DHCP entries slow showing up in DNS

Hi,

On my Win2k3 server I have both DHPC and DNS installed and DHCP is updating
entries in DNS when it hands out ip addresses from the pool. However it
takes a long time to update the DNS with the new A resource. Is there a way
to speed it up? Sometimes it takes a couple of days.

--
Rui

"ruic" <> wrote in message
news:...
> Hi,
>
> On my Win2k3 server I have both DHPC and DNS installed and DHCP is
> updating entries in DNS when it hands out ip addresses from the pool.
> However it takes a long time to update the DNS with the new A resource. Is
> there a way to speed it up? Sometimes it takes a couple of days.
>
> --
> Rui
>


You should see a registration entry within 15 minutes, 30 minutes tops if in
the same site with mutltiple DC/DNS servers, depending on the number of DCs
that are DNS, etc. If expecting to see it in another site, it depends on
replication schedule.

How many DNS servers do you have? Which one is the client pointing to as the
first entry in it's DHCP scope? Are you only using the internal DNS servers,
or is there a mix of internal and external? Refreshing the console
frequently until you see it appear?

Is there a way to speed it up? NOpe. By default you should see it within a
reasonable time as mentioned. Otherwise, there's a misconfiguration.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Thanks for your input.

There's only one server with DNS it is the DC. After 15 minutes it does show
up in the reverse lookup zone but not in the forward lookup zone.

I did have the DHCP server giving out another DNS as the first listed while
testing so as not to break users DNS resolution. I've now changed it back to
the DC's DNS, I'll see if that's the problem and THAT was the problem!

Thanks for you suggestions.

Rui



"Ace Fekay [MCT]" <> wrote in message
news:...
> "ruic" <> wrote in message
> news:...
>> Hi,
>>
>> On my Win2k3 server I have both DHPC and DNS installed and DHCP is
>> updating entries in DNS when it hands out ip addresses from the pool.
>> However it takes a long time to update the DNS with the new A resource.
>> Is there a way to speed it up? Sometimes it takes a couple of days.
>>
>> --
>> Rui
>>
>
>
> You should see a registration entry within 15 minutes, 30 minutes tops if
> in the same site with mutltiple DC/DNS servers, depending on the number of
> DCs that are DNS, etc. If expecting to see it in another site, it depends
> on replication schedule.
>
> How many DNS servers do you have? Which one is the client pointing to as
> the first entry in it's DHCP scope? Are you only using the internal DNS
> servers, or is there a mix of internal and external? Refreshing the
> console frequently until you see it appear?
>
> Is there a way to speed it up? NOpe. By default you should see it within a
> reasonable time as mentioned. Otherwise, there's a misconfiguration.
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
> 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>
>
>

"ruic" <> wrote in message
news:...
> Thanks for your input.
>
> There's only one server with DNS it is the DC. After 15 minutes it does
> show up in the reverse lookup zone but not in the forward lookup zone.
>
> I did have the DHCP server giving out another DNS as the first listed
> while testing so as not to break users DNS resolution. I've now changed it
> back to the DC's DNS, I'll see if that's the problem and THAT was the
> problem!
>
> Thanks for you suggestions.
>
> Rui
>

Rui,

What is the "other" DNS server you were listing?

First thing I must say, is NEVER use an ISP's DNS, the router as a DNS
address, or anything else other than AD's DNS, which is your DC in your
case. Otherwise, expect problems.

If there are any event log errors, please post the EventID# and we can help
you with fixing them.

If you are listing anything other than your DC for DNS, it will be inviting
problems with AD and authentication. I bet this is what the cause of entries
not showing up in DNS. This is because AD must only use it's own internal
DNS servers, because that is where all the AD info is stored and how clients
"find" the DC, such as when they logon, authenticate to a printer, etc. So
if you use an ISP's DNS server, the client will be asking the ISP's DNS
server, "where is my DC so I can authenticate to logon," however the ISP's
DNS server does not have info about your internal AD DCs.

Also the Primary DNS Suffix must match the zone name. The zone name must
allow updates.

Other things that will cause problems with AD, authentication, DNS
registration, etc, are:
1. Multihomed DCs (a DC with more than one NIC and/or IP address, and/or
with RRAS installed)- non SBS.
2. Single label name AD DNS domain name (domain name is "domain" instead of
required minimal format of "domain.something")
3. ISA installed on a DC (non-SBS)
4. DC is set to use some other DNS other than itself or other internal DCs
for DNS.
5. The Primary DNS Suffix on a machine (DC or client) must match the zone
name, or no entries will register. If the DC's Primary DNS Suffix does not
match the zone name, it is a condition called a "Disjointed Namespace."

And no, resolution internally or for the internet, will not break if you
only use your DC. DNS is designed to use Root Hints to resolve queries for
external (internet) names.

