ExamSim MCSE 2000: Design A Dynamic DNS Network
November 15, 2000
Each week we will present a tough question for one of the Windows 2000 exams. These questions are modeled after the content and difficulty as those you will find in the ExamSim MCSE 2000 software available from Syngress.
Q: You are designing your Dynamic DNS network infrastructure. You network contains five physical and logical subnets, all of which are separated by 128Kbps ISDN WAN links. You want to optimize your host name resolution scheme, so you have decided to deploy a DNS Server on each of the segments.
The network clients consist of a mix of Win9x, Win 3.x, Windows NT 4.0 and Windows 2000 computers. All network clients will participate in the same Windows 2000 domain. You also want all network clients to have their names and IP addresses automatically entered into the DNS, without you having to ever manually configure entries in the DNS database yourself. You also want your configuration to be fault tolerant, so that in the event that a local DNS Server should become unavailable, the client will still be able to register is IP addressing information.
Which of the following should you do in order to attain your goals? [Choose all that apply]
The correct answer is D.Deb Shinder
This question is typical of the Microsoft exam questions that you'll see on the actual test. The exam questions will not fit in a nice format where you will be tested on one concept at a time. And indeed, this question is actually testing your knowledge of multiple concepts. In this case, you need to have a decent understanding of Dynamic DNS and DHCP in Windows 2000.
Answer D is correct because we need fault tolerance for DNS record registration. Only two types of DNS Servers can receive and update DNS records: An Active Directory integrated DNS Server and a Standard Primary DNS Server. Note that the Active Directory integrated DNS Servers all act as Primaries for their domain. DNS Clients can send their DNS registration information to a Secondary DNS Server, but the Secondary DNS Server must forward this information to a Primary DNS Server in order to have it updated in the Dynamic DNS zone database. Therefore, a fault tolerant Dynamic DNS registration architecture will include more than one Primary for the domain. The only was to accomplish this is to use Active Directory integrated zones. Standard DNS zones only allow for a single Primary DNS zone database file.
Its important that the clients are configured with the IP addresses of all the DNS Servers on the network, so that in the event that one of them becomes unavailable, the client can register with, and query an alternate DNS Server. The DNS client service will attempt to contact each DNS Server on the client's list of DNS Servers.
The second problem that must be addressed in this question is related to the downlevel clients on the network. Win 3.x, Win9x and Windows NT 4.0 clients cannot communicate with a Windows 2000 Dynamic DNS Server in order to register their IP addressing information. These downlevel client can query the Windows 2000 Dynamic DNS Server, they just cannot send their registration information themselves.
To solve this problem, you need to implement DHCP on the network. A DHCP Server can be configured to act as a "proxy" between the downlevel clients and the DDNS Server. To have the DHCP perform this function, you must configure it as in the figure below.
The Enable updates for DNS clients that do not support dynamic update checkbox must be checked if you want the DNS Server to update both the Host (A) and Pointer (PTR) information for the downlevel client in the Dynamic DNS zone database.
After the DHCP Server has been placed on the network and configured to forward IP addressing to the DDNS Server, all the downlevel network clients will have their information automatically entered into the Dynamic DNS database.
Now, let's look at the problems with the other answers.Deb Shinder
Answer A is incorrect because you cannot have 5 Primary DNS Servers for the same domain. If you do this, you will create a totally unmanageable DNS situation, where every DNS Server would have to be configured as a Secondary, and the risk of inconsistency in the zone database for the domain is extremely high. This is never done in the real world, and probably is never done in the fantasy world either. Another problem with this answer is that downlevel clients cannot directly register their IP addressing information with a DDNS Server.
Answer B is incorrect because if the single Primary DNS Server for the domain becomes unavailable, then none of the DNS clients will be able to dynamically register their IP addressing information. The requests could be sent to Standard Secondary servers, but the Secondary servers need to forward the registration request to a Dynamic Standard Primary DNS Server. Since the single Primary DNS Server is unavailable, no machine will be able to update information in the zone database. Not even the DHCP Server which is acting as proxy for the downlevel clients will be able to perform the Dynamic updates. Finally, the downlevel clients are not able to directly communicate with the DDNS Server.
Answer C is incorrect because although almost everything is in place, all network clients are not able to directly communicate with the Dynamic DNS Server. In order for this solution to work, you need to implement a DHCP Server that will act as a "proxy" for the downlevel clients that are not able to register their own IP addressing information.