Solved

Reverse DNS Zones not populating

Posted on 2014-04-15
1
579 Views
Last Modified: 2014-05-14
Dear Experts,

We have an environment with multiple DCs, each running DNS and DHCP.

I’ve noticed however that our Reverse Lookup Zones in DNS are practically empty, so there are no DHCP client entries or servers that we’ve given static IP addresses to.

In AD the security group ‘DNSUpdateProxy’ has no members, but I came across an article urging caution when adding DHCP servers to this SG.

What things should I be looking for to help resolve this?
0
Comment
Question by:Bladey001
1 Comment
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40002061
you need to setup Dhcp advanced DNS options to Always dynamically update DNS A and PTR records
Always dynamically update DNS A and PTR records, what it means only DHCP will register Host (A) records and PTR records in DNS zone regardless of whether the client has requested to perform its own updates provided that zone is set to secure dynamic updates.
Also you must set credentials in DHCP server (IPV4 in DHCP Console) properties, other wise this process will not work
Note that account must be standard domain user account with non expiring password

This will ensure that when DHCP lease will expires \ changes by any mean on DHCP server, it will update corresponding DNS records

Also ensure that secure dynamic update is enabled on domain dns forward lookup zone (domain.com) and all reverse lookup DNS zones, other wise process will fail

DHCP advanced DNS options
Check below article for more info on same topic
http://www.experts-exchange.com/Networking/Protocols/DHCP/Q_28375413.html - DHCP Lease

Check below article for to understand DNSUPDATEPROXY group
http://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx
If you added DHCP servers in dnsupdateproxy group, then run below command on dns server
dnscmd /config /OpenAclOnProxyUpdates 0

Check below article for more info
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28302450.html

lastly find one more excellent article
https://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx

Mahesh.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now