DHCP security breach

Hello,

I have an Active Directory integrated DNS zone cofigured for secure
updates.
I am evaluating risks of permitting our DHCP server (Windows 2003-based

one) to register A and PTR records on behalf of workstations (Windows
XP).


If I understand correctly this option will compromise the whole idea of

the Secure DNS updates.


As the DHCP protocol is not secured at all, DHCP has absolutely no
means to validate who is requesting a DNS name update. So why Microsoft

does not mention these risks of allowing DNS updates via DHCP servers.
With a little effort, I can hijack any workstation's name.


Any ideas on how to secure DNS updates via DHCP?

.

Relevant Pages

  • Re: Dynamic DNS Updates via DHCP Only
    ... I need DNS update feature for one pool ... as a proxy for DNS updates. ... I need to force all DHCP clients to use DHCP server for dynamic DNS ...
    (microsoft.public.windows.server.dns)
  • Re: Dynamic DNS updates via DHCP server
    ... I need to force all DHCP clients to use DHCP server for dynamic DNS updates. ...
    (microsoft.public.windows.server.general)
  • Re: Dynamic DNS updates via DHCP server
    ... I need to force all DHCP clients to use DHCP server for dynamic DNS updates. ...
    (microsoft.public.windows.server.general)
  • Re: Dynamic DNS Updates via DHCP Only
    ... as a proxy for DNS updates. ... I need to force all DHCP clients to use DHCP server for dynamic DNS ...
    (microsoft.public.windows.server.dns)
  • Re: DHCP - DDNS
    ... >> removes the records in the DNS server. ... >> our DHCP server is installed on a Windows 2000 member server. ... > Win2k3 does a better job of doing dynamic updates because it can be ...
    (microsoft.public.windows.server.dns)