BIND 8.2.2P5, Windows 2000, and security

petera1 at my-deja.com petera1 at my-deja.com
Thu May 11 00:54:27 UTC 2000 

We're going to only allow the W2K DHCP do updates.

You need to still allow wks to do updates in their settings, but you
MUST have the DHCP set to "always update DNS".

This is because the wks and DHCP server negotiate as to who will do the
update.

Regards,

Peter Anderson
Westpac Banking Corporation
61 2 9902 5938

In article <8en6oh$nap$1 at FreeBSD.csie.NCTU.edu.tw>,
  b19141 at achilles.ctd.anl.gov (Barry Finkel) wrote:
> "Delmer Harris" <dharris at kcp.com> wrote:
>
> >I am running 8.2.2P5 on Solaris 2.7 in a test setup, trying to
support
> >Windows 2000 for our server development group.  I have allowed
updates
> >from the domain controllers and thought all was well.  Now the
Windows
> >2000 server group tells me I must allow updates from all workstations
> >as well.  This goes against my security instincts, as I don't trust
all
> >the workstations on our network.
>
> The MS default is for each Win2k box to register itself dynamically
> in DNS.  This can easily be turned off via the TCP/IP properties
> menu.  Individual Win2k workstations do not need to update DNS, and I
> would never allow dynamic DNS from workstations unless I were forced
> to do so.
>
> I need to do some more testing with Win2k because when I
> captured dynamic DNS traces, I did not keep track of which release of
> the MS code was being used.  It appears that machines may behave
> differently in these two scenarios:
>
>      1) some pre-RTM version of Win2k upgraded to the RTM release
>      2) a fresh install of the RTM release.
>
> At least that is what MS has told us.  We have to re-configure our
> Win2k test network before I can get some more DNS traces.  Some of
> the trace data I have are contradictory.
> ----------------------------------------------------------------------
> Barry S. Finkel
> Electronics and Computing Technologies Division
> Argonne National Laboratory          Phone:    +1 (630) 252-7277
> 9700 South Cass Avenue               Facsimile:+1 (630) 252-9689
> Building 221, Room B236              Internet: BSFinkel at anl.gov
> Argonne, IL   60439-4844             IBMMAIL:  I1004994
>
>


Sent via Deja.com http://www.deja.com/
Before you buy.

More information about the bind-users mailing list