Jeff7181
Lifer
I'm trying to wrap my brain around this... I kinda sorta maybe think I might understand it. 🙂 Here's my thinking, hopefully someone can verify that I'm correct to explain why I'm wrong.
Scenario: A DHCP server, which is a member of the DnsUpdateProxy group, registers a record in Active Directory for a Windows 98 machine.
The A resource (for example) is not secure because records created by the DnsUpdateProxy group have no owner until the record is modified by another DNS client or DHCP server and can be modified by any user (authorized or not) until that happens.
The book also says that if the DHCP server happens to be running on a machine that's also a domain controller, the SRV and CNAME also become insecure. This is where it gets blurry for me. I can't understand WHY this happens.
Assuming it does, would this be a practical use for Virtual Machines? Allowing one physical machine to run the DNS Server, DHCP server, AND act as a domain controller without this security issue?
Scenario: A DHCP server, which is a member of the DnsUpdateProxy group, registers a record in Active Directory for a Windows 98 machine.
The A resource (for example) is not secure because records created by the DnsUpdateProxy group have no owner until the record is modified by another DNS client or DHCP server and can be modified by any user (authorized or not) until that happens.
The book also says that if the DHCP server happens to be running on a machine that's also a domain controller, the SRV and CNAME also become insecure. This is where it gets blurry for me. I can't understand WHY this happens.
Assuming it does, would this be a practical use for Virtual Machines? Allowing one physical machine to run the DNS Server, DHCP server, AND act as a domain controller without this security issue?
