Hallazgos de programas de selección de personal sometido a alto riesgo

1. True or False: You can perform a delegation only from a parent zone to a child zone. 2. Why does a stub zone improve name resolution when it is implemented across

domains in a large forest or other DNS namespace?

Quick check answers

1. True.

2. A stub zone provides a DNS server with the names of servers that are authoritative for a given zone. When this information is stored locally, the DNS server does not need to query other servers to find the authoritative servers for that zone. The process of resolving a name in that zone is therefore more efficient.

PRACTICE

creating an application directory partition for dns

In this practice, you will create a custom application directory partition and then modify the Nwtraders.msft zone to store data in that partition. (Note that zone data can be stored only in directory partitions for Active Directory–integrated zones.)

ExERCIsE 1 Creating the New Application Directory Partition In this exercise, you will create an application directory partition on Dcsrv1. 1. Log on to Nwtraders from Dcsrv1 as a domain administrator. 2. At an elevated command prompt, type the following:

dnscmd . /createdirectorypartition DNSpartitionA.nwtraders.msft

This command creates an application directory partition that will replicate in Active Directory only to domain controllers that you enlist in the partition. You do not need to enlist the local server in the partition.

ExERCIsE 2 Storing Zone Data in the New Application Directory Partition

In this exercise, you will modify the properties of the Nwtraders.msft zone so that its data is stored in the new application directory partition you have just created.

1. While you are logged on to Nwtraders from Dcsrv1 as a domain administrator, open DNS Manager.

3. On the General tab of the Nwtraders.msft Properties dialog box, click the Change button for replication. This button is directly to the right of the text Replication: All DNS Servers In This Domain.

4. In the Change Zone Replication Scope dialog box that opens, select To All Domain Controllers In The Scope Of This Directory Partition.

5. In the associated drop-down list box, select DNSpartitionA.nwtraders.msft, and then click OK.

6. In the Nwtraders.msft Properties dialog box, click OK. The Nwtraders.msft zone data is now stored in the new application directory partition you created on Dcsrv1. Other domain controllers that are DNS servers in the Nwtraders.msft forest will receive a copy of the Nwtraders.msft primary zone only if you later enlist those servers in the new partition by using the following command:

dnscmd <server name> /enlistdirectorypartition DNSpartitionA.nwtraders.msft

PRACTICE

deploying a secondary Zone

In this practice, you will create a secondary DNS zone for Nwtraders.msft on the Boston server. Because the Boston server is not a domain controller, it cannot host an Active Directory– integrated copy of the Nwtraders.msft primary zone. In a production environment, you might choose to install a secondary zone when you want to install a DNS server without installing a domain controller.

ExERCIsE 1 Adding the DNS Server Role

In this exercise, you will install the DNS server role on the Boston server. 1. Log on to Nwtraders from Boston as a domain administrator.

2. If the Initial Configuration Tasks window appears, click Add Roles. Otherwise, open Server Manager and click Add Roles in the details pane.

3. On the Before You Begin page of the Add Roles Wizard, click Next.

4. On the Select Server Roles page, select the DNS Server check box, and then click Next. 5. On the DNS Server page, read all the text, and then click Next.

6. On the Confirm Installation Selections page, click Install.

7. After the installation completes, on the Installation Results page, click Close. ExERCIsE 2 Creating the Secondary Zone

In this exercise, you will create a secondary zone named Nwtraders.msft on Boston.nwtraders.msft.

1. While you are still logged on to Nwtraders from Boston as a domain administrator, open DNS Manager.

3. In the DNS Manager console tree, select and then right-click the Forward Lookup Zones folder, and then choose New Zone. The Welcome page of the New Zone Wizard appears. Click Next.

4. On the Zone Type page, read all the text, and then select Secondary Zone. Note that the option to store the zone in Active Directory is dimmed. This choice is unavailable because the local computer is not a domain controller. Click Next.

5. On the Zone Name page, in the Zone Name text box, type nwtraders.msft. Click Next.

6. On the Master DNS Servers page, read the text on the page. 7. In the Master Servers area, type 192.168.0.1, and then press Enter.

8. Wait about 30 seconds for the name DCSRV1 to appear beneath the Server FQDN heading in the Master Servers area. Click Next.

9. On the Completing The New Zone Wizard page, click Finish. The new zone now appears in DNS Manager.

10. In the DNS Manager console tree, select the Nwtraders.msft forward lookup zone. An error message that appears in the details pane indicates that the zone is not loaded by the DNS server. The problem is that you have not enabled zone transfers in the properties of the primary zone on Dcsrv1.

ExERCIsE 3 Enabling Zone Transfers to the Secondary Zone

In this exercise, you will enable zone transfers to the Boston computer from Dcsrv1. 1. Log on to Nwtraders from Dcsrv1 as a domain administrator.

2. Open DNS Manager.

3. Expand the DNS Manager console tree.

4. Right-click the Nwtraders.msft forward lookup zone, and then choose Properties. 5. In the Nwtraders.msft Properties dialog box, click the Zone Transfers tab. 6. On the Zone Transfers tab, select the Allow Zone Transfers check box. 7. Verify that To Any Server is selected, and then click OK.

ExERCIsE 4 Transferring the Zone Data

In this exercise, you will load the zone data from the primary zone to the secondary zone. You will perform this exercise while logged on to Nwtraders from the Boston computer as a domain administrator.

1. On Boston, in the DNS Manager console tree, right-click the Nwtraders.msft forward lookup zone, and then choose Transfer From Master. If you see an error, wait 15 seconds, and then press F5 or select Refresh from the Action menu.

2. The Nwtraders.msft zone data eventually appears in the details pane of DNS Man- ager. Note that the application directory partition DNSpartitionA appears above DomainDNSZones and ForestDNSZones.

ExERCIsE 5 Creating an NS Record for the Server Hosting the Secondary Zone In this exercise, you will create an NS record for the Boston DNS server in the primary zone. Note that you cannot create an NS record for a secondary zone server from within the secondary zone itself because a secondary zone is a read-only copy of the zone.

You perform this exercise while logged on to Nwtraders from Dcsrv1 as a domain administrator.

1. On Dcrsv1, in the DNS Manager console tree, select the Nwtraders.msft zone. In the details pane, note that the only name server (NS) record included in the zone points to dcsrv1.nwtraders.msft. The fact that there is only one such NS record means that even if the DNS domain were connected to a larger DNS namespace, information about names in the Nwtraders.msft domain will always originate from Dcsrv1. 2. In the detail pane, double-click the NS record. The Nwtraders.msft Properties dialog

box opens, and the Name Servers tab is selected. 3. Click the Add button.

4. In the New Name Server Record dialog box, in the Server Fully Qualified Domain Name (FQDN) text box, type boston.nwtraders.msft, and then click Resolve. The name is resolved to an IPv6 address and an IPv4 address.

5. In the New Name Server Record dialog box, click OK.

6. In the Nwtraders.msft Properties dialog box, click the Zone Transfers tab.

7. Select Only To Servers Listed On The Name Servers Tab. This setting provides security for the zone by restricting copies (transfers) of the zone data to only authorized servers. 8. In the Nwtraders.msft Properties dialog box, click OK. In the details pane of DNS

Manager, a new NS record appears that points to boston.nwtraders.msft. 9. Close all windows and log off both servers.