- By Andrew Warren
- Skill 1.1: Install and configure DNS servers
- Skill 1.2: Create and configure DNS zones and records
- Thought experiment
- Thought experiment answers
Thought experiment answers
This section contains the solutions to the thought experiment. Each answer explains why the answer choice is correct.
To install the DNS server role to an existing Nano Server, your colleague should create a remote Windows PowerShell session to the Nano Server and then use the Enable-WindowsOptionalFeature -Online -FeatureName DNS-Server-Full-Role command to add the DNS role.
You could configure the branch DNS server to use forwarding. Specify a DNS server elsewhere in the organization to which it forwards all queries it cannot satisfy locally.
You could implement DNS policies. Specifically, you could create a recursion scope so that recursion is enabled when requested on a specific DNS server interface, or from a specific internal subnet. The following three Windows PowerShell commands would enable you to achieve your objective:
Set-DnsServerRecursionScope -Name . -EnableRecursion $False Add-DnsServerRecursionScope -Name "InternalAdatumClients" -EnableRecursion $True Add-DnsServerQueryResolutionPolicy -Name "RecursionControlPolicy" -Action ALLOW -ApplyOnRecursion -RecursionScope "InternalAdatumClients" -ServerInterfaceIP "EQ,10.24.60.254"
The easiest way to distribute NRPT is to use a GPO. Edit the Default Domain GPO and navigate to Computer Configuration / Policies / Windows Settings / Name Resolution Policy. Create a rule containing the domain suffix you want to distribute for, and then enable both Enable DNSSEC in This Rule and Require DNS Clients to Check that the Name and Address Data Has Been Validated By the DNS Server.
The option to store the zone in Active Directory is only available on DNS servers that also have the AD DS server role installed and configured.
To deploy an AD DS–integrated primary zone on a DNS server, use the Add-DnsServerPrimaryZone cmdlet with the ReplicationScope parameter. For example: Add-DnsServerPrimaryZone -Name “Contoso.com” -ReplicationScope “Domain”
Consider implementing conditional forwarding or a stub zone. Both enable clients to more easily access the name servers for a foreign domain.
Use DNS policies and DNS zone scopes to configure this behavior. You can create DNS client subnets and assign these subnets into DNS scopes. Next, you create DNS resource records in the zone scopes. Finally, you would use a DNS policy to determine which records are returned to a DNS client, based on the originating subnet.