Allowing non-domain members to register in DNS

I have an AD Domain controller that runs as the DNS server for the domain.  There is a separate (non-Windows) DHCP server that issues the IP addresses for the sub-net and the DHCP server is set to point to the DC as being the primary DNS server so all clients point to and use my main DNS server.  The DNS server forwards requests it can't resolve to the WAN gateway.  All works fine as long as the client or server is a member of the domain.  

I have 2 sandbox servers that are not domain members; their main use is to run Virtual Server 2005 images and each image requests and gets an IP address from the same DHCP server.  These machines can all access the internet via the DNS server's name resolution but they can't resolve each other's names.

I think that my problem is that these non-domain member machines do not get their IP addresses registered in the DNS server.

I tried changing the security setting for the DNS server but it still doesn't seem to register the non-domain member IP addresses.

Any ideas on what may be causing this?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi MSProjectGeek,

if you manually enter host records in DNS, does your problem dissapear?

MSProjectGeekAuthor Commented:
MSProjectGeekAuthor Commented:
Well my problem doesn't dissapear per se; I can obviously resolve the servers by name if I put entries in DNS for them but the problem I was trying to solve was auto-registration with DNS
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.


Configure the machine with a primary DNS suffix of your domain.
Accidently submitted..


go to system properties, computer name tab, CHANGE button, MORE button, type your primary DNS suffic (ie yourdomain.local or, check the box, OK ..ok..ok..ok ...test
MSProjectGeekAuthor Commented:
Which machine do you mean? The DNS server or the client?  Are you saying that I should make the client join the domain?  These development servers are purposely not part of the domain.
MSProjectGeekAuthor Commented:
More research.

Adding an etnry to the DNS forward lookup zone e.g. ServerGX28 allows the server name to resolve for domain member machines but not for non-domain memeber machines which I guess is part of my problem.

It appears that the DNS server is not allowing non-domain servers to register themselves and it's also not providing proper DNS service for non-somain member computers.
See here:

If you are stating that the virtual machines also get their IPs from the one DHCP server, then you can set the DHCP server:

To modify this setting, select the Enable DNS dynamic updates according to the settings below check box and click Always dynamically update DNS A and PTR records, which is located in Properties on the DNS tab on the applicable DHCP server or on one of its scopes.

Try that and see what happens.
Let me summarize what's been said:

1)  Make sure the DNS zone you want them to register in is set to allow Secure and Non-Secure updates.
2)  If you want these servers to register in another namespace then you will have to create the primary zone on your server and repeat step #1.
3)  Make sure the DNS suffix of the servers not in the domain (the ones you want to register) match a zone you host on your DNS server.
4)  Make sure the servers you want to register are ONLY pointing to your DNS server and are set to Register in DNS.

This should be all you need to do.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The settings I listed are for running on the need to join the domain.  Make sure that you have DNS on the server configured as NETMAN66 describes above...if your DNS only accepts secure updates you won't get in
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.