none
How to verify Dynamic DNS Updates from DHCP Are Working?

    Question

  • 2 DHCP servers (all) were set up with Dynamic DNS updating with a dedicated service account.  DNS scavenging is also set up on one DNS server

    I can't tell if the DNS updates by DHCP is really doing anything and it looks like it might not be working.   I added a DHCP reservation and had the user renew their IP.  The IP change worked, but the DNS record didn't update after waiting 15 minutes.  I had the user run ipconfig /registerdns from their workstation and then DNS updated within a couple minutes.

    Shouldn't the DNS records have updated as soon as the DHCP server assigned the new, reserved address?

    Thursday, March 15, 2012 1:13 AM

Answers

  • If you set credentials last week, al;ong with scavenging, you may have to manually delete the previously registered records to kick it off. There is a time delay with all of this getting kicked off.

    You may want to re-read some of the blog, that explains this whole mess.

    .

    And yes, there is an Option 081. You may have missed that in my blog (I have it mentioned in a few places). Option 081 is the DNS tab.

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by MyGposts Friday, March 23, 2012 2:50 AM
    Friday, March 16, 2012 3:36 PM

All replies

  • If there is any change in a record, DHCP will update it. If you just enabled credentials (assuming that's what you mean by "dedicated service account"), it will not update previously registered records that were registered by another entity, such as the client, because DHCP doesn't own it under that account you used for credentials. In that case, you can either wait for scavenging to remove it (based on your NoRefresh and Refresh + scavenge period), or manually delete it so now DHCP can register it and own it.

    .

    After reading your other thread, whch I responded to:
    http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/fa3325b9-4b54-4d83-b718-b8b51a5febc0/#c3809064-1dbc-47c1-b693-b1e10c6d60b5

    After reading it, I'm not sure what your current NoRefresh and Refresh is, since you've indicated you changed it from 7 day to 3 day, then during testing you disabled it, then renabled it. Anytime you re-enable it, it does not pick up where it left off, rather it starts from scratch all over again.

    .

    The key to this whole mess is: PATIENCE!!!!!!

    Tell you what, I posted my blog about scavenging in your other thread, but I would like you to read the following thread with someone else that had questions about scavenging, updates, etc, who had a little bit of an issue with patience, or lack of. And hey, I have the same problem - lack of patience at times with this, too, but I learned to set it, and forget it. Hmm, that sounds like a US based late night Ron Popeil commercial. :-)

    Good discussion on scavenging and the requirements of having patience:
    Technet thread: "DNS timestamp replication (again), and Scavenge vs Enable Automatic scavenging" 3/10/2012
    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/431c3597-e2d1-4061-96ed-4672532dc126/  

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Thursday, March 15, 2012 2:07 AM
  • Dynamic DNS was enabled a week ago.  

    If the clients that are online all the time keep re-registering their address, then it sounds like the client will always own the record since they won't ever be scavenged and DNS updates by DHCP will not ever work.  So, I have to manually delete these addresses? 

    Thursday, March 15, 2012 2:40 AM
  • Maybe at this time, I should ask a few questions regarding exactly how you setup everything before I can properly respond.

    1. Did you enable "Unsecure & Secure Updates" or "Secure Only Updates?"
    2. Did you configure DHCP credentials? If so, how soon after you configured updates?
    3. When did you configure scavenging? Before or after updates, and before or after DHCP credentials?
    4. Did you set DHCP Option 081 to force register all records whether the client asks or not and for clients that do not know how?
    5. Did you configure Name Protection?
    6. When you see records disappearing, did you take note on their time stamps or owners in the Security tab?

    .

    Note - any dynamically registered record has a time stamp. You can view the time stamp in the DNS console with Windows 2008 or newer, and if WIndows 2003, by putting the DNS console in Advanced view and manually checking each record properties.  When you enable scavenging, any record that has a time stamp, will be eligible for scavenging. The only exception are static records. They will not get scavenged. If you want them scavenged, you can run dnscmd /AgeAllRecords. You can also run that if you are impatient and want your dynamically registered records that are still currently owned by workstations to immediately age them so they are immediately eligible for scavenging, but that caveat is it will affect static records.

    Note #2:

    By default, on a computer that is running Windows XP/2003 or newer, the DefaultRegistrationRefreshInterval key value controls this (except Windows 2000, which does not have this key but can be added), and is set by default to 1 day (every 24 hours). This is true regardless of whether the computer is a client or a server, except domain controllers, which are every 60 minutes. The TTL on the record that gets registered will be dependent on the TTL values of the zone or DHCP lease, if DHCP was configured to force register all records with owning the records by the use of configured credentials.

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Thursday, March 15, 2012 3:14 AM
  • They are secure-only updates.

    Settings were all set for DHCP to manage DNS updating by a previous admin long ago, but the credentials had been left blank.  I added the credentials last week.

    Scavenging was enabled at the same time last week.  Right after the DHCP credentials.

    There is no option 81 setting, but the options in the DNS settings in DHCP are set with those options for to update even if the client doesn't ask.

    There is no name protection available.  It is Server 2008 without R2.


    Thursday, March 15, 2012 4:49 AM
  • If you set credentials last week, al;ong with scavenging, you may have to manually delete the previously registered records to kick it off. There is a time delay with all of this getting kicked off.

    You may want to re-read some of the blog, that explains this whole mess.

    .

    And yes, there is an Option 081. You may have missed that in my blog (I have it mentioned in a few places). Option 081 is the DNS tab.

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by MyGposts Friday, March 23, 2012 2:50 AM
    Friday, March 16, 2012 3:36 PM
  • I suppose there is no advantage to deleting the workstation-owned records so DHCP can become owner immediately as long as the host names get registered somehow at a timely speed.
    Friday, March 23, 2012 2:50 AM