DNS Issues - Reverse Zone Lookup not auto updating

Posted on 2011-10-21
Medium Priority
Last Modified: 2012-06-27
Hello everyone,
I just started a new job and I have the unfortunate pleasure of fixing some rather serious issues with the network, so please bear with me.

I have a problem with our Windows Server 2008 Standard SP1 domain controller. We'll call it "DC01" for simplicity. DC01 is configured with DHCP and DNS.  There is a reverse zone lookup that was created for the local subnet. The forward zone is working like it should. However, the reverse zone is NOT updating.

The client computers are just about all Windows 7 and them seam not to want to auto update. There is a couple XP machines on the network as well. The Windows XP computers are about the only computer that showed up in the reverse zone lookup. Just today I

The weird thing is when I right click the DHCP server and go properties --> DNS (tab) --> it's set to dynamically update A and PTR records (see image attached). So it *should* be updating reverse DNS, regardless of the Client PC's wishes, right?

Another issue that may or may not have anything to do with this, is there is a Windows 2008 Standard R2 server, we'll call it "Server01" that from what it appears used to be a Domain Controller running DNS. This server was not demoted properly. Active Directory still sorta thinks "Server01" is a domain controller. For a while it was listed on the Name Server's tab, I removed that about a week ago. DNS was not installed nor running on Server01 when I got here.  Server01 still shows up in some of the _MSDCS.Domain.Local records. So, if DNS is active directory integrated, could this be the reason why? I plan to clean up "Server01" soon.

Any insight would be appreciated.
Question by:NetAdmin2436
LVL 12

Expert Comment

ID: 37009067
DNS problem: Are you using Windows DHCP? Because the automatic registration is based on using Windows DHCP. You need to ensure that the credentials that DHCP is using to register with DNS are correct.

DC problem: You will need to manually remove the entries from _msdcs. This is a step for the process of forcibly removing a DC, while using ntdsutil. Please see http://support.microsoft.com/kb/216498
LVL 12

Author Comment

ID: 37009157
Yes, Windows is doing DHCP
LVL 12

Assisted Solution

Sommerblink earned 800 total points
ID: 37009584
Check out this resource: http://support.microsoft.com/kb/816592#8, but this would only help if you had more than one DHCP server.

The problem that you are explaining screams DHCP having permission problems touching the PTR records, but I don't have a Windows DHCP server enabled right now to stare at. If someone else doesn't get to this soon, I will be able to get to one shortly.

Have you considered simply deleting all the PTR records, except for those that are critical (in most internal networks, there are rarely critical PTR records) and allowing DNS/DHCP to refresh all the records?

The biggest problem is that if computers are allowed to create the record, DHCP may not have enough authority to alter those records on behalf of the computer, now.
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

LVL 24

Expert Comment

ID: 37009919
Make sure that the option register this connection address in dns was selected on the client machine.

Checked if there was any group policy being pushed which restrict the machine from registering its ip address in the DNS server.

Look at the configuration of the DHCP server it seems that both the scope and the server level option “Always dynamically update DNS A and PTR records.” is set. Because of which the client are not registering its record in the DNS.

Select the option “Dynamically update DNS A and PTR records only if requested by the DHCP clients” and restarted the DHCP service.

On the client machine give the command ipconfig /release and rebooted the client and check.

Regarding the server which was not demoted properly you need to run metadata cleanup to remove the instances of the server from  AD database and DNS.Refer below link for the same

Expert Comment

ID: 37010667
Try this.....

Find a member server runing W2K8 or prior,
Stop the current DHCP role
Configure the DHCP, active it then authorise from the memberserver.
Use your notebook, enable the DHCP to obtain ip from the DHCP server.
Once it received the ip address from the DHCP server, rename your notebook hostname, reboot then check the DNS record prior and after you rename the hostname and see if it change.

Note: Do this only after hour when only handful or users in the office and make sure your current DHCP is stopped or pause to avoid ip conflict in the network.

LVL 12

Accepted Solution

Vaseem Mohammed earned 1200 total points
ID: 37010745
Try configuring the credentials under "advanced" tab, (see ur screenshot)
the credentials you configure should be member of DHCP administrators group.

Once configured restart the DHCP service from services.msc

This will solve your problem.
LVL 12

Author Comment

ID: 37011154
I think that's it Wasim-shaikh. I was actually having the exact same issue on my home network as my work network. While I haven't been able to test it at work yet (will test on Monday), I did do as you described on my home network and it is working. On my home network I had a few PC's that weren't updating reverse DNS. After changing the credentials, now they appear to be propagating.

I'll let you guys know Monday for sure :)
LVL 12

Author Closing Comment

ID: 37017910
The records are updating nicely since I updated 'DNS dynamic updates registration credentials' on DHCP :)

Thanks everyone!

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question