Archived from groups: microsoft.public.win2000.dns (
More info?)
"techman" <techman@discussions.microsoft.com> wrote in message
news:175490BF-5E90-49DD-8E2F-6F80D8741253@microsoft.com...
> Is there a way to deny a specific device from dynaically registering in
DNS.
> We have dhcp registering machines on behalf of the client but a VPN server
we
> don't manage is registering in DNS also. Can we stop that regisration in
DNS
> without touching the RAS box ? Is a windows 2003 ras box.
If you implement "secure dynamic updates only" you can probably
arrange this -- perhaps trivially.
"Secure dynamic updates only" require that you use a DC as an
AD Integrated primary.
This will prevent all non-domain/forest machines from registering
since authentication is required for that (technically it defeats it
for all domains machines not trusted by the DC-DNS server domain,
and for for all non-domain machines.)
If the VPN server is actually a Windows VPN server IN the domain
you will have to work harder -- perhaps putting in a dummy record
OR a "proper record" for the device in question and using a specific
account (perhaps one of the AD editors or a program to do this.)
--
Herb Martin
"techman" <techman@discussions.microsoft.com> wrote in message
news:175490BF-5E90-49DD-8E2F-6F80D8741253@microsoft.com...
> Is there a way to deny a specific device from dynaically registering in
DNS.
> We have dhcp registering machines on behalf of the client but a VPN server
we
> don't manage is registering in DNS also. Can we stop that regisration in
DNS
> without touching the RAS box ? Is a windows 2003 ras box.