You can use this procedure to control who can update or remove a resource record from a zone. For more information, seeSecuring DNS Resource Records.
Membership in the DnsAdmins or the Domain Admins group in Active Directory Domain Services (AD DS), or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.
|To modify security for a resource record|
Open DNS Manager.
In the console tree, click the applicable zone.
In the details pane, click the record that you want to view.
On the Action menu, click Properties.
On the Security tab, modify the list of member users or groups that are allowed to securely update the applicable record and reset their permissions as needed.
- To open DNS Manager, click Start,
point to Administrative Tools, and then click
- Secure dynamic updates are only supported or
configurable for resource records in zones that are stored in
Active Directory Domain Services (AD DS).
- Security settings that are applied to
resource records affect only dynamic updates. These security
settings do not affect who may administer the zone where these
resource records are located. For information about the security
settings that affect who may administer a zone, see "Additional
- Resource records with the same name share the
same resource record security settings. The names of resource
records are listed in the Name column of DNS Manager.