Configuring Secure Dynamic Update
By default, Windows Server 2003 DHCP servers do not attempt to perform dynamic updates on behalf of these clients. There are time when DHCP server needs to perform dynamic updates on behalf of the clients. Client computer running Microsoft Windows NT 4 does not have the capabilities to perform dynamic updates.
Although dynamic updates allow clients to update DNS resource records, this is not a secure method because there is no way of verifying the client identities. Any computers connected to the network would be able to perform dynamic updates. This is where configuring secure dynamic updates will make it more secure. Servers will only attempt to update the DNS resource records only after the client provide the server with their identity and other credential.
Secure Dynamic Updates are available only through Active Directory directory service and when Active Directory-integrated DNS is enabled.
Although dynamic updates allow clients to update DNS resource records, this is not a secure method because there is no way of verifying the client identities. Any computers connected to the network would be able to perform dynamic updates. This is where configuring secure dynamic updates will make it more secure. Servers will only attempt to update the DNS resource records only after the client provide the server with their identity and other credential.
Secure Dynamic Updates are available only through Active Directory directory service and when Active Directory-integrated DNS is enabled.
1. Open DNS Management Console. Expand Forward Lookup Zones. Right-click Domain and select Properties.
2. In General tab, click drop-down and select Secure Only.
3. Click Apply and OK