How to Configure DNS Dynamic Update Credentials

Your instructor will demonstrate how to configure DNS dynamic update credentials, including:

Configuring DHCP server to use the account

*****************************illegal for non~trainer use ******************************

Introduction The Windows Server 2003 DNS Server service supports Dynamic DNS

updates, which allow client systems to add DNS records directly into the database. Dynamic DNS servers can receive malicious or unauthorized updates from an attacker by means of a client that supports the Dynamic DNS (DDNS) protocol if the server is configured to accept unsecured updates. At a minimum, an attacker can add bogus entries to the DNS database; at worst, the attacker can overwrite or delete legitimate entries in the DNS database.

DNS domain names that are registered by the Dynamic Host Configuration Protocol (DHCP) server are not secure if the DHCP server is a member of the DnsUpdateProxy group. Because objects that are created by the members of the DnsUpdateProxy group are not secure, you cannot use this group effectively in an Active Directory-integrated zone that allows only secure dynamic updates unless you take additional steps to allow records that are created by members of the group to be secured.

To protect against nonsecure records or to allow members of the DnsUpdateProxy group to register records in zones that allow only secured dynamic updates, you can create a dedicated user account and configure DHCP servers to perform DNS dynamic updates with the user account credentials (user name, password, and domain). The credentials of one dedicated user account can be used by multiple DHCP servers. A dedicated user account is a user account whose sole purpose is to supply DHCP servers with credentials for DNS dynamic update registrations.

When you create a dedicated user account and configure DHCP servers with the account credentials, each DHCP server supplies these credentials when it registers names on behalf of DHCP clients by using DNS dynamic update. The dedicated user account should be created in the forest where the primary DNS server for the zone to be updated resides.

Need to configure DNS dynamic update credentials

Procedure: Creating a user account

Procedure: Configuring DHCP server to use the account

Note The dedicated user account can also be located in another forest if the forest that the account resides in has a forest trust established with the forest that contains the primary DNS server for the zone to be updated.

To create a dedicated user account, perform the following steps on the DNS server:

1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

2. Expand the domain, right-click the Users container, click New, and then click User.

3. In the New Object - User dialog box, enter the information from the following table.



Full Name Specify a name

User Logon Name Specify a logon name

4. Click Next.

5. Specify a password, such as @6abra8aCRA&u!eCab-A.

6. Clear the User must change password at next logon option, select the Password never expires option, click Next, and then click Finish.

To configure a DHCP server to use the dedicated user account, perform the following steps:

1. Click Start, point to Administrative Tools, and then click DHCP.

2. Right-click the server name and then click Properties.

3. In the server properties dialog box, click the Advanced tab, and then click Credentials.

4. On the DNS Dynamic Update Credentials page, enter the information from the following table.



User Name Domain Password Confirm Password

Specify a user name Specify a domain name Specify a password Specify a password

5. Click OK twice, and then close DHCP.

Important When you install the DHCP service on a domain controller, configure the DHCP server with the credentials of the dedicated user account to prevent the server from inheriting (and possibly misusing), the power of the domain controller. When installed on a domain controller, the DHCP service inherits the security permissions of the domain controller and has the authority to update or delete any DNS record that is registered in a secure Active Directory-integrated zone. (This authority also applies to records that were securely registered by other computers in the domain, including domain controllers.)

Was this article helpful?

+4 -2
Search Engine Optimization Overview

Search Engine Optimization Overview

This is the 2nd volume of a 9 volume series called the Webmasters Toolbox package. Search engines are the number one way that internet users find websites. In most cases, a listing in a search engine is free. So, it's no surprise that Search Engine Optimization SEO is often the first priority when marketing a website.

Get My Free Ebook


    How to configure credentials for dynamic DNS update?
    9 years ago
  • Pupa Milanesi
    Where to enter credentials for dynamic dns update?
    2 years ago
  • Dawid
    How to configue dynamic updates in dns?
    2 years ago
  • Petri
    How to find dns credentials?
    1 year ago
  • semere semere
    Where to enter dns dynamic update credetial?
    1 year ago
  • teagan shaw
    How to update password in dns?
    1 year ago
  • fiyori
    How to set Credentials for Secure DNS Updates?
    12 months ago
  • elisa
    Where is dynamic updates tab located?
    11 months ago
  • Dawit
    What privlidges to do dynamic update user need?
    9 months ago
    How to setup dhcp with credentials?
    9 months ago
  • Yohannes
    How to make a dynamic dns secure?
    8 months ago
  • donald
    What credentials to use for DNS dynamic updates?
    7 months ago
  • maxima
    What are dns credientials?
    6 months ago
  • adelmio lucchese
    How to create dhcp account for dns?
    5 months ago
  • Isabelle
    How to check that DHCP credentials configured?
    5 months ago
  • Eric
    How to set Credentials for Dynamic DNS registrations?
    4 months ago

Post a comment