Hi Saravanan
From the Windows Server 2003 help:
+++++++
Secure dynamic update
DNS update security is available only for zones that are integrated into
Active Directory. Once you directory-integrate a zone, access control list
(ACL) editing features are available in the DNS console so you can add or
remove users or groups from the ACL for a specified zone or resource record.
For more information, see To modify security for a resource record or To
modify security for a directory-integrated zone.
By default, dynamic update security for DNS servers and clients can be
handled as follows:
DNS clients attempt to use unsecured dynamic update first. If an unsecured
update is refused, clients try to use secure update.
Also, clients use a default update policy that permits them to attempt to
overwrite a previously registered resource record, unless they are
specifically blocked by update security.
Once a zone becomes Active Directory-integrated, DNS servers running Windows
Server 2003 default to allowing only secure dynamic updates.
When using standard zone storage, the default for the DNS Server service is
to not allow dynamic updates on its zones. For zones that are either
directory-integrated or use standard file-based storage, you can change the
zone to allow all dynamic updates which permits all updates to be accepted.
+++++++
In other words, you can set ACLs on the zone which determines who can update
the zone. The default permissions are usually fine.
Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)
Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.
