Export (0) Print
Expand All

Allow Only Secure Dynamic Updates

Published: October 7, 2009

Updated: October 7, 2009

Applies To: Windows Server 2008 R2

DNS client computers can use dynamic update to register and dynamically update their resource records with a DNS server whenever changes occur. This reduces the need for manual administration of zone records, especially for clients that frequently move or change locations and use Dynamic Host Configuration Protocol (DHCP) to obtain an IP address. Secure dynamic update is supported only for Active Directory-integrated zones. If the zone type is configured differently, you must change the zone type and directory-integrate the zone before securing it for DNS dynamic updates.

noteNote
You should only enable dynamic updates if it is required to effectively manage zone records.

Membership in the Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

  1. Click Start, click Run, type dnsmgmt.msc, and then press ENTER. The DNS Manager console will open.

  2. In the console tree, click the name of the DNS server you wish to configure, and then open Forward Lookup Zones or Reverse Lookup Zones.

  3. Right-click the name of the zone you wish to configure, and then click Properties.

  4. On the General tab, verify that the zone type is Active Directory-integrated.

  5. In Dynamic Updates, click secure only.

  1. Open an elevated command prompt.

  2. Type the following command, and then press ENTER:

    dnscmd <ServerName> /Config <ZoneName> /AllowUpdate 2
    

 

Parameter Description

dnscmd

The command-line tool for managing DNS servers.

<ServerName>

Specifies the DNS host name of the DNS server. You can also type the IP address of the DNS server. To specify the DNS server on the local computer, you can also type a period (.) or omit the host name.

/Config

Required. Configures the specified zone.

<ZoneName>

Required. Specifies the fully qualified domain name (FQDN) of the zone.

/AllowUpdate

Required. Enables the zone to perform dynamic updates.

2

Required. Configures the server to allow secure update. If you exclude the 2, the zone will be set to perform standard dynamic updates only.

TipTip
To view the complete syntax for the dnscmd /Config command, type the following at a command prompt, and then press ENTER: dnscmd /Config /help.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft