In our domain DNS works fine in terms of going out and resolving sites on the internet, and for the servers. However nearly all client computers have no A records in DNS. I have put a couple in there by going to the client computer, and going ipconfig/registerdns. When you look in DHCP all the client computers are represented showing the hostname and the allocated IP address. The only time anyone notices this issue is when users try to login from home using our terminal server gateway. I guess it is the only time the clients IP addresses need to be resolved. When they complain they can't login remotely, I ping their computer name and notice it doesn't resolve internally. As soon as I go ipconfig/registerdns their login from home works fine. At the moment that is the only way their A record appears in our zone.
I understand that the client computers are meant to dynamically update their own A records at startup, and when DHCP renews their ip address.
This isn't happening.
I would rather not let the DHCP server register for them because of security concerns I have read about.
More details: Dynamic updates for this zone are set to "secure only", replication is set to "All DNS servers in the zone"; we run "Active Directory-Integrated" type zone and the status for the zone is "running".
Could anyone help with why the clients can't dynamically update their own A records?