Question : How to secure external DNS running Windows 2003 server that allows non secure dynamic updates

Hi Experts,

We are working on high availability for our IIS servers both in DMZ in 2 different sites. We are hosting our own external dns. The 3 servers mentioned above are only on workgroup and they are not joined to the domain. We have a script running in the standby IIS server which constantly checks the services running in productin IIS server. In the event the production IIS server's service is down, it will automatically do a failover. For this to work, the script needs to update the external dns to point the www record to the standby IIS server's IP address and non-secure dynamic update must be allowed. But our concern is the security will be at risk. Is there any workaround for this? For your info, we have abandon the idea of joining the servers to the domain. Thanks for any advices.

Answer : How to secure external DNS running Windows 2003 server that allows non secure dynamic updates

Back again.

I've tested this and it works against my 2003 DNS Server here. One downside to it is that you have to hard-code the username and password used for it, meaning they're not encrypted.

We can add more logic to it, if required, so it can swap the IP Address around.

One last bit, this is VbScript, it will need saving as .vbs.

Const DNS_SERVER = "ServerName"
Const DOMAIN_NAME = "yourdomain.com."            ' Trailing . must be included
Const NODE_NAME = "host.yourdomain.com."      ' Trailing . must be included
Const IP_ADDRESS = "1.2.3.4"

Const AUTH_USER = "UserName"
Const AUTH_PASSWORD = "AccountPassword"
Const AUTH_DOMAIN = "YourNetBIOSDomain"

Set objSWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objSWbemLocator.ConnectServer(DNS_SERVER, _
"root\MicrosoftDNS", _
AUTH_USER, _
AUTH_PASSWORD, _
"MS_409", _
"ntlmdomain:" & AUTH_DOMAIN)

Set colItems = objWMIService.ExecQuery("SELECT * FROM MicrosoftDNS_AType WHERE DomainName='" & DOMAIN_NAME & "'",,48)

For Each objItem in colItems
      If LCase(objItem.OwnerName) = LCase(NODE_NAME) Then
            objItem.Modify "", IP_ADDRESS
      End If
Next

Set colItems = Nothing
Set objWMIService = Nothing
Set objSWbemLocator = Nothing

Random Solutions

Trying to add a Windows 2000 Server to a Novell 4.11

Netchatspy monitoring windows messenger ports

Getting Remote Desktop Connection to work on a LAN

Why a company need T1 over DSL?

How do I sync a folder on a mapped network drive to a folder on a workstation c drive?

Lock Down TCP Port 25

Java obfuscation problem

Server 2003 NAT topology configuration

Remote Desktop through the Internet

XP Pro (DOS Mode) access Btrieve 7.0 ERROR 91