11.4 Summary

This chapter is an overview of the security features found in DHCP and DNS on Windows Server 2003. It is not a reference for the operations and technologies behind either DHCP or DNS. You should now be familiar with the basic lack of security in DHCP. Although there are ways to help buttress the security of a DHCP network, the protocol itself simply isn't secure. If this presents an issue that must be addressed, you must address it by finding another IP addressing solution.

DNS, as we've seen, is a name resolution scheme that was designed without security. Unlike with DHCP, there have been significant inroads in appending security to this scheme. There are many ways to help provide additional security on the DNS database. Although some of them are configured by default, all require planning before implementation. And DNS does require periodic manual auditing to ensure that the configuration is correct and that no cache pollution is occurring.