nsupdate and Microsoft DNS server
Barry Finkel
b19141 at achilles.ctd.anl.gov
Thu Aug 5 13:53:06 UTC 2004
"itsd itsd" <itsd2001 at hotmail.com> wrote:
>Just find out that nsupdate utility that came with BIND 9.x can add/delete
>any record on our Microsoft DNS server.
>
>Microsoft DNS server is running on Windows 2000 SP4 and it is not integrated
>with Active directory. The dynamic update is enabled.
>
>How can I prevent/disable nsupdate to add/delete any record on DNS server?
On a BIND server, DDNS is disabled by default. You have to add an
allow-update{...;};
clause in the zone definition. For a MS W2k or W2k+3 DNS Server,
the "General" tab on the zone properties has three choices for
"Allow dynamic updates?"
No
Yes
Only secure updates
So you either have no DDNS, DDNS from anyone, or secure DDNS via an
MS-proprietary security method (that is not yet implemented in BIND).
----------------------------------------------------------------------
Barry S. Finkel
Computing and Instrumentation Solutions Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list