Hi to all. I have a question (or two) that covers a couple of scenarios. Typically DNS and DHCP services have been installed on domain controllers (rightly or wrongly). The goal is to secure DNS and prevent host A records with same IP.
Scenario 1:
DHCP and DNS running on Windows 2008R2 domain controller
DHCP credentials configured
Name Protection Enabled
Conflict detection attempts = 1
DHCP Lease 8 Days
Domain controller a member of DnsUpdateProxy group
Command dnscmd /config /OpenAclOnProxyUpdates 0 executed on the server
DNS Scavenging = defaults - No refresh = 7 Refresh = 7
Observations:
DNS host A record owner = machine name$. I would have expected this to be 'System' if DHCP was managing DNS updates.
Q: Would it be better to keep current configuration but move DHCP to a member server?
Q: Why is the machine the owner of the DNS record and not System?
Scenario 2
Configure DHCP and Dynamic updates when DNS and DHCP are on a Windows 2003R2 domain controller.
DHCP Lease = 15 days
DNS scavenging No refresh = 1 Refresh = 7
Q: Should DHCP be moved a member server running Windows 2008R2?
Q: If DHCP is on Windows Server 2008R2 and DNS is on a domain controller running Windows 2003R2 can 'Name protection' still be used?
I have read Ace Fekay article below but am still a little unsure.
I would appreciate some expert advice.
Kind Regards,
Phil.
IT Manager