DDNS Nonsecure and Secure Question

[dalsoth]

A quick question to anyone with some knowledge of DNS settings. I am running an Active Directory Integrated Zone with dynamic updates. Currently we have the DNS setting on the forward lookup zones for each DC as "nonsecure and secure".

I am aware that if we changed this to "secure", then only the client that updated the host record could alter it or delete it. I assume that i could delete these records myself from within DNS as administrator if needs be but was wondering what other reasons might i want to keep this as non secure and secure?

I am asking because as i understand it, only members of our AD domain would be allowed to register in DNS. Would this not be the most secure way to work? Or would this affect non Microsoft servers such as Smartcache2 on Redhat Linux and our Expresso box? I could and have added these sorts of host records and pointers myself in the past when needed. What about home laptops using our guest wireless trapeze network that are not part of AD? Would they have any issues using the smartpass guest network or would they not care at all about internal DNS servers? Just trying to gauge if i am missing something really obvious as to why RM would set it up this way.

This is a CC3 server if it makes any difference. Is anyone out there with a CC3 network running secure? Any issues? I have never really considered this as a problem but if you have the opportunity to tighten and secure things without causing other issues then you should try.

Any advice is appreciated. If i have been less than clear i apologise.

[bossman]

@dalsoth:

Ours is set for secure and we have had no problems for forward and reverse lookup.

We also use linux servers on our system also.

Hope this helps.