Windows 2000 question ...
Jim Reid
jim at rfc1035.com
Wed Feb 16 18:38:54 UTC 2000
>>>>> "Jeffery" == Jeffery Richards [2667] <jrichard at mda.ca> writes:
Jeffery> I'm running Bind 8.2.x and I'm getting the message:
Jeffery> 16-Feb-2000 18:08:24.272 security: notice: unapproved
Jeffery> update from [1.2.3.4].4555 for domain.ca
Jeffery> which I understand is W2K doing its thing. I'm a unix
Jeffery> guy with no exposure to MS-land so I want to ask two
Jeffery> questions:
Jeffery> a) is this to be allowed? i.e. should I adjust
Jeffery> named.conf to permit it
Probably not, but this might well break W2K's Active Directory Service
which is fairly important to those boxes. Giving anything unrestrained
write access to the DNS gives me the heebie-jeebies. So you might want
to consider delegating a domain for those W2K boxes to scribble away
to their heart's content, well away from your important resource
records for your web, mail, name, etc servers.
IIUC W2K uses dynamic updates to make the DNS more WINS-like: "Hey,
I'm a Domain Controller/RAS Server/etc, etc". If these updates are
rejected, your W2K boxes might have trouble finding each other.
Jeffery> b) if not, how do I tell them to
Jeffery> adjust their machines to stop it?
Sorry, I have no idea. There will probably be some registry setting
somewhere I expect.
More information about the bind-users
mailing list