Re: DNS Server Refuses Updates from DHCP

From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
Date: Thu, 2 Nov 2006 12:04:08 -0000

Last time I check you needed dedicated user account with non-expiring pw.
but check
http://technet2.microsoft.com/WindowsServer/en/library/d0e19b57-c368-46c2-b017-caf25ae150ec1033.mspx?mfr=true

--
I hope that the information above helps you
Good Luck

Jorge Silva
MCSA
Systems Administrator

"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message news:baqdnfe7gsY4tNTYnZ2dnUVZ_rGdnZ2d@xxxxxxxxxxxxxxx

"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:OaOvqgc$GHA.4292@xxxxxxxxxxxxxxxxxxxxxxx

Is that zone accepting dynamic updates?
Have you assigned a user account with a non-expiring password in the DHCP
scope properties for the DHCP server to authenticate with the DNS server?

Or
did you change that password recently?
are you seeing errors in eventvwr.
You can also run network monitor to check what is going on...

Is the only requirement for the domain account that runs DHCP that it be in
the DNS Updates reserved group on the domain controller? What is the
absolute minimum permissions that this service account must have?

I really hate to run services as domain accounts, since Microsoft stores the
passwords of such accounts in system memory as clear text, and it's a common
hacker trick when doing a buffer overload on a service to grab those
accounts and passwords and use them for further attacks. Would there be
any way to run the DHCP service as one of the reserved accounts like Network
Service?

--
Will

References:
- DNS Server Refuses Updates from DHCP
  - From: Will
- Re: DNS Server Refuses Updates from DHCP
  - From: Jorge Silva
- Re: DNS Server Refuses Updates from DHCP
  - From: Will

Prev by Date: Re: Reverse Zone File not loaded on Server Reboot
Next by Date: Re: Standard Query A <Root>
Previous by thread: Re: DNS Server Refuses Updates from DHCP
Next by thread: Re: DNS Server Refuses Updates from DHCP
Index(es):
- Date
- Thread

Relevant Pages

Re: DNS Server Refuses Updates from DHCP
... DHCP scope properties for the DHCP server to authenticate with the ... Is the only requirement for the domain account that runs DHCP that it ... enter a dedicated user account credentials. ...
(microsoft.public.windows.server.dns)
Re: Windows DNS Server and non-microsoft clients
... properties, select the Advanced tab, click the Credentials button, ... enter the credentials for a dedicated user account that should ... is optional and is a security risk if you give the account to many ... I have found that if DHCP registers for even the Domain members that are ...
(microsoft.public.windows.server.dns)
Re: DNS Server Refuses Updates from DHCP
... By default the memebers of the Authenticated users have the Permissions to create all child objects under Dns Zone, and this is one of other groups with less permissions defined by default in the Zone properties. ... I guess that if you don't want to take MS advise you can create another AD account and give that account permissions to create all child objects under the zone properties and that should be enough. ... Would there be any way to run the DHCP service ...
(microsoft.public.windows.server.dns)
Re: DHCP security breach
... all authenticated users can create RRs in DNS zones. ... so if you configure your DHCP with a SIMPLE user account only ... important DNS records by preventing DHCP from rewriting them. ... ACL that this account must have on DNS zones. ...
(microsoft.public.win2000.security)
Re: DHCP user gets Account Disabled error frequently
... account but later mention disjion/rejoin the pc to the domain which is the ... DHCP in of itself would have nothing to do with either. ... Dave Patrick ....Please no email replies - reply in newsgroup. ... this location that we have this problem and only with this one laptop. ...
(microsoft.public.win2000.general)