Solved

DNS setting in DHCP scope

Posted on 2013-12-29
6
3,998 Views
Last Modified: 2013-12-30
We are using Windows 2008R2 servers.
In DHCP what is the best practice for the DNS setting under the DNS tab under scope properties.
I see a tab to enable DNS dynamic updates according to the setting below. Under this setting I see two options.
Option one: Dynamically update DNS A and PTR records only if requested by client.
Option two: always update DNS A and PTR records.

Also have options to Discard A and PTR records when release is deleted or to Dynamically update DNS A and PTR records for DHCP client that do not request updates.
Need to know what the best practice for this is on a large network? I have several subnet with their on DHCP and DNS servers.
0
Comment
Question by:molly22
  • 3
  • 2
6 Comments
 
LVL 30

Accepted Solution

by:
Gareth Gudger earned 500 total points
Comment Utility
Some of those options depend on your client workstations. For example "Dynamically update DNS A and PTR records for DHCP clients that do not request updates" is more for legacy clients such as NT4 or clients that do not support registering there DNS through DHCP. You really shouldn't need this these days but it doesn't hurt to keep it on.

Dynamically update DNS A and PTR or Always Update just depends on whether or not you want to force DNS registration with DHCP clients or not.

Discard can help clean up DNS so you don't have stale records on your network once a client changes IPs or moves to another subnet.

Generally I leave all these options on because it helps keep DNS tidy.

Of course if you have no need to register DHCP clients in DNS, as they are most often client computers, you can disable these options. For example, your client computer never host any resources. Of course you may also have a helpdesk department that remote connect to client computers via host name, so in this instance you may wish to keep these options on. Other reasons to keep DNS active on DHCP clients might be System Center.
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
In Above Comment:
For example "Dynamically update DNS A and PTR records for DHCP clients that do not request updates" is more for legacy clients such as NT4 or clients that do not support registering there DNS through DHCP

Dynamically update DNS A and PTR records for DHCP clients that do not request updates (for example, clients running Windows NT 4.0) - This option can be selected if you have Down level clients (95/98/NT) or third party OS who doesn't have functionality of DDNS (Dynamic DNS Update). If we uncheck them, mentioned clients will unable to register themselves with DNS.

Always dynamically update DNS A and PTR records" - Which mean we are asking DHCP to register DNS records on behalf of client machines. If you run DHCP on DC, DHCP will not register records in DNS unless we set credentials (standard user credentials). You can create one user and use his credentials for DNS registration, you don't need to use Admin accounts.credential tab will be found under IPv4 properties\Advanced tab

Instead of above option you can use another option "Dynamically update A and PTR records only if requested by DHCP client machines". If we select this option, client will register A records  and DHCP will register PTR records. We need to set credentials for registering PTR records.

Discard A and PTR records when lease is deleted
Please understand that discard does not mean delete records by DHCP server itself immediately, system will clean these records only if DNS aging/scavenging settings on DNS server is set properly.

You must create a dedicated user account and configure the DHCP servers with its credentials under the following circumstances:
•The DHCP server is configured to perform DNS dynamic updates on behalf of DHCP clients.
• A domain controller is configured to function as a DHCP server. Without the dedicated user account, secure updates will not work.
• The DNS zones to be updated by the DHCP server are configured to allow only secure dynamic updates.


Check mine comments in below posts on same topic for more information regarding DNS scavenging
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_28306544.html

Since you are running Windows 2008 R2, also check mine comment in below article for more information regarding DNS proxy Updates and DHCP name protection.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28302450.html

Lastly check below TechNet blog
http://social.technet.microsoft.com/Forums/windowsserver/en-US/1515eca4-8716-4360-9d40-383145c528ff/dhcp-best-practices-and-dc?forum=winserverNIS
http://social.technet.microsoft.com/Forums/windowsserver/en-US/8d4b5f8e-3290-4a9b-8f9d-68fafdd895a2/dhcp-service-not-siscarding-a-and-ptr-records-in-dns-when-lease-is-deleted

Mahesh
1
 

Author Closing Comment

by:molly22
Comment Utility
Thanks, this answered all my question.
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Not sure on what basis you have accepted 1st comment since comment is not perfect

Anyways, Thanks

Mahesh
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
Isn't perfection relative? :)
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Yes, basically there are some statements in your comment are not correct \ partially correct

Your comment:
"Dynamically update DNS A and PTR records for DHCP clients that do not request updates" is more for legacy clients such as NT4 or clients that do not support registering there DNS through DHCP
My explanation:
In reality those legacy client are not DDNS (DNS dynamic update) capable, hence DHCP options need to select so that DHCP will handle dynamic registration on behalf of those clients

Discard can help clean up DNS so you don't have stale records on your network once a client changes IPs or moves to another subnet.
My explanation:
Discard does not mean delete records by DHCP server itself immediately, system will clean these records only if you set DNS aging/scavenging settings on DNS server. This hidden fact must reflect in comment.

Of course if you have no need to register DHCP clients in DNS, as they are most often client computers, you can disable these options
My Explanation:
You should not disable these advanced DNS options on DHCP as it is the only best way to deal with DNS dynamic update and DHCP combination. If you deselect those options then you will lose sync between DNS and DHCP and create unnecessarily stale records in DNS
if you have static IP configurations, then you don't need DHCP and these advanced DNS options as well

in original question "Option one: Dynamically update DNS A and PTR records only if requested by client. " asked by author.
Your comment don't talk about that option


Finally setting dedicated DDNS account is mandatory if you want to work with DHCP advanced DNS options, this is hidden fact must reflect in comment

My earlier comment is self explanatory

If author of this question do not realize difference between two comments, then I cannot do any thing. Author always reserved rights to accept any comment they wanted to.

Finally we both are here to suggest right solutions as far as possible
It not a matter of grabbing points and I don't want to fight for points
I just wanted to point out corrections \ right things, nothing else, Thanks.

Mahesh
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now