?
Solved

DNS Dynamic Update

Posted on 2016-07-29
7
Medium Priority
?
89 Views
Last Modified: 2016-07-29
I would like to understand some things more clearly.

Lets say I have servers and domain controllers with static IP addresses.  What does Dynamic Update really do for me?  How does it help anything in the case of the servers/domain controllers?  Is it ok to turn OFF Dynamic Updates?  Would it hurt anything?

Is there a best practice for having Dynamic Update turned on?  

Thanks in advance!

Dan
0
Comment
Question by:Danny Verrazano
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 34

Assisted Solution

by:Paul MacDonald
Paul MacDonald earned 400 total points
ID: 41734647
"Lets say I have servers and domain controllers with static IP addresses.  What does Dynamic Update really do for me?"
Nothing.

"How does it help anything in the case of the servers/domain controllers?"
It doesn't.

"Is it ok to turn OFF Dynamic Updates?"  
Yes.

"Would it hurt anything?"
Potentially.

"Is there a best practice for having Dynamic Update turned on?"
Dynamic updates is the method where a DHCP client updates DNS with its IP information, without the help of the DHCP server.  There are few risks to Dynamic Updates on a network you control.   On a less private network, you might want to turn off Dynamic Updates.
0
 

Author Comment

by:Danny Verrazano
ID: 41734654
"Would it hurt anything?"
 Potentially.


Can you explain or give examples of what could potentially be impacted?  

What exactly does a server/domain controller with static IP addresses do with Dynamic Update??  I am guessing maybe a server will update the timestamp on the record in DNS to prevent it from ever being scavenged??  Does it work that way at all?
0
 

Author Comment

by:Danny Verrazano
ID: 41734670
Also, would I be correct in saying that a domain controller would NOT be able to re-register SRV records when restarting netlogon service or when the domain controller is restarted??  That functionality would be gone correct?  If so, what impact could that have and is there anything else that could be impacted?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 41734826
"Can you explain or give examples of what could potentially be impacted?"
It's unlikely, but a scenario could exist where two devices assert to DNS that they have the same IP address.

"What exactly does a server/domain controller with static IP addresses do with Dynamic Update??  I am guessing maybe a server will update the timestamp on the record in DNS to prevent it from ever being scavenged??  Does it work that way at all?"
Dynamic Update is just the process whereby a client updates DNS directly, without the intervention of a human or DHCP.  

DNS records are not scavenged the way DHCP leases are.


"Also, would I be correct in saying that a domain controller would NOT be able to re-register SRV records when restarting netlogon service or when the domain controller is restarted??"
This is an interesting question.  I would guess there's no way to stop a Domain Controller from updating DNS since generally every DC is also a DNS server.  The idea of a DNS server that's unable to register records in its own database seems unlikely to me.
0
 

Author Comment

by:Danny Verrazano
ID: 41734888
So, what about in the case of NOT using Microsoft AD integrated DNS??    So the domain controllers are not actually DNS servers.  There is an external DNS infrastructure?  

Does anyone know what happens if Dynamic Update is turned off?  Will domain controllers no longer be able to automatically register SRV records when you restart netlogon service?  OR what if you just do ipconfig /registerdns??  Does that rely on Dynamic Updates as well?
0
 
LVL 40

Accepted Solution

by:
footech earned 1600 total points
ID: 41734977
The advantage with dynamic updates, even with clients that are configured with static IPs, is that when it comes time to decommission the static server, if you've got DNS scavenging running, you don't have to spend time cleaning up their DNS records.  And if the static IP changes, likewise its record can be updated automatically instead of having to do it manually.

And yes, the server updates the timestamp on the record to prevent it from being scavenged.
1
 

Author Comment

by:Danny Verrazano
ID: 41735113
Thanks to all who contributed
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question