Your network contains an Active Directory domain named contoso.com.
The domain contains a DNS server named Server1.
All client computers run Windows 10.
On Server1, you have the following zone configuration.
Server1 must resolve queries from all other DNS clients.
Solution: From Windows Firewall with Advanced Security on Server1, you create an inbound rule.
Does this meet the goal?
A.
Yes
B.
No
Explanation:
Comparable version of this question here: https://www.briefmenow.org/microsoft/does-this-meet-the-goal-306/
An inbound FW rule is a non-conventional method, but it could work.
3
0
Agree. A will work. Negative inbound rule is needed.
4
0
I’m not so sure that the answer is A.
When a DNS role is installed on a server, the appropriate Inbound Firewall is added.
For DNS server to resolve all names that a dns client is requesting, a forwarded must be configured and recursive query enabled.
Or am I wrong?
1
1
Slim2018 – an inbound firewall rule can allow or block
0
0
I test it . Answer A
block dns queries from zone. Firewall
1
0
However, there is a proper way of doing this according to this article:
https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/apply-filters-on-dns-queries
Add-DnsServerQueryResolutionPolicy cmdlet could be used to block
Block queries from a subnet
Add-DnsServerClientSubnet -Name “MaliciousSubnet06” -IPv4Subnet 172.0.33.0/24 -PassThru
Add-DnsServerQueryResolutionPolicy -Name “BlockListPolicyMalicious06” -Action IGNORE -ClientSubnet “EQ,MaliciousSubnet06” -PassThru
Futhermore, “Exam Ref 70-743 Upgrading Your Skills to MCSA: Windows Server 2016” book covers this cmdlet in DNSServer module:
Get-Command -Module DNSServer *policy* | Select name
To conclude this, there is a similar question with Add-DnsServerQueryResolutionPolicy:
https://www.briefmenow.org/microsoft/does-this-meet-the-goal-518/
0
0