I am working on a case study related to risks from insecure dynamic DNS updates. Suppose there is an internal DNS configured that has a mix of static and dynamically created addresses. Consider a Windows AD integrated DNS environment.
I need some help on few of the queries below
- Can there coexist a static and a dynamically created A record for the same host - referring to different IP addresses on the DNS server? (eg. Dynamic A record created by a new system introduced on the network with same hostname)
- If yes, how would the DNS resolution happen for such cases? Can DNS query resolve to the incorrect dynamic A record instead of the static A record?
- Can this be avoided by having a secure dynamic dns configuration instead of a insecure ddns updates? If so how could secure DDNS prevent such scenario.
Any assistance on this matter wil be quite helpful.
Thanks in advance.