DHCP Not Updating DNS 2008 Server
-
quinta-feira, 13 de maio de 2010 18:17
I have a 2008 DC with AD integrated dynamic updates (secure only) set on DNS and DHCP scope set to Enable DNS dynamic updates according to, Always dynamically update DNS A and PTR records. And Discard A and PTR records when lease is deleted. However, it seems our laptops have 2 IPs. One for LAN and one for Wireless. Only the Wireless IP is registering in DNS on the DC and not the LAN IP. I can see in DHCP a pen icon by each fqdn wireless but no pen next to the LAN IP. How can I get both IPs into DNS? And why is DHCP not adding all its IPs into DNS? Thanks...
- Tipo Alterado Tiger LiModerator sexta-feira, 21 de maio de 2010 08:40
Todas as Respostas
-
quinta-feira, 13 de maio de 2010 23:21On Thu, 13 May 2010 18:17:57 +0000, MarcGel wrote:>>>I have a 2008 DC with AD integrated dynamic updates (secure only) set on DNS and DHCP scope set to Enable DNS dynamic updates according to, Always dynamically update DNS A and PTR records. And Discard A and PTR records when lease is deleted. However, it seems our laptops have 2 IPs. One for LAN and one for Wireless. Only the Wireless IP is registering in DNS on the DC and not the LAN IP. I can see in DHCP a pen icon by each fqdn wireless but no pen next to the LAN IP. How can I get both IPs into DNS? And why is DHCP not adding all its IPs into DNS? Thanks...The pen icon means "Active lease, DNS dynamic update pending. Thisaddress is not available for lease by the DHCP server."DHCP Tech Reference:http://technet.microsoft.com/en-us/library/cc781580.aspxAlso, it may mean that if it is stuck on the pencil icon, it means itcannot update the record in DNS because it already exists and DHCPserver does not own the record, the client machine does, and thereforethe DHCP server cannot update the record. One way to get around thatis to force DHCP to own the record, but there are few steps you needto perform to enable this feature, as well as set scavenging options.Please read my blog in the following link explaining this and ahow-to.DHCP, Dynamic DNS Updates, Scavenging, static entries & timestamps,and the DnsProxyUpdate Group (How to remove duplicate DNS hostrecords)http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspxI hope you find it helpful.Ace
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
sexta-feira, 14 de maio de 2010 18:24I'm not sure this information specifically addresses the issue where only one IP for each machine is getting registered in DNS when each machine (being laptops) have two (one for wireless, one for LAN). I'd like to see 2 cnames in DNS, but it looks like only the wireless IPs are getting registered. Also, I'm not seeing Option 81 in DHCP. Not sure that's why there's a problem or not. Thoughts?
-
segunda-feira, 17 de maio de 2010 04:57On Fri, 14 May 2010 18:24:27 +0000, MarcGel wrote:>I'm not sure this information specifically addresses the issue where only one IP for each machine is getting registered in DNS when each machine (being laptops) have two (one for wireless, one for LAN). I'd like to see 2 cnames in DNS, but it looks like only the wireless IPs are getting registered. Also, I'm not seeing Option 81 in DHCP. Not sure that's why there's a problem or not. Thoughts?Hi MarcGel,Option 081 is actually the DNS tab in DHCP properties (right-clickDHCP server name, choose properties, click on the DNS tab). All thoseselections and options are essentially Option 081.As for why the wireless and not the wired, more than likely becausethe wireless is the active interface, assuming they are not plugged inand connected wirelessly. If they had at any one time registered, suchas when originally setting up the laptop, and you have scavengingselected, or ven the selection to Discard the lease is up, therefore,if was scavenged or the wired connection lease was up, then you wopldno longer see the wireless IP registration in DNS, unless whenoriginally configured they never were plugged in?Also, you wouldn't see a CNAME registered, rather you would see aHostname (an "A" record) in DNS.Besides, it *seems* what you are looking for, is duplicate records? Soyou would have a laptop with two entries, one for the wireless and onefor the wired interface? Is that what you want it to do? Many IT folksusually opt to not have this, since it causes issues with connectivitytrying to manage the laptop, especially if using management tools,such as SMS.Ace
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
terça-feira, 18 de maio de 2010 01:17Moderador
Hi MarcGel
As I understand that your issue is the DHCP record can’t be registered in DNS server.
