none
Server 2008 R2: DNS records not dynamically registering in workgroup situation

    Question

  • We have a setup at home with several Windows and non-Windows clients and one Windows Server 2008 R2 system.  We've installed DHCP and DNS server on the Windows Server, but no Active Directory.  DHCP works fine, the clients are picking up IP addresses.  DNS options in DHCP point to the Windows Server and the DNS server on it has forwarders for the ISP.  I have both forward and reverse lookup zones created and have them both set to allow nonsecure dynamic updates.  We can add static A records to allow DNS name resolution, but for some reason the dymanic updates aren't working.  Within the DHCP IPv4 Advanced settings for the DNS Dynamic Registration Credentials, we simply have it set to use the local administrator account.  Obviously since this isn't a domain, we can't create or add any users to the DNSProxyUpdate group since it doesn't exist. All computers are set the workgroup Home (including the server).  The DHCP log in \system32\dhcp has these entries:

    31,12/31/10,00:00:05,DNS Update Failed,192.168.1.102,Kitchen-Computer.Home,,,0,6,,,

    Any ideas?  We really need to try and avoid setting up Active Directory and except for the dynamic registration of DNS, everything works fine without AD (so it would seem ridiculous to have to setup a domain to simply get that functionality).

    Friday, December 31, 2010 8:25 PM

Answers

  • Unfortunately, "HOME" is a single label name and illegal DNS zone name. DNS is hierachal, and requires a minimum of a two level name, such as home.com, home.net, home.local, etc. Same with the DNS zone. Based on the way DNS works, Single Label names are problematic with DNS.

    For specifics, you can read more on it in the following link. It was based on AD, but it applies to non-AD as well because AD is DNS based:

    Active Directory DNS Domain Name Single Label Names
    http://msmvps.com/blogs/acefekay/archive/2009/11/12/active-directory-dns-domain-name-single-label-names.aspx

     

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Monday, January 3, 2011 2:43 PM

All replies

  • Do all machines have a Primary DNS Suffix configured? That's one of the requirements for updates. It has to match the zone name, and of course the zones needs to have updates allowed.

    You can also use DHCP Option 015 to set the Connection Specific Suffix, but updates will require the Primary DNS Suffix set. You can force DNS to update everything, too, by going into DHCP properties, DNS tab, force to update whether the client asks or not.

    Configuring credentials using the local account is fine in a workgroup. This way the DHCP server owns the records and can update the records when they change.

    If you set it up this way, and you don't configure the Primary DNS SUffix, you'll get A records registered under the zone, but DHCP will only show the hostname without an FQDN.

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Monday, January 3, 2011 6:37 AM
  • Hi,

     

    I agree with Ace that different or non DNS suffix and DNS zone name setting may cause this issue.

    Please try defining these settings , manually perform “ipconfig /registerdns” and check if it works.

    For more information please refer to the link below:

     

    How To Configure DNS in a New Workgroup Environment in Windows Server 2003

    http://support.microsoft.com/kb/324259

     

    How to configure DNS dynamic updates in Windows Server 2003

    http://support.microsoft.com/kb/816592

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, January 3, 2011 7:02 AM
  • The suffix is configured, the forward zone is called Home and running an ipconfig /all on the client also comes up with Home as the "Connect-specific DNS Suffix".  DHCP Option 015 is also set to Home.  ipconfig /registerdns doesn't do anything I'm afraid : (
    Monday, January 3, 2011 2:34 PM
  • Unfortunately, "HOME" is a single label name and illegal DNS zone name. DNS is hierachal, and requires a minimum of a two level name, such as home.com, home.net, home.local, etc. Same with the DNS zone. Based on the way DNS works, Single Label names are problematic with DNS.

    For specifics, you can read more on it in the following link. It was based on AD, but it applies to non-AD as well because AD is DNS based:

    Active Directory DNS Domain Name Single Label Names
    http://msmvps.com/blogs/acefekay/archive/2009/11/12/active-directory-dns-domain-name-single-label-names.aspx

     

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Monday, January 3, 2011 2:43 PM
  • Dear Ace,

    I saw your answer that mentions that dynamic updates should be possible in workgroup environment without configuring the primary DNS suffix.

    For some reason on my 2008R2 it does not work.

    setup:

    DHCP and DNS roles installed on 2008R2, clients including the server all configured in workgroup "WORKGROUP" without primary DNS suffix

    DHCP set to use local admin credentials, only 003 and 006 (NO connection specific DNS suffix).

    DNS tab under DHCP on both DHCP server level as Scope level configured with all checkboxes enabled:

    -> Allways update A and PTR records dynamically, remove A and PTR records when lease is removed, A and PTR records update for clients that do not ask this like NT4.0

    primary DNS zone "vb-systems.local" configured in DNS to allow unsecure dynamic updates. Forwarders configured to ISP DNS on DNS server.

    Further no A records exist in the zone, so all standard, just the SOA and NS record. I updated the SOA record -> Nameservers tab -> the entry "server" did not have an IP, -> clicked on resolve -> OK

    After trying I added the A record for the server itself pointing to its IPv4 address.

    No IPv6 configured in DHCP and no IPv6 configured on the network adapter of the server although enabled.

     

    So after this I get the same error in the DHCP log as Chrisin his question. (obviously with just the hostname instead of hostname.something)

    Could you please suggest what to try?

