DHCP Linux - DNS AD integrated Windows 2003

[Bengyke]

I configured a Linux DHCP Server. Windows Client gets an IP, but doesn't succeed to register in DNS.

It seems that I have to configure some security settings on the Windows 2003 DNS integrated domain controller, but I don't know where and how.

Anybody got the same problem ?

When I look in the tcpdump I see the following error.

11:44:48.368041 IP xxx.xxx.xxx.xxx 1135 > xxx.xxx.xxx.xxx .domain: 22844+ SOA? svctag-j9f9p0j.xx.xxx.xxxxx.xxx. (49)
11:44:48.368378 IP xxx.xxx.xxx.xxx .domain > xxx.xxx.xxx.xxx .1135: 22844 NXDomain* 0/1/1 (138)
11:44:48.369188 IP xxx.xxx.xxx.xxx .1135 > xxx.xxx.xxx.xxx .domain: 5694 update [1a] [2n] SOA? xx.xxx.xxxxx.xxx. (105)
11:44:48.370189 IP xxx.xxx.xxx.xxx .domain > xxx.xxx.xxx.xxx .1135: 5694 update Refused- 1/2/0 (105)
11:44:48.390818 IP xxx.xxx.xxx.xxx .netbios-ns > xxx.xxx.xxx.xxx .netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
11:44:48.391169 IP xxx.xxx.xxx.xxx .netbios-ns > xxx.xxx.xxx.xxx .netbios-ns: NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST

I just configured dhcpd.conf. Do I need to configure something else ?

ddns-update-style interim;
default-lease-time 90000;
max-lease-time 720000;

subnet xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx {
option routers xxx.xxx.xxx.xxx;
option subnet-mask xxx.xxx.xxx.xxx;
option domain-name "xxx.xxx.xxx.xxx";
option domain-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;
option netbios-name-servers xxx.xxx.xxx.xxx, xxx.xxx.xxx.xxx;
range xxx.xxx.xxx.xxxxxx.xxx.xxx.xxx;
}

 

[WhoKilledKenny]

I don't have any real world experince with a Linux DHCP and MS DNS. But I would suggest checking the Dynamic Update config for the forward lookup zone in DNS.
Open DNS MMC -> Open server tree -> Open forward Lookup Zones -> right click properties on any forward lookup zone you may be hosting. Under the General Tab you should be able to set the Dynamic updates: to None, Secure only, and "Nonsecure and secure." I would assume setting the config to "Nonsecure and secure" would resolve your issue.

 

[WhoKilledKenny]

Also, if your clients (windows) should by able to dynamically update their DNS record. There is an option that should be enabled in the DNS Tab under the TCP/IP properties.

 

[Bengyke]

I don't like the solution to enable non secure updates on a domaincontroller / DNS Server.

The option in TCP/IP are enabled.

This is the error message in the eventviewer when I try to run ipconfig /registerdns

The system failed to register network adapter with settings:

Adapter Name : {3FD835E0-BB2D-4966-A2E9-CF429D2541EC}
Host Name : xxxxxxxxxxx
Adapter-specific Domain Suffix : xx.xxx.xxxxx.xxx
DNS Server list :
xxx.xx.xx.xxx, xxx.xx.xx.xxx
Sent update to server : <?>
IP Address(es) :
xxx.xx.xx.xxx

The cause of this DNS registration failure was because the DNS update request timed out after being sent to the specified DNS Server. This is probably because the authoritative DNS server for the name being updated is not running.

 

[WhoKilledKenny]

If this is an internal network then nonsecure would be a small risk. If you are still running NetBIOS over TCP/IP, you have a bigger security hole then nonsecure dyanmic updates. And so here is the dumb question... why not run an MS DHCP server?

 

[Bengyke]

I enabled the secure and nonsecure updates on the DNS Server, still the same error in event log

Adapter Name : {3FD835E0-BB2D-4966-A2E9-CF429D2541EC}
Host Name : xxxxxxxxxxx
Adapter-specific Domain Suffix : xx.xxx.xxxxx.xxx
DNS Server list :
xxx.xx.xx.xxx, xxx.xx.xx.xxx
Sent update to server : <?>
IP Address(es) :
xxx.xx.xx.xxx


Any idea why the log file puts an interrogation mark in the log file ?

 

[WhoKilledKenny]

I have no idea, I wish I could give you more suggestions. I've just never use Linux for a DHCP server.