Dynamic Update of A&PTR Records - Best Practice?

Discussion in 'DNS Server' started by Richard Tubb, Aug 29, 2005.

  1. Richard Tubb

    Richard Tubb Guest

    Hi,

    I'm looking for some advice on the pros/cons of turning on the option within
    the DHCP Server that says "Always Dynamically Update A & PTR Records".

    We run a Windows 2003 AD network with a DC running DHCP and DNS. On the
    workstation we have Windows XP Professional.

    I understand that Windows XP clients, by default, automatically update their
    DNS A record when renewing IP address allocations from DHCP, but not PTR
    records.

    Is there any reason why you would not turn on this option, so that PTR
    records are kept upto date without manual intervention?

    I'm interested to understand the reasoning behind turning on/off this
    option - whether it's a case of needing it when you use legacy clients that
    don't automatically update records in DNS, or some other valid reason.
    Thanks for any assistance offered!

    Regards,

    Richard Tubb.
    www.netlinktrading.co.uk
     
    Richard Tubb, Aug 29, 2005
    #1
    1. Advertisements

  2. Hello Richard,

    Thank you for using newsgroup!

    Based on my knowledge, if the PTR Records can not be updated, this issue
    may occur if following conditions are true:
    a) The DNS server does not support the DNS dynamic update protocol;
    b) The authoritative zone where these records are to be registered does not
    allow dynamic updates.

    To register DNS pointer (PTR) resource records, please use the specific DNS
    domain name and IP addresses for this adapter. Reverse Lookup Zones on the
    DNS Servers were not set to allow Dynamic Updates. Please set them to Yes
    to allow dynamic update.

    As far as I know, by default, computers that run Windows Server 2003 and
    that are statically configured for TCP/IP try to dynamically register host
    address (A) and pointer (PTR) resource records for IP addresses that are
    configured and used by their installed network connections. By default, all
    computer register records are based on the full computer name.

    For Windows Server 2003-based computers, the primary full computer name is
    a fully qualified domain name (FQDN). Additionally, the primary full
    computer name is the primary DNS suffix of the computer that is appended to
    the computer name. To determine the primary DNS suffix of the computer and
    the computer name, right-click My Computer, click Properties, and then
    click Computer Name.

    DNS updates can be sent for any one of the following reasons or events:
    1. An IP address is added, removed, or modified in the TCP/IP properties
    configuration for any one of the installed network connections.
    2. An IP address lease changes or renews any one of the installed network
    connections with the DHCP server. For example, this update occurs when the
    computer is started or when you use the ipconfig /renew command.
    3. You use the ipconfig /registerdns command to manually force an update of
    the client name registration in DNS.
    4. The computer is turned on.
    5. A member server is promoted to a domain controller.
    When one of these events triggers a DNS update, the DHCP Client service,
    not the DNS Client service, sends updates. If a change to the IP address
    information occurs because of DHCP, corresponding updates in DNS are
    performed to synchronize name-to-address mappings for the computer. The
    DHCP Client service performs this function for all network connections on
    the system. This includes connections that are not configured to use DHCP.

    Windows DHCP clients and DNS dynamic update protocol
    ========================
    DHCP clients that are running Windows Server 2003, Windows 2000, Windows
    XP, or earlier operating systems can interact differently when they perform
    the DHCP/DNS interactions. The following examples show how this process
    varies in different cases.

    Here is an example of a DHCP/DNS update interaction for Windows Server
    2003-based, Windows 2000-based, and Windows XP-based DHCP clients.
    Clients that are running Windows Server 2003, Windows 2000, or Windows XP
    DHCP interact with DNS dynamic update protocol in the following manner:
    1. The client initiates a DHCP request message (DHCPREQUEST) to the server.
    The request includes option 81.
    2. The server returns a DHCP acknowledgement message (DHCPACK) to the
    client. The client grants an IP address lease and includes option 81. If
    the DHCP server is configured with the default settings, option 81 tells
    the client that the DHCP server will register the DNS PTR record and that
    the client will register the DNS A record.
    3. Asynchronously, the client sends a DNS update request to the DNS server
    for its own forward lookup record, a host A resource record.
    4. The DHCP server registers the PTR record of the client.

    For more related detailed information, I suggest you refer to the following
    articles:

    Configuring Dynamic Update and Secure Dynamic Update in Windows Server 2003
    <http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepK
    it/5ec74168-3ed2-432b-b0d3-c0abce61c77e.mspx>

    816592: How to configure DNS dynamic updates in Windows Server 2003
    http://support.microsoft.com/default.aspx?scid=kb;en-us;816592

    Troubleshooting dynamic updates: Domain Name System(DNS)
    <http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
    erHelp/1583e419-88a6-4062-8807-d9eea99e3b42.mspx>

    294785: New Group Policies for DNS in Windows Server 2003
    http://support.microsoft.com/default.aspx?scid=kb;en-us;294785

    I hope that helps!

    Thanks & Regards,

    Ken Zhao

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.


