Secondary dns zone not updating
DHCP has the ability to update both A and PTR records for our DHCP clients.
What this means is that the DNS secure update will now be done with the DHCP server’s account, instead of the end client.
In normal DNS only one server can be the owner of the zone and have a writable copy, in multi-master any primary server can write to the database spreading the load and often bringing a master copy of DNS closer to the end user.
This leaves critical records such as DC locator and other service records vulnerable to highjacking and DOS attacks.
Here we will discuss how to mitigate this, and some other specific caveats to securing DNS.
Using a Microsoft DHCP server to facilitate these updates can help to mitigate this issue, as well as providing a consistent method for updating DHCP client records.
DHCP gives us a way to provide consistent DNS security to all of our client records.