Allow only secure dynamic updates
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To allow only secure dynamic updates
Using the Windows interface
Using a command line
Using the Windows interface
Open DNS.
In the console tree, right-click the applicable zone and click Properties.
On the General tab, verify that the zone type is Active Directory-integrated.
In Dynamic Updates, click secure only.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
To open DNS, click Start, click Control Panel, double-click Administrative Tools, and then double-click DNS.
Secure dynamic update is supported only for Active Directory-integrated zones. If the zone type is configured differently, you must change the zone type and directory integrate the zone prior to securing it for DNS dynamic updates.
Dynamic update is an RFC-compliant extension to the DNS standard. The DNS update process is defined in RFC 2136, "Dynamic Updates in the Domain Name System (DNS UPDATE)."
By default, the DNS server will only allow a zone transfer to authoritative DNS servers listed in the name server (NS) resource records for the zone.
This feature is not included on computers running the Microsoft® Windows Server® 2003, Web Edition, operating system. For more information, see Overview of Windows Server 2003, Web Edition.
Using a command line
Open Command Prompt.
Type:
dnscmdServerName**/Config** {ZoneName|..AllZones} /AllowUpdate 2
Value | Description |
---|---|
dnscmd |
Specifies the name of the command-line program. |
ServerName |
Required. Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.) |
/Config |
Required. Specifies the configuration command. |
ZoneName|..AllZones |
Required. Specifies the fully qualified domain name (FQDN) of the zone. To configure all zones hosted on the specified DNS server to allow dynamic updates, type ..AllZones. |
/AllowUpdate |
Required. Specifies the allow update command. |
2 |
Required. Configures server to allow secure update. If you exclude the 2, the zone will be set to perform standard dynamic updates only. |
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.
This procedure requires the Dnscmd Windows support tool. For information about installing Windows support tools, see Related Topics.
To view the complete syntax for this command, at a command prompt, type:
dnscmd /Config /help
Dynamic update is an RFC-compliant extension to the DNS standard. The DNS update process is defined in RFC 2136, "Dynamic Updates in the Domain Name System (DNS UPDATE)."
By default, the DNS server will only allow a zone transfer to authoritative DNS servers listed in the name server (NS) resource records for the zone.
This feature is not included on computers running the Microsoft® Windows Server® 2003, Web Edition, operating system. For more information, see Overview of Windows Server 2003, Web Edition.
Formatting legend
Format | Meaning |
---|---|
Italic |
Information that the user must supply |
Bold |
Elements that the user must type exactly as shown |
Ellipsis (...) |
Parameter that can be repeated several times in a command line |
Between brackets ([]) |
Optional items |
Between braces ({}); choices separated by pipe (|). Example: {even|odd} |
Set of choices from which the user must choose only one |
Courier font |
Code or program output |
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.
See Also
Concepts
Dynamic update
Change the zone type
Allow dynamic updates
Using DNS servers with DHCP
Install Windows Support Tools
DNS RFCs
Security information for DNS
Securing DNS zones