|
Forgive me if this has been discussed before; I think I need
some basic answers. Current environment: Educational environment (college). Windows 2000 Native Mode, Single domain, Windows 2000 DNS Server, non-DC Every conceivable client OS from Win
9x to Linux. Here's the issue.
Our current DNS utilizes Dynamic Updates, and includes both servers and
clients. This is working OK, except
when someone (in our case usually a student) decides to name their computer the
same name as a server. An
example: Someone names their
machine HOME. There is a server
here named HOME. When the computer
is added to the domain, DHCP provides an IP address, then
either DHCP or the computer (depends on OS) dynamically updates the DNS record
of HOME to point to the "new" HOME machine. Obviously, we see this as an issue -
basically students can "take over" the name of a server. This has happened only a few times, and
it was inadvertent; we would like to make it technically difficult or even
impossible to do. So...my question is, can I make my main DNS server a DC,
then secure our DNS in some way to only allow certain users or domain computers
to dynamically update the Host records?
Also, how much granularity is there to Secure DNS? Anyone with insight...thanks for your responses. -Tom Barber Systems Manager |
- RE: [ActiveDir] Secure DNS Barber Tom
- RE: [ActiveDir] Secure DNS Elizabeth Farrell
- RE: [ActiveDir] Secure DNS Darren Sykes
- Re: [ActiveDir] Secure DNS Paul Sobey
- RE: [ActiveDir] Secure DNS Darren Sykes
- RE: [ActiveDir] Secure DNS Elizabeth Farrell
- RE: [ActiveDir] Secure DNS Barber Tom
