dynamic DNS not working.

Discussion in 'DNS Server' started by geekmirth, Aug 19, 2005.

  1. geekmirth

    geekmirth Guest

    Hello,

    I'm having a DNS problem where my dhcp server is not populating records in
    DNS. I was wondering if anyone had seen this issue and might know how to
    resolve it.

    I have a small domain. Two servers, both running DNS (AD intergrated) and
    the second server is running DHCP. I have dhcp addresses reserved for
    specific mac addresses. I also have set on the dhcp server to populate PTR
    and A records on the DNS server reguardless of weaterh or not the client
    requests it. I also have the DNS server accepting secure and non-secure
    connections to update. (This will change once I can get it to work.)

    As I understand it the DHCP server, once it assigns an address to a client
    should populate the DNS server with the appropriate information. But isn't
    the case. It is not populating the server at all. the weird thing is that
    they are the same machine. There are no weird firewalls in the way, and the
    two servers are fairly fresh.

    Any assistance would be helpfull.

    Thanks in advance.
    --Gene
     
    geekmirth, Aug 19, 2005
    #1
    1. Advertisements

  2. Do you have option 015 defined with the domain name?

    Assuming this is Win2k3, have you created a user account and set DHCP up
    with this account to authenticate with DNS?
    See "Security considerations when you use the DnsUpdateProxy group" in this
    article:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;816592#XSLTH4238121122120121120120

    Does the DC point to its own address for DNS?





    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 19, 2005
    #2
    1. Advertisements

  3. In
    Also would like to add, the DHCP server itself needs to only point to the
    internal DNS server so it knows where to send the request to. Also, the
    Primary DNS Suffix needs to be set on the client machine requiring
    registering into the zone if it's Win2000 or newer, since by default they
    will reg thremselves unless DHCP is forced to do so.

    --
    Regards,
    Ace

    Please direct all replies ONLY to the Microsoft public newsgroups
    so all can benefit.

    This posting is provided "AS-IS" with no warranties or guarantees
    and confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
    Microsoft Windows MVP - Windows Server - Directory Services
    Infinite Diversities in Infinite Combinations.
    =================================
     
    Ace Fekay [MVP], Aug 19, 2005
    #3
  4. geekmirth

    geekmirth Guest

    Hello all,

    Thanks for your ideas, but there doesn't seem to be any change. I am (and
    have been) using option 15 with the full Domain name. These are 2003 servers
    and before I wasn't using an account but have since created an account, set
    that account in the credentials option for the DHCP server and given that
    user full control on the DNS servers with no change.

    One thing we have noticed is that we can get it to work if we edit the
    "Primary DNS suffix of this computer" option under Computer Name Change in
    the system control panel. If the DNS reg. is supposed to be controlled by
    the DHCP and removed from the client, this doesn't make any since. Is this
    option available in the DHCP server?

    As a note:
    Both Domain controlers are using eachother for DNS resolution.
    The DNS tab on the Scope entry in DHCP lists "Always dynamically update DNS
    A and PTR records." as well as "Discard A and PTR records when lease is
    deleted" and "Dynamically update DNS A and PTR records for DHCP clients that
    do not request updates..."

    There has to be something I'm missing I just can't find any documentation on
    it.

    --Gene



    "Ace Fekay [MVP]"
     
    geekmirth, Aug 19, 2005
    #4
  5. In
    Here's a list that Todd started that I further expanded on:

    By default, dynamic registration just plain-old works as long as:

    1. The Primary DNS Suffix matches the zone name that is allowing updates.
    Otherwise the client doesn't know what zone name to register in. You can
    also have a different Conneciton Specific Suffix in addition to the Primary
    DNS Suffix to register into that zone as well.

    2. The DNS addresses configured in the client's IP properties must ONLY
    reference the DNS server(s) hosting the AD zone you want to update in. You
    cannot use an external DNS in any machine's IP property in an AD
    environment. You can't mix them either. That's because of the way the DNS
    Client side resolver service works. Even if you mix up internal DNS and
    ISP's DNS addresses, the resolver algorithm can still have trouble asking
    the correct DNS server. It will ask the first one first. If it doesn't get a
    response, it removes the first one from the eligible resolvers list and goes
    to the next in the list. It will not go back to the first one unless you
    restart the machine, restart the DNS Client service, or set a registry entry
    to cut the query TTL to 0. The rule is to ONLY use your internal DNS
    server(s) and configure a forwarder to your ISP's DNS for efficient Internet
    resolution.

    3. DHCP Option 006 for the clients are set to the same DNS server.

    4. If using DHCP, DHCP server must only be referencing the same exact DNS
    server(s) in it's own IP properties in order for it to 'force' (if you set
    that setting) registration into DNS. Otherwise, how would it know which DNS
    to send the reg data to?

    5. If the AD DNS Domain name is a single label name, such as "EXAMPLE", and
    not the proper format of "example.com" and/or any child of that format, such
    as "child1.example.com", then we have a real big problem. DNS will not allow
    registration into a single label domain name.
    This is for rwo reasons:
    1. It's not the proper hierachal format. DNS is
    hierarchal, but a single label name has no hierarchy.
    It's just a single name.
    2. Registration attempts causes major Internet queries
    to the Root servers. Why? Because it thinks the
    single label name, such as "EXAMPLE", is a TLD
    (Top LEvel Domain), such as "com", "net", etc. It
    will now try to find what Root name server out there
    handles that TLD. In the end it comes back to itself
    and then attempts to register.
    Due to this excessive Root query traffic, which ISC found from a study that
    found Microsoft DNS server causing excessive traffic because of single label
    names, stopped the ability to register into DNS with Windows 2000 SP4, XP
    SP1, (especially XP,which cause lookup problems too), and Windows 2003.

    6. AD/DNS zone is not configured to allow dynamic updates, whether Secure or
    Secure and Non-Secure. If a client is not joined to the domain, and the zone
    is set to Secure, it will not register either.

    7. 'Register this connection's address" on the client is not enabled under
    the NIC's IP properties, DNS tab.

    8. Maybe there's a GPO set to force Secure updates and the machine isn't a
    joined member of the domain.

    9. DHCP client service not running. This is a requirement for DNS
    registration and DNS resolution even if the client is not actually using
    DHCP.


    So in essence, as long as you do not reference any DNS servers that do not
    host the AD zone, (no ISP's DNS servers can be in any machine's IP
    properties),
    and you leave everything else default, this just works. No registry
    modifications
    are required.

    If you feel this wasn't helpful, I think it's time to ask for more specific
    configuration information, such as:

    1. ipconfig /all from a client and from your DC(s)
    2. The DNS domain name of AD (found in ADUC)
    3. The zonename in your Forward Lookup Zones in DNS
    4. If updates are set to allow under zone properties
    5. If this machine has more than one NIC
    6. Do you have a firewall? If so, what brand?
    7. Is/are forwarder(s) configured?
    8. Do the SRV records exist under your zone name?
    9. Event ID errors?

    Thanks

    Ace
     
    Ace Fekay [MVP], Aug 20, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.