question

JeroenBleeker-1611 avatar image
0 Votes"
JeroenBleeker-1611 asked ·

Question about secure and unsecure DNS registration

Hi

In Windows DNS servers you can configure a DNS zone with one of these options:
- secure
- nonsecure and secure
- none

When you choose "nonsecure and secure" -> when you want a secure registration as a client, how can you force that (i think it is impossible and that you can't use a secure registration when you use this option) .

Regards, Jeroen BLeeker

windows-dhcp-dns
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered ·

Hi,

Thanks for posting in Q&A platform.

I'm afraid your goal cannot be achieved. By default, dynamic update security for DNS servers and clients are handled as this: DNS clients attempt to use unsecured dynamic update first. If an unsecured update is update successfully, the client will no longer request a secure update. If an unsecured update is refused, clients try to use secure update. DNS update security is available only for zones that are integrated into Active Directory.

Unsecured dynamic update allows anyone on your network to register DNS records with no Active Directory authentication required.

So, normally, we recommend configure Dynamic updates as Secure only.

For more details regarding DNS dynamic update, please refer to the following article:

Understanding Dynamic Update

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JeroenBleeker-1611 avatar image
0 Votes"
JeroenBleeker-1611 answered ·

Hi Sunny,

Thanx for your response. I think Microsoft should have called it 'nonsecure' and not 'nonsecure and secure', it's misleading.

Regards, Jeroen Bleeker

· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Jeroen Bleeker,

Thank you very much for your feedback. Yes, it's nonsecure and secure dynamic update.

If there is anything else we can do for you, please feel free to post in the forum.

Have a nice day!

Sunny

0 Votes 0 ·