PrepAway - Latest Free Exam Questions & Answers

You need to ensure that only domain members can register DNS records in the zone

Your network contains an Active Directory domain.
All DNS serversare domain controllers.
You view the properties of the DNS zoneas shown in the exhibit:

You need to ensure that only domain members can register DNS records in the zone.
What should you do first?

PrepAway - Latest Free Exam Questions & Answers

A.
Modify the zone type.

B.
Create a trust anchor.

C.
Modify the Advanced properties of the DNS server.

D.
Modify the Dynamic updates setting.

Explanation:
To ensure that only domain members are allowed to register DNS records we have to:
1. modify the zone type to Active Directory-Integrated.
2. set the Dynamic updates option to Secure only, which is only available to Active Directory-Integrated zones.
Reference 1:
MCTS Windows Server ® 2008 Active Directory Configuration Study Guide (Sybex, 2008)
page 53
Secure only—This means that only machines with accounts in Active Directory canregister with DNS.
Before DNS registers any account in its database, it checks Active Directory to make sure that accountis an
authorized domain computer.
Reference 2:
http://technet.microsoft.com/en-us/library/ee649287.aspx
Secure dynamic update is supported only for Active Directory-integrated zones.If the zone type is configured
differently, you must change the zone type and directory-integrate the zone before securing it for DNS
dynamic updates.


Leave a Reply