Marc_Johnson
asked on
DHCP not updating DNS records
We have about 1 or 2 cases a day where our helpdesk is unable to remote control one of PCs. This is due to there not being a DNS record for the PC they are trying to remote control. If I run a "ipconfig /registerdns" from the PC in question, a DNS record gets created and all is well. When I check our DHCP logs, there are several of the following errors:
31,03/14/11,12:56:49,DNS Update Failed,192.168.144.129,PCN
In the DNS tab of the properties of our DHCP server, I have the following selected:
-Enable DNS dynamic updates according to the settings below:
Always dynamically update DNS A and PTR records (radio button selected)
Discard A and PTR records when lease is deleted (checkbox checked)
Any reason why a "ipconfig /registerdns" would work but the normal DHCP process would not?
31,03/14/11,12:56:49,DNS Update Failed,192.168.144.129,PCN
In the DNS tab of the properties of our DHCP server, I have the following selected:
-Enable DNS dynamic updates according to the settings below:
Always dynamically update DNS A and PTR records (radio button selected)
Discard A and PTR records when lease is deleted (checkbox checked)
Any reason why a "ipconfig /registerdns" would work but the normal DHCP process would not?
ASKER
Netman66,
Thank you for your response.
After reading your suggestion and the technet article, I took a closer look at how our DHCP server is configured which raised a couple of questions:
1. Since our DHCP server is configured to "Always dynamically update DNS A and PTR records", then clients would not have been updating DNS on their own, correct? This would mean that the DHCP server would be the owner of all of our dynamic DNS entries. So I guess I am a little confused as to why there would be an issue if the only one adding dynamic DNS entries is our DHCP server.
2. We also use a dedicated user account (which is a member of the DnsUpdateProxy group) to perform the dynamic DNS updates. I verified that this account is working by logging into a PC with it. (Of course, if the account wasn't working, my guess is that none of our PCs would have their DNS records updated). The DHCP server is not a member of the DnsUpdateProxy group. I am also confused with this. Should I still make our DHCP server a member of this group even though the dedicated account used to perform the updates is a member of this group? I would assume that when a dedicated account is configured on a DHCP server, then it wouldn't matter if the server was a member of DnsUpdateProxy.
3. I'm a bit nervous about deleting all of our host records from the DNS server when we've been having issues with DHCP dynamically registering clients. For peace of mind, I would rather test this with one or two PCs. Would deleting a couple of DNS records and having those clients restart be a valid test?
Thanks again.
Thank you for your response.
After reading your suggestion and the technet article, I took a closer look at how our DHCP server is configured which raised a couple of questions:
1. Since our DHCP server is configured to "Always dynamically update DNS A and PTR records", then clients would not have been updating DNS on their own, correct? This would mean that the DHCP server would be the owner of all of our dynamic DNS entries. So I guess I am a little confused as to why there would be an issue if the only one adding dynamic DNS entries is our DHCP server.
2. We also use a dedicated user account (which is a member of the DnsUpdateProxy group) to perform the dynamic DNS updates. I verified that this account is working by logging into a PC with it. (Of course, if the account wasn't working, my guess is that none of our PCs would have their DNS records updated). The DHCP server is not a member of the DnsUpdateProxy group. I am also confused with this. Should I still make our DHCP server a member of this group even though the dedicated account used to perform the updates is a member of this group? I would assume that when a dedicated account is configured on a DHCP server, then it wouldn't matter if the server was a member of DnsUpdateProxy.
3. I'm a bit nervous about deleting all of our host records from the DNS server when we've been having issues with DHCP dynamically registering clients. For peace of mind, I would rather test this with one or two PCs. Would deleting a couple of DNS records and having those clients restart be a valid test?
Thanks again.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Problem solved!
As a test, I changed the DHCP setting to "Dynamically update DNS A and PTR records only if requested by the DHCP clients" and then it started working. As another test, I changed it back to "Always dynamically update DNS A and PTR records" and along with this, I changed the dedicated account used to do the registrations to my personal account temporarily. This also worked. I then changed this account back to the one that we originally created for it and it still worked. The only thing I can figure out is that somehow the DHCP server could no longer use the dedicated account that we had setup for it. I verified that the password for this account was set to never expire. In any case, based on your recommendations, I ended up changing DHCP back to the default of "Dynamically update DNS A and PTR records only if requested by the DHCP clients" and I also added the DHCP server to the DnsUpdateProxy group.
Thanks for your help!
As a test, I changed the DHCP setting to "Dynamically update DNS A and PTR records only if requested by the DHCP clients" and then it started working. As another test, I changed it back to "Always dynamically update DNS A and PTR records" and along with this, I changed the dedicated account used to do the registrations to my personal account temporarily. This also worked. I then changed this account back to the one that we originally created for it and it still worked. The only thing I can figure out is that somehow the DHCP server could no longer use the dedicated account that we had setup for it. I verified that the password for this account was set to never expire. In any case, based on your recommendations, I ended up changing DHCP back to the default of "Dynamically update DNS A and PTR records only if requested by the DHCP clients" and I also added the DHCP server to the DnsUpdateProxy group.
Thanks for your help!
My pleasure!
1) If a previous computer registered a record but the lease expired and the IP was reassigned, then the new PC cannot update the DNS record because it doesn't own it.
2) If a previous computer registered a record but the lease expired and the IP was reassigned, then the DHCP server cannot update the DNS record because it doesn't own it either.
What you can do is add the DHCP server computer object to the DNSUpdateProxy security group so that it doesn't own any records that it registers. You likely need to delete all the client Host (A) records and reverse records one evening before going home and allow them to re-register overnight using this new configuration.
This way, the DHCP server can now make the changes on behalf of the client.
More on all this here:
http://technet.microsoft.com/en-us/library/cc787034(WS.10).aspx