DNS : Enabling DNS Dynamic Update Credentials

image002

DNS : Enabling DNS Dynamic Update Credentials

 

For further info see MS KB Article: http://support.microsoft.com/default.aspx/kb/816592

 

This should be setup when you enabled secure updates only for an AD-Integrated DNS zone and have devices that are unable to perform secure dynamic updates of their A/PTR records. Examples of this type of device are Thin Client terminals.

 

Configure service account details on each server as detailed below, use the service account ‘svc_dnsproxy

 

    

 

Then add the computer objects to the ‘DNSUpdateProxy’ group in AD:

 

 

Finally it is necessary to remove the stale records from reverse DNS manually. We can immediately clear the 10.144.X.X reverse DNS records then selectively remove remaining stale records ensuring that DCs, Servers and Static Addresses are not deleted.

 

Forward lookup entries should not be affected by this change.

 

This change will probably be necessary on all European sites.

 

Records will now register as follows: