By default, the ACL gives Create permission to all members of the Authenticated User group, the group of all authenticated computers and users in an Active Directory forest.
This means that any authenticated user or computer can create a new object in the zone.
Note: “This is a modified configuration supported for DHCP servers running Windows Server 2008 and DHCP clients.
In this mode, the DHCP server always performs updates of the client’s FQDN, leased IP address information, and both its host (A) and pointer (PTR) resource records, regardless of whether the client has requested to perform its own updates.” “With secure dynamic update, only the computers and users you specify in an ACL can create or modify dns Node objects within the zone.
The use of Name Protection in the Windows Server® 2008 R2 operating system prevents name squatting by non-Windows-based computers.
Well, I will also offer the nitty gritty below the summary for those who want to read. But DHCP will register its PTR (reverse entry) record.To configure DHCP Option 081, you must look at the DHCP server properties, under the DNS Tab in DHCP properties. If you have Windows 2008 R2 or Windows 2012 R2, in addition to configuring the DNS tab to force registration, you still must configure credentials and add the server to the Dns Update Proxy group.Despite it being a DHCP Option, it’s not found in a DHCP server, scope or class option. After configuring the above provedure, the credentials and Dns Update Proxy group configuratuion will not update current or delete duplicate records. If DHCP is on a Windows 2008 R2 DC, to protect the DC when using the Dns Update Proxy group, you must secure the group by running: dnscmd /config /Open Acl On Proxy Updates 0 Using “DHCP Name Protection.” will register A and PTR record on behalf of a client, and will prevent a workstation (non-Windows) Name Squatting, meaning using a name that another machine (non-Windows or Windows) client that DHCP already registered , from registering it’s name.For example, some folks believe that the DNS servers or other DCs not be running DHCP should be in it. Make sure that NO user accounts are in that group, either.(I hope that’s crystal clear – you would be surprised on the number of responses I get asking if the DHCP credentials should be in this group.) You Just to be crystal clear, this means that if the lease is an 8 day lease, than NOREFRESH should be 4 (four) and REFRESH should be 4 (four) so when you add them together, they are not greater than the lease length.