Yournetwork contains an Active Directory domain named contoso.com.
The domain contains a server named Server1 that runs Windows Server 2012 R2 and has the DNS
Server server role installed.
Server1 is configured to use a DNS server from an Internet Service Provider (ISP) as a forwarder.
Corporate management requires that client computers only resolve names of contoso.com
computers.
Youneed to configure Server1 to resolve names in the contoso.com zone only.
What should you do on Server1?
A.
From DNS Manager, modify the root hints of Server1.
B.
From Windows PowerShell, run the Remove-DnsServerForwarder cmdlet.
C.
From Windows PowerShell, run the Set-NetDnsTransitionConfigurationcmdlet.
D.
From DNS Manager, modify the Advanced properties of Server1.
Explanation:
If the DNS server does not know the address of the requested site, then it will forward the request
to another DNS server. In order to do so, the DNS server must know of the IP address of another
DNS server that it can forward the request to. This is the job of root hints. Root hints provides a list
of IP addresses of DNS servers that are considered to be authoritative at the root level of the DNS
hierarchy(also known as root name server).
http://technet.microsoft.com/en-us/library/ee649221(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/jj649867.aspx
http://technet.microsoft.com/en-us/library/jj613703.aspx
Ans: B
0
0
The given answer is INCORRECT.
As the internal DNS server has a forwarder configured, changing the roothints has no effect, all unknown sites is send to the forwarder.
To stop this from happening, we should remove the forwarder.
To make this work, >Use Root Hints when no forwarder is configured< should NOT be selected.
0
0
Remove the forwarder
0
0
wouldn’t the answer be D, from the advanced tab on properties you can select “Disable Recursion” which also disabled forwarders, this would mean any query that server1 could not resolve would not be forwarded.
3
0
D
To disable recursion on the DNS server using the Windows interface
Open DNS Manager.
In the console tree, right-click the applicable DNS server, then click Properties.
Where?
DNS/applicable DNS server
Click the Advanced tab.
In Server options, select the Disable recursion check box, and then click OK.
Additional considerations
To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.
If you disable recursion on the DNS server, you will not be able to use forwarders on the same server.
3
0
D
https://technet.microsoft.com/en-us/library/cc771738(v=ws.11).aspx
2
0
DNS recursion is just for having your forwarded request forwarded to other DNS servers from the DNS server your forwarded to. Even without recursion, it would still forward your request to an alternate DNS server, potentially resolving outside of contoso domain.
Removing the root hints wont do it since you have a forwarder setup to the ISP. The only way to stop this forwarding, is to remove the forwarder.
0
0
The problem with removing the forwarder is that it will then use Root Hints to forward requests which is then resolving names outside of the contoso.com zone. If you disable recursion, it will not forward queries for names it does not no. So if someone tries to go to an address that is not within the contoso.com zone, then the DNS server says “tough shit” and doesn’t give them anything back.
3
0
70-411 question
0
3
Answer: D
Disable recursion – This will disable forwarders and disable use of root hints all in 1 step.
1
0
Just tested on my server lab. Originally I had 8.8.8.8 as my forwarder (google’s DNS server). I did Remove-DNSServerForwarder and verified that it was removed. I went to my Windows 7 VM, did a flushDNS and it still was able to resolve websites. I even tried websites that I never went to on that VM to make sure. So the root hints definitely took over after I removed the forwarder.
I then put 8.8.8.8 back in and disabled recursion. Tried another website that I could think of that I didn’t go to before on my Win7 VM, and was not able to visit that site after flushing the DNS. I went back to the DNS server, enabled recursion and then I was able to go to the website I couldn’t a minute prior.
So I agree with D: Disable recursion.
3
0
and I agree with Halloween, this seems to be a 70-411 type question.
0
1