How can a non-privileged user create a DNS record for a machine account?

Using the Invoke-DNSUpdate.ps1 script from the Powermad toolkit, a non-privileged user can add various DNS records (A, AAAA, CNAME, etc.) for machine accounts they create. This helps an attacker blend into the network or redirect services. For more on obtaining DNS records before creating them, refer to Domain Penetration - Obtaining DNS Records with Regular User Privileges.