Skip to Main Content
DNS on Windows Server 2003, 3rd Edition
book

DNS on Windows Server 2003, 3rd Edition

by Cricket Liu, Matt Larson, Robbie Allen
December 2003
Intermediate to advanced content levelIntermediate to advanced
416 pages
13h 50m
English
O'Reilly Media, Inc.
Content preview from DNS on Windows Server 2003, 3rd Edition

Dynamic Update

Dynamic update was implemented in the Microsoft DNS Server starting with Windows 2000. Like many other protocols used by Windows, it’s an Internet standard, defined in RFC 2136. Dynamic update allows a name server to be updated by sending it a message over the network. This is a big improvement over the traditional method, which requires a human to fire up the DNS console to make the change in person. Dynamic update allows nonhumans—i.e., programs—to easily update DNS information. Dynamic update is now used extensively in Windows: a modern Windows client uses it to add an A record to DNS for its IP address and recent Windows DHCP servers also use dynamic update to add PTR records as they assign leases.

No security is built into the dynamic update protocol. It’s up to an individual name server to decide whether or not to accept an update message. About the only means of authentication a name server has is to look at the source IP address of the dynamic update message, and that’s not a very strong means of authentication at all: it’s easy to “spoof” or forge a packet’s source IP address. And since a complete dynamic update message travels in a single UDP packet, all an attacker needs to know is an IP address that the name server accepting dynamic updates trusts. The Bad Guy just creates a dynamic update with a spoofed source IP address and sends it to the unsuspecting name server.

This deficiency begs for some stronger security based on cryptography, which fortunately ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Windows Server 70-741: Networking with Windows Server 2016

Windows Server 70-741: Networking with Windows Server 2016

Andrew Warren
Mastering VMware vSphere 6.7 - Second Edition

Mastering VMware vSphere 6.7 - Second Edition

Martin Gavanda, Andrea Mauro, Paolo Valsecchi, Karel Novak
Exam Ref MD-100: Windows 10, First Edition

Exam Ref MD-100: Windows 10, First Edition

Andrew Bettany, Andrew Warren

Publisher Resources

ISBN: 0596005628Supplemental ContentErrata Page