    Thanks,

     

    Tom van Bavel

    Sunday, August 14, 2011 4:28 PM
  • Tom,

    So after this I get the same error in the DHCP log as Chrisin his question. (obviously with just the hostname instead of hostname.something)

     

    What exactly is the name? Is it single label or in the form of hostname.domain.something? PLease provide the actual names to better understand what's going on.

    But please keep in mind as I said, DNS will not update single label name domain names. A name such as hostname.something will not update.


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Sunday, August 14, 2011 6:51 PM
  • Ace,

    I have the same problem as Tom. In my case its a DNS+DHCP+AD on Windows 2003. The DNS namespace is "domain.local".

    The client systems are also Windows 2003 but they are not part of AD and are in a workgroup. The DHCP server is set to update DNS. The clients receive an IP address just fine but do not register A/PTR records in the DNS zone "until" a DNS suffix is set on the client.

    The moment we add a DNS suffix on the system, things start working as expected. Is there a dependency on the DNS suffix? From what I have found via documentation and forums -  there is'nt conclusive evidence that the DNS suffix mandatory.

    Thoughts/Suggestions?

    Thanks,

    Ashish

    • Proposed as answer by meneses1 Wednesday, August 14, 2013 8:39 PM
    Friday, November 18, 2011 10:40 AM
  • Yes, the Primary DNS Suffix is important in this regard. For example, at one of my customer sites, I have DHCP option 015 configured for the domain.local zone, and becomes a Search suffix, but that will not help to register the hostname in the Forward zone. And if you are using credentials and the zone is set to Secure only, it still won't register because the client machine needs a Primary DNS SUffix

    A workgroup machine will still register into the reverse zone, as long as updates are not set to Secure Only.

    The only other way around it is to set on the client to register into a zone in the interface properties.

    Configure additional DNS Suffix in NIC properties 2

     

    You can also create and remotely run a registry script for the interface on the workgroup machines using PSEXEC (free download from Microsoft), provided you have credentials for all machines. But you would also need to know the interface GUID, and many machines have multiple interfaces (wireless, wired, if a VPN connectoid was created, etc).

    Or just target these two reg entries:

    HKLM\System\CurrentControlSet\Services\TCPIP\Parameters\domain
    HKLM\System\CurrentControlSet\Services\TCPIP\Parameters\NV domain

     

    Using the above two keys, try this VB script:

    SET WSHShell = CreateObject("WScript.Shell")
    WSHShell.RegWrite "HKLM\System\CurrentControlSet\Services\TCPIP\Parameters\NV domain", "doman.local", "REG_SZ"
    WSHShell.RegWrite "HKLM\System\CurrentControlSet\Services\TCPIP\Parameters\domain", "doman.local", "REG_SZ"

    How many workgroup machines are there?


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Friday, November 18, 2011 7:10 PM
  • Super! Thats exactly what we discovered while testing. This was actually being requested by the R&D folks and they wanted to know if a new VM could register itself in the forward lookup zone without the DNS suffix and without joining a domain.

     

    Appreciate the details and the screenshot provided.

     

    Thanks Ace.

     

    Regards,

    Ashish

    Sunday, November 27, 2011 10:33 AM
  • I realise this is an old question, but it was never answered fully and I ran across it too.

    Here is what I did to get it working properlyIn DNS Management:

    1. Make sure there is a valid A-Record for the DNS server in the forward lookup zone

    2. In the properties of the Forward lookup zone on the "name Servers" tab click "Edit" and type the DNS server's FQDN then click resolve. It should return the IP

    3. On the "Start of Authority (SOA)" tab click "Browse..." next to the Primary server field. In the Records: box double click the server name, forward lookup zone, name of the zone then the A-record for the DNS server. OK all.

    reapeat steps 2 & 3 for the reverse lookup zone.

    After this all dynamic updates for DHCp started working for the workgroup. No Primary DNS Suffix alterations required.

    Sunday, May 13, 2012 7:16 PM
  • I have been dealing with this issue for some time now.  I have searched all over for answers and solutions.  None of the have worked except your posting.  Thank you for your posting and I have hopes that this will help many others with the same problem.  Keep the sharp answers comming!!!!
    Thursday, July 19, 2012 11:46 AM
  • Essteepee,

    After hours of search, your simple steps above resolved EVENT ID 414 error code.

    nslookup resolves, ipconfig /displaydns resolves

    Thank you for a very concise troubleshooting guide

    Sunday, December 9, 2012 12:40 PM
  • Question I have. There's a server with 2008 R2 Std, in a Workgroup. DNS has been installed. However, the Security tab that shows up in DNS in a domain is missing (go to DNS Manager - highlight name of server - right-click- Properties). Without that tab no way to administer some security settings in DNS. Is there a way to add that in a Workgroup?
    Friday, April 11, 2014 4:11 PM
  • Question I have. There's a server with 2008 R2 Std, in a Workgroup. DNS has been installed. However, the Security tab that shows up in DNS in a domain is missing (go to DNS Manager - highlight name of server - right-click- Properties). Without that tab no way to administer some security settings in DNS. Is there a way to add that in a Workgroup?

    Sorry, no.

    Ace Fekay
    MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Tuesday, April 15, 2014 1:50 AM