You have an on-premises server named Server1 that runs Windows Server. Server1 contains an app named App1 and a firewall named Firewall1.
You have an Azure subscription.
Internal users connect to App1 by using WebSockets.
You need to make App1 available to users on the internet. The solution must minimize the number of inbound ports open on Firewall 1.
What should you include in the solution?
To ensure that all computers in the domain use DNSSEC to resolve names in the adatum.com zone, you'll need to configure both the DNS servers and the client computers. Here's how you can do it:
Step 1: Sign the adatum.com Zone First, you need to sign the adatum.com DNS zone. This can be done using the DNS Manager or PowerShell. Here's a PowerShell example:
Add-DnsServerSigningKey -ZoneName 'adatum.com' -CryptoAlgorithm RsaSha256
Set-DnsServerDnsSecZoneSetting -ZoneName 'adatum.com' -DenialOfExistence NSEC3 -NSEC3Parameters 1,0,10,''
This will add a signing key and configure DNSSEC for the zone with NSEC3 parameters.
Step 2: Configure DNS Servers Ensure that your DNS servers are configured to support DNSSEC. This includes setting up trust anchors for the zones that you want to validate and configuring the DNS servers to provide DNSSEC validation for DNS queries.
Step 3: Configure DNS Clients For DNSSEC validation to occur on the client side, the client computers must be configured to trust the DNS server's validation process. This typically involves configuring the client's DNS settings to point to a DNS server that supports DNSSEC.
Step 4: Validate Configuration You can validate that DNSSEC is working correctly by using tools like nslookup or dig to query DNS records and check for the presence of DNSSEC signatures in the responses.
By following these steps, you should be able to ensure that all computers in your domain use DNSSEC to resolve names in the adatum.com zone.
Janey
22 hours agoAlpha
7 days agoLillian
8 days ago