    Newsgroup Web Interface Upgrade
    Please complete a one-time registration process on your first visit to the
    Partner Portal beginning July 11, 2005 at 9 A.M. PST by entering the secure
    code mspp2005 when prompted. This secure code will be valid for 6 months
    after which you will need to update your registration by entering the new
    secure code. We will post announcements in the newsgroups prior to
    expiration. Once you have entered the secure code mspp2005 , you will be
    able to update your profile and access the the partner newsgroups. Please
    update your Favorites link to the newsgroups web page, your current link
    will redirect until November 1, 2005.
    Please post any comment, questions or concerns to the
    microsoft.private.directaccess.partnerfeedback newsgroup. For more
    information, please go to:
    https://partner.microsoft.com/global/technicalsupport/registeredsupport/4001
    4662


    --------------------
    | Reply-To: "Richard Tubb" <>
    | From: "Richard Tubb" <>
    | Subject: Dynamic Update of A&PTR Records - Best Practice?
    | Date: Mon, 29 Aug 2005 18:23:22 +0100
    | Lines: 28
    | Organization: Netlink Trading Ltd.
    | X-Priority: 3
    | X-MSMail-Priority: Normal
    | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
    | X-RFC2646: Format=Flowed; Original
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
    | Message-ID: <O2#>
    | Newsgroups: microsoft.public.windows.server.dns
    | NNTP-Posting-Host: 82-36-82-59.cable.ubr03.harb.blueyonder.co.uk
    82.36.82.59
    | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
    | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.dns:15058
    | X-Tomcat-NG: microsoft.public.windows.server.dns
    |
    | Hi,
    |
    | I'm looking for some advice on the pros/cons of turning on the option
    within
    | the DHCP Server that says "Always Dynamically Update A & PTR Records".
    |
    | We run a Windows 2003 AD network with a DC running DHCP and DNS. On the
    | workstation we have Windows XP Professional.
    |
    | I understand that Windows XP clients, by default, automatically update
    their
    | DNS A record when renewing IP address allocations from DHCP, but not PTR
    | records.
    |
    | Is there any reason why you would not turn on this option, so that PTR
    | records are kept upto date without manual intervention?
    |
    | I'm interested to understand the reasoning behind turning on/off this
    | option - whether it's a case of needing it when you use legacy clients
    that
    | don't automatically update records in DNS, or some other valid reason.
    | Thanks for any assistance offered!
    |
    | Regards,
    |
    | Richard Tubb.
    | www.netlinktrading.co.uk
    |
    |
    |
    |
    |
     
    Ken Zhao [MSFT], Aug 30, 2005
    #2
    1. Advertisements

  3. If you have this option turned on the DHCP server will become the owner of
    the record in DNS. So it becomes important how the DHCP server authenticates
    with the DNS server. In my personal experience with this setting is that it
    helps keep the reverse lookup zone clean of old PTR records left behind by
    machines that do not remove them becaue the machine was suddenly
    disconnected from the network.



    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Aug 30, 2005
    #3
  4. Hi Kevin,

    Thanks a lot for your experience sharing!

    Ken Zhao

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.


    Newsgroup Web Interface Upgrade
    Please complete a one-time registration process on your first visit to the
    Partner Portal beginning July 11, 2005 at 9 A.M. PST by entering the secure
    code mspp2005 when prompted. This secure code will be valid for 6 months
    after which you will need to update your registration by entering the new
    secure code. We will post announcements in the newsgroups prior to
    expiration. Once you have entered the secure code mspp2005 , you will be
    able to update your profile and access the the partner newsgroups. Please
    update your Favorites link to the newsgroups web page, your current link
    will redirect until November 1, 2005.
    Please post any comment, questions or concerns to the
    microsoft.private.directaccess.partnerfeedback newsgroup. For more
    information, please go to:
    https://partner.microsoft.com/global/technicalsupport/registeredsupport/4001
    4662


    --------------------
    | From: "Kevin D. Goodknecht Sr. [MVP]" <>
    | References: <O2#>
    | Subject: Re: Dynamic Update of A&PTR Records - Best Practice?
    | Date: Tue, 30 Aug 2005 08:04:53 -0500
    | Lines: 53
    | X-Priority: 3
    | X-MSMail-Priority: Normal
    | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
    | Message-ID: <#>
    | Newsgroups: microsoft.public.windows.server.dns
    | NNTP-Posting-Host: ns1.lonestaramerica.com 65.65.91.209
    | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
    | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.dns:15091
    | X-Tomcat-NG: microsoft.public.windows.server.dns
    |
    | > Hi,
    | >
    | > I'm looking for some advice on the pros/cons of turning on the option
    | > within the DHCP Server that says "Always Dynamically Update A & PTR
    | > Records".
    | >
    | > We run a Windows 2003 AD network with a DC running DHCP and DNS. On
    | > the workstation we have Windows XP Professional.
    | >
    | > I understand that Windows XP clients, by default, automatically
    | > update their DNS A record when renewing IP address allocations from
    | > DHCP, but not PTR records.
    | >
    | > Is there any reason why you would not turn on this option, so that PTR
    | > records are kept upto date without manual intervention?
    | >
    | > I'm interested to understand the reasoning behind turning on/off this
    | > option - whether it's a case of needing it when you use legacy
    | > clients that don't automatically update records in DNS, or some other
    | > valid reason. Thanks for any assistance offered!
    |
    | If you have this option turned on the DHCP server will become the owner
    of
    | the record in DNS. So it becomes important how the DHCP server
    authenticates
    | with the DNS server. In my personal experience with this setting is that
    it
    | helps keep the reverse lookup zone clean of old PTR records left behind
    by
    | machines that do not remove them becaue the machine was suddenly
    | disconnected from the network.
    |
    |
    |
    | --
    | Best regards,
    | Kevin D4 Dad Goodknecht Sr. [MVP]
    | Hope This Helps
    | ===================================
    | When responding to posts, please "Reply to Group"
    | via your newsreader so that others may learn and
    | benefit from your issue, to respond directly to
    | me remove the nospam. from my email address.
    | ===================================
    | http://www.lonestaramerica.com/
    | ===================================
    | Use Outlook Express?... Get OE_Quotefix:
    | It will strip signature out and more
    | http://home.in.tum.de/~jain/software/oe-quotefix/
    | ===================================
    | Keep a back up of your OE settings and folders
    | with OEBackup:
    | http://www.oehelp.com/OEBackup/Default.aspx
    | ===================================
    |
    |
    |
     
    Ken Zhao [MSFT], Aug 31, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.