nsupdate and Microsoft DNS server

Barry Finkel b19141 at achilles.ctd.anl.gov
Thu Aug 5 13:53:06 UTC 2004


"itsd itsd" <itsd2001 at hotmail.com> wrote:

>Just find out that nsupdate utility that came with BIND 9.x can add/delete 
>any record on our Microsoft DNS server.
>
>Microsoft DNS server is running on Windows 2000 SP4 and it is not integrated 
>with Active directory. The dynamic update is enabled.
>
>How can I prevent/disable nsupdate to add/delete any record on DNS server?

On a BIND server, DDNS is disabled by default.  You have to add an

     allow-update{...;};

clause in the zone definition.  For a MS W2k or W2k+3 DNS Server,
the "General" tab on the zone properties has three choices for
"Allow dynamic updates?"

     No
     Yes
     Only secure updates

So you either have no DDNS, DDNS from anyone, or secure DDNS via an 
MS-proprietary security method (that is not yet implemented in BIND).
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994



More information about the bind-users mailing list