Issues with DNS and DHCP

I have recently be asked to take over our active directory infrastructure and I have a few questions because I feel our DHCP and DNS may not be setup correctly.

We seem to have problems but I am not entirely sure.  For example when I connected a new machine to the network.  I am not sure if I am correct but the DHCP server will issue the client an IP address.  DHCP is AD integrated so I assume the issued IP address would be taken and an (A) host record created in the forward zone, I would also assume a (PTR) record would be created in the reverse zone.  

The problem I seem to have  is that the (A) Records seem to be created but the (PTR) records are not,  am I correct in thinking this is an issue?

As far as I can tell DNS dynamic updates has been configured but I am not sure if DHCP and DNS have been configured correctly?  The DNS Dynamic update account credentials have not even been set, should they be?

WNottsCAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Renato Montenegro RusticiIT SpecialistCommented:
For this to work properly, you must create a reverse zone in DNS for each ip address range you use in your network. If your IP address is 192.168.1.x, you must create a reverse zone for it. If you have another IP address where the third octect é 2 (192.168.2.x), you must create another reverse zone. Remember to set the zones to allow dynamic updates.

After creating the zone, test it by issuing the following command from a client machine (you must open an elevated command prompt with administrative priviledges):

ipconfig /registerdns

Then, look at the zone in the DNS server that your client is pointing to.

Is that clear to you?
0
Justin MaloneSystem AdministratorCommented:
is there an active directory integrated reverse lookup zone setup?

0
Renato Montenegro RusticiIT SpecialistCommented:
The folloing page will guide you in the process:

How to create DNS Reverse Lookup Zone in Windows Server 2003
http://www.windowsreference.com/dns/how-to-create-dns-reverse-lookup-zone-in-windows-server-2003/
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Renato Montenegro RusticiIT SpecialistCommented:
Yes, you can create an integrated reverse lookup zone as you do with the forward zone. If all of your DNS servers are domain controllers, it's strongly recommended that you integrate the zones.
0
WNottsCAuthor Commented:
Both     foward and reverse lookup zones are ad integrated but some are secure and some are both secure and nonsecure. So why is the ptr record not being created?
0
Renato Montenegro RusticiIT SpecialistCommented:
Can you please provide the IP address configuration (ipconfig /all) of the client and the print screen of the reverse lookup zone?

0
WNottsCAuthor Commented:
When you say a print screen what information do you require?

What client information do you require?
0
Renato Montenegro RusticiIT SpecialistCommented:
In the client (any client that uses DHCP), open an elevated (administrative) command prompt and type:

ipconfig /all > ip.txt

Send the ip.txt file to us.

Open DNS Server, expand the reverse lookup zone branch and take a print screen of it. Paste it in Paint and post the JPG here.
0
WNottsCAuthor Commented:
Sorry if I am missing something but I am not sure what in the ipconfig /all you want to see?

Also I know the zones are created correctly I think it is just the settings that I think are not correct.
0
Renato Montenegro RusticiIT SpecialistCommented:
You should see if you have an matching between the client's configuration and the DNS server. That's why I asked to see the files. It's harder to tell you what you should see than if you show me how it's configured. Besides, the only think you should notice is if your zone is configured to allow dynamic updates.

Another thing to check is if DHCP will update DNS records automatically. To do so, open DHCP administrative console right click the scope (where the IP address range is configured), pick Properties. Click the DNS tab. Make sure it's all setup correctly.

If it's a 2008 box, you can do the same for all scopes by right clicking the IPv4 node.
0
WNottsCAuthor Commented:
what should the settings be for DHCP on the DNS tab for dynamic updates,  I am sure this is the issue but I also feel it is a settings issue with the DNS?

My thoughts were that   The IP v4 DNS tab has different settings to the individual Scope DNS tab settings.

Also on the DNS server the Dynamic update settings for the forward zone is set to nonsecure and secure and the reverse lookup zone for the IP address of the client I was trying to add was set to secure only, not sure if this alone would be an issue but I think the dynamic update credentials are not set (if this needs to be)
0
Renato Montenegro RusticiIT SpecialistCommented:
Check those documents and make sure you are using the recommended settings for your particular environment:

How to configure DNS dynamic updates in Windows Server 2003
http://support.microsoft.com/kb/816592

Using DNS servers with DHCP
http://technet.microsoft.com/en-us/library/cc787034(WS.10).aspx

Eliminate manual updates of DNS records by configuring dynamic update and secure dynamic update
http://technet.microsoft.com/en-us/library/cc753014.aspx
0
Renato Montenegro RusticiIT SpecialistCommented:
This is a very nice one too:

Configuring Secure Dynamic Update
http://technet.microsoft.com/en-us/library/dd145315(WS.10).aspx
0
WNottsCAuthor Commented:
I am sorry to ask so much but I have already read these and I am finding it difficult to understand why the previous administrators have set DNS and DHCP the way they have.  Can I ask what settings you have set on your DHCP (DNS Tab) and your DNS?
0
Renato Montenegro RusticiIT SpecialistCommented:
I have one virtual machine with 2008 R2 here. The default values in the DNS tab are as follows:


 DNS Tab from DHCP Management Console DNS Tab from DHCP Management Console
0
Renato Montenegro RusticiIT SpecialistCommented:
For the IP 192.168.1.50, I have a reverse lookup zone as shown in the following picture:

 DNS Reverse Lookup Zone
0
WNottsCAuthor Commented:
For some reason the scopes for my DHCP Servers are set to Always dynamically update DNS A and PTR records should this be correct I know yours is the default and is the way our IPv4 is set but the scopes are different.

Have you set an account and password for the DNS dynamic updates registration credentials?

How is your DNS setup?
0
Renato Montenegro RusticiIT SpecialistCommented:
If you have an ip address like 192.168.2.1, you should create another reverse lookup zone, that would be 2.168.192.in-addr.arpa. Did you get the idea?
0
WNottsCAuthor Commented:
I see your reverse lookup zone we have 10 or 11and they are all setup correctly but what are the dynamic updates settings for your forward and reverse zones?  as I mentioned my forward is nonsecure and secure while my reverse are secure only.  I think this may be the reason my A record is created but my PTR records for some zones are not.
0
Renato Montenegro RusticiIT SpecialistCommented:
Yes, you should configure the credentials. See this page:

DHCP Clients not registering in DNS
http://www.minasi.com/forum/topic.asp?TOPIC_ID=23724
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Renato Montenegro RusticiIT SpecialistCommented:
It doest matter. You should set up the dynamic updates, either secure or not.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.