We have a 2008r2 domain with ActiveDirectory-Integrated DNS. We are almost a 100% windows environment and our windows clients are setup to register their connections(Not through a policy. I think it is just the default for Windows OS). We are currently set to accept both "secure and nonsecure" dns updates, and I know that is a security issue. We also have DHCP set for dynamic updates on clients even if they do not request it(we also use a ddns update credential account).
When it comes to changing ddns updates to "secure only", my biggest concerns are the Lights Out interfaces on the servers and the few linux servers. Most of those are on DHCP, so I think they will be fine but guessing that any that are not using DHCP would be scavenged according to those schedules? As long as I check and make sure the dns records for those concerned non-windows clients are either using DHCP, or do not have a timestamp on their host record, is there anything else I should be concerned about?
Thanks,
Dave