DHCP Server is not updating DNS records.

Networking/Security Forums -> Networking

Author: aalito PostPosted: Mon Nov 22, 2010 1:49 pm    Post subject: DHCP Server is not updating DNS records.
Hi everybody.
I have a problem in my network related to DHCP and DNS servers. My network consists of one head office and four remote sites. I have two DNS Servers in HO and One DHCP Server in each site (the sites are interconnected through MPLS network). I have two subnets in the HO and one subnet in each branch.
The DHCP Server in the HO has two scopes (one scope for each subnet). Each DHCP server on the branches has one scope. Iíve configured all DHCP Server to dynamically update DNS records for DHCP Clients and I put the credential required for that (the domain account which is member on DnsUpdateProxy group). The problems is only the DNS records for Clients belonging the same subnet of the DHCP server are automatically updated. But the client from all other subnets are not updated on the DNS.

I hope I clarify my problem, and any advice will be highly appreciated.

Author: krugger PostPosted: Mon Nov 22, 2010 2:14 pm    Post subject:
Are all DHCP servers members of the DNSUpdateProxy global security group? Do you have secure dynamic DNS updates activated on all the DNS zones?

Read through http://support.microsoft.com/kb/816592/en-us

There should be some errors in your logs.

Author: aalito PostPosted: Mon Nov 22, 2010 2:44 pm    Post subject: DHCP Server is not updating DNS records.
Do you mean that I have to add the (computer accounts of DHCP Servers) to UpdateDnsProxy group?

I've checked the link you send, i could not get the answer my above question.


Author: krugger PostPosted: Mon Nov 22, 2010 3:43 pm    Post subject:

If you are using multiple DHCP servers for fault tolerance and secure dynamic updates, add each server to the DnsUpdateProxy global security group.

A little further:


DNS domain names that are registered by the DHCP server are not secure if the DHCP server is a member of the DnsUpdateProxy group. The host (A) resource record for the DHCP server itself is an example of such a record. Also, objects that are created by the members of the DnsUpdateProxy group are not secure. Therefore, you cannot use this group effectively in an Active Directory-integrated zone that enables only secure dynamic updates unless you take additional steps to enable records that are created by members of the group to be secured.

However you should read the whole article from microsoft as it all depends on what you are trying to implement and what is more suitable for your network.

Networking/Security Forums -> Networking

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group