You can use this procedure to control who can update or remove a resource record from a zone. For more information, seeSecuring DNS Resource Records.

Membership in the DnsAdmins or the Domain Admins group in Active Directory Domain Services (AD DS), or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

To modify security for a resource record

  1. Open DNS Manager.

  2. In the console tree, click the applicable zone.

  3. In the details pane, click the record that you want to view.

  4. On the Action menu, click Properties.

  5. On the Security tab, modify the list of member users or groups that are allowed to securely update the applicable record and reset their permissions as needed.

Additional considerations

  • To open DNS Manager, click Start, point to Administrative Tools, and then click DNS.

  • Secure dynamic updates are only supported or configurable for resource records in zones that are stored in Active Directory Domain Services (AD DS).

  • Security settings that are applied to resource records affect only dynamic updates. These security settings do not affect who may administer the zone where these resource records are located. For information about the security settings that affect who may administer a zone, see "Additional references."

  • Resource records with the same name share the same resource record security settings. The names of resource records are listed in the Name column of DNS Manager.

Additional references

  • Add an Alias (CNAME) Resource Record to a Zone
  • Use Aging and Scavenging