利用DNS支持活动目录
原题:
You are the administrator of your company's network. The network consists of one Windows 2000 domain that spans multiple subnets. You are configuring DNS for hostname resolution throughout the network. You want to achieve the following goals:
• DNS zone transfer traffic will be minimized on the network.
• Administrative overhead for maintaining DNS zone files will be minimized.
• Unauthorized host computers will not have records created in the zone.
• All zone updates will come only from authorized DNS servers.
• All zone transfer information will be secured as it crosses the network.
You take the following actions:
• Create an Active Directory integrated zone.
• In the Zone Properties dialog box, set the Allow Dynamic Updates option to Yes
• On the Name Servers tab of the Zone Properties dialog box, enter the names and addresses of all DNS servers on the network.
• On the zone transfers tab of the zone properties dialog box, select the Allow Zone transfers only to the servers listed on the Name servers tab option
Which result or results do these actions produce? (Choose all that apply)
A. DNS zone transfer traffic is minimized on the network.
B. Administrative overhead for maintaining DNS zone files is minimized.
C. Unauthorized host computers do not have records created in the zone.
D. All zone updates come only from authorized DNS servers
E. All zone transfer information is secured as it crosses the network.
你是公司网络的管理员,网络由一个跨越多个网段的Windows 2000域组成,你正在为整个网络中的主机名解析配置DNS,你希望完成如下目标:
·网络中DNS区域传输流量最小化
·管理成本中维护DNS区域文件最小化
·未验证的主机不在区域中创建记录
·所有区域更新只来自于授权的DNS服务器发起
·所有跨越网络的区域传输信息都是安全的
你做了如下工作:
·创建一个活动目录集成区域
·在区域复制对话框中,设置“ Allow Dynamic Updates ”选项为“Yes”
·在区域属性对话框的名称服务器面板,输入网络中所有DNS服务器的名称和地址
·在区域属性对话框的区域传输面板,选择“Allow Zone transfers only to the servers listed on the Name servers tab ”选项
上面的动作将会实现哪些结果?(选择所有合适的答案)
题解:
1,使用活动目录集成区域将实现增量区域文件传输,它只允许新的或者修改过的记录在DNS服务器之间复制而不是复制所有区域数据文件,因此它的文件传输流量最小。
2,动态更新是客户端计算机在DNS区域文件中更新自身记录的过程,无需要手工干预,因此它的管理成本也是最低的。
3,选择了“Allow Zone transfers only to the servers listed on the Name servers tab”选项将阻止从未经授权的服务器更新区域文件。
4,活动目录DNS区域复制数据是活动目录复制的一部分,活动目录复制使用的是安全的RPC通道,因此,信息的传输是安全的。
正确答案:ABDE
正确配置DNS动态更新
问题:
You are configuring a Windows 2000 DNS Server on your company network. The network consists of one Windows NT domain. You already have DNS installed on a Windows NT Server on the Windows NT domain. You want to use dynamic updates on a DNS database, but company management will not allow an upgrade or decommission of the Windows NT DNS server. All DNS information must be synchronized between the two DNS servers.
What do you do to accomplish these goals? (Choose three)
A. Create a standard primary zone on a Windows 2000 DNS Server and import the existing zone file.