- Apr 25, 2013
- 3,372
- 36
- 28,640
When you install a DNS server in a client/server architecture, and especially when the DNS server is the domain controller itself, by default it is configured to allow the DNS client computers to register their IP addresses and host names with it, provided they are the members of the domain. In case the requesting DNS client computer is not the member of the domain, the DNS server denies their registration requests, hence not allowing them to automatically update the DNS records with their information. This is technically known as Secure Dynamic Updates in context of the DNS server.
The above discussed configuration is important in security oriented organizations where the administrators want only the domain client computers to be able to register their information with the DNS server automatically. Administrators may want to do so in order to prevent any DNS poisoning, or to keep any unauthorized person from over populating the DNS with junk and fake records.
Apart from the above, there are some other organizations which do not want the DNS servers to automatically update their records whatsoever. In such cases, the administrators can configure the DNS servers accordingly, where the DNS server denies to register any records in its database that the DNS clients request. When the DNS server is configured this way, the administrators are required to manually update the DNS records every time a new client computer is added to the domain in order to allow the computer to communicate with the DNS server and all other computers in the network.
Here is what you need to do in order to configure a Windows Server 2012 DNS server to never accept automatic updates from client computers:
The above discussed configuration is important in security oriented organizations where the administrators want only the domain client computers to be able to register their information with the DNS server automatically. Administrators may want to do so in order to prevent any DNS poisoning, or to keep any unauthorized person from over populating the DNS with junk and fake records.
Apart from the above, there are some other organizations which do not want the DNS servers to automatically update their records whatsoever. In such cases, the administrators can configure the DNS servers accordingly, where the DNS server denies to register any records in its database that the DNS clients request. When the DNS server is configured this way, the administrators are required to manually update the DNS records every time a new client computer is added to the domain in order to allow the computer to communicate with the DNS server and all other computers in the network.
Here is what you need to do in order to configure a Windows Server 2012 DNS server to never accept automatic updates from client computers:
- ■Log on to the DNS server using the Domain Admin for Enterprise Admin account.
■If not automatically started, initialize the Server Manager window by clicking its icon from the bottom left corner of the screen.
■On the opened Server Manager window, from the left pane, click to select DNS.
■From the right pane, under the SERVERS section, right-click the DNS server.
■From the displayed context menu, click the DNS Manager option.
■On the opened DNS Manager snap-in, from the left pane, expand the server name.
■Expand Forward Lookup Zones.
■From the expanded list, click to select the name of the domain. (MYDOMAIN.COM for this demonstration.).
■Once selected, right-click the name of the domain, and from the displayed context menu, go to Properties.
■On the opened domain’s properties box, make sure that you are on the General tab.
■Choose None from the Dynamic updates drop-down list.
■Once done, click OK to save the changes.
■Back on the DNS Manager snap in, right-click the server name from the left pane.
■From the displayed context menu, go to All Tasks > Restart in order to restart the DNS services so that the configured modifications can become effective.
Facebook
Twitter
Instagram