AD 2008 DNS and DHCP not in sync

Posted on 2014-12-17
Last Modified: 2014-12-23
I have a Windows 2008 Active Directory environment. I have 2 domain controllers. Often the IP address which a machine has been given through DHCP is not updated in DNS. For example I checked now in the DHCP for a particular machine has a new IP address but in DNS it still shows the old IP address. Not sure which settings to look at to see why the DNS is not getting updated.

My lease duration is set to 1 day on my DHCP

I have attached a screen shot of my DNS settings under the DHCP scope properties

Question by:swenger7
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
LVL 40

Expert Comment

ID: 40506572
There's nothing attached to your post.

The problem is likely due to the ownership of the record not allowing it to be overwritten.  Also, do you have DNS scavenging enabled on the zone?  If so, what are the refresh and no-refresh intervals set to?
LVL 37

Accepted Solution

Mahesh earned 500 total points
ID: 40506843
No of things to check
1st check if your AD integrated domain dns zone ( is set to secure dynamic update, if not set it in zone properties

Then in DHCP advanced DNS properties ensure that "always update host(A) and PTR records" is selected
Ensure that discard A and PTR records when lease expires is selected

Also on general tab set credentials, this would be standard domain account, this is required
Also note that while entering account credentials enter it correctly, DHCP will not throw any errors, however then it will refuse dynamic dns update

Add DHCP server in DNS Update Proxy group on domain controller

Set DNS scavenging as per below post based on your dhcp lease duration, ensure that scavenging will be setup on any one DNS server under server and zone level both, other wise it won't work
Scavenging will help you to keep your dns clean and healthy

Author Comment

ID: 40506991
Sorry here is the attachment I forgot
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 40506993

Author Comment

ID: 40507136
1. Was already set to Secure
2. Was set to first option "Dynamically update...only if requested by DHCP clients". Changed this to second option "Always...."
3. The scavenging properties were set except for the "Enable automatic scavenging of stale records" which I now checked. This was only on one of my DC. The other one had it checked.

Now that I made these changes I will check the server for the next 7-10 days to see if it is working now as it should
LVL 37

Expert Comment

ID: 40507186
Have you set credentials and added DHCP server in dnsupdate proxy group on DC

also check earlier articles to figure out scavenging period based on your dhcp scope lease duration

Author Comment

ID: 40507282
It seems that you want me to enable DHCP name protection as in attached screenshot. Is that correct? Is there any down side to this?

Also I always had 1 zone for my computers which I split a couple of months to 2 zones. I had created a second zone in the Forward but not in the reverse. Should I add this second zone to the reverse as well?

LVL 37

Expert Comment

ID: 40507501
There is General tab besides DNS tab
There one option called credentials at bottom,
There u need to setup standard domain user account (service account) as dhcp record registration account
Then restart DHCP server service once to make it effect
Also add DHCP server account in AD to dnsupdateproxy group on domain controller

What do you mean by split zone, sorry I don't understand
Ur computer accounts host(A) records will be registered only in main dns zone, also you have to have AD integrated reverse lookup zones for all computer subnets so that DHCP can register PTR records there.
No need to split zones, at least I am not aware with zone split concept,

Author Comment

ID: 40507510
Sorry for the confusion.

I set the credentials. The article also mentions that with 2008 R2, you can also set the DHCP name protection which I did. I was wondering if there was a down side to this.

What I meant by split zones was that I have 2 Vlans. one is 192.168.1.x and the other is 192.168.20.x which I added recently. At the time of the adding of the Vlan on my network I added the zone for this to the forward zone in DNS but forgot to add the reverse for this zone which I now added.
LVL 37

Expert Comment

ID: 40507572
Not sure how you add dns zone pointing to subnets in forward lookup zone

The zone for subnets can only be added into reverse lookup zones only

your forward lookup zone can handle all subnet without any problems and configuration
No need to create any extra forward lookup zones

Author Comment

ID: 40507588
Sorry. That is correct. I didn't add the zone to the Forward. I added the zone as a scope to DHCP but didn't add the reverse Zone to DNS which I have now done.

Back to my other question is there any downside to setting the DHCP Name Protection on?
LVL 37

Expert Comment

ID: 40507922
You can enable name protection
It is mechanism to secure DNS records against duplication meaning once record registered successfully in dns for one host, another host cannot register the same host record

Name protection behavior:

Author Comment

ID: 40515482
So doesn't seem like this is working.
In my forward zone, I have a computer name which has a time stamp of Dec 18 with IP
There is another computer name which has a time stamp of Dec 22 with the same IP.

The reverse zone only has the first name so if I ping the second name or use remote access tools with the second name, I end up getting the computer of the first name.

I have also enabled Name Protection thinking it should have prevented this.

Not sure how to stop this from happening

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question