compdigit44
asked on
Is DHCP Options 081 Needed to Support DDNS
Here is our setup two Windows 2012 R2 DHCP servers in a fail-over relationship both of which are active. Our DNZ zone is set to secure and non-secure DNS Updates. When I view the owner of a client DNS record I see it listed as system which from my research "should" be the DHCP server. We are currently not using DHCP option 081. If a client is handled out a lease then is powerd of or moved to another location we have seen issue where the clients DNS record is not update with the new IP.
If DHCP option 081 required to all the DHCP server to full main and clean up DNS records for clients?
If DHCP option 081 required to all the DHCP server to full main and clean up DNS records for clients?
Adam Brown
No, it's not needed to support DDNS (In a windows network). You should be able to set up the DHCP server itself to update DNS records on behalf of the client, which should resolve your issues. Right click the DHCP network (IPv4 or IPv6) and select properties, then go to DNS and select the option to always update DNS records as shown in the screenshot below. 
ASKER
I believe I just learned that DHCP option 081 is not any option listed in the DHCP options screen but the DNS tab on the IPv4 properties. Also below are our current DNS setting for the DHCP servers..
ASKER
Also the fact the the current owner of the client DNS records is System which would tell me this is the DHCP server correct since we are not using Secure updates? Anyway to confirm this. Also it is best to let DHCP update DNS information as apposed to the clients correct?
Make sure the DHCP server is granted the necessary permissions on the DC: https://www.reddit.com/r/sysadmin/comments/3jeqfu/why_is_dhcp_not_updating_dns_automatically_on/ explains how to do it.
Current owner of System is fine. That just means the DNS Server's machine account has ownership permissions on the records, but that may not properly allow the DHCP server software to communicate with the DNS server software. It'll make the update request over a TCP port, and may need to be specifically added to the necessary ACLs on the server to work properly. The DHCP server will contact whatever DNS server is set up as the DNS server on the NIC IPv4 properties screen for the server, rather than connecting to the service on the server directly. If you're set up in best practice recommendation configuration, you'll have the first DNS server set as another DC, so you'll need to make sure all DCs are listed in the DNSProxyUpdate group on all DCs.
ASKER
Interesting information, I do see how the owner being the system account of the DNS server could cause a problem. We cannot use Name Protection since we are not using secure updates to support none Windows devices.
The following option is already set to 0 OpenAclOnProxyUpdates
Also the DNSUpdateProxy lsit all of our DHCP server and not DNS Servers
The following option is already set to 0 OpenAclOnProxyUpdates
Also the DNSUpdateProxy lsit all of our DHCP server and not DNS Servers
ASKER
All of our DHCP servers are a member of the DNSUpdateProxy group yet I do not see this group listed on any of our DNS records security properties. Also what I find interesting is the fact the server account we have listed to use for Dynamic updates is not listed as the record owner. On my clients to help ensure DHCP updates all information should I uncheck the option to " Register clients information in DNS in the nic properties
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.