asked on
DNS setting in DHCP scope
We are using Windows 2008R2 servers.
In DHCP what is the best practice for the DNS setting under the DNS tab under scope properties.
I see a tab to enable DNS dynamic updates according to the setting below. Under this setting I see two options.
Option one: Dynamically update DNS A and PTR records only if requested by client.
Option two: always update DNS A and PTR records.
Also have options to Discard A and PTR records when release is deleted or to Dynamically update DNS A and PTR records for DHCP client that do not request updates.
Need to know what the best practice for this is on a large network? I have several subnet with their on DHCP and DNS servers.
In DHCP what is the best practice for the DNS setting under the DNS tab under scope properties.
I see a tab to enable DNS dynamic updates according to the setting below. Under this setting I see two options.
Option one: Dynamically update DNS A and PTR records only if requested by client.
Option two: always update DNS A and PTR records.
Also have options to Discard A and PTR records when release is deleted or to Dynamically update DNS A and PTR records for DHCP client that do not request updates.
Need to know what the best practice for this is on a large network? I have several subnet with their on DHCP and DNS servers.
Microsoft Legacy OSMicrosoft Server OSWindows Server 2008
Last Comment
Mahesh
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks, this answered all my question.
Not sure on what basis you have accepted 1st comment since comment is not perfect
Anyways, Thanks
Mahesh
Anyways, Thanks
Mahesh
Isn't perfection relative? :)
Yes, basically there are some statements in your comment are not correct \ partially correct
Your comment:
In reality those legacy client are not DDNS (DNS dynamic update) capable, hence DHCP options need to select so that DHCP will handle dynamic registration on behalf of those clients
Discard does not mean delete records by DHCP server itself immediately, system will clean these records only if you set DNS aging/scavenging settings on DNS server. This hidden fact must reflect in comment.
You should not disable these advanced DNS options on DHCP as it is the only best way to deal with DNS dynamic update and DHCP combination. If you deselect those options then you will lose sync between DNS and DHCP and create unnecessarily stale records in DNS
if you have static IP configurations, then you don't need DHCP and these advanced DNS options as well
in original question "Option one: Dynamically update DNS A and PTR records only if requested by client. " asked by author.
Your comment don't talk about that option
Finally setting dedicated DDNS account is mandatory if you want to work with DHCP advanced DNS options, this is hidden fact must reflect in comment
My earlier comment is self explanatory
If author of this question do not realize difference between two comments, then I cannot do any thing. Author always reserved rights to accept any comment they wanted to.
Finally we both are here to suggest right solutions as far as possible
It not a matter of grabbing points and I don't want to fight for points
I just wanted to point out corrections \ right things, nothing else, Thanks.
Mahesh
Your comment:
"Dynamically update DNS A and PTR records for DHCP clients that do not request updates" is more for legacy clients such as NT4 or clients that do not support registering there DNS through DHCPMy explanation:
In reality those legacy client are not DDNS (DNS dynamic update) capable, hence DHCP options need to select so that DHCP will handle dynamic registration on behalf of those clients
Discard can help clean up DNS so you don't have stale records on your network once a client changes IPs or moves to another subnet.My explanation:
Discard does not mean delete records by DHCP server itself immediately, system will clean these records only if you set DNS aging/scavenging settings on DNS server. This hidden fact must reflect in comment.
Of course if you have no need to register DHCP clients in DNS, as they are most often client computers, you can disable these optionsMy Explanation:
You should not disable these advanced DNS options on DHCP as it is the only best way to deal with DNS dynamic update and DHCP combination. If you deselect those options then you will lose sync between DNS and DHCP and create unnecessarily stale records in DNS
if you have static IP configurations, then you don't need DHCP and these advanced DNS options as well
in original question "Option one: Dynamically update DNS A and PTR records only if requested by client. " asked by author.
Your comment don't talk about that option
Finally setting dedicated DDNS account is mandatory if you want to work with DHCP advanced DNS options, this is hidden fact must reflect in comment
My earlier comment is self explanatory
If author of this question do not realize difference between two comments, then I cannot do any thing. Author always reserved rights to accept any comment they wanted to.
Finally we both are here to suggest right solutions as far as possible
It not a matter of grabbing points and I don't want to fight for points
I just wanted to point out corrections \ right things, nothing else, Thanks.
Mahesh
Dynamically update DNS A and PTR records for DHCP clients that do not request updates (for example, clients running Windows NT 4.0) - This option can be selected if you have Down level clients (95/98/NT) or third party OS who doesn't have functionality of DDNS (Dynamic DNS Update). If we uncheck them, mentioned clients will unable to register themselves with DNS.
Always dynamically update DNS A and PTR records" - Which mean we are asking DHCP to register DNS records on behalf of client machines. If you run DHCP on DC, DHCP will not register records in DNS unless we set credentials (standard user credentials). You can create one user and use his credentials for DNS registration, you don't need to use Admin accounts.credential tab will be found under IPv4 properties\Advanced tab
Instead of above option you can use another option "Dynamically update A and PTR records only if requested by DHCP client machines". If we select this option, client will register A records and DHCP will register PTR records. We need to set credentials for registering PTR records.
Discard A and PTR records when lease is deleted
Please understand that discard does not mean delete records by DHCP server itself immediately, system will clean these records only if DNS aging/scavenging settings on DNS server is set properly.
You must create a dedicated user account and configure the DHCP servers with its credentials under the following circumstances:
•The DHCP server is configured to perform DNS dynamic updates on behalf of DHCP clients.
• A domain controller is configured to function as a DHCP server. Without the dedicated user account, secure updates will not work.
• The DNS zones to be updated by the DHCP server are configured to allow only secure dynamic updates.
Check mine comments in below posts on same topic for more information regarding DNS scavenging
https://www.experts-exchange.com/questions/28306544/Window-DNS-DHCP-setting.html
Since you are running Windows 2008 R2, also check mine comment in below article for more information regarding DNS proxy Updates and DHCP name protection.
https://www.experts-exchange.com/questions/28302450/What's-this-cmd-mean-dnscmd-config-OpenAclOnProxyUpdates-0.html
Lastly check below TechNet blog
http://social.technet.microsoft.com/Forums/windowsserver/en-US/1515eca4-8716-4360-9d40-383145c528ff/dhcp-best-practices-and-dc?forum=winserverNIS
http://social.technet.microsoft.com/Forums/windowsserver/en-US/8d4b5f8e-3290-4a9b-8f9d-68fafdd895a2/dhcp-service-not-siscarding-a-and-ptr-records-in-dns-when-lease-is-deleted
Mahesh