Microsoft® Windows® Security Resource Kit, Second Edition

Use Active Directory–integrated zones with secure dynamic updates. Active Directory–integrated zones implement all DNS resource records as dnsNode objects in Active Directory. The dnsNode objects are protected against modification by security principals—not assigned permissions—in the object’s DACL. To host Active Directory–integrated zones, the DNS service must be running on a Windows 2000 or Windows Server 2003 domain controller. DNS servers installed on member servers or workgroup members cannot host Active Directory–integrated zones.
Implement DNS zones in forestwide application partitions for the forest root domain and other domains that are accessed frequently from all other domains in the forest. Application partitions can ...

Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Microsoft® Windows® Security Resource Kit, Second Edition by Ben Smith, Brian Komar, The Microsoft Security Team