MS dynamic DNS supports static and dynamic entries in same zone?

[Danny Mayer]

At 04:46 PM 11/27/01, George Young wrote:

>This does not directly answer your question but -
>
>When a M$ W2K DDNS zone is created then set to be dynamically updated, the
>zone files then become non-bind compliant. You will not be able to take a M$
>DDNS zone file and running it on a Bind compliant machine. You probably
>would never want to do this anyway but its worth noting.
>
>M$ adds extra fields to the resource records that are dynamically created,
>the entries that are statically created do not have these fields. So there
>is a difference between static and dynamic created entries within a zone
>file. Also you are not suppose to be able to dynamically alter a static
>entry in M$ DDNS.
>
>These extra fields contain information that the M$ scavenge utility uses. M$
>allows either workstations or the DHCP server to make dynamic updates in a
>rather uncontrolled way, the result is that your M$ DDNS can become clutter
>with stale, invalid, obsolete entries. These extra fields associated with
>dynamic entries indicate when the entry should be removed by the scavenge
>utility.
>
>Also worth nothing that unlike Bind, there isn't an effective way to control
>who can make updates to your server and who can't. Unless you go around and
>enable DDNS update encryption on all of your machines and DDNS server,  any
>workstation, anywhere could alter records in your DDNS server.

You should only allow a DHCP server update zone information outside of
the administrator running nsupdate to add/update static resource records.
Individual workstations/PC's should never be allowed to update any DNS
information themselves for the reasons that you noted.

         Danny