博客围绕公司网络中DNS服务器问题展开。用户在DNS1离线维护时无法通过名称访问网络资源,需确保DNS1不可用时用户能从QDNS5解析名称。问题原因是DNS1到QDNS5的区域传输不正常,答案是配置DNS1允许BIND二级服务器。
QUESTION NO: 162
You are the administrator of your company network. The relevant portion of its configuration is shown
in the exhibit.
DNS1 is a Windows 2000 Server computer configured with a standard primary zone. QDNS5 is a UNIX
server configured with a secondary DNS zone. QDNS5 accepts zone transfers from DNS1. The client
computers on your network are configured to use DHCP to obtain IP addressing information. The DHCP
server is configured to issue the IP addresses of DNS1 and QDNS5 to client computers for name
resolution.
Users report that they sometimes cannot access any network resources by name. You discover that this
problem occurs only when DNS1 has been taken offline for maintenance.
You need to ensure that users can resolve names from QDNS5 whenever DNS1 is unavailable. What
should you do?
A. Instruct your Internet service provider (ISP) to configure QDNS5 to Kerberos version 5 client
software.
B. Configure DNS Server service on DNS1 to allow BIND secondary servers.
C. Instruct your Internet service provider (ISP) to upgrade the DNS server software on QDNS5 with a
BIND 8.1 compatible implementation.
D. Configure DNS1 so it does not require secure zone transfers.
Answer: B
Explanation: The zone transfers from DNS1 to QDNS5 is not working.
Bind secondaries determines whether to use fast transfer format when transferring a zone to DNS servers
running legacy Berkeley Internet Name Domain (BIND) implementations. By default, all Windows-based DNS
servers use a fast zone transfer format, which uses compression and can include multiple records per TCP
message during a connected transfer. This format is also compatible with more recent BIND-based DNS servers
that run versions 4.9.4 and later. In this scenario the ISP’s DNS server does not appear to support this, and Bind
secondaries needs to be enabled.
Incorrect Answers:
A: There is no need for Kerberos software on a DNS server.
C: We should first allow BIND secondary servers. This would allow replication traffic with UNIX BIND
version 4.9.4 or later. There should be no need to upgrade QDNS5 to Bind 8.1.
D: The only secure zone transfers available are Active Directory integrated zone transfers, and they are not
used here.
You are the administrator of your company network. The relevant portion of its configuration is shown
in the exhibit.
DNS1 is a Windows 2000 Server computer configured with a standard primary zone. QDNS5 is a UNIX
server configured with a secondary DNS zone. QDNS5 accepts zone transfers from DNS1. The client
computers on your network are configured to use DHCP to obtain IP addressing information. The DHCP
server is configured to issue the IP addresses of DNS1 and QDNS5 to client computers for name
resolution.
Users report that they sometimes cannot access any network resources by name. You discover that this
problem occurs only when DNS1 has been taken offline for maintenance.
You need to ensure that users can resolve names from QDNS5 whenever DNS1 is unavailable. What
should you do?
A. Instruct your Internet service provider (ISP) to configure QDNS5 to Kerberos version 5 client
software.
B. Configure DNS Server service on DNS1 to allow BIND secondary servers.
C. Instruct your Internet service provider (ISP) to upgrade the DNS server software on QDNS5 with a
BIND 8.1 compatible implementation.
D. Configure DNS1 so it does not require secure zone transfers.
Answer: B
Explanation: The zone transfers from DNS1 to QDNS5 is not working.
Bind secondaries determines whether to use fast transfer format when transferring a zone to DNS servers
running legacy Berkeley Internet Name Domain (BIND) implementations. By default, all Windows-based DNS
servers use a fast zone transfer format, which uses compression and can include multiple records per TCP
message during a connected transfer. This format is also compatible with more recent BIND-based DNS servers
that run versions 4.9.4 and later. In this scenario the ISP’s DNS server does not appear to support this, and Bind
secondaries needs to be enabled.
Incorrect Answers:
A: There is no need for Kerberos software on a DNS server.
C: We should first allow BIND secondary servers. This would allow replication traffic with UNIX BIND
version 4.9.4 or later. There should be no need to upgrade QDNS5 to Bind 8.1.
D: The only secure zone transfers available are Active Directory integrated zone transfers, and they are not
used here.
扫一扫
749
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
