BIND 8.2.2P5, Windows 2000, and security
Eric A. Hall
ehall at ehsco.com
Tue May 2 18:48:48 UTC 2000
> My W2K contact says the workstations have to use dynamic updates to
> support shares and to allow network browsing.
He's mistaken. The W2K servers need to be able to dynamically create SRV
records for the domain they are providing authentication, cataloging and
other services for, but the workstations do not.
> According to him these are advertised as services and supported by
> SRV records added and removed from DNS using dynamic updates.
Servers yes, workstations no, unless the workstations are running server
applications.
> If it really is necessary to allow workstations to update DNS then I
> think I will have to delegate a subdomain to W2K. If the W2K DNS
> declares itself a slave for the main domain, and I allow zone
> transfers from the main domain's DNS servers, then the W2K server
> should have all the information of the main domain but the main
> domain's DNS servers will not need to ever know anything about the
> subdomain. I would welcome comments on the merits of this solution.
That will work just fine.
--
Eric A. Hall ehall at ehsco.com
+1-650-685-0557 http://www.ehsco.com
More information about the bind-users
mailing list