Re: DNS zone for Domain on Server in another Domain.

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 01/08/05 

Date: Sat, 8 Jan 2005 14:54:53 -0700

As we are here dealing with, as OP stated, external two-way
trust, are we sure that this is not due to the secured updating
depending on Kerberos? IIRC the DNS server impersonates
the updating client while it does the LDAP calls for the record
updates. 

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@usw-consulting.com> wrote in
message news:eQXH6dY9EHA.2568@TK2MSFTNGP10.phx.gbl...
> "Sezgin Rafed" <anonymous@anonymous.com> wrote in message
> news:anonymous@anonymous.com:
> > Hi everyone,
> >
> > The primary zone for a Windows 2000 domain(DOM1) resides on a DNS
> > Server(DNS1) which is a member of another domain(DOM2). There is a
> > two-way
> > external trust between DOM1 and DOM2.
> > The DC's and most workstations in DOM1 have trouble dynamically
> > registering
> > their IP addresses(I suspect it is a security issue - may be due to
> > inadequate settings.)
> >
> > Which settings should I check out ?
> > What should I do to solve the problem ?
> >
>
> Hello Sezgin,
>
> The permissions which should be enough are mentioned in the following
> message:
>
http://groups-beta.google.com/group/microsoft.public.windows.server.dns/msg/a3e3dbd24722b280
>
> You could create your own group which includes the DHCP-Server, the
> servers and all clients and allow set that group in the DNS-Zones
> security.
> I haven't tested that, but it should work. So if you are going do go
> that way I'd apprechiate feedback.
>
> -- 
> Gruesse - Sincerely,
>
> Ulf B. Simon-Weidner
>
>   MVP-Book "Windows XP - Die Expertentipps":  http://tinyurl.com/44zcz
>   Weblog: http://msmvps.org/UlfBSimonWeidner
>   WebSite: http://www.windowsserverfaq.org