A Question on Packet Filtering

Toggle sidebar Toggle sidebar
K

KidTao

Member
May 10, 2003
97
0
0
I?m getting ready to take on the beast and ran into a few problems with this question. If you can offer help, I?d appreciate it.

You are a consultant hired by Adventure Works, a small company that specialized in unusual vacations. Adventure Works enters into a partnership with Alpine Ski House, Tokyo?s Travel, and Blue Yonder Airlines to provide exotic ski vacations.
Adventure Works sells the vacation packages and resells ski equipment manufactured by Alpine Ski House. Tokyo?s Travel makes flight reservations on Blue Yonder Airlines and books hotel reservations. Adventure Works coordinates all aspects of the partnership.

Each company?s network consists of a single Windows 2000 domain. Each domain includes a single domain controller running Windows 2000 Server. The domain controllers are named ASH-DC, AW-DC, BYA-DC, and TK-DC. Each one runs the DNS Server service and hosts an Active directory integrated zone.

The four networks are connected over the Internet by means of persistent virtual private network (VPN) connections. The relevant portion of the network configuration is shown in the exhibit.

Exhibit

Users at Adventure Works require access to applications and resources in the networks of all three partners. Users at Tokyo?s Travel require access to applications and resources in the Blue Yonder Airlines network. However, users at Adventure Works and Tokyo?s Travel report that they often receive an error message when they try to access servers located on the other networks. The error message states:

?Network path could not be found.?

To correct this problem, you install the DNS Server service on new stand alone servers running Windows 2000 Server in the Adventure Works network and the Tokyo?s Travel network.

How should you configure DNS in these two networks?

Drag the correct DNS configuration parameter to the appropriate DNS server. You might need to use some parameters more than once.

Select & Place

Answer:

Explanation: We only need read-only replicas of the zone. We should use secondary zones.
As forwarder we should use DNS server that is authorative for the zone ? a domain controller. For the Adventureworks DNS server we should use the Domain Controller in the tokyotravel.com zone.
For the Tokyo Travel DNS server we should use the Domain Controller for in the blueyonderairlines.com zone.
Click to expand...
  1. (1) Is there a particular reason for Adventure Works? DNS server to pick the tokyo.com?s domain controller over the other 2? Users there would need access to all three partner networks including Alpine Ski House and Blue Yonder Airlines.
  1. (2) Would Tokyo?s Travel DNS server?s hooking up with blueyonderairlines.com?s domain controller have something to do with users there requiring access to the Blue Yonder Airlines network solely?
  1. (3) And also, I?m wondering what the downsides would be if we are to use Active Directory integrated or primary zone types for the new DNS servers.
I?ll be grateful if someone can clear this out for me.

:)
 
E

exx1976

Member
Nov 13, 2003
77
0
0
Well, technically, you wouldn't need to create new servers for this, you could just create new zones on the existing servers, and set them as standard secondary zones. The access to the other networks is already there due to the VPN connections, and they need these connections in order to access the resources they are trying to get to, hence the "network path not found". The reason to create the zones in the other domains is so that there's a locally cached copy of each network in the client machine's domain so that it is able to resolve all the different machines from the other networks it needs to connect to. Making them a standard secondary simply means that the external domain that has a copy of the zone is unable to edit it, thus leaving complete control of the zone in the owning network.

Make sense? All it's doing is giving them a local copy that is constantly kept current. Could also be accomplished with a shitload of HOSTS files, but that's be a lot more difficult....

HTH,
Exx
 
K

KidTao

Member
May 10, 2003
97
0
0
Originally posted by: exx1976
Well, technically, you wouldn't need to create new servers for this, you could just create new zones on the existing servers, and set them as standard secondary zones. The access to the other networks is already there due to the VPN connections, and they need these connections in order to access the resources they are trying to get to, hence the "network path not found". The reason to create the zones in the other domains is so that there's a locally cached copy of each network in the client machine's domain so that it is able to resolve all the different machines from the other networks it needs to connect to. Making them a standard secondary simply means that the external domain that has a copy of the zone is unable to edit it, thus leaving complete control of the zone in the owning network.

Make sense? All it's doing is giving them a local copy that is constantly kept current. Could also be accomplished with a shitload of HOSTS files, but that's be a lot more difficult....

HTH,
Exx
Click to expand...
Thank you for taking time for my question, exx1976. I?m much clearer about the role of secondary zones now. :)
 
K

KidTao

Member
May 10, 2003
97
0
0
I?m still not clear about the first 2 parts of my own question as to why choose the particular DC?s over the others when there are 4 of them. If anyone could offer feedback, I?d appreciate it very much. :)
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom