Prev Question
Next Question

You need to verify whether a DNS response from a DNS server is signed by DNSSEC.
What should you run?

A. nslookup.exe

B. dnscmd.exe

C. Resolve-DNSName

D. Get-NetIPAddress

The Resolve-DnsName cmdlet performs a DNS query for the specified name. This cmdlet is functionally similar to the nslookup tool which allows users to query for
names. The Resolve-DnsName cmdlet was introduced in Windows Server 2012and Windows 8 and can be used to display DNS queries that include DNSSEC
Parameters include:
Sets the DNSSEC OK bit for this query.
Sets the DNSSEC checking-disabled bit for this query
Example: In the following example, the DO=1 flag is set by adding the dnssecok parameter.
PS C:\> resolve-dnsname -name -type A -server -dnssecok
Incorrect Answers:
A: Do not use the nslookup command-line tool to test DNSSEC support for a zone. The nslookuptool uses an internal DNS client that is not DNSSEC-aware.

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *