> -----Original Message----- > From: Danny Mayer [mailto:ma...@gis.net] > Sent: Sunday, February 08, 2009 8:32 PM > To: Vinny Abello > Cc: Baird, Josh; bind-users@lists.isc.org > Subject: Re: Case For Microsoft DNS v. BIND 9 - Or Best Practices > ForCoexisting > > Vinny Abello wrote: > >> Baird, Josh wrote: > >>> Actually, yes, if you have dynamic DNS registration enabled on the > >> client/host and server, an 'A' record will automatically be created > in > >> the AD zone. > >> It needs to be registered in the domain first. Otherwise any system > >> could mascarade as another system. > >> > >> Danny > > > > And they can if the administrator mistakenly allows unsecure dynamic > updates. > > > > Registration of the system in ADS has nothing to do with dynamic > updates > of the DNS records.
Right. We're talking about dynamic updates in DNS, not the creation of computer accounts in AD. That was my point. If the allow dynamic updates setting is not set to secure only, anybody that can send a DDNS update to the server can update a record. -Vinny _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
