Re: secure ddns risks?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 03/17/04 

Date: Wed, 17 Mar 2004 06:45:50 -0700

If a DNS domain is configured to allow updates, and it
accepts the update message from one of your clients, then
yes the dynamic update will be processed and if it make
record changes those will happen.
Most zones are not configured to allow unsecured updates.
So, if your client sends a dDNS update to some zone out in
the world it will most likely only be seen as an annoyance
but one that has no effect.

That a client tries to update is not the controlling factor.
How the target zone is configured controls what happens. 

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"secure?" <anonymous@discussions.microsoft.com> wrote in message
news:e41401c40b62$925808c0$a101280a@phx.gbl...
>
> thanks for the response and excuse my typos..
>
> my impression is regardless whether you own cnn.com or
> not, you may still be able to do it..I cannot see where
> this is being stopped.
>
> Of course, how big the impact of this is a different
> issue,as not many people would be refer to this...
>
>
> >-----Original Message-----
> >Well, that is true, assuming that you also own the
> cnn.com
> >zone and/or have it on a DNS server along the resolution
> >path of your allowed security dDNS client.
> >
> >-- 
> >Roger Abell
> >Microsoft MVP (Windows Server System: Security)
> >MCSE (W2k3,W2k,Nt4)  MCDBA
> >"secure?" <anonymous@discussions.microsoft.com> wrote in
> message
> >news:da1801c40afc$0488d850$a501280a@phx.gbl...
> >> it seems to me that the secure update only keeks you
> >> from modify other's records, but not prevents you from
> >> creating names you may not own, say host123.cnn.com, if
> >> your machine is a multihomed one and you use a
> connection
> >> specific dns suffix - cnn.com
> >>
> >
> >
> >.
> >

Relevant Pages

  • RE: suddenly strange DNS/Active Directory related symptoms
    ... another client who was also experiencing the outage that SBCGlobal corrected ... The DNS service does not load all its zones on a DNS server that is running ... Domain Zone. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • RE: 2 users 1 workstation
    ... XP workstation to the SBS2003 domain, after you click Finish, you receive ... this issue can occur if the DNS forward lookup zone ... In the Domain Controller Security policy on the server, ...
    (microsoft.public.windows.server.sbs)
  • Re: DHCP/DNS questions.. couple weeks before going live and want to clear up a few concerns..
    ... Ultimately what I'm going to do is create a new VLAN for my engineers DHCP clients and keep the existing VLANas a static only subnet for all their servers... ... because any client that re-visits will retain their lease.. ... regarding the DNS registrations via DHCP.. ... What I'm planning on doing is taking the current primary zone(ionaglobal.com) and on the primary DCI'm going to remove the zone from being active directory integrated.. ...
    (microsoft.public.windows.server.dns)
  • Re: SIDs in Security Tab slow to resolve
    ... in the Local Policies / Security Options ... >>Is your XP client set to try to use digital signing ... >>Roger Abell ... >>> DNS, etc. - I think you could be onto something. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: SIDs in Security Tab slow to resolve
    ... Security) ... how NetBIOS names resolve vs. ... > DNS, etc. - I think you could be onto something. ... When this is so, the client first ...
    (microsoft.public.windowsxp.security_admin)