Static ip and static DNS

Discussion in 'DNS Server' started by sawyer, Nov 3, 2009.

  1. sawyer

    sawyer Guest

    Hello

    My domain is at a windows 2003 native mode and 2003 forest mode. I have an
    AD integrated DNS zone that allows for secure DNS updates only. If a server
    is configured with a static ip address and static DNS settings, then when
    the server registers its ip address and name in DNS, then who owns the
    record? also because DHCP was not used to supply the server with an ip and
    DNS settings, then is the A record for the server in DNS subject to DNS
    scavenging? Do I need to make the A record static in DNS to avoid the record
    getting scavenged? a little confused on this particular topic

    Thanks
     
    sawyer, Nov 3, 2009
    #1
    1. Advertisements

  2. hi sawyer, thanks for the post. the record is technically owned by the SYTEM
    account on the DNS server but i think what you are asking is who can make
    changes. fore secure only zones, a statically configured resource will
    register its own record and will therefore have rights to update that record.
    by default, there are other accounts which can manage all records including
    SYSTEM (which is what allows the DNS Server to scavenge the record) and
    standard enterprise administrative accounts like ENTERPRISE DOMAIN
    CONTROLLERS, Enterprise Admins, etc.

    Even though the IP address is configured statically, the DNS record is
    registered dynamically. this means that if aging is configured for the zone,
    and any DNS server is configured for scavenging which owns that zone, the
    record will be aged and scavenged.

    For more detailed information:
    http://cbfive.com/blog/post/Enabling-DNS-Secure-Only-Updates.aspx

    --
    hth.

    /rich

    http://cbfive.com
    http://cbfive.com/blogs
     
    Rich Crandall, Nov 4, 2009
    #2
    1. Advertisements

  3. A little further clarity for Sawyer on scanvenging.

    Any dns record that was statically entered (By default) will not be
    scavenged. You have to go to the specific host record (A) and check the
    scavenge option. This option only becomes visible when you are in advanced
    view within the mmc dns console.

    --
    Paul Bergson
    MVP - Directory Services
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4
    Microsoft's Thrive IT Pro of the Month - June 2009

    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup This
    posting is provided "AS IS" with no warranties, and confers no rights.
     
    Paul Bergson [MVP-DS], Nov 4, 2009
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.