DNS auto creating entries in DNS server

Dan
Dan used Ask the Experts™
on
I am running windows server 2003 R2 and have a mixed environment, with mostly PC's and a few MAC's.  The mac's though have a problem.  They have 2 network ports with different IP subnets. The problem is that when any of the MACs get restarted, it automaticlaly creates a DNS entry for 1 of the IP's in my servers DNS, and we don't want it to do that.  I only want to manually add the entry in my DNS server for the MACs.
How do I fix this issue, or resolve it.  Any help is appreciated.
The Macs are using Leopard and Snow Leopard mixed.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2012

Commented:
On the MACs you need to disable the option to update DNS this option should be within the network card properties or TCP\IP properties
DanNetwork Engineer

Author

Commented:
I looked at all the different options and I don't see that option anywhere. Can you be more specific please.

Commented:
There was a KB article about this: (I think you can use this to solve your issue)

http://support.apple.com/kb/ht3169
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

DanNetwork Engineer

Author

Commented:
I had my mac expert, and he said he tried that, but it's still not working.
Top Expert 2012

Commented:
This is something in MAC that is causing the problem this has nothing to do with the DNS server itself the DNS updates are coming from the client
DanNetwork Engineer

Author

Commented:
ok, but how do I fix it?
Top Expert 2012

Commented:
I am not an MAC expert but usually in Settings there is an option not to update with DNS.

http://labs.hoffmanlabs.com/node/1436
DanNetwork Engineer

Author

Commented:
I'll have my mac expert read it and see if he can find the fix in there.

Commented:
If I understand you correctly, when a mac reboots, your DNS server is adding a new A record for it?

I do not see how this is a client issue. The only way the mac client can do that (AFAIK) is if your DNS server supports dynamic dns and the mac is running some kind of dynamic dns client.

I think you need to check the settings on your DNS server and DHCP server.
DanNetwork Engineer

Author

Commented:
yes, that's what is happening.  DNS is setup to do that, when a client comes online, it automatically creates a DNS entry.  We just don't want it to do that for the MACs.
Top Expert 2012

Commented:
DNS doesn't auto create a record the clients send the update to the DNS server.
DanNetwork Engineer

Author

Commented:
ok, so how do we get the client to NOT send an update then, on the MAC?

Commented:
"the clients send the update to the DNS server"

What mechanism are you referring to? What clients send what records to what DNS server?
DanNetwork Engineer

Author

Commented:
There are like 5 MAC desktops, OS X, (snow leopard) machines, that when they reboot, they create a new DNS entry in my windows server 2003 R2 DNS server.  
I just don't want them to automaticlly send any DNS info back to the server.

Let me know if I'm not clear enough, perhaps I'm not explaining it correctly.
Top Expert 2012

Commented:
You are clear! DNS server does not create the records for the clients automatically. The clients send DNS updates to the server to create the records. There must be a setting in the MAC OS network settings again I'm not a MAC expert but I am a DNS expert.

The setting must be listed here some where.

http://docs.info.apple.com/article.html?path=Mac/10.5/en/14129.html

And if it is not listed then MAC does NOT allow you to disable this feature then but again I am not a MAC expert
DanNetwork Engineer

Author

Commented:
I've already sent to the network locations like 5 times, I pretty much have that screen or screens memorized.  Then there must be a cmd line way to tell the MAC to not send any DNS requests to the server.

Is there a way I can put this question into the MAC queue?

Commented:
I can absolutely assure you that you will not find the setting you are looking for on a mac. The mechanism that dariusg is describing is not used on a vanilla mac system. If you doubt this, you can test it by changing the IP address of one of the macs manually, and checking whether your DNS server is updated accordingly.

It is much more likely the DNS update is related to your DHCP server issuing an IP address to the mac, and nothing the mac is doing (other than sending out a DHCP query). See the following:

"DNS updates can be sent for any one of the following reasons or events:
An IP address is added, removed, or modified in the TCP/IP properties configuration for any one of the installed network connections.
An IP address lease changes or renews any one of the installed network connections with the DHCP server. For example, this update occurs when the computer is started or when you use the ipconfig /renew command.
You use the ipconfig /registerdns command to manually force an update of the client name registration in DNS.
The computer is turned on.
A member server is promoted to a domain controller.
When one of these events triggers a DNS update, the DHCP Client service, not the DNS Client service, sends updates. If a change to the IP address information occurs because of DHCP, corresponding updates in DNS are performed to synchronize name-to-address mappings for the computer. The DHCP Client service performs this function for all network connections on the system. This includes connections that are not configured to use DHCP."
http://support.microsoft.com/kb/816592
DanNetwork Engineer

Author

Commented:
Ok, so then how do I this this on my server? I created a scope for the 10.0.101.x network dhcp in my forward zones, but that didn't do anything, it's still creating a DNS entry, so how do I fix this issue?

