BIND 8.2.2P5, Windows 2000, and security
Barry Finkel
b19141 at achilles.ctd.anl.gov
Tue May 2 18:21:33 UTC 2000
"Delmer Harris" <dharris at kcp.com> wrote:
>I am running 8.2.2P5 on Solaris 2.7 in a test setup, trying to support
>Windows 2000 for our server development group. I have allowed updates
>from the domain controllers and thought all was well. Now the Windows
>2000 server group tells me I must allow updates from all workstations
>as well. This goes against my security instincts, as I don't trust all
>the workstations on our network.
The MS default is for each Win2k box to register itself dynamically
in DNS. This can easily be turned off via the TCP/IP properties
menu. Individual Win2k workstations do not need to update DNS, and I
would never allow dynamic DNS from workstations unless I were forced
to do so.
I need to do some more testing with Win2k because when I
captured dynamic DNS traces, I did not keep track of which release of
the MS code was being used. It appears that machines may behave
differently in these two scenarios:
1) some pre-RTM version of Win2k upgraded to the RTM release
2) a fresh install of the RTM release.
At least that is what MS has told us. We have to re-configure our
Win2k test network before I can get some more DNS traces. Some of
the trace data I have are contradictory.
----------------------------------------------------------------------
Barry S. Finkel
Electronics and Computing Technologies Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-9689
Building 221, Room B236 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4844 IBMMAIL: I1004994
More information about the bind-users
mailing list