Link to home
Start Free TrialLog in
Avatar of WNottsC
WNottsCFlag for Afghanistan

asked on

Issues with DNS and DHCP

I have recently be asked to take over our active directory infrastructure and I have a few questions because I feel our DHCP and DNS may not be setup correctly.

We seem to have problems but I am not entirely sure.  For example when I connected a new machine to the network.  I am not sure if I am correct but the DHCP server will issue the client an IP address.  DHCP is AD integrated so I assume the issued IP address would be taken and an (A) host record created in the forward zone, I would also assume a (PTR) record would be created in the reverse zone.  

The problem I seem to have  is that the (A) Records seem to be created but the (PTR) records are not,  am I correct in thinking this is an issue?

As far as I can tell DNS dynamic updates has been configured but I am not sure if DHCP and DNS have been configured correctly?  The DNS Dynamic update account credentials have not even been set, should they be?

Avatar of Renato Montenegro Rustici
Renato Montenegro Rustici
Flag of Brazil image

For this to work properly, you must create a reverse zone in DNS for each ip address range you use in your network. If your IP address is 192.168.1.x, you must create a reverse zone for it. If you have another IP address where the third octect é 2 (192.168.2.x), you must create another reverse zone. Remember to set the zones to allow dynamic updates.

After creating the zone, test it by issuing the following command from a client machine (you must open an elevated command prompt with administrative priviledges):

ipconfig /registerdns

Then, look at the zone in the DNS server that your client is pointing to.

Is that clear to you?
Avatar of Justin Malone
Justin Malone

is there an active directory integrated reverse lookup zone setup?

The folloing page will guide you in the process:

How to create DNS Reverse Lookup Zone in Windows Server 2003
http://www.windowsreference.com/dns/how-to-create-dns-reverse-lookup-zone-in-windows-server-2003/
Yes, you can create an integrated reverse lookup zone as you do with the forward zone. If all of your DNS servers are domain controllers, it's strongly recommended that you integrate the zones.
Avatar of WNottsC

ASKER

Both     foward and reverse lookup zones are ad integrated but some are secure and some are both secure and nonsecure. So why is the ptr record not being created?
Can you please provide the IP address configuration (ipconfig /all) of the client and the print screen of the reverse lookup zone?

Avatar of WNottsC

ASKER

When you say a print screen what information do you require?

What client information do you require?
In the client (any client that uses DHCP), open an elevated (administrative) command prompt and type:

ipconfig /all > ip.txt

Send the ip.txt file to us.

Open DNS Server, expand the reverse lookup zone branch and take a print screen of it. Paste it in Paint and post the JPG here.
Avatar of WNottsC

ASKER

Sorry if I am missing something but I am not sure what in the ipconfig /all you want to see?

Also I know the zones are created correctly I think it is just the settings that I think are not correct.
You should see if you have an matching between the client's configuration and the DNS server. That's why I asked to see the files. It's harder to tell you what you should see than if you show me how it's configured. Besides, the only think you should notice is if your zone is configured to allow dynamic updates.

Another thing to check is if DHCP will update DNS records automatically. To do so, open DHCP administrative console right click the scope (where the IP address range is configured), pick Properties. Click the DNS tab. Make sure it's all setup correctly.

If it's a 2008 box, you can do the same for all scopes by right clicking the IPv4 node.
Avatar of WNottsC

ASKER

what should the settings be for DHCP on the DNS tab for dynamic updates,  I am sure this is the issue but I also feel it is a settings issue with the DNS?

My thoughts were that   The IP v4 DNS tab has different settings to the individual Scope DNS tab settings.

Also on the DNS server the Dynamic update settings for the forward zone is set to nonsecure and secure and the reverse lookup zone for the IP address of the client I was trying to add was set to secure only, not sure if this alone would be an issue but I think the dynamic update credentials are not set (if this needs to be)
Check those documents and make sure you are using the recommended settings for your particular environment:

How to configure DNS dynamic updates in Windows Server 2003
http://support.microsoft.com/kb/816592

Using DNS servers with DHCP
http://technet.microsoft.com/en-us/library/cc787034(WS.10).aspx

Eliminate manual updates of DNS records by configuring dynamic update and secure dynamic update
http://technet.microsoft.com/en-us/library/cc753014.aspx
This is a very nice one too:

Configuring Secure Dynamic Update
http://technet.microsoft.com/en-us/library/dd145315(WS.10).aspx
Avatar of WNottsC

ASKER

I am sorry to ask so much but I have already read these and I am finding it difficult to understand why the previous administrators have set DNS and DHCP the way they have.  Can I ask what settings you have set on your DHCP (DNS Tab) and your DNS?
I have one virtual machine with 2008 R2 here. The default values in the DNS tab are as follows:


 User generated image User generated image
For the IP 192.168.1.50, I have a reverse lookup zone as shown in the following picture:

 User generated image
Avatar of WNottsC

ASKER

For some reason the scopes for my DHCP Servers are set to Always dynamically update DNS A and PTR records should this be correct I know yours is the default and is the way our IPv4 is set but the scopes are different.

Have you set an account and password for the DNS dynamic updates registration credentials?

How is your DNS setup?
If you have an ip address like 192.168.2.1, you should create another reverse lookup zone, that would be 2.168.192.in-addr.arpa. Did you get the idea?
Avatar of WNottsC

ASKER

I see your reverse lookup zone we have 10 or 11and they are all setup correctly but what are the dynamic updates settings for your forward and reverse zones?  as I mentioned my forward is nonsecure and secure while my reverse are secure only.  I think this may be the reason my A record is created but my PTR records for some zones are not.
ASKER CERTIFIED SOLUTION
Avatar of Renato Montenegro Rustici
Renato Montenegro Rustici
Flag of Brazil image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
It doest matter. You should set up the dynamic updates, either secure or not.