PrepAway - Latest Free Exam Questions & Answers

You need to ensure that only domain members can register DNS records in the zone

Your network contains an Active Directory domain. All DNS servers are domain controllers.
You view the properties of the DNS zone as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that only domain members can register DNS records in the zone.
What should you do first?

PrepAway - Latest Free Exam Questions & Answers

A.
Modify the zone type.

B.
Create a trust anchor.

C.
Modify the Advanced properties of the DNS server.

D.
Modify the Dynamic updates setting.

Explanation:
To ensure that only domain members are allowed to register DNS records we have to:
1. modify the zone type to Active Directory-Integrated.
2. set the Dynamic updates option to Secure only, which is only available to Active DirectoryIntegrated zones.
Reference 1)
MCTS Windows Server ® 2008 Active Directory Configuration Study Guide (Sybex, 2008)
page 53
Secure only—This means that only machines with accounts in Active Directory can register
with DNS.

Before DNS registers any account in its database, it checks Active Directory to make sure
that account is an authorized domain computer.
Reference 2)
http://technet.microsoft.com/en-us/library/ee649287.aspx
Secure dynamic update is supported only for Active Directory-integrated zones. If the zone
type is configured differently, you must change the zone type and directory-integrate the
zone before securing it for DNS dynamic updates.


Leave a Reply