Help out: DNS question

Hey guys,i came across this question and its really confusing me.

You have three windows 2003 domain controllers in a single domain. Your primary DNS server is installed on a domain controller named DC1.westsim.com. You have two secondary DNS server installed on a member server named server1.westsim.com and server2.westsim.com.

You want to increase fault tolerance for your DNS infrastructure. You also want to optimize and simplify replication and zone transfer management on your network. What should you do? Select all that apply.

1.Remove the DNS service from the member servers
2.Configure secure updates for your zone transfers
3.Promote of the secondary DNS server to a primary server and have it host a new zone
4.Convert the zone to an active directory integrated zone
5.Install DNS on at least two more domain controllers.

*i know 4 is definatly in but the rest are just confusing.Can someone help out and give a simple explanation to this.

Thanx a lot

Find more posts tagged with

SAVE $250 on Your Microsoft Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Microsoft Boot Camps

Comments

sprkymrk

OKay, I am really hoping this is a question from a book you have and not a ****. Try examining each choice logically first. This requires understanding what they are asking and what the effects of each answer might be. In this case you need some understanding of DNS.

1.Remove the DNS service from the member servers

Now ask yourself how this alone would increase fault tolerance? It won't by itself, but maybe in combination with another answer it will so let's put this on the back burner for now. If you were only allowed to select one answer you could toss this one out the window right now.

2.Configure secure updates for your zone transfers

Well for one thing, they didn't ask you to increase the security of zone transfers, they want you to simplify zone transfers and management. This does niether. In addition, you cannot use secure updates anyway because you are running DNS on servers that are not DC's. Toss it.

3.Promote of the secondary DNS server to a primary server and have it host a new zone

Toss this one with no thought whatsoever. Look at the question again - will doing this simplify anything? Nope.

4.Convert the zone to an active directory integrated zone

This looks pretty good, since we know that AD integrated zones DO simplify DNS management and they use AD replication for zone transfers. However, changing to an AD integrated zone would knock us down to only a single DNS server right now, but in an odd sort of way I guess that too would simplify zone transfers by eliminating the need for any.

5.Install DNS on at least two more domain controllers

.
Ahh, now we are getting somewhere. By combining answers 1, 4, and 5 we have completely switched over to an AD integrated zone with DNS installed on 3 DC's. All zone transfers are handled by AD replication.

Although we could also toss in number 2 for security, we don't need to do that to meet the requirements they set down.

DjScientist

To:sprkymrk

Thank you very much and NO,am not using ****,i got that from Testout.Am using MS press,CBT Nuggets and Testout for preparation together with some explanation from Learnkey:Implementing a Network Infrastructure.Once am done with that,will go thru measureup question provided on the MS press CD and a couple of Transcender question to make sure am ready.HAving read about how dangerous the beast is,i decided to be fully equipped before the battle start.I don't have much experience but am getting some as i have a lab setup with 4 machines and am doing all the labs and exercises from all my resources.Am taking taking my time to do all that until am fit enough to go for a battle.I hope this is and the effort is enough for a victory because i don't want to give the Beast a second chance.

And now,regarding the question,I guess i didn't understand the question very well and i was not very attentive to choices given.Its more clearer now and i know where i went wrong.

Thank you for thorough explanation

sprkymrk

Good luck in your studies.

In the future if you quote your source I won't get so jumpy.

cbriant

Hi,

Just to clarify things. When you move to AD integrated DNS does every other DNS sever have to run on a domain controller? What happens if you have a mixture of AD integrated DNS and DNS running on member servers?

I'm guessing that zone information will not be replicated to the member servers, but will they still function as DNS servers?

Chris.

Claymoore

You can still use member servers as DNS servers. Just set them up as secondary servers and have them replicate from one of your AD servers as a primary server. Be sure to configure the AD primary server to allow zone transfers to the member server seocndary and it will work fine.