Recipe 13.18. Preventing Windows Clients from Attempting Dynamic UpdatesProblemYou've disabled dynamic updates entirely on your name servers for security reasons and want to ensure that clients don't waste processing cycles by sending dynamic updates to your servers. SolutionUsing a graphical user interfaceTo disable dynamic updates for a specific interface such as Local Area Connection, do the following:
To disable dynamic updates globally for all interfaces on a client, do the following:
On Windows Server 2003, you can also use Group Policy to disable dynamic updates on Windows XP and 2003 clients:
Using a command-line interfaceThe following command disables dynamic updates on a client configured with a static IP address and sets the name server address to 10.0.0.1: > netsh interface ip set dns "Local Area Connection" static 10.0.0.1 register=none To disable dynamic updates on a client machine that uses DHCP to acquire an IP address, use the following command: > netsh interface ip set dns "Local Area Connection" dhcp register=none And the following command globally disables dynamic updates for all interfaces on the client: > reg /add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v DisableDynamicUpdates /t REG_DWORD /d 1 Reboot the system to make this change take effect. Using VBScriptThe following VBScript automates the same registry change as outlined in the previous reg command: set objWSHShell = CreateObject("WScript.Shell") strRegKey = "HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\" objWSHShell.RegWrite strRegKey & "DisableDynamicUpdates", 1 DiscussionDisabling dynamic updates on clients will prevent them from attempting to register their A and PTR records with the name server. Note that when you set the DisableDynamicUpdates registry value to 1 on the client, the checkbox labeled "Register this connection's addresses in DNS," located on the DNS tab of the TCP/IP Advanced Properties page for each connection, is unaffected. If you later change your mind and want your client to attempt dynamic updates, change the registry value to 0 and reboot your machine. See AlsoMS KB 246804 (How to enable or disable dynamic DNS registrations in Windows 2000 and in Windows Server 2003) and MS KB 294785 (New Group Policies for DNS in Windows Server 2003) |