Configuring Dynamic updates - BlueCat Address Manager - 8.3.1

Address Manager Administration Guide

prodname
BlueCat Address Manager
version_custom
8.3.1

How to configure dynamic updates on a Windows server.

You must enable the dynamic updates option before a DNS server can accept dynamic updates. On a Windows server, you can set dynamic updates in one of three ways:
  • None—dynamic updates are not allowed.
  • Nonsecure and secure—the Windows server can accept secure updates from Windows clients using Generic Security Service Transaction Signature keys (GSS-TSIG) as well as nonsecure updates from other sources.
  • Secure only—dynamic updates are restricted to clients capable of authenticating themselves using GSS-TSIG.
The available settings depend on whether or not the zone is stored in Active Directory:
  • If the zone is a standard primary zone, the only choice for allowing dynamic updates is Nonsecure and secure.
  • If the zone is stored as an Active Directory-integrated zone, you can allow Nonsecure and secure or Secure only dynamic updates.
In Windows DNS, you configure dynamic updates at the zone level. In Address Manager, you can set this option at the following levels:
  • Configuration
  • Server Group
    Attention: Server Groups only support BlueCat DNS/DHCP Servers.
  • Server
  • View
  • Zone

To configure dynamic updates:

  1. Navigate to the level at which you want to set dynamic updates (configuration, Managed Windows server, or view).
  2. Click the Deployment Options tab.
  3. Click New, then select DNS Option.
  4. From the Option drop-down menu, select Allow Dynamic Updates.
  5. From the Update Type drop-down menu, select either Windows or Mixed:
    • If you are deploying only to Windows servers, select Windows.
    • If you are deploying to an environment consisting of Windows servers and DNS/DHCP Servers, select Mixed. If you select Mixed, you can specify a list of servers. In the Address field, type the IP address for the server, and then click Add. You can add multiple servers to the list.
  6. Select a Windows Dynamic Updates setting:
    • Select Nonsecure and secure to allow updates from computers that are not capable of using GSS-TSIG.
    • Select Secure only to allow updates only from computers capable of using GSS-TSIG.
  7. Under Server, determine the servers to which this option applies:
    • To apply the option to all servers in the configuration select All Servers.
      Attention: Server Groups only support BlueCat DNS/DHCP Servers.
    • To apply the option to a specific server select Specific Server, then select a server from the drop-down menu.
  8. Click Add to add the option and return to the Deployment Options tab, or click Add Next to add another deployment option.