Question About Updates

I have not found a clear explanation of factors affecting Secure Dynamic
Updates, specifically regarding a potential user account for updating DNS
and the relationship to DHCP.

I have a network of Windows 2003, SP2 servers. DNS is AD Integrated. There
are 4 locations with Domain Controllers/servers..

Location 1: 2 Domain Controllers, both with DNS, one DC is also the DHCP
server for the location.

Location2: 1 DC with DNS and DHCP.

Locations 3 and 4: 1 DC each with DNS. Sites are small and static IP
addressing is used.

All DNS servers are Primary, pointing only to themseleves, forwards are the
ISP's DNS servers.

Currently Dynamic Updates are "Secure and Non-secure". I want to change to
"Secure Only" but the uncertainty about an user account and how it relates
to DNS and DHCP has held me back. I can find no clear explanation of this
anywhere. DNS works fine, its the Secure ONly issue that needs addressing.

thanks

dave Admin

 

Let me try to explain:

If you use secure updates only in DNS, computer account has to be verified
in AD before attempting an update to a DNS database. Now, if a DHCP is
configured to update DNS records for all clients, and if a client that is
not member of your domain gains ip address from DHCP, DHCP will write his
record in a DNS since DHCP is presumably a domain member.