Non-secure updates means that anyone can update a dynamic DNS entry, because there's no workstation level authentication required in order to update the entry. Anyone can create a new entry, and anyone can "update" and existing entry.
Cheers Ken -----Original Message----- From: Ajay Kulsh [mailto:[EMAIL PROTECTED] Sent: Tuesday, 8 January 2008 7:45 AM To: NT System Admin Issues Subject: Re: DNS dynamic updates - Secure vs. Nonsecure Carl, Thanks for replying. I had gone thru that long article and still was not sure what is the harm in having no secure updates. Also that article does not say why secure updates might fail. That article also states that "secure dynamic updates functionality can be compromised if the following conditions are true: . You run a DHCP server on a Windows Server 2003-based domain controller and . The DHCP server is configured to perform registration of DNS records on behalf of its clients." As a consultant, I often find DHCP servers configured on DCs and they, by default, register DNS on behalf of clients, so Secure dynamic updates functionality is hardly used... Jay ----- Original Message ----- From: "Carl Webster" <[EMAIL PROTECTED]> To: "NT System Admin Issues" <[email protected]> Sent: Monday, January 07, 2008 12:21 PM Subject: Re: DNS dynamic updates - Secure vs. Nonsecure > > http://support.microsoft.com/kb/816592 > > > Webster > > ----- Original Message ---- > From: Ajay Kulsh <[EMAIL PROTECTED]> > Subject: DNS dynamic updates - Secure vs. Nonsecure > > Can anyone tell me what is the harm in having "Nonsecure" Dynamic DNS > updates in Windows 2003 DNS server, if any? For some reason, from some of > our subnets, clients (thru DHCP server or directly) cannot register their > A > and PTR records with the DNS server if we choose to have Secure Only > updates, so we have enable both Secure and Nonsecure. Has anyone had this > kind of problem before? Thanks. > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
