none
Multiple DC/DNS/DHCP servers

    Question

  • Hi,

    I have a scenario where there is one W2K3 server which is a DC, DHCP and DNS server. There is another W2K8 R2 server which is also has the DC, DNS, and DHCP roles. The W2K8 R2 server previously only had the DC role and the other two roles were added to provide some redundancy. We will be replacing the W2K3 server next month with a W2K8R2 server.


    Currently, scavenging is not enabled. This is an AD environment and secure updates only are enabled. Most clients are Windows XP or Windows 7. There are some Layer 2 and 3 switches on the network as well.

    I am concerned about stale DNS entries left behind by clients as they reconnect over time.  I have read Ace's blog (http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx), and http://expresstaalk.blogspot.in/2011/09/dhcp-on-dns-scavenging-and.html. As our environment is mixed (Server 2003 and Server 2008 R2), I would really appreciate it if someone could please advise on the following:

    From what I have understood, I need to carry out the following steps:

    W2K3 DC/DNS/DHCP server: Create DHCP service credential and set DHCP service to use this, add the server to the DNSProxyUpdate Group. Enable DNS Option 81 by going to the Zone properties, DNS tab, and then selecting 'Always dymanically update DNS A & PTR Records', 'Discard A and PTR Records when lease is deleted' & 'Dynamicly Update DNS A and PTR Records for DHCP Clients that do not request updates'.

    W2K8 R2 DC/DNS/DHCP server: Create DHCP service credential and set DHCP service to use this, add the server to the DNSProxyUpdate Group. Configure Name Protection, and secure the DNSUpdateProxyGroup by running 'dnscmd /config /OpenAclOnProxyUpdates 0 ' .

    Will running 'dnscmd /config /OpenAclOnProxyUpdates 0 ' cause any issues given that the DNSProxyUpdate Group will also have the W2K3 server (with the DNS/DC/DHCP roles)?

    Additionally, is there anything else I need to do/ look out for?

    I also had a look at scavenging on the server and oddly enough, in the Zone Aging/ Scavenging Properties show the zone can be scavenged after 01/01/1601 00:00:00. Is this because scavenging has never been set?

    Thanks,

    HA

    Tuesday, October 15, 2013 12:03 PM

Answers

All replies