DNS registration changes for Windows Server 2003 based DHCP Servers
Updated: August 19, 2009
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
This article describes the DNS registration changes for DHCP Servers that are running Windows Server® 2003.
When the DHCP Server role is installed on a domain controller, the DHCP Server inherits the security permissions of the domain controller. To prevent possible misuse of the domain controller’s elevated permissions, DHCP Servers that are installed on Windows Server 2003 do not register DNS records on behalf of the clients that are associated with the DHCP Server unless the DHCP Server is explicitly configured with DNS credentials. This behavior prevents a potential escalation of privilege to clients of the DHCP Server.
Configuring DNS credentials on a DHCP Server that is running Windows Server 2003
Follow these steps to configure the DNS credentials of a DHCP Server that is installed on a domain controller running the Windows Server 2003 operating system:
Start the DHCP management console. Click Start, then click Run and type dhcpmgmt.msc.
In the DHCP navigation pane, expand the server node and right-click IPv4, and then click Properties.
In the resulting dialog box, click the Advanced tab, and then click Credentials.
In the DNS dynamic update credentials dialog box, enter the DNS credentials (User name, Domain, and Password) for the account that is used by the DHCP Server for DNS registrations.
Note These credentials should belong to a member of the DnsAdmins or the DnsUpdateProxy group.
For more information about creating and adding a user account as a member of a group by using the Active Directory® Users and Groups console, see Changing group memberships.