Allow only secure dynamic updates

To allow only secure dynamic updates

Open DNS
In the console tree, click the applicable zone.
Where?
- DNS
- applicable DNS server
- Forward Lookup Zones (or Reverse Lookup Zones)
- applicable zone
On the Action menu, click Properties.
On the General tab, verify that the zone type is Active Directory-integrated.
In the Allow dynamic updates? drop-down list, click Only secure updates.

caution Caution

For Windows 2000, the use of secure dynamic updates can be compromised by running a DHCP server on a domain controller when Windows 2000 DHCP server is configured to perform registration of DNS records on behalf of its clients. To avoid this issue, deploy DHCP servers and domain controllers on separate computers. If you are not concerned about security of reverse lookup (PTR) records, this precaution is only advisable if the DHCP server is configured to perform registration of host (A) records on behalf of its clients (which is not a default behavior). For more information, see Related Topics.

note Note

To open DNS, click Start, point to Programs, point to Administrative Tools, and then click DNS.
Secure dynamic update is supported only for Active Directory-integrated zones. If the zone type is configured differently, you must change the zone type and directory integrate the zone prior to securing it for DNS dynamic updates.
Dynamic update is an RFC-compliant extension to the DNS standard. The DNS update process is defined in RFC 2136, "Dynamic Updates in the Domain Name System (DNS UPDATES)."