Implementation of Dynamic DNS security considerations under Win2000

Source: Internet
Author: User
Tags domain domain name client fully qualified domain name

Under Windows 2000, dynamic DNS is integrated with DHCP, WINS, and Active Directory (AD). There are three ways to implement DNS under Windows 2000 domains: integrated with Active Directory, primary DNS integrated with Active directories, secondary DNS that is not integrated with active directories, primary DNS that is not integrated with active directories, and secondary DNS that is not integrated with active directories. When DNS completes integration into the Active Directory, we can take advantage of the three important security features in the WINDOWS2000 network: Secure dynamic updates, secure zone transfers, access control lists for zone and resource records.

1.0 Security Dynamic Update

One of the most important security features in Dynamic DNS (DDNS) is security updates. One of the primary considerations when implementing security updates is the ownership of records consisting of DNS entries. Ownership is determined by the configuration of DHCP and support for the client.

There are two DNS records related to the client: a record and PTR record, a record resolves the name to the address, and the PTR record resolves the address to the name. Address refers to the IP address of a client, the name refers to a customer's fully qualified domain name, should be the computer name plus the domain name of the network.

In a Windows 2000 environment, client DNS records are registered when a client requests an IP through DHCP. Depending on the settings, the client, DHCP server, or both can update the customer's A and PTR records, who registers the record, and who has ownership of the record.

The following is an option to define the customer's A and PTR record ownership in the Windows2000 network.

1.1 Windows2000 Native Mode

In a Windows2000 environment, both the DHCP server and the DHCP client can register records through DNS. This Windows2000 environment is defined as "native mode" when the network is composed only of Windows2000 servers and clients.

When a client is a Windows2000 client, the default configuration is to dynamically update its own a record when the customer registers on the network, while the DHCP server updates the customer's PTR record. Therefore, the ownership of a record belongs to the client, and the ownership of the PTR record belongs to the DHCP server.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.