This article provides information on configuring name protection on a Windows DHCP server
In an environment in which Windows machines and non-Windows machines are present, it is possible for a non-Windows DHCP client to be registered in DNS using a fully qualified domain name (FQDN) that has already been registered to another non-Windows machine. This is known as name squatting, and it effectively renders the first machine inaccessible by name, as anyone trying to resolve its FQDN will resolve it to the second machine's IP address.
Note: Name squatting should have little to no effect on names registered by Windows machines, as those names can be protected by access control lists (ACLs), which prevent their modification by unauthorized machines if properly configured.
Name protection was introduced in Windows Server 2008 R2 to prevent name squatting. When name protection is enabled, a DHCP server registering a name for a non-Windows client will also register another DNS record, known as a DHCP client ID record. This record contains a hash that identifies the client as the owner of the FQDN in its host record; therefore, if another client attempts to register the same FQDN in DNS, it will be prevented from doing so. The new client will be assigned an IP address by the DHCP server but will not have its FQDN registered in DNS.
Name protection can be enabled on a DHCP server running Windows Server 2008 R2 or later, and it can be enabled at the scope level or the server level. (Scope-level settings take precedence over server-level settings.) To enable name protection at the scope level, perform the following steps:
The procedure for enabling name protection at the server level is very similar:
Код статьи: SLN290479
Дата последнего изменения: 10/02/2014 01:22 PM
Благодарим вас за отзыв.