locked
client registration in DNS when client using only DNS server with secondary zones RRS feed

  • Question

  • Hi :)

    I am trying to "consolidate" ;) DNS servers into two DNS servers with secondary zones and direct ALL clients to use those new DNS servers with only secondary zones.

    For DHCP clients A record registration in ad integrated / primary zones will be made by DHCP but I'd like to know is there a way and how to register A record for clients (domain members and standalone) which are using static addressess beside manualy entering A record into FW lookup ad integrated zone ?

    Thank you and best regards

    Nenad

    Saturday, January 19, 2013 6:46 AM

Answers

  • Windows 2000 and newer computers will register by default. The way it works, is the registering entity (DHCP or the client), will look for the SOA to send the registration request to.

    If pointing to a Secondary zone, a static configured machine will send an MNAME query for the SOA of the zone and send the registration request to the SOA.

    The SOA may not be the MASTER of the Secondary zone, so it's important to make sure the SOA is up and running. If the Master is an AD integrated zone, the SOA changes frequently by default due to the way AD Integrated zones work, so all DCs have to be available so the SOA is.

    If DHCP, then we recommend to force DHCP to update all records, forward and reverse. And the same thing applies once you've setup DHCP this way, because DHCP must find the SOA, since that's how it works. ANother advantage of forcing DHCP to update everything is that DHCP owns the record and will update the record if the IP of the client changes, otherwise you will see duplicate records in DNS.

    Here are more specifics for configuring DHCP. ANd note, if DHCP is running on 2008 R2, I do not recommend to use NameProtection, because it does not comply with DNS record ownership.

    This link covers the following:
    DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
    http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx  


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by CNenad Sunday, January 20, 2013 1:31 AM
    Saturday, January 19, 2013 8:13 PM
  • MNAME is the Master DNS server the Secondary is pulling from..

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by CNenad Sunday, January 20, 2013 9:57 AM
    Sunday, January 20, 2013 8:44 AM
  • Here's more on the MNAME::

    http://www.menandmice.com/knowledgehub/dnsqa/26/


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by CNenad Sunday, January 20, 2013 9:58 AM
    Sunday, January 20, 2013 8:45 AM

All replies

  • For the dynamic IP registration on DNS, most of the work is being done by DHCP. for Static IP on Windows machines, you can configure following Group Policies that will allow Dynamic registration to DNS.

    Computer Configuration\Policies\Administrative Templates\Network\DNS Client
    -- Dynamic Update
    -- Registration refresh interval
    -- Register PTR records

    You can also enable "Register this connection's addresses in DNS" option via GUI.


    MCP, MCTS, MCSE 2003, MCITP 2008, MCSA 2012
    LinkedIn: http://www.linkedin.com/pub/jatin-patel/25/90b/2a/

    This posting is provided 'AS IS' with no warranties or guarantees and confers no rights.
    Please help and appreciate others by using these features: "Propose As Answer", "Vote As Helpful" and "Mark As Answer"

    Saturday, January 19, 2013 3:22 PM
  • Windows 2000 and newer computers will register by default. The way it works, is the registering entity (DHCP or the client), will look for the SOA to send the registration request to.

    If pointing to a Secondary zone, a static configured machine will send an MNAME query for the SOA of the zone and send the registration request to the SOA.

    The SOA may not be the MASTER of the Secondary zone, so it's important to make sure the SOA is up and running. If the Master is an AD integrated zone, the SOA changes frequently by default due to the way AD Integrated zones work, so all DCs have to be available so the SOA is.

    If DHCP, then we recommend to force DHCP to update all records, forward and reverse. And the same thing applies once you've setup DHCP this way, because DHCP must find the SOA, since that's how it works. ANother advantage of forcing DHCP to update everything is that DHCP owns the record and will update the record if the IP of the client changes, otherwise you will see duplicate records in DNS.

    Here are more specifics for configuring DHCP. ANd note, if DHCP is running on 2008 R2, I do not recommend to use NameProtection, because it does not comply with DNS record ownership.

    This link covers the following:
    DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
    http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx  


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by CNenad Sunday, January 20, 2013 1:31 AM
    Saturday, January 19, 2013 8:13 PM
  • Hi Ace :) Thank you for your advices.

    I know that 2K and above clients are registering themselfs in DNS by default but I was confused and did not know how they will do that if I point them to DNS with only secondary zones.

    What is MNAME ? Can you provide me link with explanation ?

    Best regards

    Nenad

    Sunday, January 20, 2013 8:35 AM
  • MNAME is the Master DNS server the Secondary is pulling from..

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by CNenad Sunday, January 20, 2013 9:57 AM
    Sunday, January 20, 2013 8:44 AM
  • Here's more on the MNAME::

    http://www.menandmice.com/knowledgehub/dnsqa/26/


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    • Marked as answer by CNenad Sunday, January 20, 2013 9:58 AM
    Sunday, January 20, 2013 8:45 AM