Enable secure dynamic updates

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

You can use this procedure to allow only secure dynamic updates for a zone. Secure dynamic update is supported only for Active Directory–integrated zones. If the zone type is configured differently, you must change the zone type and directory-integrate the zone before securing it for Domain Name System (DNS) dynamic updates.

You can perform this procedure by using the DNS snap-in or by using the Dnscmd command-line tool.

Administrative credentials

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as command to perform this procedure.

Enabling secure dynamic updates

  • Using the Windows interface

  • Using the command line

To enable secure dynamic updates using the Windows interface

  1. Open the DNS snap-in.

  2. In the console tree, right-click the applicable zone, and then click Properties.

  3. On the General tab, verify that the zone type is Active Directory-Integrated.

  4. In Dynamic updates, click Secure only.

Note

To open the DNS snap-in, click Start, point to Administrative Tools, and then click DNS.

To enable secure dynamic updates using the command line

  • At a command prompt, type the following command, and then press ENTER:

    dnscmd ServerName /Config {ZoneName|..AllZones} /AllowUpdate 2

    Value Description

    ServerName

    Required. Specifies the DNS host name of the DNS server. You can also type the Internet Protocol (IP) address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.)

    ZoneName|..AllZones

    Required. Specifies the fully qualified domain name (FQDN) of the zone. To configure all zones that are hosted on the specified DNS server to allow dynamic updates, type ..AllZones.

    2

    Required. Configures the server to allow secure dynamic updates. If you exclude the 2, the zone is set to perform standard dynamic updates only.