We are getting this error when we try to add a CNAME record on our 2008 R2 Domain Controllers. We are able to add the records to our 2003 DCs but they are going away soon so we can't rely on that much longer. We get the same result whether we are adding a record from our desktop running DNS as a Domain Admin, or logging directly into the DC.
We have found that if we set the DNS zone to allow both secure and nonsecure updates then we can add the record but we can't leave this DNS zone set that way.
Any help would be appreciated.
Thanks!