locked
DHCP Dynamic Updates Proxy Account RRS feed

  • 问题

  • Greetings,

    I have a question about some behavior I am seeing in my DHCP scopes. This relates to the option to have DHCP "Always dynamically update DNS records".

    I have done a lot of work to have all our DHCP distributed addresses registered solely by the DHCP server using a Service Account. What I have found is that when I have this configured, the DHCP server will use the service account to register the DNS record, and the service account shows as the owner of the record. However, almost immediately the lease will get deleted by the client and then recreated by the client itself.

    For example my DHCP server is 10.0.0.74, the client gets assigned 10.0.0.201. I can see in the logs that the DHCP server creates the DNS record (created by 10.0.0.74) , then it is immediately deleted and replaced by the client machine (10.0.0.201).

    I did have an image to put here to make it clearer, but I get a message stating that I can't post an image until my account is verified.

    The only way I have been able to stop this happening is to create a group policy which turns off DNS Dynamic update on the client.

    In all the reading about setting up DHCP and a proxy account I have never come across the requirement to apply a group policy setting to stop the client from registering itself.

    Is this expected behavior? Have I configured something wrong?

    I sort of expected that the DHCP setting I mentioned above would not only register the DNS record for the client, but would make it so the client never registers its own address, but that is clearly not what is happening.

    Thanks for any feedback.

    -John

    2020年4月15日 19:03

答案

  • Hi John,

    Sorry for the delayed response.

    Please refer to the following steps:

    Go to DHCP client,set the following Registry value on the DHCP client to force the DHCP client to honor the DHCP Server configuration in regards to Dynamic DNS updates.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

    Name:  RegistrationOverwrite

    Type:  REG_DWORD

    Value: 2 (DHCP Server overwrites DNS client)

    Valid Values:  0 (No overwrite), 1 (DNS client overwrites DHCP server, default) or 2 (DHCP server overwrites DNS client)

    A restart of the client is required for the change to take affect.

    Depending on environmental circumstances, it may be necessary to delete Host A and/or Pointer ( PTR ) records whose ownership resides with the DHCP client and not the DHCP to allow the DHCP Server to successfully update Client DNS records.

    Note: Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. 

    Best Regards,

    Candy



    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   


    2020年5月4日 1:49

全部回复

  • Hi John,

    >>I did have an image to put here to make it clearer, but I get a message stating that I can't post an image until my account is verified.

    You can expedite verification by replying to this thread with your request.

    https://social.msdn.microsoft.com/Forums/en-US/94f05325-8566-4c4c-806c-179a5a0beafc/verify-accounts-43?forum=reportabug

    Based on my understanding, you want Windows DHCP server can update records dynamically for its clients on DNS server. Is that right? Please feel free to let me know if my understanding is wrong.

    Make sure you have configured the following settings:

    - Enable DNS dynamic update DNS records only if requested by the DHCP clients 
    - Always dynamically update DNS records 
    - Discard A and PTR records when lease is deleted 
    - Dynamically update DNS records for DHCP clients that do not request updates 

    Configure DHCP Credentials and then add the DHCP server computer account to the Active Directory, Built-In DnsUpdateProxy security group.

    For your reference:

    Configure DNS Dynamic Update in Windows DHCP Server

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best regards,

    Candy



    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    2020年4月16日 6:33
  • Thanks for the response,

    The settings you show above are exactly what I have.  The problem is that, unless I have a group policy applied with the setting "Network/DNS Client/Dynamic update - disabled", the client just deletes the DNS record created by the service account, and recreates the DNS record itself. Which is not optimum.

    I have read conflicting guides about the role of the DnsUpdateProxy Group. Some say I should just place my service account in there, others say I should put all my DHCP servers in there, some say both should be in there.

    We have 22 DHCP servers and they all use the same service account, so to me it made sense to put that service account in the DnsUpdateProxy group instead of the DHCP servers.

    2020年4月16日 17:24
  • Hi Guys,

    Just checking back in to determine if this behavior is the expected behavior.

    Thanks.

    2020年5月1日 17:29
  • Hi John,

    Sorry for the delayed response.

    Please refer to the following steps:

    Go to DHCP client,set the following Registry value on the DHCP client to force the DHCP client to honor the DHCP Server configuration in regards to Dynamic DNS updates.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

    Name:  RegistrationOverwrite

    Type:  REG_DWORD

    Value: 2 (DHCP Server overwrites DNS client)

    Valid Values:  0 (No overwrite), 1 (DNS client overwrites DHCP server, default) or 2 (DHCP server overwrites DNS client)

    A restart of the client is required for the change to take affect.

    Depending on environmental circumstances, it may be necessary to delete Host A and/or Pointer ( PTR ) records whose ownership resides with the DHCP client and not the DHCP to allow the DHCP Server to successfully update Client DNS records.

    Note: Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. 

    Best Regards,

    Candy



    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   


    2020年5月4日 1:49
  • Thanks Freya009,

    This has already been done.

    2020年5月4日 15:27
  • Thanks Candy,

    That registry key does not exist by default, but I will add it on my test machines and see what the behavior looks like.

    I appreciate the response.

    John.

    2020年5月4日 15:30
  • Hi John,

    Yes. This key does not exist by default, you could just add it. Please feel free to let me know the results.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    2020年5月5日 1:27
  • Hi John,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.                   

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    2020年5月6日 7:06
  • Sorry Candy, I've been dealing with some emergencies at work. 

    I added that key and it works. Thanks for that. It seems to be a better option then the option to turn off the dynamic update completely.

    I appreciate the answers and the help. It's nice to know that I was not simply missing a fundamental understanding of how this process works. It appears that "out of the box" a windows client will always attempt to register itself unless some additional configuration is done on the client.

    It's weird that as much reading as I have done about how to set this up, I have never seen that need specified. Probably just missed it.

    Thanks again.

    2020年5月8日 18:04
  • Hi ,

    I am pleased to know that the way is helpful to you. If there is anything else we can do for you, please feel free to post in the forum.

    You could mark the useful reply as answer to end this thread up.

    Thanks for your understanding.

    Best Regards,

    Candy


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com   

    2020年5月11日 1:47