Ken,
That is the definition of nonsecure update - but how can this be harmful, if
your network is physically secure?
Jay
----- Original Message -----
From: "Ken Schaefer" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[email protected]>
Sent: Monday, January 07, 2008 4:05 PM
Subject: RE: DNS dynamic updates - Secure vs. Nonsecure
Non-secure updates means that anyone can update a dynamic DNS entry, because
there's no workstation level authentication required in order to update the
entry. Anyone can create a new entry, and anyone can "update" and existing
entry.
Cheers
Ken
-----Original Message-----
From: Ajay Kulsh [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 8 January 2008 7:45 AM
To: NT System Admin Issues
Subject: Re: DNS dynamic updates - Secure vs. Nonsecure
Carl,
Thanks for replying. I had gone thru that long article and still was not
sure what is the harm in having nonsecure updates. Also that article does
not say why secure updates might fail.
That article also states that "secure dynamic updates functionality can be
compromised if the following conditions are true: . You run a DHCP server on
a Windows Server 2003-based domain controller and . The DHCP server is
configured to perform registration of DNS records on behalf of its clients."
As a consultant, I often find DHCP servers configured on DCs and they, by
default, register DNS on behalf of clients, so Secure dynamic updates
functionality is hardly used...
Jay
----- Original Message -----
From: "Carl Webster" <[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[email protected]>
Sent: Monday, January 07, 2008 12:21 PM
Subject: Re: DNS dynamic updates - Secure vs. Nonsecure
http://support.microsoft.com/kb/816592
Webster
----- Original Message ----
From: Ajay Kulsh <[EMAIL PROTECTED]>
Subject: DNS dynamic updates - Secure vs. Nonsecure
Can anyone tell me what is the harm in having "Nonsecure" Dynamic DNS
updates in Windows 2003 DNS server, if any? For some reason, from some of
our subnets, clients (thru DHCP server or directly) cannot register their
A
and PTR records with the DNS server if we choose to have Secure Only
updates, so we have enable both Secure and Nonsecure. Has anyone had this
kind of problem before? Thanks.
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>~
~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
