Solved

DHCP not updating DNS records

Posted on 2011-03-14
5
1,085 Views
Last Modified: 2012-05-11
We have about 1 or 2 cases a day where our helpdesk is unable to remote control one of PCs. This is due to there not being a DNS record for the PC they are trying to remote control. If I run a "ipconfig /registerdns" from the PC in question, a DNS record gets created and all is well. When I check our DHCP logs, there are several of the following errors:

31,03/14/11,12:56:49,DNS Update Failed,192.168.144.129,PCNAME.ourdomain.com,-1,

In the DNS tab of the properties of our DHCP server, I have the following selected:
-Enable DNS dynamic updates according to the settings below:
Always dynamically update DNS A and PTR records (radio button selected)
Discard A and PTR records when lease is deleted (checkbox checked)

Any reason why a "ipconfig /registerdns" would work but the normal DHCP process would not?
0
Comment
Question by:Marc_Johnson
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 35136970
A few reasons this happens:

1)  If a previous computer registered a record but the lease expired and the IP was reassigned, then the new PC cannot update the DNS record because it doesn't own it.

2)  If a previous computer registered a record but the lease expired and the IP was reassigned, then the DHCP server cannot update the DNS record because it doesn't own it either.

What you can do is add the DHCP server computer object to the DNSUpdateProxy security group so that it doesn't own any records that it registers.  You likely need to delete all the client Host (A) records and reverse records one evening before going home and allow them to re-register overnight using this new configuration.

This way, the DHCP server can now make the changes on behalf of the client.

More on all this here:
http://technet.microsoft.com/en-us/library/cc787034(WS.10).aspx





0
 

Author Comment

by:Marc_Johnson
ID: 35138871
Netman66,

Thank you for your response.

After reading your suggestion and the technet article, I took a closer look at how our DHCP server is configured which raised a couple of questions:

1. Since our DHCP server is configured to "Always dynamically update DNS A and PTR records", then clients would not have been updating DNS on their own, correct? This would mean that the DHCP server would be the owner of all of our dynamic DNS entries. So I guess I am a little confused as to why there would be an issue if the only one adding dynamic DNS entries is our DHCP server.

2. We also use a dedicated user account (which is a member of the DnsUpdateProxy group) to perform the dynamic DNS updates. I verified that this account is working by logging into a PC with it. (Of course, if the account wasn't working, my guess is that none of our PCs would have their DNS records updated). The DHCP server is not a member of the DnsUpdateProxy group. I am also confused with this. Should I still make our DHCP server a member of this group even though the dedicated account used to perform the updates is a member of this group? I would assume that when a dedicated account is configured on a DHCP server, then it wouldn't matter if the server was a member of DnsUpdateProxy.

3. I'm a bit nervous about deleting all of our host records from the DNS server when we've been having issues with DHCP dynamically registering clients. For peace of mind, I would rather test this with one or two PCs. Would deleting a couple of DNS records and having those clients restart be a valid test?

Thanks again.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 35139170
1)  In today's environments, it's unlikey you have any clients older than Windows 2000 - in which case having your DHCP server update DNS is unnecessary.  As long as the client has the DHCP Client service running they should update their own records.

2)  If you continue to have DHCP update DNS, then you should add the computer account to the DNSUpdateProxy group - absolutely.

3)  You certainly can delete a few records to test.  I would recommend that anyway.  Deleting all the records (just the Host and PTR records) should have no impact if done at the end of the day because they *should* all re-register during the night if they are turned on.  Of course, this assumes your environment is working properly.

The problem of ownership still exists on records that already exist before you made the changes.  If you delete the records then all will be well on next registration.  Otherwise, you'd need to change ownership on records that won't update so they can be updated.

0
 

Author Comment

by:Marc_Johnson
ID: 35141023
Problem solved!

As a test, I changed the DHCP setting to "Dynamically update DNS A and PTR records only if requested by the DHCP clients" and then it started working. As another test, I changed it back to "Always dynamically update DNS A and PTR records" and along with this, I changed the dedicated account used to do the registrations to my personal account temporarily. This also worked. I then changed this account back to the one that we originally created for it and it still worked. The only thing I can figure out is that somehow the DHCP server could no longer use the dedicated account that we had setup for it. I verified that the password for this account was set to never expire. In any case, based on your recommendations, I ended up changing DHCP back to the default of  "Dynamically update DNS A and PTR records only if requested by the DHCP clients" and I also added the DHCP server to the DnsUpdateProxy group.

Thanks for your help!
0
 
LVL 51

Expert Comment

by:Netman66
ID: 35141242
My pleasure!
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Resolve DNS query failed errors for Exchange
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now