What are the practical risks of enabling the unsecure DNS updates on Windows?

domain-name-system active-directory dhcp internal-dns

Solution 1:

Insecure

You should basically never, ever allow non-secure updates. Personally I don't even like that the DNS server even allows you to turn off secure updates. This allows anyone on your network (like a hacker) to register DNS records with no Active Directory authentication required. This would allow the attacker to "spoof" a DNS name on your network and redirect people to another server than the one they thought they were going to.

Another example of when this setting can ruin your day accidentally rather than maliciously... someone turned secure updates off... all of the HP ILOs (out of band management) on all the machines on the network were suddenly able to start dynamically registering their own DNS records... but the ILOs were named the same as the servers, so they overwrote the host servers' DNS records!

Disabling secure updates is a terrible idea. Just don't.

For a possible solution for getting your Linux clients to leverage DHCP in order to register DNS records securely, this might help: Register A records for my Linux box on my Windows 2008 DNS/DHCP server

Related

How to disable automatic scheduled Puppet runs that occur every 30 minutes?
How to kill processes unresponsive to kill -9
How to disable ssl plugin on MySQL 5.7 server?
Disabling Windows Server 2008 firewall
Unable to use "Web deploy" on Windows Server 2012 HTTP ERROR 404.7
554 - Sending MTA’s poor reputation
How does a 32-bit machine support more than 4 GB of RAM?
Google cloud unable to connect to the VM on port 22
Cannot connect to MongoDB in docker
control a bash script with variables from an external file
Windows 2003 GPO Software Restrictions
why is it wrong to call functions with parentheses in Powershell?