You need to verify whether a DNS response from a DNS server is signed by DNSSEC

seenagapeJune 21, 2016

You need to verify whether a DNS response from a DNS server is signed by DNSSEC.
What should you run?

PrepAway - Latest Free Exam Questions & Answers

A.
nslookup.exe

B.
dnscmd.exe

C.
Resolve-DNSName

D.
Get-NetIPAddress

Explanation:
The Resolve-DnsName cmdlet performs a DNS query for the specified name. This cmdlet is
functionally similar to the nslookup tool which allows users to query for names. The ResolveDnsName cmdlet was introduced in Windows Server 2012 and Windows 8 and can be used to
display DNS queries that include DNSSEC data.
Parameters include:
* -DnssecOk
Sets the DNSSEC OK bit for this query.
* -DnssecCd
Sets the DNSSEC checking-disabled bit for this query
Example: In the following example, the DO=1 flag is set by adding the dnssecok parameter.
PS C:\> resolve-dnsname -name finance.secure.contoso.com -type A -server dns1.contoso.com –
dnssecok
Incorrect:
Not A: Do not use the nslookup command-line tool to test DNSSEC support for a zone. The nslookup
tool uses an internal DNS client that is not DNSSEC-aware. Resolve-DnsName
https://technet.microsoft.com/library/jj590781.aspx Overview of DNSSEC
https://technet.microsoft.com/en-us/library/jj200221.aspx#validation

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

Microsoft Exam Questions

Free Microsoft Study Guide

You need to verify whether a DNS response from a DNS server is signed by DNSSEC

Leave a Reply Cancel reply