I think that the idea of a client being permitted to change it's own DNS entry is just horrible. And when we're talking about servers?? ouch. It smacks of not having proper control over your environment, and even if you're building a world of auto deploying VM's or such, you still surely want to manage it effectively. I'm pretty sure that it's not possible in any realistic way outside of the AD world. There are various threads, usually old ones, trying to make it work, but I think the security standards are too different between the real world and M$ land. I was trying last year to use nsupdate to go against AD, but even that was not possible, so I ended up having the DNS domains delegated to a BIND server so build scripts I had written could DNS entries in the loop as part of a complex kickstart build process.
I'm sure there's a way to adjust the process flow you're working with to not want this (imho awful) scenario in the first place.
Last edited by acid_kewpie; 03-15-2012 at 10:10 AM.
|