AD 2008 DNS and DHCP not in sync

I have a Windows 2008 Active Directory environment. I have 2 domain controllers. Often the IP address which a machine has been given through DHCP is not updated in DNS. For example I checked now in the DHCP for a particular machine has a new IP address but in DNS it still shows the old IP address. Not sure which settings to look at to see why the DNS is not getting updated.

My lease duration is set to 1 day on my DHCP

I have attached a screen shot of my DNS settings under the DHCP scope properties

Thanks,
swenger7Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

footechCommented:
There's nothing attached to your post.

The problem is likely due to the ownership of the record not allowing it to be overwritten.  Also, do you have DNS scavenging enabled on the zone?  If so, what are the refresh and no-refresh intervals set to?
0
MaheshArchitectCommented:
No of things to check
1st check if your AD integrated domain dns zone (domain.com) is set to secure dynamic update, if not set it in zone properties

Then in DHCP advanced DNS properties ensure that "always update host(A) and PTR records" is selected
Ensure that discard A and PTR records when lease expires is selected

Also on general tab set credentials, this would be standard domain account, this is required
Also note that while entering account credentials enter it correctly, DHCP will not throw any errors, however then it will refuse dynamic dns update

Add DHCP server in DNS Update Proxy group on domain controller
http://blogs.msmvps.com/acefekay/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group/

Set DNS scavenging as per below post based on your dhcp lease duration, ensure that scavenging will be setup on any one DNS server under server and zone level both, other wise it won't work
Scavenging will help you to keep your dns clean and healthy
http://think-like-a-computer.com/2012/04/27/dns-scavenging/
http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
swenger7Author Commented:
Sorry here is the attachment I forgot
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

swenger7Author Commented:
0
swenger7Author Commented:
1. Was already set to Secure
2. Was set to first option "Dynamically update...only if requested by DHCP clients". Changed this to second option "Always...."
3. The scavenging properties were set except for the "Enable automatic scavenging of stale records" which I now checked. This was only on one of my DC. The other one had it checked.

Now that I made these changes I will check the server for the next 7-10 days to see if it is working now as it should
0
MaheshArchitectCommented:
Have you set credentials and added DHCP server in dnsupdate proxy group on DC

also check earlier articles to figure out scavenging period based on your dhcp scope lease duration
0
swenger7Author Commented:
It seems that you want me to enable DHCP name protection as in attached screenshot. Is that correct? Is there any down side to this?

Also I always had 1 zone for my computers which I split a couple of months to 2 zones. I had created a second zone in the Forward but not in the reverse. Should I add this second zone to the reverse as well?

Thanks,
Capture.JPG
0
MaheshArchitectCommented:
No,
There is General tab besides DNS tab
There one option called credentials at bottom,
There u need to setup standard domain user account (service account) as dhcp record registration account
Then restart DHCP server service once to make it effect
Also add DHCP server account in AD to dnsupdateproxy group on domain controller

What do you mean by split zone, sorry I don't understand
Ur computer accounts host(A) records will be registered only in main domain.com dns zone, also you have to have AD integrated reverse lookup zones for all computer subnets so that DHCP can register PTR records there.
No need to split zones, at least I am not aware with zone split concept,
0
swenger7Author Commented:
Sorry for the confusion.

I set the credentials. The article also mentions that with 2008 R2, you can also set the DHCP name protection which I did. I was wondering if there was a down side to this.

What I meant by split zones was that I have 2 Vlans. one is 192.168.1.x and the other is 192.168.20.x which I added recently. At the time of the adding of the Vlan on my network I added the zone for this to the forward zone in DNS but forgot to add the reverse for this zone which I now added.
0
MaheshArchitectCommented:
Not sure how you add dns zone pointing to subnets in forward lookup zone

The zone for subnets can only be added into reverse lookup zones only

your domain.com forward lookup zone can handle all subnet without any problems and configuration
No need to create any extra forward lookup zones
0
swenger7Author Commented:
Sorry. That is correct. I didn't add the zone to the Forward. I added the zone as a scope to DHCP but didn't add the reverse Zone to DNS which I have now done.

Back to my other question is there any downside to setting the DHCP Name Protection on?
0
MaheshArchitectCommented:
You can enable name protection
It is mechanism to secure DNS records against duplication meaning once record registered successfully in dns for one host, another host cannot register the same host record

Name protection behavior:
http://blogs.technet.com/b/teamdhcp/archive/2009/01/29/what-is-name-protection.aspx
0
swenger7Author Commented:
So doesn't seem like this is working.
In my forward zone, I have a computer name which has a time stamp of Dec 18 with IP 192.168.20.157
There is another computer name which has a time stamp of Dec 22 with the same IP.

The reverse zone only has the first name so if I ping the second name or use remote access tools with the second name, I end up getting the computer of the first name.

I have also enabled Name Protection thinking it should have prevented this.

Not sure how to stop this from happening
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.