http://www.ISAserver.org ------------------------------------------------------- Some call me "Tim." [Monty Python reference ;)] Right- that is what I'm referring to (secure DDNS). The default for Standard zones is "none." While you can change it to "secured and non-secured," that's kind of a misnomer for standard zones - for an MS DNS server to perform secure DDNS updates, it has to be and AD-integrated zone. Changing a standard zone to allow non-secure DDNS is kind of nuts IMO. Looping in Jim's response: > ?? > Clients can update DNS zones if they have the proper configuration settings > and the DNS server allows. > Granted, it's not exactly the most secure scenario... True indeed- however, you shouldn't say "not exactly the most secure scenario," rather, you should say "this is a really dumb thing to do and provides no security whatsoever." Is there anyone out there who actually has standard zones that allow unsecured DDNS updates? t On 6/1/06 7:39 AM, "Young, Gerald G" <Gerald.Young@xxxxxxxxxx> spoketh to all: > http://www.ISAserver.org > ------------------------------------------------------- > > Right, which is what I think Thor (sorry, don't know real name) is > referring to. I'm looking at DNS now but I thought without checking the > checkbox for requiring secure DDNS updates that any client would be able > to register dynamically. > > Cordially yours, > Jerry G. Young II > MCSE (4.0/W2K) > Atlanta EES Implementation Team Lead > ECNS Microsoft Engineering > Unisys > > 11493 Sunset Hills Rd. > Reston, VA 20190 > Office: 703-579-2727 > Cell: 703-625-1468 > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail > and its attachments from all computers. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Thursday, June 01, 2006 10:34 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Microsoft DNS > > http://www.ISAserver.org > ------------------------------------------------------- > > And then there's the issue of secure DDNS updates. > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > >> -----Original Message----- >> From: isalist-bounce@xxxxxxxxxxxxx >> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor >> (Hammer of God) >> Sent: Thursday, June 01, 2006 9:33 AM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: Microsoft DNS >> >> http://www.ISAserver.org >> ------------------------------------------------------- >> >> That's what I was thinking too... And yep, you can't have client >> registration with "standard" zones. You gots to have AD fo sho. >> >> t >> >> >> On 6/1/06 7:22 AM, "Young, Gerald G" >> <Gerald.Young@xxxxxxxxxx> spoketh to >> all: >> >>> http://www.ISAserver.org >>> ------------------------------------------------------- >>> >>> My guess is that clients are trying to register dynamically >> with the DNS >>> server since that's a default on NICs in Windows. >>> >>> I'll have to look at the integrated AD zone again. I had >> assumed Windows >>> wouldn't allow that option if the DNS server wasn't running on a DC. >>> >>> Cordially yours, >>> Jerry G. Young II +From Blackberry+ >>> MCSE (4.0/W2K) >>> Atlanta EES Implementation Team Lead >>> ECNS Microsoft Engineering >>> Unisys >>> >>> 11493 Sunset Hills Rd. >>> Reston, VA 20190 >>> Office: 703-579-2727 >>> Cell: 703-625-1468 >>> >>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR >> OTHERWISE PROPRIETARY >>> MATERIAL and is thus for use only by the intended >> recipient. If you received >>> this in error, please contact the sender and delete the >> e-mail and its >>> attachments from all computers. >>> >>> -----Original Message----- >>> From: isalist-bounce@xxxxxxxxxxxxx <isalist-bounce@xxxxxxxxxxxxx> >>> To: isalist@xxxxxxxxxxxxx <isalist@xxxxxxxxxxxxx> >>> Sent: Thu Jun 01 10:16:59 2006 >>> Subject: [isalist] Re: Microsoft DNS >>> >>> Unless he's trying to have clients register with DNS (or to >> have integrated AD >>> zones). Without detailed error messages, we won't really >> know where to look. >>> >>> James, can you not post the actual error message? >>> >>> t >>> >>> >>> On 6/1/06 7:03 AM, "Young, Gerald G" >> <Gerald.Young@xxxxxxxxxx> spoketh to all: >>> >>> >>> >>> James, >>> >>> A domain controller - or even a forest or domain - is not >> required for DNS. >>> >>> Cordially yours, >>> Jerry G. Young II >>> MCSE (4.0/W2K) >>> Atlanta EES Implementation Team Lead >>> ECNS Microsoft Engineering >>> Unisys >>> >>> 11493 Sunset Hills Rd. >>> Reston, VA 20190 >>> Office: 703-579-2727 >>> Cell: 703-625-1468 >>> >>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR >> OTHERWISE PROPRIETARY >>> MATERIAL and is thus for use only by the intended >> recipient. If you received >>> this in error, please contact the sender and delete the >> e-mail and its >>> attachments from all computers. >>> >>> >>> ________________________________ >>> >>> From: isalist-bounce@xxxxxxxxxxxxx >> [mailto:isalist-bounce@xxxxxxxxxxxxx] On >>> Behalf Of James May >>> Sent: Thursday, June 01, 2006 8:36 AM >>> To: isalist@xxxxxxxxxxxxx >>> Subject: [isalist] Microsoft DNS >>> >>> Hi all, >>> I have ISA 2004 installed for a client and he's running w2k >> 03 R2 in a >>> workgroup with isa04 installed. I have installed the DNS >> server service on the >>> ISA box and would like to use DNS for internal name >> resolution. Can anyone >>> tell me is a domain controller a requirement to run the DNS >> server or can I >>> use it in this scenario. I keep getting 40960 errors in the >> event viewer. I >>> can't give the exact error message but its an LSA error looking to >>> authenticate using Kerberos looking for a net logon server >> to validate. >>> >>> Jim May >>> >>> >>> >>> >>> >>> >>> >>> ------------------------------------------------------ >>> List Archives: //www.freelists.org/archives/isalist/ >>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >>> ISA Server Articles and Tutorials: >>> http://www.isaserver.org/articles_tutorials/ >>> ISA Server Blogs: http://blogs.isaserver.org/ >>> ------------------------------------------------------ >>> Visit TechGenix.com for more information about our other sites: >>> http://www.techgenix.com >>> ------------------------------------------------------ >>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >>> Report abuse to listadmin@xxxxxxxxxxxxx >>> >>> >>> >> >> >> ------------------------------------------------------ >> List Archives: //www.freelists.org/archives/isalist/ >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server Articles and Tutorials: >> http://www.isaserver.org/articles_tutorials/ >> ISA Server Blogs: http://blogs.isaserver.org/ >> ------------------------------------------------------ >> Visit TechGenix.com for more information about our other sites: >> http://www.techgenix.com >> ------------------------------------------------------ >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >> Report abuse to listadmin@xxxxxxxxxxxxx >> >> >> > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx