none
DHCP and dynamic DNS updates RRS feed

  • Question

  • Hi all,

    I am trying to find out if it is crucial to have DHCP service on a domain joined Windows Server rather than on a piece of network equipment such as Juniper or Cisco switches?

    The reason for me to asking this question is because i want my AD integrated DNS zones for our Active Directory environment to utilise dynamic updates and i am not entirely sure how DHCP relates to this.

    Thursday, December 22, 2016 11:31 AM

Answers

All replies

  • Hi Ronniejorgensen,

    >>Active Directory environment to utilise dynamic updates and i am not entirely sure how DHCP relates to this.

    Yes, DHCP server could be configured dynamic register record for DNS server.

    Please check link below to understand it:

    DHCP: The server should be configured to register DNS records on behalf of DHCPv4 clients

    https://technet.microsoft.com/en-us/library/ee941150%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, December 23, 2016 8:53 AM
  • Hi John,

    Thank you for replying, What I am really trying to understand is that if you have a switch that can do DHCP, do they also have the capability to do dynamic dns updates? or is this something solely to Windows DHCP?

    Our networking team is talking about using switches and other network kit to be used as DHCP servers and personally I would prefer to keep things AD integrated. but I need some ammo for that discussion.

    Also please may I ask how do you find that link? did you google search it or do you browse to TechNet library and find the information? I have for a long time thought it is not the most straigt forward to find MS documentation on things.

    Wednesday, January 4, 2017 8:00 PM
  • Hi Ronniejorgensen,

    >>do they also have the capability to do dynamic dns updates? or is this something solely to Windows DHCP?

    As far as I know, yes.

    For details of information about how to configure DHCP server on router or switch, you could contact switch provide to get effect support.

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 5, 2017 9:30 AM
  • It would be up to the functionality built into the switch as to its ability to perform dynamic DNS registration. Even if you could find one that did dynamic DNS registrations, it would probably not be able to update the DNS zone if the zone is set for secure updates only. Allowing a zone to accept non-secure updates opens up some major security problems.

    Also, the link included in John's answer to your question seems to imply that the DHCP server should always be configured to register on behalf of the clients. That is not necessarily correct. It does depend upon the exact circumstances under which you are in. Normally in a Windows network, the client registers its own forward lookup "A" record and the DHCP and DNS servers should be configured to allow the DHCP server to register the reverse lookup "PTR" records on behalf of the clients. Both the forward and reverse lookup zones should be AD integrated and configured for secure updates only.

    Why is the network team trying to reinvent the wheel when it comes to something that is already done beautifully within the functionality of Windows server and has been working well for years? What is the business goal they are trying to accomplish?

    As far as finding info about anything via searching, it comes down to knowing how to ask the right question in order to increase the probability of finding the info without too many irrelevant hits. I find that searching from within the Microsoft TechNet web site can be helpful.

    Hope that helps.

    Ed Gallagher, MVP

    Monday, January 9, 2017 1:44 AM
  • Hi Ed,

    This info helps a lot. From what i can tell they are trying to move as much as possible over to Infoblox https://www.infoblox.com/. The Infrastructure team did manage to get them to drop the idea of letting all clients and server point to infoblox as their DNS server and instead point them to the AD DNS servers and let those DNS servers forward to infoblox if they cant resolve.

    i think they are thinking that they will let the Juniper EX switches do DHCP forwarding to a central infoblox solution in Europe and let it do it all. All our zones are AD integrated with secure updates only.

    I just need information and justification that we would be better off using a central Windows DHCP solution.

    I dont know Infoblox but if you could authorise it into our AD domain, would it not be able as well to do secure updates?

    Monday, January 9, 2017 7:46 PM
  • There are no methods that would allow a third party DHCP server to authenticate into AD integrated DNS that I am aware of to allow the PTR records to update. It is possible to change the default behavior to have the clients update the PTR records directly, but that introduces another set of problems that was the reason to change to having the DHCP server do it instead.

    Can I ask how large your organization is? Number of systems, servers, subnets?

    Thanks

    Tuesday, January 10, 2017 2:27 AM
  • Hi Ed,

    So we have about 3000 employees in Europe spread over 23 countries. 

    I am not sure 100% about subnets but if we start with about 46 subnets.

    Regarding servers, do you mean DHCP servers or just servers in general? at the moment the IT and Networking is being consolidated so everything is a little bit in a mess. We are trying to work out what is the best approach to doing DHCP efficiently. The options we see are

    1. Windows AD integrated DHCP server in each office location.
    2. A DHCP server in each office location, could be anything. for example a networking device or Linux box etc.
    3. Centralise AD integrated DHCP server in our main data centre and do DHCP forwards from each location.

    the main thing that i am interested in is keeping AD DNS clean and up to date and i think we need proper DHCP setup that is integrated to AD somehow so when a DHCP address is released the DHCP server can remove the A and PTR record.

    Ed, if the clients are properly set to look at the right AD DNS servers,and the they perform dynamic updates against DNS zones (Which are set to secure updates only) will they not just update the A and PTR records when they get a new DHCP address? how important is it that the DHCP server can delete the A and PTR records when an address is released?

    Thursday, January 12, 2017 8:00 AM
  • Hi Ronniejorgensen,

    >>if the clients are properly set to look at the right AD DNS servers,and the they perform dynamic updates against DNS zones (Which are set to secure updates only) will they not just update the A and PTR records when they get a new DHCP address?

    If DHCP server is member of domain, DNS A or PTR records will be registered.

    >>how important is it that the DHCP server can delete the A and PTR records when an address is released?

    You could check link below to understand it:

    How DNS Scavenging and the DHCP Lease Duration Relate

    https://blogs.technet.microsoft.com/askpfe/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate/

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 13, 2017 6:01 AM