Hello,

Is there a way to tell which machine is making a DDNS
entry in my zone? I have an entry that keeps getting
added to my zone and its corrupting DNS. The IP seems to
be a static, yet it is not pingable. So I am not sure
what machine is sending this update via DDNS. Currently
we only allow DDNS updates from domain-controllers;
trusted-dns-servers; and dhcp-servers.

> Is there a way to tell which machine is making a DDNS
> entry in my zone? I have an entry that keeps getting
> added to my zone and its corrupting DNS.

Normally there are only two choices: the machine whose
address/name appears OR the DHCP server for that subnet.

Ok, there could be more than one DHCP server for that
address range or a hacker program could theoretically be
registering someone else's address.

Can you eliminate these exceptions and just track down
the address?

> The IP seems to
> be a static, yet it is not pingable. So I am not sure
> what machine is sending this update via DDNS.

At a minimum, you know the subnet? How big is it?

> Currently
> we only allow DDNS updates from domain-controllers;
> trusted-dns-servers; and dhcp-servers.

You mean you only INTEND those? Or do you have some
way to disallow other domain machines from doing it?

Secure Updates Only is a good choice if you use AD-integrated
DNS -- firewalling OUT external sources is a necessity if you
can use Secure Updates Only.