none
Server 2008 R2 DHCP Update DNS automatically w/ MACs RRS feed

  • General discussion

  • I currently am running a 2003 R2 DC which hosts DHCP as well.  I would like to move to a 2008 R2 core server that is only hosting DHCP.  I have DHCP setup and added the server name to the DNSUpdateProxy group.  My question is which settings would be ideal since the server name is setup within the DHCPUpdateProxy group.  Currently all settings are at default:

     

    Dynamically update DNS A and PTR records only if requested by DHCP clients and Discard A and PTR records when lease is deleted

     

    For MACs, would I enable Dynamically update DNS A and PTR records for DHCP clients that do not request updates?  And since I would have the DHCP server added to the DNSUpdateProxy group, I wouldn't have to add credentials to the DNS dynamic updates registration credentials? (I thought I read that the server can be added then credentials wouldn't have to be entered.)

     

    Since I would be moving to a new DHCP and DNS records haven't been updated since last year (I recently took over from the last person), when a client gets an address will it delete all the older records?

     

    Thanks in advance for the help.


    • Edited by smKKe Wednesday, November 16, 2011 6:59 PM
    Wednesday, November 16, 2011 6:58 PM

All replies

  • Hi,

     

    Thanks for posting here.

     

    > My question is which settings would be ideal since the server name is setup within the DHCPUpdateProxy group.

    May I know if any specific reason that we have to included the DHCP server into this group ? have we got multi DHCP servers in this scenario ?

    Actually for new DHCP server in AD environment We should first authorize it , since this is a core version we can control it via MMC in GUI.

     

    Authorizing DHCP servers

    http://technet.microsoft.com/en-us/library/cc781697(WS.10).aspx

     

    We can also enable to use security only update method if don’t want third party clients update their DNS records. For more explications about DNS dynamic updates and the suggestions on this setting please refer to the article below, epically the session “Use the DnsUpdateProxy security group”:

     

    How to configure DNS dynamic updates in Windows Server 2003

    http://support.microsoft.com/kb/816592/en-us

     

    For DNS records updating, we will suggest to enable scavenging feature in order to keep it up to date:

     

    Optimizing your network to keep your DNS squeaky clean

    http://blogs.technet.com/b/networking/archive/2009/02/09/optimizing-your-network-to-keep-your-dns-squeaky-clean.aspx

     

    Thanks.


    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, November 17, 2011 3:15 AM
  • For MACs, would I enable Dynamically update DNS A and PTR records for DHCP clients that do not request updates? And since I would have the DHCP server added to the DNSUpdateProxy group, I wouldn't have to add credentials to the DNS dynamic updates registration credentials? (I thought I read that the server can be added then credentials wouldn't have to be entered.)

    To add to Tiger's response, I would recommend setting DHCP to force update for clients that may not know how to update. This insures that all DHCP clients are updated, as long as that's what you want it to do. I've seen some issues where some installations do not want everything to update, such as handhelds that use the wireless AP, but after installing a GPO Autenrollment certificate based NPS system, that went away.

    DHCP Windows 2008 - Force DHCP to Dynamically update all clients

     

    On another note, and to reiterate what Tiger said about the DnsProxyUpdate group, if DHCP is on a DC, for security reasons, I would recommend to use credentials instead of the DnsProcyUpdate group. The link Tiger provided has a blurb on that. There are others out there too, the explain more on it.

    In addtition, here's another link explaining how it works:

    DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsProxyUpdate Group, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
    http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx  

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Thursday, November 17, 2011 3:58 AM
  • Thanks for the information.  The DHCP server will not be hosted on a Domain Controller.  Also the DNS records for AD are Secure Only, thus I will leave out the DHCP server of DNSUpdateProxy as the Microsoft Doc's mentioned.  

     

    For that reason, would I just create a AD Domain User called dnsupdateproxyuser and not add to any groups and just assign the credentials to the DHCP server?  

     

    One last question, the DHCP lease is set for 4 days, is it safe to say to set the refresh/no refresh intervals to 3 days for DNS scavenging?

     

    Thanks again.

    Thursday, November 17, 2011 3:01 PM
  • Good move about not using the DnsUpdateProxy group. You can create a plain-Jane, Domain User account by any name you like. I usually call it DHCPDude, but you can choose whatever name you like. Here's pics of both operating system versions:

    DHCP 2008 & 2008 R2 Configure Credentials

     

    DHCP 2003 Configure Credentials

     

     

     

    As for the 4 days, and 3 day no refresh, that's fine, as long as the scavenging period is less than the lease period. Here's a good pic of how long the whole process would take with a 3 day example.

     

    The links Tiger posted, and my blog, explain it well. Here is an additional link on scavenging.

    Don't be afraid of DNS Scavenging. Just be patient.
    http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Thursday, November 17, 2011 5:46 PM
  • Hate to reopen this thread, but I have added the same user for both dhcp servers.  By same user I mean same dhcp update user and added to the credentials.  I tested by shutting down some VMs, deleted DHCP leases, added them to the new dhcp server, rebooted..the clients got the new addresses, but only the reverse records updated.  The A records did not until I actually deleted the A records, and rebooted the machines is when the A records restored with the new addresses.  Before there was another user say UserA on the old DHCP server, I updated the credentials to use "UserB."
    Tuesday, January 17, 2012 8:55 PM
  • Did the A records in question exist prior to configuring credentials?

    Did you also configure scavenging?

     


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Wednesday, January 18, 2012 4:40 AM
  • Yes the A records did exist prior to config...scavenging no...I just changed the DHCP lease time from 4 days to 8 days.  Some DHCP scopes had 4 days some had 3 some had 7.  I want to have a uniform lease time for scavenging.  The DHCP scopes are not split into subnets such as laptops/vpn/desktops etc...
    Wednesday, January 18, 2012 1:57 PM
  • If they existed prior to configuring credentials, then they would have to be deleted manually so the next time DHCP provides a lease and regsiters it, it will now own the record. It can own a record already in DNS.

     


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    Wednesday, January 18, 2012 6:18 PM