Exam
Answer confirmed
Question
You have an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. The on-premises network is connected to Azure by using a Site-to-Site VPN.
You have the DNS zones shown in the following table.
You need to ensure that names from fabrikam.com can be resolved from the on-premises network.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Proposed answer
- A. Create a stub zone for fabrikam.com on DC1.
- B. Create a conditional forwarder for fabrikam.com on DC1.
- C. Create a secondary zone for fabrikam.com on DC1.
- D. Deploy an Azure virtual machine that runs Windows Server. Modify the DNS Servers settings for the virtual network.
- E. Deploy an Azure virtual machine that runs Windows Server. Configure the virtual machine as a DNS forwarder.
Suggested answer
- A. Create a stub zone for fabrikam.com on DC1.
- E. Deploy an Azure virtual machine that runs Windows Server. Configure the virtual machine as a DNS forwarder.
Correct answer
The suggested answer is incorrect
Correct answer is:
- B. Create a conditional forwarder for fabrikam.com on DC1.
- E. Deploy an Azure virtual machine that runs Windows Server. Configure the virtual machine as a DNS forwarder (168.63.129.16).
--
- A client VM sends a name resolution request for azsql1.database.windows.net to an on-premises internal DNS server.
- A conditional forwarder is configured on the internal DNS server. It forwards the DNS query for
database.windows.netto 10.5.0.254, which is the address of a DNS forwarder VM. - The DNS forwarder VM sends the request to 168.63.129.16, the IP address of the Azure internal DNS server.
- The Azure DNS server sends a name resolution request for azsql1.database.windows.net to the Azure recursive resolvers. The resolvers respond with the canonical name (CNAME) azsql1.privatelink.database.windows.net.
- The Azure DNS server sends a name resolution request for azsql1.privatelink.database.windows.net to the private DNS zone
privatelink.database.windows.net. The private DNS zone responds with the private IP address 10.5.0.5.
syu31svc
Highly Voted 1 year, 8 months ago
Selected Answer: BE
B and E are correct as supported by link given
upvoted 8 times
Doman01
Highly Voted 1 year, 4 months ago
https://learn.microsoft.com/en-us/answers/questions/181776/azure-private-dns-zone-resolution-from-on-prem
According to this question from 2020 and link provided it should be BE BUT
https://learn.microsoft.com/en-us/azure/dns/private-resolver-hybrid-dns
This one is new thing and will probably be used instead in the future so I believe we will have questions about it instead of this one
upvoted 6 times
Webcatman
Most Recent 2 weeks ago
Selected Answer: BE
https://learn.microsoft.com/en-us/azure/dns/private-resolver-hybrid-dns
upvoted 1 times
Ksk08
4 weeks ago
B and E
upvoted 1 times
skycrap
1 year, 5 months ago
Selected Answer: BD
I think B and D. 1: Deploy an Azure virtual machine that runs Windows Server. Modify the DNS Servers settings for the virtual network. This is default when you deploy one or more dns servers on a Azure vnet 2: Create a conditional forwarder for fabrikam.com on DC1. Because the question was: You need to ensure that names from fabrikam.com can be resolved from the on-premises network. You don’t need configure the new virtual machine in Azure as a DNS forwarder because the question only ask: ensure that names from fabrikam.com can be resolved from the on-premises network.
upvoted 3 times
kijken
2 years ago
Why E?
upvoted 2 times
Leocan
2 years ago
A DNS forwarder is a Virtual Machine running on the Virtual Network linked to the Private DNS Zone that can proxy DNS queries coming from other Virtual Networks or from on-premises.
upvoted 9 times