secure zones Rockstar <rockstar[ at ]playnet.net> 11/14/2008 7:37:05 AM Can anyone confirm this ? If I'm running AD integrated zones and using secure only updates. If workstations are renamed by users to names which already have registrations in DNS ("A" records), these will not be overwritten by dynamic dns ? Will be very helpful. thanks,

RE: secure zones James Yeomans BSc, MCSE 11/14/2008 12:37:01 PM I believe that is correct only the owner of a record in dns can update the record when secure dynamic updates are being used. The owner of the record is the client that created the record and even another client with the same name will not be thought of as the owner because it will have a different SID. Hope that helps JAmes. -- James Yeomans, BSc, MCSE Ask me directly at: http://www.justaskjames.co.uk "Rockstar" wrote: [Quoted Text] > Can anyone confirm this ? > > If I'm running AD integrated zones and using secure only updates. > > If workstations are renamed by users to names which already have > registrations in DNS ("A" records), these will not be overwritten by > dynamic dns ? > > Will be very helpful. > > thanks, >

Re: secure zones Rockstar <rockstar[ at ]playnet.net> 11/14/2008 7:17:36 PM Yes this clears it up for me. I do have another question though, how do you manage the records if your machines names do happen to change, for example a large imaging lab of notebooks. The notebook names will circle around however the same machine to be named the same would be very unlikely. Perhaps a bad example, but still demonstrates an example. This would result in wrong registrations, as the computer names would already have previously been registered. James Yeomans BSc wrote: [Quoted Text] > I believe that is correct only the owner of a record in dns can update the > record when secure dynamic updates are being used. The owner of the record is > the client that created the record and even another client with the same name > will not be thought of as the owner because it will have a different SID. > Hope that helps > JAmes.

Re: secure zones James Yeomans BSc, MCSE 11/14/2008 9:02:02 PM Hi there, you need to enable scavenging on zones to remove records that are no longer required. Best practice would also suggest you dont give the same name to multiple machines thats best avoided for exactly this sort of reason. James. -- James Yeomans, BSc, MCSE Ask me directly at: http://www.justaskjames.co.uk "Rockstar" wrote: [Quoted Text] > Yes this clears it up for me. > > I do have another question though, how do you manage the records if your > machines names do happen to change, for example a large imaging lab of > notebooks. The notebook names will circle around however the same > machine to be named the same would be very unlikely. Perhaps a bad > example, but still demonstrates an example. > > This would result in wrong registrations, as the computer names would > already have previously been registered. > > > > > > James Yeomans BSc wrote: > > I believe that is correct only the owner of a record in dns can update the > > record when secure dynamic updates are being used. The owner of the record is > > the client that created the record and even another client with the same name > > will not be thought of as the owner because it will have a different SID. > > Hope that helps > > JAmes. >

Re: secure zones "A, Deji" <deji[ at ]akomolafe.com> 11/14/2008 10:27:35 PM There is a slight "but..." that you left out. DNSUpdateProxy is a feature that allows name registration to be done on behalf of clients. In this case, the client will NOT be the owner of the record, so it is possible to override an existing record. That is one of the disadvantages of dnsproxyupdate. Deji "James Yeomans BSc, MCSE" <JamesYeomansBScMCSE[ at ]discussions.microsoft.com> wrote in message news:E8E7BE6F-5224-4D84-B2AC-5574629E7366[ at ]microsoft.com... [Quoted Text] >I believe that is correct only the owner of a record in dns can update the > record when secure dynamic updates are being used. The owner of the record > is > the client that created the record and even another client with the same > name > will not be thought of as the owner because it will have a different SID. > Hope that helps > JAmes. > -- > James Yeomans, BSc, MCSE > Ask me directly at: http://www.justaskjames.co.uk > > > "Rockstar" wrote: > >> Can anyone confirm this ? >> >> If I'm running AD integrated zones and using secure only updates. >> >> If workstations are renamed by users to names which already have >> registrations in DNS ("A" records), these will not be overwritten by >> dynamic dns ? >> >> Will be very helpful. >> >> thanks, >>

Re: secure zones Rockstar <rockstar[ at ]playnet.net> 11/15/2008 5:04:23 AM I was reading about this, it works with the DHCP registration. Are there any delays with this type of registration ? I can imagine a situation where the client has renamed, but the ip address has not changed due the long lease time. Do you have any further information ? A, Deji wrote: [Quoted Text] > There is a slight "but..." that you left out. DNSUpdateProxy is a > feature that allows name registration to be done on behalf of clients. > In this case, the client will NOT be the owner of the record, so it is > possible to override an existing record. That is one of the > disadvantages of dnsproxyupdate. > > Deji > > "James Yeomans BSc, MCSE" > <JamesYeomansBScMCSE[ at ]discussions.microsoft.com> wrote in message > news:E8E7BE6F-5224-4D84-B2AC-5574629E7366[ at ]microsoft.com... >> I believe that is correct only the owner of a record in dns can update >> the >> record when secure dynamic updates are being used. The owner of the >> record is >> the client that created the record and even another client with the >> same name >> will not be thought of as the owner because it will have a different >> SID. >> Hope that helps >> JAmes. >> -- >> James Yeomans, BSc, MCSE >> Ask me directly at: http://www.justaskjames.co.uk >> >> >> "Rockstar" wrote: >> >>> Can anyone confirm this ? >>> >>> If I'm running AD integrated zones and using secure only updates. >>> >>> If workstations are renamed by users to names which already have >>> registrations in DNS ("A" records), these will not be overwritten by >>> dynamic dns ? >>> >>> Will be very helpful. >>> >>> thanks, >>> >

Re: secure zones "Ace Fekay [Microsoft Certified Trainer]" <firstnamelastname[ at ]hotmail.com> 11/15/2008 5:48:04 PM In news:e43Ns9tRJHA.1148[ at ]TK2MSFTNGP05.phx.gbl, Rockstar <rockstar[ at ]playnet.net> requesting assistance, typed the following: [Quoted Text] > I was reading about this, it works with the DHCP registration. > > Are there any delays with this type of registration ? I can imagine a > situation where the client has renamed, but the ip address has not > changed due the long lease time. > > Do you have any further information ? > Using this feature allows DHCP to own and overwrite new registrations. But it's important to also configure DHCP properties, under DNS tab, to force DHCP to register both forward and reverse zones otherwise it will not have control of the reverse entries. It's all in here: How to configure DNS dynamic updates in Windows Server 2003With Windows Server 2003 http://support.microsoft.com/kb/816592 I hope that helps. -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT Microsoft Certified Trainer For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.