BIND 8.2.2P5, Windows 2000, and security
petera1 at my-deja.com
petera1 at my-deja.com
Thu May 11 00:54:27 UTC 2000
We're going to only allow the W2K DHCP do updates.
You need to still allow wks to do updates in their settings, but you
MUST have the DHCP set to "always update DNS".
This is because the wks and DHCP server negotiate as to who will do the
update.
Regards,
Peter Anderson
Westpac Banking Corporation
61 2 9902 5938
In article <8en6oh$nap$1 at FreeBSD.csie.NCTU.edu.tw>,
b19141 at achilles.ctd.anl.gov (Barry Finkel) wrote:
> "Delmer Harris" <dharris at kcp.com> wrote:
>
> >I am running 8.2.2P5 on Solaris 2.7 in a test setup, trying to
support
> >Windows 2000 for our server development group. I have allowed
updates
> >from the domain controllers and thought all was well. Now the
Windows
> >2000 server group tells me I must allow updates from all workstations
> >as well. This goes against my security instincts, as I don't trust
all
> >the workstations on our network.
>
> The MS default is for each Win2k box to register itself dynamically
> in DNS. This can easily be turned off via the TCP/IP properties
> menu. Individual Win2k workstations do not need to update DNS, and I
> would never allow dynamic DNS from workstations unless I were forced
> to do so.
>
> I need to do some more testing with Win2k because when I
> captured dynamic DNS traces, I did not keep track of which release of
> the MS code was being used. It appears that machines may behave
> differently in these two scenarios:
>
> 1) some pre-RTM version of Win2k upgraded to the RTM release
> 2) a fresh install of the RTM release.
>
> At least that is what MS has told us. We have to re-configure our
> Win2k test network before I can get some more DNS traces. Some of
> the trace data I have are contradictory.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Electronics and Computing Technologies Division
> Argonne National Laboratory Phone: +1 (630) 252-7277
> 9700 South Cass Avenue Facsimile:+1 (630) 252-9689
> Building 221, Room B236 Internet: BSFinkel at anl.gov
> Argonne, IL 60439-4844 IBMMAIL: I1004994
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
More information about the bind-users
mailing list