Re: Overwrite existing secure dns update with third part DHCP servers, is it possible?
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 02/09/04
- Next message: Rémi Després: "Re: SRV RRs support in Internet Explorer?"
- Previous message: Ulrik: "Clients can update records that has been registerd and are owned by DHCP server, why?"
- In reply to: Ulrik: "Re: Overwrite existing secure dns update with third part DHCP servers, is it possible?"
- Next in thread: Shane Brasher: "Re: Overwrite existing secure dns update with third part DHCP servers, is it possible?"
- Reply: Shane Brasher: "Re: Overwrite existing secure dns update with third part DHCP servers, is it possible?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 9 Feb 2004 07:50:06 -0700
My guess is that you are correct, it is the DHCP server that
adds the -1 to the name.
Have you looked at the permissions on the records that do
not allow overwrite ??
You are misinterpreting the use of the DNSproxyUpdate group.
When used, this allows DHCP to register the record, but also
allows a later machine to claim ownership/permissions over
that record. Without this group being used DHCP will retain
control.
It may simply be that your DHCP tests for existence, and if that
precondiiton that it does not exist is not met, instead of attempting
to remove it it adds the -1. This might be a configuration option
in your DHCP. If your DHCP is running in the same system account
as would MS DHCP (you did not state if this is on W2k or W2k3,
there is a chance that things would get as far as DNS attempting to
negotiate a security context with the DHCP (where things would
probably fail) and if this did succeed then DNS would use the
creds for the LDAP update of the record, which would then work.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Ulrik" <ulrix@hotmail.com> wrote in message news:evcFyCw7DHA.3360@tk2msftngp13.phx.gbl... > We have configured the DNA server to allow non secure and secure updates. > And it works fine if the (a) record does not exist, but if the name already > exist (as a non secure or a secure dns record) a new a-record is created as > name-1. > My guess is that the DCHP server puts the '-1' after the name!? > (In the non secure record it schould overwrite the record, but it does not.) > > /Ulrik > > > "sharad" <sharadnaik@nospam-vsnl.net> wrote in message > news:eW6BB9v7DHA.804@tk2msftngp13.phx.gbl... > > If the DHCP is miscrosoft.. then you can do that.. > > or if a DHCP server has a feature of using credentials > > to do secure update, then also it should work. > > If this feature is not there then you will have to > > do unsecure updates.. set the zones to allow non secure > > and secure updates.. > > > > Or set all cleints to register dynamic updates. > > > > Sharad > > "Ulrik" <ulrix@hotmail.com> wrote in message > > news:OjXxmuv7DHA.1672@TK2MSFTNGP12.phx.gbl... > > > > > > No, there are no opportunitys to enter credetials. > > > > > > The DHCP server and the DNS is located on the same DC server. > > > > > > /Ulrik > > > > > > > > > > > > > > /Ulrik > > > > > > > > > > > > "sharad" <sharadnaik@nospam-vsnl.net> wrote in message > > > > news:#pZWhbv7DHA.1112@tk2msftngp13.phx.gbl... > > > > > Is there provision in the Router, to enter credentials > > > > > for writing scure records? (a username and password > > > > > having appropriate rights, is required for secure updates.) > > > > > > > > > > Sharad > > > > > "Ulrik" <ulrix@hotmail.com> wrote in message > > > > > news:%232ygTZv7DHA.488@TK2MSFTNGP12.phx.gbl... > > > > > > Hi > > > > > > > > > > > > Windows 2003 DNS > > > > > > Cisco CNR DHCP > > > > > > > > > > > > Is it possible for a third part DCHP product to use the > > DNSproxyUpdate > > > > > group > > > > > > to register/overwrite existing (secure) dynamic dns records? > > > > > > Or is this only a Microsoft Windows (2000/2003) DHCP feature? > > > > > > > > > > > > Can third part DHCP products like Ciscos CNR only update basic > > > (unsecure > > > > > dns > > > > > > records)? > > > > > > > > > > > > Best regards > > > > > > Ulrik > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Rémi Després: "Re: SRV RRs support in Internet Explorer?"
- Previous message: Ulrik: "Clients can update records that has been registerd and are owned by DHCP server, why?"
- In reply to: Ulrik: "Re: Overwrite existing secure dns update with third part DHCP servers, is it possible?"
- Next in thread: Shane Brasher: "Re: Overwrite existing secure dns update with third part DHCP servers, is it possible?"
- Reply: Shane Brasher: "Re: Overwrite existing secure dns update with third part DHCP servers, is it possible?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
