Know problems in combination with windows DNS
Andrew C. Dingman
adingman at cookgroup.com
Fri Oct 20 17:50:57 UTC 2006
On Fri, 2006-10-20 at 16:09 +0100, Simon Hobson wrote:
> Andrew C. Dingman wrote:
>
> >I've also had success in the lab with the BIND server as the master for
> >those domains as well. It does require that you allow updates from each
> >AD controller for those sub-domains, but it works.
>
> Allow update by IP address - yes it will work, but you need to be
> aware that ANY user with an account allowing them to login on that
> server will be able to do whatever they want with your dns entries.
>
> It may not be a problem for some, but you need to be aware of it.
>
>
Indeed. It's a shame that MS products don't support TSIG.
We don't allow logins to the domain controllers except by domain
administrators, so for us it comes out to the same set of people having
control.
More information about the dhcp-users
mailing list