If I misunderstand please let me knowIs there any reservation setting for wireless NIC on you DHCP server ?
Is this happen only one particular computer or all computer which has multi NIC? And Is the issue laptop a member computer of domain ?
Have you attempt to use “ipconfig /release” and “ipconfig /renew” on your laptop for re-register the DNS record ?The DHCP server require the client's Option 81 to update the pointer (PTR) and Host (A) resource records of DNS server.
Please understand that Option 81 is not listed in the Scope Options nor the Server Options in DHCP. As Fekay said the option 81 is the setting of DNS tab in DHCP properties.
You can also check the option 81 setting value with show optionvalue switch of netsh command
Please reference this articleThe values that appear for DHCP option 81 and the corresponding GUI meanings that are shown in the DHCP MMC snap-in in Windows Server 2003
http://support.microsoft.com/kb/945397Using DNS servers with DHCP
http://technet.microsoft.com/en-us/library/cc787034(WS.10).aspx
Please refer to this post where we discussed the same issue:
Clients can't register in DNS server.
DNS server is not updating
Thanks
Tiger LI
-
terça-feira, 18 de maio de 2010 16:50
Hi Ace,
Sorry, I meant hostname A record. But I think you're right about the scavenging. It was set to 1 day for some reason. Not sure why unless there was someone doing some testing and wanted it set that way. I've changed that now to 90 days but not sure what's the best practice is here. I think it depends on the person, which IP (wireless or LAN) needs to be registered in DNS. Some people take their laptops into meetings and need wireless, so good to have that IP in DNS, but some users (like myself) have a docking station and rarely remove the laptop.
So, what I'm trying (in my case also for someone who's having issues with wireless drivers) is to get my LAN NIC registered in DNS as only my wireless is in there now. So, I've disconnected my wireless and am on LAN line now and have tried ipconfig /release, /renew, and even /registerdns (which gave me a message "Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer in 15 minutes." but I don't get any errors and the IP never shows up in DNS. There's no manually set reservation in DHCP for my LAN IP (its in the address leases though) but it never seems to change and is not registered in DNS (no pen by the icon).
Yes, this is a domain scenario using 2008 AD integrated. In DHCP Option 81 (thanks for clarifying) is set to Always dynamically update DNS, Discard A & PTR unchecked, and Dynamically update A & PTR for clients that don't request is checked as well.
In DHCP I'm seeing a pen icon next to (what I believe to be) the wireless IPs on all our laptops (at least it is in my case). This indicates the lease is waiting to be written to DNS, right? Yet, its already in DNS. Could this indicate something? And finally I added the DC to the DNSUpdateProxyGroup per Tiger's link suggestions, still no go on getting my LAN IP in DNS. Thanks for you help guys.
