DNS update fails from DHCP server

1 DHCP server running Server 2016
1 Master name server - not a DC
4 DCs all running DNS - both active directory integrated and regular DNS

I'm helping troubleshoot an issue with DHCP failing to register DNS updates.

I'm pretty sure DHCP is setup to register DNS on behalf of the clients. See my screenshots below of IPv4 Properties. I have also configured the update registration credentials -- the account used there is a member of the DnsAdmins group. I have also placed the DHCP server in the DnsUpdateProxy group.

Here are some errors I'm seeing in Event Viewer:

PTR Record registartion for IPv4 address [192.168.1.50] and FQDN test-fqdn.test.net failed with error 9005 (DNS operation refused).

PTR record registration for IPv4 address [192.168.1.50] and FQDN test-fqdn.test.net failed with error 9004 (ENS request not supported by name server).

I've researched these errors but haven't had much luck.

Here are some error's i'm seeing in the DHCP logs:

DNS Update Request,192.168.1.50,test-fqdn.test.net,,,0,6,,,,,,,,,0
DNS Update Failed,192.168.1.50,test-fqdn.test.net,,,0,6,,,,,,,,,2


Any help is much appreciated and thank you in advance.
ipv4-properties.png
LVL 1
SysAdminAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Paul MacDonaldDirector, Information SystemsCommented:
Do you require PTR records?  If not, consider disabling the update for them (bottom checkbox in your screenshot).

Also, see this TechNet question and it's answer.
0
MaheshArchitectCommented:
You have added DHCP servers in DNSUpdateProxy group but you have not added account used for dynamic update in dns proxy group which is required
Also you need to ensure that this account is configured on all DHCP servers and correct password is entered, as DHCP can't verify that and eventually problem starts like registration update refused because of wrong credentials and event viewer did not highlight this fact

Then restart DHCP service on all servers
Then run ipconfig/release & ipconfig/renew to test / check if clients could renew IP address and update A and PTR records in DNS server.

Also ensure that you will setup DNS scavenging so that stale PTR / Host (A) records will automatically go away during scavenging cycle
0
SysAdminAuthor Commented:
Thanks for replies. Sorry I left this out but the account used is in the DnsUpdateProxy group. The password is correct on our 1 DHCP server -- I have verified it will not accept password if it's incorrect so we are good there but I'm still getting these errors.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

MaheshArchitectCommented:
what about scavenging?
0
SysAdminAuthor Commented:
OK -- I have checked my master name server (not running AD DNS)

Attached is screenshot of forward zone properties and a screenshot from 1 reverse lookup zone.
forward-zone-scavenging.jpg
sample-reverse.png
0
MaheshArchitectCommented:
the screen shot you shown is for standard primary zone on master dns server, the zone is not AD integrated because it is not as DC
Hence if you are worried of this dns server of not updating records, it won't update automatically
DNS records only can be updated (automatically) on AD DNS server with zones having dynamic update enabled

scavenging need to be enabled on AD DNS server and not on master dns server, if it is enabled on AD DNS server, your AD DNS server should keep DNS up to date
0
SysAdminAuthor Commented:
My ultimate goal here is to have my DHCP server register DNS names for DHCP clients -- for example my Wireless access point gets IP Address from DHCP Server and then DHCP registers them in DNS -- not AD DNS just regular DNS

Are you saying DHCP can only register AD DNS automatically?
0
SysAdminAuthor Commented:
Here is an example and my thought process:

1. I have a DHCP Scope for a subnet with specific scope options that include: DNS Servers and DNS Domain name (ie. test.domain.net)
2. A client requests IP Address > DHCP hands device IP Address > DHCP registers that new devices DNS name in the domain.net zone but in the subdomain test since that was defined in the DNS Domain name scope options. Then FQDN would be something like client.test.domain.net

The real thing I'm trying to accomplish is this:

Right now I have a subnet / scope for Wireless access points who use DHCP for IP Addressing -- I'd like them to get an address and then DHCP register their DNS name so they can be accessed like:

ap01.test.domain.net

The Wireless AP gets a DHCP lease -- I see it as ap01.test.domain.net but nothing is automatically updating on the DNS side.

Just thought I'd give some more info for understanding.

Thanks
0
MaheshArchitectCommented:
yes, DHCP server can't update records on standalone DNS (Non AD DNS) server automatically

This is possible only if DNS is installed on domain controller and zone is set for dynamic update
0
SysAdminAuthor Commented:
So if I integrated AD DNS on the stand-alone DNS box -- it will allow me to update those non-AD DNS records?

Just want to make sure I am understanding correctly.
0
MaheshArchitectCommented:
you cannot integrate non ad-dns server with DHCP unless you make that server as domain controller

You already have AD-DNS installed on domain controller, your DHCP integration settings are already effective on that server and it is already updating records automatically
0
SysAdminAuthor Commented:
Alright so my only option is to turn my DHCP server into a DC so it can update those non-AD DNS records.
0
MaheshArchitectCommented:
DHCP server can update DNS server which is also domain controller and if zone is set to dynamic update

OR

You can install AD, DNS and DHCP on same server

Note - DHCP will only update zone for your AD domain name
say abc.com is my ad domain name and have zone in dns named abc.com - dhcp can update records in this zone automatically
however if you have ac.com zone in dns and your domain name is abc.com, in that case dhcp can't update records in that zone
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SysAdminAuthor Commented:
OK -- thank you that clears up a lot for me.

Is it easy to convert non-AD DNS to AD DNS?
0
MaheshArchitectCommented:
it that server have dns zones equal to your AD dns name, you need to export and delete that zone, otherwise Ad cannot replicate that zone data to this server
apart from any other zones would continue to work and AD will start replicating domain dns zone on this server

The best option you have is:
check all zones on non ad-dns server and compare them with ad-dns
then export all non existent zones (those zones which are not available on ad-dns server) on non ad-dns server and import them to ad-dns server
Then use Ad-DNS server only as your final DNS on servers and workstations and discard standalone dns server
0
SysAdminAuthor Commented:
Thank you very much for all your help and clarification.  I've created AD DNS zones and we are good to go.

Thanks for all your help!
0
SysAdminAuthor Commented:
Thanks for all the help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DHCP

From novice to tech pro — start learning today.