[isalist] Re: Microsoft DNS
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 01 Jun 2006 08:55:15 -0700
http://www.ISAserver.org
-------------------------------------------------------
Some call me "Tim." [Monty Python reference ;)]
Right- that is what I'm referring to (secure DDNS). The default for
Standard zones is "none." While you can change it to "secured and
non-secured," that's kind of a misnomer for standard zones - for an MS DNS
server to perform secure DDNS updates, it has to be and AD-integrated zone.
Changing a standard zone to allow non-secure DDNS is kind of nuts IMO.
Looping in Jim's response:
> ??
> Clients can update DNS zones if they have the proper configuration settings
> and the DNS server allows.
> Granted, it's not exactly the most secure scenario...
True indeed- however, you shouldn't say "not exactly the most secure
scenario," rather, you should say "this is a really dumb thing to do and
provides no security whatsoever." Is there anyone out there who actually
has standard zones that allow unsecured DDNS updates?
t
On 6/1/06 7:39 AM, "Young, Gerald G" <Gerald.Young@xxxxxxxxxx> spoketh to
all:
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Right, which is what I think Thor (sorry, don't know real name) is
> referring to. I'm looking at DNS now but I thought without checking the
> checkbox for requiring secure DDNS updates that any client would be able
> to register dynamically.
>
> Cordially yours,
> Jerry G. Young II
> MCSE (4.0/W2K)
> Atlanta EES Implementation Team Lead
> ECNS Microsoft Engineering
> Unisys
>
> 11493 Sunset Hills Rd.
> Reston, VA 20190
> Office: 703-579-2727
> Cell: 703-625-1468
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Thursday, June 01, 2006 10:34 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Microsoft DNS
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> And then there's the issue of secure DDNS updates.
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
>> -----Original Message-----
>> From: isalist-bounce@xxxxxxxxxxxxx
>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
>> (Hammer of God)
>> Sent: Thursday, June 01, 2006 9:33 AM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: Microsoft DNS
>>
>> http://www.ISAserver.org
>> -------------------------------------------------------
>>
>> That's what I was thinking too... And yep, you can't have client
>> registration with "standard" zones. You gots to have AD fo sho.
>>
>> t
>>
>>
>> On 6/1/06 7:22 AM, "Young, Gerald G"
>> <Gerald.Young@xxxxxxxxxx> spoketh to
>> all:
>>
>>> http://www.ISAserver.org
>>> -------------------------------------------------------
>>>
>>> My guess is that clients are trying to register dynamically
>> with the DNS
>>> server since that's a default on NICs in Windows.
>>>
>>> I'll have to look at the integrated AD zone again. I had
>> assumed Windows
>>> wouldn't allow that option if the DNS server wasn't running on a DC.
>>>
>>> Cordially yours,
>>> Jerry G. Young II +From Blackberry+
>>> MCSE (4.0/W2K)
>>> Atlanta EES Implementation Team Lead
>>> ECNS Microsoft Engineering
>>> Unisys
>>>
>>> 11493 Sunset Hills Rd.
>>> Reston, VA 20190
>>> Office: 703-579-2727
>>> Cell: 703-625-1468
>>>
>>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR
>> OTHERWISE PROPRIETARY
>>> MATERIAL and is thus for use only by the intended
>> recipient. If you received
>>> this in error, please contact the sender and delete the
>> e-mail and its
>>> attachments from all computers.
>>>
>>> -----Original Message-----
>>> From: isalist-bounce@xxxxxxxxxxxxx <isalist-bounce@xxxxxxxxxxxxx>
>>> To: isalist@xxxxxxxxxxxxx <isalist@xxxxxxxxxxxxx>
>>> Sent: Thu Jun 01 10:16:59 2006
>>> Subject: [isalist] Re: Microsoft DNS
>>>
>>> Unless he's trying to have clients register with DNS (or to
>> have integrated AD
>>> zones). Without detailed error messages, we won't really
>> know where to look.
>>>
>>> James, can you not post the actual error message?
>>>
>>> t
>>>
>>>
>>> On 6/1/06 7:03 AM, "Young, Gerald G"
>> <Gerald.Young@xxxxxxxxxx> spoketh to all:
>>>
>>>
>>>
>>> James,
>>>
>>> A domain controller - or even a forest or domain - is not
>> required for DNS.
>>>
>>> Cordially yours,
>>> Jerry G. Young II
>>> MCSE (4.0/W2K)
>>> Atlanta EES Implementation Team Lead
>>> ECNS Microsoft Engineering
>>> Unisys
>>>
>>> 11493 Sunset Hills Rd.
>>> Reston, VA 20190
>>> Office: 703-579-2727
>>> Cell: 703-625-1468
>>>
>>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR
>> OTHERWISE PROPRIETARY
>>> MATERIAL and is thus for use only by the intended
>> recipient. If you received
>>> this in error, please contact the sender and delete the
>> e-mail and its
>>> attachments from all computers.
>>>
>>>
>>> ________________________________
>>>
>>> From: isalist-bounce@xxxxxxxxxxxxx
>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On
>>> Behalf Of James May
>>> Sent: Thursday, June 01, 2006 8:36 AM
>>> To: isalist@xxxxxxxxxxxxx
>>> Subject: [isalist] Microsoft DNS
>>>
>>> Hi all,
>>> I have ISA 2004 installed for a client and he's running w2k
>> 03 R2 in a
>>> workgroup with isa04 installed. I have installed the DNS
>> server service on the
>>> ISA box and would like to use DNS for internal name
>> resolution. Can anyone
>>> tell me is a domain controller a requirement to run the DNS
>> server or can I
>>> use it in this scenario. I keep getting 40960 errors in the
>> event viewer. I
>>> can't give the exact error message but its an LSA error looking to
>>> authenticate using Kerberos looking for a net logon server
>> to validate.
>>>
>>> Jim May
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------
>>> List Archives: //www.freelists.org/archives/isalist/
>>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>>> ISA Server Articles and Tutorials:
>>> http://www.isaserver.org/articles_tutorials/
>>> ISA Server Blogs: http://blogs.isaserver.org/
>>> ------------------------------------------------------
>>> Visit TechGenix.com for more information about our other sites:
>>> http://www.techgenix.com
>>> ------------------------------------------------------
>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>
>>>
>>>
>>
>>
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