-
quinta-feira, 20 de maio de 2010 06:23On Tue, 18 May 2010 16:50:43 +0000, MarcGel wrote:>>>Hi Ace,>>Sorry, I meant hostname A record. But I think you're right about the scavenging. It was set to 1 day for some reason. Not sure why unless there was someone doing some testing and wanted it set that way. I've changed that now to 90 days but not sure what's the best practice is here. I think it depends on the person, which IP (wireless or LAN) needs to be registered in DNS. Some people take their laptops into meetings and need wireless, so good to have that IP in DNS, but some users (like myself) have a docking station and rarely remove the laptop.>>So, what I'm trying (in my case also for someone who's having issues with wireless drivers) is to get my LAN NIC registered in DNS as only my wireless is in there now. So, I've disconnected my wireless and am on LAN line now and have tried ipconfig /release, /renew, and even /registerdns (which gave me a message "Registration of the DNS resource records for all adapters of this computer has been initiated. Any errors will be reported in the Event Viewer in 15 minutes." but I don't get any errors and the IP never shows up in DNS. There's no manually set reservation in DHCP for my LAN IP (its in the address leases though) but it never seems to change and is not registered in DNS (no pen by the icon).>>Yes, this is a domain scenario using 2008 AD integrated. In DHCP Option 81 (thanks for clarifying) is set to Always dynamically update DNS, Discard A & PTR unchecked, and Dynamically update A & PTR for clients that don't request is checked as well.>>In DHCP I'm seeing a pen icon next to (what I believe to be) the wireless IPs on all our laptops (at least it is in my case). This indicates the lease is waiting to be written to DNS, right? Yet, its already in DNS. Could this indicate something? And finally I added the DC to the DNSUpdateProxyGroup per Tiger's link suggestions, still no go on getting my LAN IP in DNS. Thanks for you help guys.Hi MarcGel,How many DC/DNS servers do you have? That setting should be set on allof them, but if the zone's AD integrated, it would replicate ascavenged deletion to all of them anyway.The pen is saying it is wating to be written, but you may be seeing apreviously registered entry in DNS.Regarding forcing DHCP to own the records, you have a couple ofoptions. You can either add the DC/DHCP server to the DnsUpdateProxygroup, as Tiger's link suggested, or you can configure credentials forthe DHCP server to use when registering records. It will use thecredentials as the owner on the record, wihch will provide the abiiltyto update the record when changed.There may be security concerns adding a DC to the DnsUpdateProxygroup, because it actually causes an unsecured scenario since thegroup opens up a DC. For this reason, I don't use it, and use thecredentials method. Read more about it in Ulf's blog:DHCP, DNS and the DNSUpdateProxy-Grouphttp://msmvps.com/blogs/UlfBSimonWeidner/archive/2004/11/15/19325.aspxFollow up discussion on the DNSUpdateProxy-Grouphttp://msmvps.com/blogs/UlfBSimonWeidner/archive/2005/03/26/39841.aspxAlso, regarding a step by step and more specific info aboutscavenging, credentials, DnsUpdateProxy group, etc, please take a loogat my blog. I hope you find it helpful.DHCP, Dynamic DNS Updates, Scavenging, static entries & timestamps,and the DnsProxyUpdate Group (How to remove duplicate DNS hostrecords)http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspxAce
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
quinta-feira, 20 de maio de 2010 10:02Moderador
I just want to conform that are the wireless and wire of laptop all connect to a same subnet?
Is the laptop also a member of this domain ?
What the laptop’s OS?
For isolate the issue I suggest please check if worked with following step
1、 scavenging the DHCP server manually first ,and delete the wireless DNS and DHCP record on both server.
2、 disable the client’s wireless NIC and connect to network via wire NIC only.
3、 execute ipconfig /release, /renew, and /registerdns on your client side.
If it not worked ,Please check the steps blow and retry the steps above again
1、 set the AD integration DNS zone dynamic update to “nonsecure and secure”
2、 check the option “register this connection's addresses in DNS” of your client pc’s wire NIC.
If all steps still not worked, for deeper investigation ,according DNS dynamic update protocol, I thought it should occur some issue on the 3th step(check the description below ),so you may like to capture the network traffic between the client and DNS server after the client PC has succeed obtained the IP address from DHCP server.
Download the NetMon3.3 from the following link:
1) Install the network monitor on the DNS server and client.
2) Disable the wireless NIC and connect the wire NIC to network for obtain the IP address from DHCP
3) Start the capture on two sides, verify if the client has send any information to DNS server for registers its A record .
.gif)
DHCP clients running Windows 2000, Windows XP, or a Windows Server 2003 operating system interact with DNS dynamic update protocol as follows:
- The client initiates a DHCP request message (DHCPREQUEST) to the server and includes DHCP option 81. By default, the client requests that the DHCP server register the DNS PTR record, while the client registers its own DNS A record.
