DNS Dynamic Update

[donnie4564]

W2k3 Domain
DNS (AD Integrated zone) runs on DC and is set to allow nonsecure and secure updates. Clients (all XP Pro) are set to update their own dns records.

Problem:
The DNS zone is empty except for static, SOA, and ns records? (No errors in error log.)

Can anyone point me in the right direction for this?

 

[mlichstein]

Are the clients configured to use that server as their primary DNS server?

Do an ipconfig /all on a client to double check.

 

[donnie4564]

Thanks for reply.

Yes, ipconfig verifies that DHCP sets the DC's IP address as the primary dns server. Clients are also pointed to ISP dns server as secondary.

 

[mlichstein]

Well you need to take out the ISP as the secondary. Clients should not be configured with an external DNS server even as secondary.

 

[donnie4564]

I agree. However, the manager insist that "this is the way he has always done it" Do you think this is causing the problems?

 

[mlichstein]

Its possible. If the primary DNS server does not respond quickly enough, the client will switch to the secondary. It will then stay with the secondary until that server doesn't respond fast enough.

 

[donnie4564]

Ok. I made this change. The client has only one dns address which is the DC. Still no records in the dns zone.

Thanks for any more help.

 

[mlichstein]

Did you reboot the client?

Also make sure the DHCP client service is started on the client (which is should be since they are using DHCP, but double-check).

Any errors in the logs on the clients?

 

[Beboen]

On a single, try ipconfig /flushdns, then ipconfig /registerdns. (just for testing) Check your DNS server whether the client entered itself into DNS.

I also recommend to forward DNS queries to your ISP's DNS servers (this is done only on your DNS server).

 

[NickFerrar]

The check box is definetly ticked on the DCHP server to allow clients to update DNS?

Are there any relevant errors in the client, DHCP and DNS server event logs?

 

[donnie4564]

I have this error from client: (no errors from dns server)

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''
(event ID 11165)
The system failed to register host (A) resource records (RRs) for network adapter
with settings:

Adapter Name : {BC18DFAB-E36E-4E26-B6B1-E18AB5C18463}
Host Name : test
Primary Domain Suffix : domainname
DNS server list :
190.x.x.x
Sent update to server : <?>
IP Address(es) :
192.x.x.x

The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol.

To register the DNS host (A) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.

For more information, see Help and Support Center at
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

I was not aware of the DHCP "allowing" the client to update dns. However, the checkbox that request DHCP to update dns for the client, is off.

 

[donnie4564]

Ok, I found "workaround"..... Group Policy DNS settings configured will allow my clients to update their dns records.

Does anyone know if dynamic update requires Group Policy?
I really didn't want to configure these settings since many clients are laptops and carried offsite