domain <Correct>

2. All DNS servers in the Active Directory directory service forest

3. All DNS servers in the Active Directory directory service domain

4. All domain controllers in a specified application directory partition

Explanation:If you needed to replicate only the DNS data to other Windows Server 2008 computers, or to computers running Windows Server 2003, you could select either All DNS Servers In The Active Directory Domain or All DNS Servers In The Active Directory Forest. However, to replicate data to DNS servers running Windows 2000 Server, you must select All Domain Controllers In The Active Directory Domain.

You need to use All Domain Controllers In A Specified Active Directory Partition only if you have created an Active Directory partition to manually control the scope of replication.



References:




DNS zone replication in Active DirectoryMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver/en/library/6c0515cf-1719-4bf4-a3c0-7e3514cef6581033.mspx?mfr=true



______________________________________________________________________________________________________________________________________________

You are configuring a computer running Windows Server 2008 to resolve host names for internal computers. You want to ensure that the computer never resolves Internet host names when queried by DNS clients.

What should you do?

1. Configure the DNS server as Active Directory-integrated.

2. Delete all root hints. <Correct>

3. Configure the DNS server as its own DNS client.

4. Configure the server as a caching-only server.

Explanation:DNS servers perform name resolution for Internet host names by querying the root DNS servers. The root DNS servers are identified by the root hints. If the root hints are removed, the DNS server will be unable to resolve external host names.

Caching-only servers forward all DNS requests to another server and keep a copy of the results. Configuring a server as caching-only would not prevent it from resolving external host names.

DNS servers should always be configured as their own DNS client. Therefore, this does not prevent the server from resolving external host names.

Active Directory-integrated DNS servers can resolve external host names as long as the root hints are intact.



References:



Event ID 707 - DNS Server Root Hints ConfigurationMicrosoft TechNetLink: http://technet2.microsoft.com/windowsserver2008/en/library/a9e64f01-e65b-48e8-bd30-097cd6324bcf1033.mspx?mfr=true

W2008 RESOLUCAO NOMES

Documents

Transcript of W2008 RESOLUCAO NOMES