Implementing name protection on a Windows DHCP server

Implementing name protection on a Windows DHCP server

This article provides information on configuring name protection on a Windows DHCP server

In an environment in which Windows machines and non-Windows machines are present, it is possible for a non-Windows DHCP client to be registered in DNS using a fully qualified domain name (FQDN) that has already been registered to another non-Windows machine. This is known as name squatting, and it effectively renders the first machine inaccessible by name, as anyone trying to resolve its FQDN will resolve it to the second machine's IP address.

Note: Name squatting should have little to no effect on names registered by Windows machines, as those names can be protected by access control lists (ACLs), which prevent their modification by unauthorized machines if properly configured.

Name protection was introduced in Windows Server 2008 R2 to prevent name squatting. When name protection is enabled, a DHCP server registering a name for a non-Windows client will also register another DNS record, known as a DHCP client ID record. This record contains a hash that identifies the client as the owner of the FQDN in its host record; therefore, if another client attempts to register the same FQDN in DNS, it will be prevented from doing so. The new client will be assigned an IP address by the DHCP server but will not have its FQDN registered in DNS.

Name protection can be enabled on a DHCP server running Windows Server 2008 R2 or later, and it can be enabled at the scope level or the server level. (Scope-level settings take precedence over server-level settings.) To enable name protection at the scope level, perform the following steps:

  1. Open the DHCP Management console.
  2. Expand IPv4 or IPv6.
  3. Right-click the appropriate scope and select Properties.
  4. In the DNS tab of the properties window, click the Configure button.

  5. Check the Enable Name Protection box and click OK to close all properties windows.

The procedure for enabling name protection at the server level is very similar:

  1. In the DHCP Management console, right click either IPv4 or IPv6 and select Properties.
  2. In the DNS tab of the properties window, click Advanced.
  3. Check the Enable Name Protection box and click OK to close all properties windows.

For more information, see Configuring Name Protection.

The standard on which name protection is based is defined in RFC 4703, and the DHCID DNS record is described in RFC 4701.

Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.

Article ID: SLN290479

Last Date Modified: 10/02/2014 01:22 PM

Rate this article

Easy to understand
Was this article helpful?
Yes No
Send us feedback
Comments cannot contain these special characters: <>()\
Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.