Information Technology Reference
In-Depth Information
records. However, luckily for us, when Microsoft released Windows Server 2000, DNS had
the ability to operate dynamically. Now when you're setting up Windows Server 2012 R2
DNS, you can choose what type of dynamic update you would like to use, if any. Let's talk
about why you would want to choose one over the other.
The
Dynamic DNS (DDNS) standard
, described in RFC 2136, allows DNS clients to
update information in the DNS database files. For example, a Windows Server 2012 R2
DHCP server can automatically tell a DDNS server which IP addresses it has assigned to
what machines. Windows 2000, 2003, 2008, XP Pro, Vista, Windows 7, and Windows 8
DHCP clients can do this too. For security reasons, however, it's better to let the DHCP
server do it. The result: IP addresses and DNS records stay in sync so that you can use DNS
and DHCP together seamlessly. Because DDNS is a proposed Internet standard, you can
even use the Windows Server 2012 R2 DDNS-aware parts with Unix/Linux-based DNS
servers.
Non-Dynamic DNS (NDDNS) does not automatically populate the DNS database. The
client systems do not have the ability to update to DNS. If you decide to use Non-Dynamic
DNS, an administrator will need to populate the DNS database manually. Non-Dynamic
DNS is a reasonable choice if your organization is small to midsized and you do not
want extra network traffic (clients updating to the DNS server) or if you need to enter the
computer's TCP/IP information manually because of strict security measures.
Dynamic DNS has the ability to be secure, and the chances are slim that
a rogue system (a computer that does not belong in your DNS database)
could update to a secure DNS server. Nevertheless, some organizations
have to follow stricter security measures and are not allowed to have
dynamic updates.
The major downside to entering records into DNS manually occurs when the
organization is using the
Dynamic Host Configuration Protocol (DHCP)
. When using
DHCP, it is possible for users to end up with different TCP/IP addresses every day. This
means an administrator has to update DNS manually each day to keep it accurate.
If you choose to allow Dynamic DNS, you need to decide how you want to set it up.
When setting up dynamic updates on your DNS server, you have three choices
(see Figure 2.3).
None
This means your DNS server is Non-Dynamic.
Nonsecure and Secure
This means that any machine (even if it does not have a domain
account) can register with DNS. Using this setting could allow rogue systems to enter
records into your DNS server.
Secure Only
This means that only machines with accounts in Active Directory can
register with DNS. Before DNS registers any account in its database, it checks Active
Directory to make sure that account is an authorized domain computer.
Search WWH ::
Custom Search