Solved

Windows 2000 DNS without DHCP

Posted on 2007-03-30
7
945 Views
Last Modified: 2012-06-27
My question is two parts really. I have a Windows 2000 AD environment. Almost all clients are statically IP'd, though there are a few DHCP clients out there but not many. I just noticed that the DNS records in my DNS servers don't necessarily match up with the true records for a number of desktops. As desktops have been replaced over time, the process to name them and keep the same old IP address was lax.
 
 Correct me if I am wrong, but it would appear to be that XP & Win2kPro desktops do NOT dynamically update their DNS entry if they are statically IP'd. From what I have read so far, you need them to be using DHCP for addressing, and then it should work. So first part of the question is, I am right or wrong with this paragraph?
 
 Assuming I am right, I thought of creating a more automated method to update the DNS server entries to match the real values on the client. I was thinking of having a script to ping a machine, then run the 'hostname' command on it. Then I would take the correct IP and hostname and use the DNSCMD command to create the proper entry. In theory, I don't see why this shouldn't work.
 
 However, the DNSCMD errors out on me every time, from my Domain Controller/ DNS server itself. (actually from both of my DNS servers).
 
 Starting simply, from an RDP on the DNS server, I try:
 dnscmd . /Info   which gives Command Failed: Unknown 1717
 dnscmd hostname_of_dns_server gives same error 1717
 dnscmd IP_of_dns_server /Info  gives same but error 1753
 Further commands such as:
 dnscmd . /RecordAdd company.com newhost A 10.10.10.10   give me the same errors above, depending on the entry for my DNS server, either a 1717 or 1753 error.
 
 It would appear that the DNS command fails when communicating to the DNS server. Clearly, doing these commands on the DNS server itself shouldnt be an issue. Is there some configuration or Group Policy setting that would block this? I am beginning to think I somehow misconfigured integrated AD-DNS.
 
 Any help would be appreciated.
0
Comment
Question by:villelm
7 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18825961

> Correct me if I am wrong, but it would appear to be that XP & Win2kPro desktops do NOT
> dynamically update their DNS entry if they are statically IP'd.

You're wrong :)

Confirm that Dynamic Updates is turned on and set to Secure Only.

On a workstation run "ipconfig /registerdns" then check the Event Log for DNSAPI error messages.

In addition to that it would be sensible to configure Aging and Scavenging on the zones so they keep themselves clean.

Chris
0
 
LVL 2

Expert Comment

by:jasonaluke
ID: 18826183
I have the same problem as the poster. I have it set up to do Secure Updates Only on the DNS servers. Ipconfig /registerdns didn't seem to do anything. At least it didn't create a new value when I deleted the old one. I need to check the event viewer. I was reading on Microsoft's site and it says.
The following components perform DNS updates:
•Dynamic Host Configuration Protocol (DHCP) Client service
These updates apply to all Windows 2000-based computers.
•DNS Server service
These updates apply to Windows 2000-based DNS servers only.
•Net Logon service
This updates apply to Windows 2000-based domain controllers only.
•Remote access client
These updates apply to Windows 2000-based remote access clients only.

Now, if I read that right, DHCP does the DNS updating. If a host is using Static IP's, is the DHCP service still involved to do the updating?

Are you positive hosts not using DHCP will update DNS on a Windows 2000 DNS server?
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 250 total points
ID: 18826345

Yes, I'm positive.

It works like this. If DHCP is enabled and explicitly told to update DNS on the clients behalf then it will and the clients ability to update is disabled.

The DNS client, and the DNSAPI that comes with that has the ability to dynamically register records within DNS. This kind of functionality is essential for the smooth operation of an AD Domain (or at least the smooth operation without every admin requiring an intensive course in DNS).

The option in DHCP is generally considered a legacy option, it is there to ensure that Windows NT and 9x machines (or anything else that doesn't support Dynamic Updates) can get a DNS record.

To date I only know of a few instances where Dynamic Updates completely fails:

1. DNS Service was installed on Windows NT which was subsequently upgraded to Windows 200x.

A tricky one to solve since it's very difficult to completely remove a Windows component and install it again. Generally advisable to move the service to a server that hasn't been upgraded.

This may not apply in every case.

2. DNS Zone is corrupt.

The zone should be cleared out of AD and completely recreated. The instructions for this are here for Windows 2000:

http://support.microsoft.com/kb/305967

That also covers 2000 upgraded to 2003 as the upgrade process doesn't move the DNS zone from the Directory Partition to it's own separate Application Partition where Windows 2003 prefers such things.

3. Client Settings say not to.

Open up the registry editor and check for an adaptor specific registry setting:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\<Interface name>\DisableDynamicUpdate

If the value exists and is set to 1 Dynamic Updates will not occur.

Chris
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 82

Expert Comment

by:oBdA
ID: 18826355
You might have the DHCP Client service disabled; this service is necessary for the dynamic updates, so do NOT disable it (yes, even when using static IP addresses).
No DNS Name Resolution If DHCP Client Service Is Not Running
http://support.microsoft.com/?kbid=268674
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18826396

Oops, forgot a bit.

If you happen to need to clear an AD Integrated Zone out using a Windows 2003 Domain then you would open ADSIEdit.msc. Select "Connect To" then, if we use the AD Domain Name somedomain.com as an example you would add in this for Domain Integrated Zones:

Connection Point - Select or Type a Distinguished Name or Naming Context
DC=DomainDNSZones,DC=somedomain,DC=com

Or for Forest Integrated Zones:

DC=ForestDNSZones,DC=somedomain,DC=com

Expanding the MicrosoftDNS container in those should show all configured Zones (and the DNSNode's beneath). These two are the Application Partitions mentioned above.

Chris
0
 

Author Comment

by:villelm
ID: 18843384
Thanks Chris!  enabling scavenging and aging got me to the root of the problem.  I appreciate the assistance.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 18843388

You're welcome.

Chris
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now