Should DHCP Update DNS? RRS feed

  • Question

  • I see some entries in DHCP that have A records in DNS, but when I create a Reservation in DHCP, shouldn't it also create a static record in DNS or do I have to manually create those?  I'm concerned that DHCP is not updating DNS because they appear to have different information, but I'm not seeing errors in my event logs.


    Thursday, May 31, 2012 6:07 PM


  • DHCP doesn't exactly update DNS, well at least not the A record, but will register (note I did not say UPDATE) the PTR record. Here's how it works by default:

    • By default, a Windows 2000 and newer statically configured machines will register their A record (hostname) and PTR (reverse entry) into DNS.
    • If set to DHCP, the Windows 2000 and new machines will request DHCP so that the machine itself will register its own A record, but DHCP will register its PTR record.


    However, you can configure DHCP to update the record for the client, no matter what the client asks. However one problem with that, if the client shuts down, and later on when it comes back up past the lease time, it may get a different IP address. What happens here is a duplicate A record gets created with the new IP. This happens even though DHCP registered the record. This is because DHCP doesn't own the record, the client does, even though DHCP registered it.

    What we want to do to keep DNS clean without additional records with the same name but different IP address in DNS, is to configure DHCP to own the record, so it can keep it up to date.

    The nice thing about DHCP owning the record is it will update it if DHCP gives the machine a new IP. Otherwise you'll see multiples of the same in DNS whether scavenging is enabled or not. I would force DHCP to own the record as well as enable scavenging to keep it clean.

    To force DHCP to own the record, you have two options: Option 1 is to add the DHCP server to the DnsUpdateProxy group. However this is a security risk if DHCP is on a DC. And Option 2, which is preferred, whether DHCP is on a DC or not, is to create a user account for the sole purpose of using it as credentials that DHCP will use to update records. This is a regular plain-Jane, Domain User account, and not an admin account.

    For the options, screenshots, etc, please see the following:


    DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, How to Configure DHCP Credentials to DHCP Regisrters everything and will update records when an IP changes, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
    Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM  3758  2 


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This post is provided AS-IS with no warranties or guarantees and confers no rights.


    • Edited by Ace Fekay [MCT] Friday, June 1, 2012 5:23 AM
    • Proposed as answer by Aiden_Cao Monday, June 4, 2012 9:25 AM
    • Marked as answer by Aiden_Cao Wednesday, June 6, 2012 1:16 AM
    Friday, June 1, 2012 5:22 AM