We are maintaining a fairly large (~3500 windows nodes in primary zone, +DMZ, +Unix machines, ~7500 entries in primary DNS zone) windows domain environment, with five 2008 R2 domain controllers, two of them have DNS role, and a separate 2008R2 cluster has the DHCP role.
We just enabled the DHCP name protection a few weeks ago on all DHCP scopes and found a very strange issue: DHCID records are created for domain member Windows 7 workstations. Not only for one or two, but a lot. As far as I now, only non windows workstation should get DHCID. Just to mention, the primary DNS zone is a AD-integrated zone.
We checked the AD object of those machines, they are intact, connection between the machines and AD is fine. No network outage occurred for quite a while, and at least one AD is always available.
Only this issue, that these records are created is not a big deal by itself, but I'm afraid the root cause of this problem could do more harm, so I really want to find out why this happens.
In general, when you enable the DHCP name protection:
To windows DHCP client, create one DNS record (A record).
To non-Windows DHCP client, create two DNS records (A record and DHCID record).
To duplicated non-Windows DHCP client, prevent registry DNS record (none record).
So it seems like your windows clients are regarded as non-windows clients by DHCP server. Would you please tell us something more in detail？Such as, how many domain members got the DHCID records? What are the OS versions of them?
In addition, maybe you can try the follows:
- Find the owners of those DHCID records which is stored in DNS (DHCID records can only be added by DHCP servers/clients themselves through dynamic updates).
- Check the logs generated by the DHCP Server. Is there any DNS Update related events for these affected Windows Clients?
Analyze DHCP Server Log Files
DHCP Step-by-Step Guide: Demonstrate DHCP Name Protection in a Test Lab
I hope this helps!
- Edited by Susie LongMicrosoft contingent staff, Moderator Monday, July 22, 2013 8:20 AM edit
- Proposed as answer by Alex LvMicrosoft contingent staff, Moderator Tuesday, July 23, 2013 9:19 AM
- Unproposed as answer by Tamás Sztankó Tuesday, July 23, 2013 3:00 PM
- Marked as answer by Alex LvMicrosoft contingent staff, Moderator Wednesday, July 24, 2013 12:06 PM