Infoblox Exchange Cybersecurity Roadshow 2020 – Join us!
North America | Europe | Middle East/Africa | Asia-Pacific

DNS DHCP IPAM

Reply
Accepted Solution

How to secure Windows Dynamic Updates

markb81
Techie
Posts: 2
4637     0

Hi,

 

We implemented Infoblox requiring GSS-TSIG. We only have Windows clients that support it.

When a client performs a dynamic registration we see the following pattern:

 

- Normal DNS update -> fail -> error in infoblox named syslogging

- Client authenticates using TSIG

- Client performing authenticated update -> succeed

 

This happens all the time which gives a very clouded ERROR log in syslogging.

 

How can we force Windows servers to perform TSIG only, or at least try it first before falling back to normal DNS registration?

Re: How to secure Windows Dynamic Updates

markb81
Techie
Posts: 2
4638     0

Solved my own problem. Found a GPO to configure it:

 

Computer Configuration > Administrative Templates > Network > DNS Client

 

Name: Update security level
Set to: Only Secure

Re: How to secure Windows Dynamic Updates

[ Edited ]
jeffkdanies
Not applicable
Posts: 1
4638     0

Can anyone here help me with the error your windows will expire soon? I am getting this error again and again.

Showing results for 
Search instead for 
Do you mean 

Recommended for You