Case For Microsoft DNS v. BIND 9 - Or Best Practices ForCoexisting
Vinny Abello
vinny at tellurian.com
Mon Feb 9 01:54:04 UTC 2009
> -----Original Message-----
> From: Danny Mayer [mailto:mayer at gis.net]
> Sent: Sunday, February 08, 2009 8:32 PM
> To: Vinny Abello
> Cc: Baird, Josh; bind-users at lists.isc.org
> Subject: Re: Case For Microsoft DNS v. BIND 9 - Or Best Practices
> ForCoexisting
>
> Vinny Abello wrote:
> >> Baird, Josh wrote:
> >>> Actually, yes, if you have dynamic DNS registration enabled on the
> >> client/host and server, an 'A' record will automatically be created
> in
> >> the AD zone.
> >> It needs to be registered in the domain first. Otherwise any system
> >> could mascarade as another system.
> >>
> >> Danny
> >
> > And they can if the administrator mistakenly allows unsecure dynamic
> updates.
> >
>
> Registration of the system in ADS has nothing to do with dynamic
> updates
> of the DNS records.
Right. We're talking about dynamic updates in DNS, not the creation of computer accounts in AD. That was my point. If the allow dynamic updates setting is not set to secure only, anybody that can send a DDNS update to the server can update a record.
-Vinny
More information about the bind-users
mailing list