Dynamic DNS with linux/windows client secure

[franklinchef]

I'm installing a win2k3 AD server in my network to play with it a bit (for school). I was previously using a bind v9 server mixed with a isc-dhcp server. All dynamics update from the dhcp were encrypted and were considered safe. I want to use the 2k3 DNS as my primary for all clients, the problem i encounter is that it isn't considered safe to run the dhcp server on the same computer has the DNS server. With Bind I didn't have any problem, since I could tell bind only accept updates for a certain range of ip exemple 192.168.1.100-110. This way server's ip were safe from dhcp updates, I even created a sub-zone for dhcp clients. Now my problem is, Win2k3 doesnt seems accept update from a non-windows dhcp server (since i cannot run the dhcp on the 2k3 server). What I'm thinking to do, is that I will create a delegate zone (i.e ddnsclients.test.com) to a bind server that will work in conjunction with my unix dhcp server. But the problem I think I will encounter is that clients wont be in the same domain as all server (ddnsclients.test.com vs test.com). Am I wrong? Does anyone have a solution with this DDNS considering the fact that I only have one Windows server and also I want a minimum of security, wich win2k3 doesnt seems to supports well for ddns update...

 

[MTVW]

Use Windows DHCP and only allow updates to the zone from the DHCP server, no client updates. You can disable dynamic update on client machines as well.....

 

[franklinchef]

What if, let say user X fakes his name with the domain controler hostname?DHCP sends the update to the dns server, th e dns servers update the A entry of the hostname (wich in this case is the PDC hostname!!!), DNS table get corrupted. This is why it is not recommanded to run dhcp on the PDC. I've tried to create a sub-zone for this case, but you can give permission for dynamic update only to the parent tree!