Solved

DHCP not updating DNS records

Posted on 2011-03-14
5
1,091 Views
Last Modified: 2012-05-11
We have about 1 or 2 cases a day where our helpdesk is unable to remote control one of PCs. This is due to there not being a DNS record for the PC they are trying to remote control. If I run a "ipconfig /registerdns" from the PC in question, a DNS record gets created and all is well. When I check our DHCP logs, there are several of the following errors:

31,03/14/11,12:56:49,DNS Update Failed,192.168.144.129,PCNAME.ourdomain.com,-1,

In the DNS tab of the properties of our DHCP server, I have the following selected:
-Enable DNS dynamic updates according to the settings below:
Always dynamically update DNS A and PTR records (radio button selected)
Discard A and PTR records when lease is deleted (checkbox checked)

Any reason why a "ipconfig /registerdns" would work but the normal DHCP process would not?
0
Comment
Question by:Marc_Johnson
  • 3
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 35136970
A few reasons this happens:

1)  If a previous computer registered a record but the lease expired and the IP was reassigned, then the new PC cannot update the DNS record because it doesn't own it.

2)  If a previous computer registered a record but the lease expired and the IP was reassigned, then the DHCP server cannot update the DNS record because it doesn't own it either.

What you can do is add the DHCP server computer object to the DNSUpdateProxy security group so that it doesn't own any records that it registers.  You likely need to delete all the client Host (A) records and reverse records one evening before going home and allow them to re-register overnight using this new configuration.

This way, the DHCP server can now make the changes on behalf of the client.

More on all this here:
http://technet.microsoft.com/en-us/library/cc787034(WS.10).aspx





0
 

Author Comment

by:Marc_Johnson
ID: 35138871
Netman66,

Thank you for your response.

After reading your suggestion and the technet article, I took a closer look at how our DHCP server is configured which raised a couple of questions:

1. Since our DHCP server is configured to "Always dynamically update DNS A and PTR records", then clients would not have been updating DNS on their own, correct? This would mean that the DHCP server would be the owner of all of our dynamic DNS entries. So I guess I am a little confused as to why there would be an issue if the only one adding dynamic DNS entries is our DHCP server.

2. We also use a dedicated user account (which is a member of the DnsUpdateProxy group) to perform the dynamic DNS updates. I verified that this account is working by logging into a PC with it. (Of course, if the account wasn't working, my guess is that none of our PCs would have their DNS records updated). The DHCP server is not a member of the DnsUpdateProxy group. I am also confused with this. Should I still make our DHCP server a member of this group even though the dedicated account used to perform the updates is a member of this group? I would assume that when a dedicated account is configured on a DHCP server, then it wouldn't matter if the server was a member of DnsUpdateProxy.

3. I'm a bit nervous about deleting all of our host records from the DNS server when we've been having issues with DHCP dynamically registering clients. For peace of mind, I would rather test this with one or two PCs. Would deleting a couple of DNS records and having those clients restart be a valid test?

Thanks again.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 35139170
1)  In today's environments, it's unlikey you have any clients older than Windows 2000 - in which case having your DHCP server update DNS is unnecessary.  As long as the client has the DHCP Client service running they should update their own records.

2)  If you continue to have DHCP update DNS, then you should add the computer account to the DNSUpdateProxy group - absolutely.

3)  You certainly can delete a few records to test.  I would recommend that anyway.  Deleting all the records (just the Host and PTR records) should have no impact if done at the end of the day because they *should* all re-register during the night if they are turned on.  Of course, this assumes your environment is working properly.

The problem of ownership still exists on records that already exist before you made the changes.  If you delete the records then all will be well on next registration.  Otherwise, you'd need to change ownership on records that won't update so they can be updated.

0
 

Author Comment

by:Marc_Johnson
ID: 35141023
Problem solved!

As a test, I changed the DHCP setting to "Dynamically update DNS A and PTR records only if requested by the DHCP clients" and then it started working. As another test, I changed it back to "Always dynamically update DNS A and PTR records" and along with this, I changed the dedicated account used to do the registrations to my personal account temporarily. This also worked. I then changed this account back to the one that we originally created for it and it still worked. The only thing I can figure out is that somehow the DHCP server could no longer use the dedicated account that we had setup for it. I verified that the password for this account was set to never expire. In any case, based on your recommendations, I ended up changing DHCP back to the default of  "Dynamically update DNS A and PTR records only if requested by the DHCP clients" and I also added the DHCP server to the DnsUpdateProxy group.

Thanks for your help!
0
 
LVL 51

Expert Comment

by:Netman66
ID: 35141242
My pleasure!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
F5 SSL Sticky Load Balancing Question 3 55
Forest and doamin tree 3 27
Replication problems 6 24
Urgent Help dns, clock issues nightmare 71 28
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question