- The server returns a DHCP acknowledgment message (DHCPACK) to the client, granting an IP address lease and including DHCP option 81. If the DHCP server is configured with the default settings (dynamically update DNS A and PTR records only if requested by the DHCP clients), then option 81 instructs the client that the DHCP server will register the DNS PTR record and the client will register the DNS A record.
- Asynchronously, the client registers its DNS A record, and the DHCP server registers the DNS PTR record of the client.
Thanks
Tiger Li
-
quinta-feira, 3 de junho de 2010 17:47
I do have a backup DC with DNS on it. It also has aging set to 1 day. Just changed that to 90. Again, not sure about best practice. Went ahead with manually deleting my wireless IP from DNS, turned off wireless card, ran ipconfig /registerdns. Waiting to see. As for duplicate host records, that's what I want. I want 2 A records for each Host, one IP for wireless and one for LAN NIC. DHCP seems to have less pens waiting to write to DNS.
Ok, everything updated fine and now my A record is correct in DNS (LAN NIC IP registered).
-
quinta-feira, 3 de junho de 2010 17:56
Hi Tiger, doing the manual delete of the wireless IP from DNS and then from the Host PC doing ipconfig /registerdns worked. It looks like these settings helped.
To isolate the issue I suggest please check if worked with following step
1、 scavenging the DHCP server manually first ,and delete the wireless DNS and DHCP record on both server.
2、 disable the client’s wireless NIC and connect to network via wire NIC only.
3、 execute ipconfig /release, /renew, and /registerdns on your client side.
If it not worked ,Please check the steps blow and retry the steps above again
1、 set the AD integration DNS zone dynamic update to “nonsecure and secure”
2、 check the option “register this connection's addresses in DNS” of your client pc’s wire NIC.
I'm still not getting both IPs in DNS though. Is there something I could check to allow 2 (A) records for each laptop (1 for wired and 1 for wireless IP)? That would be ideal. It looks like a lot of those DHCP waiting to write Pen icons have gone away. I'll keep reading your articles to see if there's something I missed. Thanks!
-
sábado, 5 de junho de 2010 00:28On Thu, 3 Jun 2010 17:47:54 +0000, MarcGel wrote:>>>I do have a backup DC with DNS on it. It also has aging set to 1 day. Just changed that to 90. Again, not sure about best practice. Went ahead with manually deleting my wireless IP from DNS, turned off wireless card, ran ipconfig /registerdns. Waiting to see. As for duplicate host records, that's what I want. I want 2 A records for each Host, one IP for wireless and one for LAN NIC. DHCP seems to have less pens waiting to write to DNS.>>Ok, everything updated fine and now my A record is correct in DNS (LAN NIC IP registered).Good to hear it's now working.As for scavenging, I usually leave it to the default 7 days. It worksnicely. You will want to keep it around the same time as your DHCPlease length.Also, having two IPs for the same hostname is usually not what we wantto see in an environment, at least not for a workstation, and iscertaintly not a best practice. After all, think of it this way - ifyou try to manage the workstation, and the management tool (whetherComputer Management, SMS, SCCM, third party, etc) tries to resolve theclient, DNS sees there are two IPs, therefore it will Round Robinbetween the two, and the management tool, or even if trying to UNC tothe machine, may get the wrong IP and not be able to connect.Ace
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
segunda-feira, 9 de janeiro de 2012 07:33
Hi Team,
I HAVE TWO NAME SERVER. ONE IS DR SITE SECOND IS THE DC SITE. MAXIMUM I HAVE TOTAL 30 CLIENT . SO I HAVE FACING MORE PROBLEM
WHEN I OPENING ANY WEB PAGE.
1. 504 GATEWAY TIMEOUT:REMOTE SERVER DID NOT RESPOND TO THE PROXY.
So kindly help me .
Thanks
Ram
Ram Prakash Sharma
.png)
