We are maintaining a fairly large (~3500 windows nodes in primary zone, +DMZ, +Unix machines, ~7500 entries in primary DNS zone) windows domain environment, with five 2008 R2 domain controllers, two of them have DNS role, and a separate 2008R2 cluster
has the DHCP role.
We just enabled the DHCP name protection a few weeks ago on all DHCP scopes and found a very strange issue: DHCID records are created for domain member Windows 7 workstations. Not only for one or two, but a lot. As far as I now, only non windows workstation
should get DHCID. Just to mention, the primary DNS zone is a AD-integrated zone.
We checked the AD object of those machines, they are intact, connection between the machines and AD is fine. No network outage occurred for quite a while, and at least one AD is always available.
Only this issue, that these records are created is not a big deal by itself, but I'm afraid the root cause of this problem could do more harm, so I really want to find out why this happens.
when you enable the DHCP name protection:
To windows DHCP client, create one DNS record (A record).
To non-Windows DHCP client, create two DNS records (A record and DHCID record).
To duplicated non-Windows DHCP client, prevent registry DNS record (none record).
So it seems like your windows clients are regarded as non-windows clients by DHCP server. Would you please tell us something more in detail？Such
as, how many domain members got the DHCID records? What are the OS versions of them?
In addition, maybe you can try the follows:
Find the owners of those DHCID records which is stored in DNS (DHCID records can only be added by DHCP servers/clients themselves through dynamic
Check the logs
generated by the DHCP Server.
Is there any DNS Update related events for these affected Windows Clients?
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.