Configure a Forwarder for efficient internet resolution. This way it will
use your ISP's for external resolution instead of Root Hints. If not sure
how, follow this article:
323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003
(including how to configure a Forwarder) :
http://support.microsoft.com/?id=323380

Some more info below to understand what I am talking about.

Best practices for DNS client settings in Windows 2000 Server and in Windows
Server 2003
http://support.microsoft.com/?id=825036

DNS and AD (Windows 2000 & 2003) FAQ:
http://support.microsoft.com/?id=291382

Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
Domain
http://support.microsoft.com/?id=555040




Ace

The other DNS server was a Netware server.

I also found out that unchecking "Register this connection's addresses in
DNS" in the DNS tab of Advanced TCP/IP settings makes things go a lot faster
for computers not joined to the domain.

The whole thing is working great now! Once again thanks for your help.

Rui


"Ace Fekay [MCT]" <> wrote in message
news:...
> "ruic" <> wrote in message
> news:...
>> Thanks for your input.
>>
>> There's only one server with DNS it is the DC. After 15 minutes it does
>> show up in the reverse lookup zone but not in the forward lookup zone.
>>
>> I did have the DHCP server giving out another DNS as the first listed
>> while testing so as not to break users DNS resolution. I've now changed
>> it back to the DC's DNS, I'll see if that's the problem and THAT was the
>> problem!
>>
>> Thanks for you suggestions.
>>
>> Rui
>>
>
> Rui,
>
> What is the "other" DNS server you were listing?
>
> First thing I must say, is NEVER use an ISP's DNS, the router as a DNS
> address, or anything else other than AD's DNS, which is your DC in your
> case. Otherwise, expect problems.
>
> If there are any event log errors, please post the EventID# and we can
> help you with fixing them.
>
> If you are listing anything other than your DC for DNS, it will be
> inviting problems with AD and authentication. I bet this is what the cause
> of entries not showing up in DNS. This is because AD must only use it's
> own internal DNS servers, because that is where all the AD info is stored
> and how clients "find" the DC, such as when they logon, authenticate to a
> printer, etc. So if you use an ISP's DNS server, the client will be asking
> the ISP's DNS server, "where is my DC so I can authenticate to logon,"
> however the ISP's DNS server does not have info about your internal AD
> DCs.
>
> Also the Primary DNS Suffix must match the zone name. The zone name must
> allow updates.
>
> Other things that will cause problems with AD, authentication, DNS
> registration, etc, are:
> 1. Multihomed DCs (a DC with more than one NIC and/or IP address, and/or
> with RRAS installed)- non SBS.
> 2. Single label name AD DNS domain name (domain name is "domain" instead
> of required minimal format of "domain.something")
> 3. ISA installed on a DC (non-SBS)
> 4. DC is set to use some other DNS other than itself or other internal DCs
> for DNS.
> 5. The Primary DNS Suffix on a machine (DC or client) must match the zone
> name, or no entries will register. If the DC's Primary DNS Suffix does not
> match the zone name, it is a condition called a "Disjointed Namespace."
>
> And no, resolution internally or for the internet, will not break if you
> only use your DC. DNS is designed to use Root Hints to resolve queries for
> external (internet) names.
>
> Configure a Forwarder for efficient internet resolution. This way it will
> use your ISP's for external resolution instead of Root Hints. If not sure
> how, follow this article:
> 323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003
> (including how to configure a Forwarder) :
> http://support.microsoft.com/?id=323380
>
> Some more info below to understand what I am talking about.
>
> Best practices for DNS client settings in Windows 2000 Server and in
> Windows Server 2003
> http://support.microsoft.com/?id=825036
>
> DNS and AD (Windows 2000 & 2003) FAQ:
> http://support.microsoft.com/?id=291382
>
> Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
> Domain
> http://support.microsoft.com/?id=555040
>
>
>
>
> Ace
>
>
>
>
>
>

"ruic" <> wrote in message
news:%...
> The other DNS server was a Netware server.
>
> I also found out that unchecking "Register this connection's addresses in
> DNS" in the DNS tab of Advanced TCP/IP settings makes things go a lot
> faster for computers not joined to the domain.
>
> The whole thing is working great now! Once again thanks for your help.
>
> Rui
>

Glad to hear it is working now. If a machine is not joined, it won't have a
Primary DNS Suffix, so with the connection to try to register, would be
unnecessary, which I'm glad you unchecked it. You can add Dhcp Option 015
and provide the domain name, which becomes the connection specific suffix,
and the check box in IP properties of that connection, will register into
DNS, as long as the zone allows Secure AND Unsecure updates.

I haven't worked with Netware servers, but from what I understand, they do
not support all the features that AD needs.

Ace