PHWinfo - Afficher un message - DNS related DHCP server option 81........MIA?

10/06/2007, 10h18

Hi

Again thanks, I meant add the dhcp server to the DNSupdateproxy group, not
the user account. Is this incorrect? I understand it is required so DNS
records created by the server are updatable (ie ownership can change) by an
appropriate client/other DHCP server, request.

This is a test environment for learning purposes.An environment where
multiple DHCP servers is used is reasonable to expect, I understand for these
other servers to be able to update other DHCP server created DNS records the
above scenario (along with a dedicated user account for authentication) is
required for secure dynamic updates to operate correctly.

I think I am getting there...

Thanks for you advice

Cheers

S

Kevin D. Goodknecht Sr. [MVP] wrote:
>Read inline please.
>
> In news:7372538be7523@uwe,
>si via WinServerKB.com <u11670@uwe> typed:
>> Kevin
>>
>[quoted text clipped - 7 lines]
>> update DNS records with, after adding it to the DNSupdateproxy
>> group......have I got that right?
>Do not add the Account to the DNSupdateproxy group, this account does not
>need any special group memberships or priviledges. It is used only to
>Authenticate.
>
>> Now when the article refers to a dedicated user account, does it mean
>> just a normal domain user account with, like you say a non expiring
>> password of sufficient complexity? if so then I understand
>
>Correct, the non-expiring password is not a requirement, but since this
>account is not used by any user, if the password expires in the future,
>updates will stop until the password is changed, but you won't be notified
>of the expiring password. Make the password as strong as possible to prevent
>someone from hyjacking the account. Phrases with uppercase and lowercase
>letters, numbers and spaces at least 15 characters long make the best
>passwords. This basic rule gives you at least 10 to the 27th power password
>combinations.
>

--
Message posted via WinServerKB.com
http://www.winserverkb.com/Uwe/Forum...r-dns/200706/1

10/06/2007, 10h18	#5
si via WinServerKB.com Messages: n/a Hébergeur:	Re: DNS related DHCP server option 81........MIA? Hi Again thanks, I meant add the dhcp server to the DNSupdateproxy group, not the user account. Is this incorrect? I understand it is required so DNS records created by the server are updatable (ie ownership can change) by an appropriate client/other DHCP server, request. This is a test environment for learning purposes.An environment where multiple DHCP servers is used is reasonable to expect, I understand for these other servers to be able to update other DHCP server created DNS records the above scenario (along with a dedicated user account for authentication) is required for secure dynamic updates to operate correctly. I think I am getting there... Thanks for you advice Cheers S Kevin D. Goodknecht Sr. [MVP] wrote: >Read inline please. > > In news:7372538be7523@uwe, >si via WinServerKB.com <u11670@uwe> typed: >> Kevin >> >[quoted text clipped - 7 lines] >> update DNS records with, after adding it to the DNSupdateproxy >> group......have I got that right? >Do not add the Account to the DNSupdateproxy group, this account does not >need any special group memberships or priviledges. It is used only to >Authenticate. > >> Now when the article refers to a dedicated user account, does it mean >> just a normal domain user account with, like you say a non expiring >> password of sufficient complexity? if so then I understand > >Correct, the non-expiring password is not a requirement, but since this >account is not used by any user, if the password expires in the future, >updates will stop until the password is changed, but you won't be notified >of the expiring password. Make the password as strong as possible to prevent >someone from hyjacking the account. Phrases with uppercase and lowercase >letters, numbers and spaces at least 15 characters long make the best >passwords. This basic rule gives you at least 10 to the 27th power password >combinations. > -- Message posted via WinServerKB.com http://www.winserverkb.com/Uwe/Forum...r-dns/200706/1