DNS Issues - Reverse Zone Lookup not auto updating

Posted on 2011-10-21
Last Modified: 2012-06-27
Hello everyone,
I just started a new job and I have the unfortunate pleasure of fixing some rather serious issues with the network, so please bear with me.

I have a problem with our Windows Server 2008 Standard SP1 domain controller. We'll call it "DC01" for simplicity. DC01 is configured with DHCP and DNS.  There is a reverse zone lookup that was created for the local subnet. The forward zone is working like it should. However, the reverse zone is NOT updating.

The client computers are just about all Windows 7 and them seam not to want to auto update. There is a couple XP machines on the network as well. The Windows XP computers are about the only computer that showed up in the reverse zone lookup. Just today I

The weird thing is when I right click the DHCP server and go properties --> DNS (tab) --> it's set to dynamically update A and PTR records (see image attached). So it *should* be updating reverse DNS, regardless of the Client PC's wishes, right?

Another issue that may or may not have anything to do with this, is there is a Windows 2008 Standard R2 server, we'll call it "Server01" that from what it appears used to be a Domain Controller running DNS. This server was not demoted properly. Active Directory still sorta thinks "Server01" is a domain controller. For a while it was listed on the Name Server's tab, I removed that about a week ago. DNS was not installed nor running on Server01 when I got here.  Server01 still shows up in some of the _MSDCS.Domain.Local records. So, if DNS is active directory integrated, could this be the reason why? I plan to clean up "Server01" soon.

Any insight would be appreciated.
Question by:NetAdmin2436
    LVL 12

    Expert Comment

    DNS problem: Are you using Windows DHCP? Because the automatic registration is based on using Windows DHCP. You need to ensure that the credentials that DHCP is using to register with DNS are correct.

    DC problem: You will need to manually remove the entries from _msdcs. This is a step for the process of forcibly removing a DC, while using ntdsutil. Please see
    LVL 12

    Author Comment

    Yes, Windows is doing DHCP
    LVL 12

    Assisted Solution

    Check out this resource:, but this would only help if you had more than one DHCP server.

    The problem that you are explaining screams DHCP having permission problems touching the PTR records, but I don't have a Windows DHCP server enabled right now to stare at. If someone else doesn't get to this soon, I will be able to get to one shortly.

    Have you considered simply deleting all the PTR records, except for those that are critical (in most internal networks, there are rarely critical PTR records) and allowing DNS/DHCP to refresh all the records?

    The biggest problem is that if computers are allowed to create the record, DHCP may not have enough authority to alter those records on behalf of the computer, now.
    LVL 24

    Expert Comment

    Make sure that the option register this connection address in dns was selected on the client machine.

    Checked if there was any group policy being pushed which restrict the machine from registering its ip address in the DNS server.

    Look at the configuration of the DHCP server it seems that both the scope and the server level option “Always dynamically update DNS A and PTR records.” is set. Because of which the client are not registering its record in the DNS.

    Select the option “Dynamically update DNS A and PTR records only if requested by the DHCP clients” and restarted the DHCP service.

    On the client machine give the command ipconfig /release and rebooted the client and check.

    Regarding the server which was not demoted properly you need to run metadata cleanup to remove the instances of the server from  AD database and DNS.Refer below link for the same
    LVL 7

    Expert Comment

    Try this.....

    Find a member server runing W2K8 or prior,
    Stop the current DHCP role
    Configure the DHCP, active it then authorise from the memberserver.
    Use your notebook, enable the DHCP to obtain ip from the DHCP server.
    Once it received the ip address from the DHCP server, rename your notebook hostname, reboot then check the DNS record prior and after you rename the hostname and see if it change.

    Note: Do this only after hour when only handful or users in the office and make sure your current DHCP is stopped or pause to avoid ip conflict in the network.

    LVL 12

    Accepted Solution

    Try configuring the credentials under "advanced" tab, (see ur screenshot)
    the credentials you configure should be member of DHCP administrators group.

    Once configured restart the DHCP service from services.msc

    This will solve your problem.
    LVL 12

    Author Comment

    I think that's it Wasim-shaikh. I was actually having the exact same issue on my home network as my work network. While I haven't been able to test it at work yet (will test on Monday), I did do as you described on my home network and it is working. On my home network I had a few PC's that weren't updating reverse DNS. After changing the credentials, now they appear to be propagating.

    I'll let you guys know Monday for sure :)
    LVL 12

    Author Closing Comment

    The records are updating nicely since I updated 'DNS dynamic updates registration credentials' on DHCP :)

    Thanks everyone!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Suggested Solutions

    Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now