Activity: Designing DNS for Internal and External Use

This activity requires you to determine whether a resource record should be included on an internally accessible DNS server, an externally accessible DNS server, or on both DNS servers.

Your organization has the network infrastructure for its Windows 2000 deployment shown in Figure 9.4.

click to view at full size.

Figure 9.4 Your organization's network

Your organization's Active Directory forest root is deployed as a child domain of your current DNS namespace. The DNS name for your organization is organization.tld, and your Active Directory forest root is deployed as ad.organization.tld.

Your organization uses a mix of Microsoft Outlook 2000 clients configured to use the Exchange Server service and Outlook Express clients. The mail clients use Internet Message Access Protocol version 4.0 (IMAP4) and Simple Mail Transport Protocol (SMTP) to access e-mail services. When working at client sites, Outlook Express clients require e-mail access on both the internal network and the external network.

Outside clients have reported that they can't send mail to your organization. Messages are returned stating that a Mail Exchanger doesn't exist for your organization's domain name.

Answer the following questions about this situation. The answers to these questions can be found in the appendix.

  1. What DNS zones must be hosted on the external DNS server?

  2. Based on the information provided, complete the following table of resource records that must be included at the external DNS server.

    Host IP Address or Contents

  3. Are there any additional resource records that you must manually configure on the external DNS server?

  4. What DNS zones must be hosted on the internal DNS server?

  5. Do you have to include externally available resources on the internal DNS server?

  6. Assume that the internal DNS server is configured to host the organization.tld DNS zone. What resource records must be included for the Outlook Express clients to ensure that they communicate only with the internal mail server when they use the internal DNS server? Enter your answer in the following table.

    DNS Resource Record IP Address or Contents
    MX record for organization.tld


Microsoft Corporation - MCSE Training Kit (Exam 70-220. Designing Microsoft Windows 2000 Network Security)
MCSE Training Kit (Exam 70-220): Designing Microsoft Windows 2000 Network Security: Designing Microsoft(r) Windows(r) 2000 Network Security (IT-Training Kits)
ISBN: 0735611343
EAN: 2147483647
Year: 2001
Pages: 172 © 2008-2017.
If you may any questions please contact us: