Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server
named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.image:Img132-195.jpg
You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must
resolve queries from all other DNS clients.
Solution: From Windows PowerShell on Server1, you run the Add-DnsServerQueryResolutionPolicy cmdlet.
Does this meet the goal?
A.
Yes
B.
No
Explanation:
A is correct. See https://docs.microsoft.com/en-us/powershell/module/dnsserver/add-dnsserverqueryresolutionpolicy?view=win10-ps
The Add-DnsServerQueryResolutionPolicy cmdlet adds a policy for query resolution to a Domain Name System (DNS) server. A policy determines the resolution of queries based on criteria that you specify in the policy.
A policy consists of criteria, action, and scopes.
The criteria are a logical combination of client subnet, server interface IP address, fully qualified domain name (FQDN), Internet Protocol (IPv4/IPv6), transport protocol (UDP/TCP), time of day, and query type.
8
0
Agree
3
0
why it’s correct?
0
0
There are 2 ways to do this.
1. DNS Policy (making answer Yes correct).
2. Firewall Rule blocking DNS requests from the specified subnet.
10
0