I have a standalone DNS server configured for "Secure and Non-Secure" dynamic updates. I also have the DHCP role installed on the same server.
How do I ensure that only the DHCP server can update records in DNS? I don't want to allow clients to update DNS records directly. I'm hoping that combined with the "Name Protection" setting in the DHCP server, at the very least the no one can maliciously overwrite an existing dynamic record.
This should be sufficient since I've configured my switch for 802.1x as well as DHCP snooping to allow only trusted DHCP assigned IP addresses on the VLAN. I'm trying to avoid Active Directory for this network.