Commented:
Where are the macs getting their IP addresses from?
DanNetwork Engineer

Author

Commented:
Well, they have static IP's, and there are 2 NICs on each MAC.  So they have a 10.0.101.x IP and then they have a 192.168.101.x IP as well and both are static.

It's only when they reboot, that they both create a DNS entry for each IP in my DNS server, under my main domain scope.

I have created a seperate xsan folder (forward lookup zone) and added all the 10.0.101.x IP's, but DNS is still creating entries in the domain forward lookup zone and I don't want it to, as it's causing problems with the DNS since there are 2 IP's on the macs and I guess it can't decide what to do since each MAC has 2 IP's.
Commented:
I think it would be most fruitful to review the article I linked above. It describes the various mechanisms used by Windows server 2003 to update DNS records, and it is clear that they are not restricted to clients sending nsupdates.

Although I do believe that this is completely barking up the wrong tree, you can download "little snitch" and use it on the macs to block UDP port 5353 (used for bonjour/zeroconf/mDNS) to see if this stops the updates (it would also disable functionality the the users may need, however). Bonjour DOES (in part) use the process described in RFC 2136, but it is telling other macs on the LAN to call it "<name>.local". I do not believe it is sending out anything that would make any sense to a Windows 2003 server.

On that note, you could also use little snitch to identify what ports the mac is sending packets out on during bootup. I suppose that a mac that someone installed a second network card on isn't exactly vanilla, so you never know what else may have been set up or installed. You're not going to find it in the network control panel in system preferences, though.
DanNetwork Engineer

Author

Commented:
My MAC expert said he can't close port 5353 as it's used by other apps and that's extreme.  So I don't know if I have to call Apple to fix this, or Microsoft to fix this, any thoughts of which one is the culprit?
Top Expert 2012

Commented:
Apple is the problem this is not a DNS issue with the server this is because the MAC is registering the IP address with DNS which is the normal process DNS CAN NOT auto create records the records are updated by the client
DanNetwork Engineer

Author

Commented:
ok, so then how do I tell the Apple client to not register with the DNS server for that specific enterface, as I have two seperate IP's on that box.
Top Expert 2012
Commented:
I think we have gone through the settings which can't be found on the apple network settings. I would at this point contact Apple if you are not seeing the settings. In DNS the DNS server does not create records it will hold static records, create records from DNS updates from clients, delete aged records, and update records that came from client updates. On a Windows machine you go to the TCP\IP properties you then click Advanced then click on the DNS Tab you then look at the bottom you will see the option to uncheck that will stop registering of DNS records to the DNS server for  that interface.

Now if you can't find this option in Apple this is a limitation of apple not the DNS server.

Commented:
There are a couple options to registering within DNS using the DHCP server. We should first explore how that is configured on your network.

Option 1) Client computers will register themselves, unless they are legacy computers and have need to have the DHCP server register these clients on behalf of the client computer.

(This is the default configuration of a Windows DNS server)

Once again, this is usually only used for legacy computers.

Option 2) You can tell the DHCP server to AWAYS register on behalf of the client.

Option 3) You can prevent the DHCP server from registering anything on behalf of the client at all times.

To end the debate about DHCP, PLEASE tell us what your settings are on this: (To do so)
Open your DHCP snapin:
. Right click the DHCP server and select properties > Click DNS, click Properties, click to select the Enable DNS dynamic updates according to the settings below. What are those settings??

--------------------------------------
With that said, the default configuration means the MAC computer will register on behalf of itself, just like Dariusq stated. The default configuration means the DHCP server will register on behalf of the client ONLY IF it is a legacy computer that doens't have the means to register on behalf of itself. So, now let's look at the MAC computer.

To configure your MAC client PC's network card for IPv4, follow steps 1 through 4 on this thread:
http://www.net.princeton.edu/mac/network-config-x/tcpip-enet.html

While following through these steps, In these configuration settings, you should see the ability to prevent your IPv4 configuration from registering itself within DNS. Is this not the case??

Like Dariusq, I am not a MAC expert, but work well on the 2003 server with DNS and DHCP.

DanNetwork Engineer

Author

Commented:
on my server, under the DNS tab, here's my settings:

"enable DNS dynamic updates according to teh settings below" is CHECKED
"dynamically update DNS A and PTR records only if requested by the DHCP clients" is CHECKED
"discard A and PTR records when lease is deleted" is CHECKED

Everything else is NOT checked.

I've looked through that network configuration link, and I've talked to my MAC guy and we're already using manual IP's.
Commented:
As dariusq stated, a client will register its own IPs. So, even a fixed IP will register itself. But, within the IPv4 configuration, there should be some way to tell the client maching to not register itself>

Your DHCP server will only register if client can't do it for itself. This is usually legacy machines, like Windows 98... Macs, should register themselves, and not use the DHCP client service to do so.
DanNetwork Engineer

Author

Commented:
Thanks guys for the clues and suggestions, but nothing worked.  I couldn't find any options on the MAC to tell it to NOT register with DNS.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial