Secure updates work as expected with no configuration in a plain DNS/AD deployment pointing to authoritative DNS servers. Non authoritative servers will not be able to update DNS and may require requisition or/and VPN client to be able to talk to the authoritative DNS servers as the non authoritative servers need to set certain flags and refer the client to the authoritative DNS servers. 


The caveats are usually due to how DNS is deployed and the environment itself. 



Very interesting topic for us as well.


If it does register itself, do you not face the problem, that it will not only update the IP from the VPN adapter (I assume that is what Valeri was suggesting is happening), but also from the other IPs it has.


With Cisco ASA we had this issue as also the Cisco ASA did not do properly DHCP with the correct domain, so the DHCP server could not updated the correct record (wrong domain in a multi-domain environment). So the client was able to register, but as I said this then had the consequence of registering 10.x 192.x and other IP addresses as well. You could then restrict updates from clients, but we never really worked out the right way to do it.


We have that same problem. The VPN-connected clients updates our DNS with both IP adresses of VPN Adapter and the Wifi/LAN adapter (which has a "home network" IP).

Does anyone know if the VPN client provides any possibility to only register the VPN adapters IP?

We do not want to switch off DNS auto-update on the WiFI/LAN adapter scince that would cause problems whren the client is connected toc orporate network.

