I decided to write this article about DHCP security features which i recommend to all admins who are responsible for Domain Controllers, DHCP, DNS, NPS, PKI and etc. What i have observed in my career till so far that many administrators do not configure all DHCP security settings.
Below i have mentioned some examples which i have experienced in my career.
1. We had a host record "WATCH" which was pointing to the IP address of a server. A user came with this home macbook and connected office LAN cable to its macbook. Our bad luck was, his macbook name was also "WATCH" and its IP address was replaced by the IP address of the Macbook.
2. We have a WiFi scope for visitors. So one day, someone came for an interview and connected his iPad to our Visitor Wifi. Suddenly our exchange team emailed me that their "SPAM" server logs have stopped working, please rectify it. When i checked, they used to have a DNS A record by the name of SPAM which was modified by a visitor Wifi IP Address. After check it more, we found that the visitor who came for an interview, his iPad name is SPAM. UUUfffffff..
3. In my first organisation, there was a problem of duplicate host records. And most of the teams like security, exchange and sccm were totally fucked up due to this issue. Issue was like, if you want to deploy something on system A it used to go on system D. If you need to run a script remotely on system D, it used to go on system G. Totally messed.
Here are the settings which i recommend for every admin.
A. Let DHCP owns DNS records.
B. Name Protection
C. Disable DNS record creation for some scopes.
