none
DNS & DHCP registration issues RRS feed

  • Question

  • Hello all,

    I have a domain that consists of 5 Domain Controller all of them are successfully replicated and no errors regarding that.

    We are facing a strange registration error, we took a new WIN-7 client and connected it to LAN-A it receives an IP via the DHCP server and registers an A record on the DNS server.

    After 5 min we connect the WIN-7 client to LAN-B it receives an IP via the DHCP server but doesn't rewrite/update the old A record.

    Any ideas ?

    Sunday, May 17, 2015 7:14 AM

Answers

  • Hello,

    did you check all DNS servers if this maybe isn't replicated until you checked it?

    I assume the workstation is domain member and that secure updates are enabled? If secure updates are enabled are the DHCP servers member from the DNSUpdateProxy security group?

    Please check with steps in https://technet.microsoft.com/en-us/library/cc756815(WS.10).aspx and see also https://technet.microsoft.com/en-us/library/cc787034(WS.10).aspx


    Best regards

    Meinolf Weber

    MVP, MCP, MCTS

    Microsoft MVP - Directory Services

    My Blog: http://blogs.msmvps.com/MWeber

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Twitter:  


    Sunday, May 17, 2015 2:31 PM
  • Hello all,

    I have a domain that consists of 5 Domain Controller all of them are successfully replicated and no errors regarding that.

    We are facing a strange registration error, we took a new WIN-7 client and connected it to LAN-A it receives an IP via the DHCP server and registers an A record on the DNS server.

    After 5 min we connect the WIN-7 client to LAN-B it receives an IP via the DHCP server but doesn't rewrite/update the old A record.

    Any ideas ?

    I have seen this issue many times.

    You have configured the DHCP Server to do DNS dynamic registration on-behalf of the DHCP Clients. This causes the DHCP Server to be the owner of the DNS objects. Which means that only that DHCP Server can update the DNS records.

    As far as I read your information you are using the same DHCP Server. Please note that what I describe above is not a server setting, but a DHCP Scope setting. So my guess is you have configured the DNS registration settings differently on each DHCP Scope.

    It is a best-practice to let your domain-joined clients do dynamic DNS registration themselves. So that only they are the owner of the DNS object. This allows them to update their DNS record wherever they are.

    • Go the DHCP Scope properties
    • Select the DNS tab, and disable the Enable DNS dynamic updates according the following settings setting.


    This will make sure each client will be the owner of their own DNS-objects. The only downside is that non domain-joined devices (e.g. printers) cannot do dynamic DNS registration. Which in security terms is a plus. But you overcome this by adding a DHCP Scope Reservation for that device.


    Boudewijn Plomp | BPMi Infrastructure & Security

    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember, if you see a post that helped you please click "Vote as Helpful", and if it answered your question, please click "Mark as Answer".

    Monday, May 25, 2015 8:25 AM

All replies

  • Hello,

    did you check all DNS servers if this maybe isn't replicated until you checked it?

    I assume the workstation is domain member and that secure updates are enabled? If secure updates are enabled are the DHCP servers member from the DNSUpdateProxy security group?

    Please check with steps in https://technet.microsoft.com/en-us/library/cc756815(WS.10).aspx and see also https://technet.microsoft.com/en-us/library/cc787034(WS.10).aspx


    Best regards

    Meinolf Weber

    MVP, MCP, MCTS

    Microsoft MVP - Directory Services

    My Blog: http://blogs.msmvps.com/MWeber

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Twitter:  


    Sunday, May 17, 2015 2:31 PM
  • Hello all,

    I have a domain that consists of 5 Domain Controller all of them are successfully replicated and no errors regarding that.

    We are facing a strange registration error, we took a new WIN-7 client and connected it to LAN-A it receives an IP via the DHCP server and registers an A record on the DNS server.

    After 5 min we connect the WIN-7 client to LAN-B it receives an IP via the DHCP server but doesn't rewrite/update the old A record.

    Any ideas ?

    I have seen this issue many times.

    You have configured the DHCP Server to do DNS dynamic registration on-behalf of the DHCP Clients. This causes the DHCP Server to be the owner of the DNS objects. Which means that only that DHCP Server can update the DNS records.

    As far as I read your information you are using the same DHCP Server. Please note that what I describe above is not a server setting, but a DHCP Scope setting. So my guess is you have configured the DNS registration settings differently on each DHCP Scope.

    It is a best-practice to let your domain-joined clients do dynamic DNS registration themselves. So that only they are the owner of the DNS object. This allows them to update their DNS record wherever they are.

    • Go the DHCP Scope properties
    • Select the DNS tab, and disable the Enable DNS dynamic updates according the following settings setting.


    This will make sure each client will be the owner of their own DNS-objects. The only downside is that non domain-joined devices (e.g. printers) cannot do dynamic DNS registration. Which in security terms is a plus. But you overcome this by adding a DHCP Scope Reservation for that device.


    Boudewijn Plomp | BPMi Infrastructure & Security

    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember, if you see a post that helped you please click "Vote as Helpful", and if it answered your question, please click "Mark as Answer".

    Monday, May 25, 2015 8:25 AM