Under Windows 2000, dynamic DNS is integrated with DHCP, WINS, and Active Directory (AD). There are three ways to implement DNS under Windows 2000 domains: integrated with Active Directory, primary DNS integrated with Active directories, secondary DNS that is not integrated with active directories, primary DNS that is not integrated with active directories, and secondary DNS that is not integrated with active directories. When DNS completes integration into the Active Directory, we can take advantage of the three important security features in the WINDOWS2000 network: Secure dynamic updates, secure zone transfers, access control lists for zone and resource records.
1.0 Security Dynamic Update
One of the most important security features in Dynamic DNS (DDNS) is security updates. One of the primary considerations when implementing security updates is the ownership of records consisting of DNS entries. Ownership is determined by the configuration of DHCP and support for the client.
There are two DNS records related to the client: a record and PTR record, a record resolves the name to the address, and the PTR record resolves the address to the name. Address refers to the IP address of a client, the name refers to a customer's fully qualified domain name, should be the computer name plus the domain name of the network.
In a Windows 2000 environment, client DNS records are registered when a client requests an IP through DHCP. Depending on the settings, the client, DHCP server, or both can update the customer's A and PTR records, who registers the record, and who has ownership of the record.
The following is an option to define the customer's A and PTR record ownership in the Windows2000 network.
1.1 Windows2000 Native Mode
In a Windows2000 environment, both the DHCP server and the DHCP client can register records through DNS. This Windows2000 environment is defined as "native mode" when the network is composed only of Windows2000 servers and clients.
When a client is a Windows2000 client, the default configuration is to dynamically update its own a record when the customer registers on the network, while the DHCP server updates the customer's PTR record. Therefore, the ownership of a record belongs to the client, and the ownership of the PTR record belongs to the DHCP server.