Know problems in combination with windows DNS

Andrew C. Dingman adingman at
Fri Oct 20 17:50:57 UTC 2006

On Fri, 2006-10-20 at 16:09 +0100, Simon Hobson wrote:
> Andrew C. Dingman wrote:
> >I've also had success in the lab with the BIND server as the master for
> >those domains as well. It does require that you allow updates from each
> >AD controller for those sub-domains, but it works.
> Allow update by IP address - yes it will work, but you need to be 
> aware that ANY user with an account allowing them to login on that 
> server will be able to do whatever they want with your dns entries.
> It may not be a problem for some, but you need to be aware of it.
Indeed. It's a shame that MS products don't support TSIG.

We don't allow logins to the domain controllers except by domain
administrators, so for us it comes out to the same set of people having

More information about the dhcp-users mailing list