20+ practice questions focused on DNS, Web and Mail Services — one of the most tested topics on the Linux Professional Institute Certification Level 2 LPIC-2 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start DNS, Web and Mail Services PracticeA company's mail server (Postfix) is rejecting incoming emails from a trusted partner with the error '550 5.7.1 Service unavailable; Client host [203.0.113.50] blocked using zen.spamhaus.org'. The partner's IP is not listed on any public DNSBL. What is the most likely cause?
Explanation: The error message explicitly states the block is from zen.spamhaus.org, a public DNSBL. However, the partner's IP is not listed on any public DNSBL. This contradiction suggests the block is actually due to Postfix's reject_unknown_client_hostname restriction, which checks for a valid PTR record. When the PTR record is missing or does not match the connecting IP, Postfix may log a generic DNSBL-style error if the administrator has misconfigured the restriction to use a DNSBL-like check, or the error message is misleading. Option D is correct because a missing or invalid PTR record triggers this rejection, not a DNSBL listing.
An administrator needs to configure a BIND DNS server to allow dynamic updates from a specific subnet (192.168.1.0/24) for the zone 'example.com'. The administrator must also ensure that the zone file is updated immediately after a dynamic update. Which configuration accomplishes this?
Explanation: Option C is correct because the `allow-update` statement in BIND explicitly permits dynamic DNS updates (RFC 2136) from specified sources, such as the subnet 192.168.1.0/24. Dynamic updates are written to the zone file immediately by default when using a master zone, ensuring the file is updated in real time.
A web server running Apache httpd is experiencing high load. The administrator suspects that many requests are for non-existent virtual hosts. Which configuration change would reduce the load caused by these requests?
Explanation: Option A is correct because defining a default virtual host that returns a 444 status code (a non-standard Apache code meaning 'Connection closed without response') immediately terminates the connection for requests to non-existent virtual hosts. This prevents Apache from wasting resources on DNS lookups, logging, and content generation for invalid hostnames, directly reducing load from such requests.
A company runs a Postfix mail server that relays mail for internal clients. Users report that emails to a specific external domain 'example.org' are delayed by several hours. The administrator checks the mail logs and sees entries like: 'status=deferred (connect to mx.example.org[203.0.113.10]:25: Connection timed out)'. What is the most likely cause?
Explanation: The log entry 'Connection timed out' indicates that the company's Postfix server successfully resolved the MX record for example.org to the IP 203.0.113.10 but could not establish a TCP connection to port 25 on that host. This is consistent with the remote server explicitly blocking inbound connections from the company's IP, often via a firewall rule or access control list, rather than a DNS or rate-limiting issue.
Which TWO statements are true regarding BIND DNS server security? (Choose two.)
Explanation: Option B is correct because the 'allow-recursion' ACL in BIND explicitly controls which clients are permitted to use the server's recursive query feature. By restricting recursion to trusted clients, the server avoids being used in amplification attacks and reduces exposure to cache poisoning. This ACL is defined in the options block or per-zone and can reference address match lists or named ACLs.
+15 more DNS, Web and Mail Services questions available
Practice all DNS, Web and Mail Services questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of DNS, Web and Mail Services. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
DNS, Web and Mail Services questions on the LPIC-2 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. DNS, Web and Mail Services is tested as part of the Linux Professional Institute Certification Level 2 LPIC-2 blueprint. Practicing with targeted DNS, Web and Mail Services questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free LPIC-2 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but DNS, Web and Mail Services is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full DNS, Web and Mail Services practice session with instant scoring and detailed explanations.
Start DNS, Web and Mail Services Practice →