Freigeben über


The Cable Guy - April 2001

DNS Dynamic Update in Windows 2000

TechNet's The Cable Guy

By The Cable Guy

Domain Name System (DNS) provides a mechanism to resolve domain names (for example, ftp.microsoft.com) to either a corresponding IP address or multiple addresses. DNS is a scalable, distributed database of resource records that can provide name resolution for the largest networks (such as the Internet). In DNS, A (address) resource records provide resolution of names to IP addresses, and PTR (pointer) resource records provide resolution of IP addresses to names. However, DNS was designed at a time when all computers running TCP/IP were manually configured. When a computer was manually configured with a specific IP address, A and PTR resource records for that computer were also manually configured in DNS.

With the advent of Dynamic Host Configuration Protocol (DHCP), DHCP client computers are assigned IP addresses by a DHCP server. These addresses are valid for a specific lease time. If the DHCP client computer is unable to renew the lease or moves to another subnet, a new IP address is assigned. This variability in the IP address configuration of DHCP client computers makes it administratively difficult to manually update their A and PTR resource records.

The solution to keeping DNS current in a DHCP environment is DNS dynamic updates, as described in RFC 2136. DNS dynamic updates enable DNS client computers to both register and dynamically update their resource records with a DNS server whenever changes to either an IP address or a name occur. This reduces the need for manual administration of zone records, especially for computers that use DHCP.

Uses of DNS Dynamic Update in Windows 2000

Windows 2000 provides DNS dynamic update support for both the DNS client and DNS server. For DNS servers, the DNS service allows the enabling of dynamic updates on a per-zone basis at each authoritative DNS server that is configured for either a standard primary or directory-integrated zone.

In Windows 2000, A and PTR resource records for all DNS client computers are registered in DNS by default. Additionally, domain controllers and other service-providing computers register SRV (service) resource records in DNS. Because SRV resource records provide a way to resolve service names to IP addresses, registering them with DNS allows Windows 2000 client computers to locate domain controllers and other types of servers.

DNS Names for Windows 2000

The DNS names for computers running Windows 2000 consist of:

  • The full computer name
  • Connection-specific DNS names

The full computer name is configured on the Network Identification tab from the properties of System in Control Panel. The full computer name is the combination of the primary DNS suffix of the computer appended to the computer name.

In addition to the full computer name of the computer, connection-specific DNS names can be configured and optionally registered in DNS. You can configure the following from the DNS tab on the advanced properties of the Internet Protocol (TCP/IP) in Dial-up and Network Connections:

  • In DNS suffix for this connection, you can specify a DNS suffix that is used to create an additional DNS name that serves to identify a specific connection on a computer. The DNS name is the combination of the connection-specific DNS suffix appended to the computer name. Connection-specific DNS suffixes can also be configured using a DHCP option. Manually configured connection-specific DNS suffixes always override DHCP-supplied connection-specific DNS suffixes. The connection-specific DNS suffix is not configured by default.
  • By selecting Use this connection's DNS suffix in DNS registration, the connection-specific DNS name is registered and updated in DNS, in addition to the full computer name. This option is disabled by default.

When Dynamic Updates Are Sent

Dynamic updates are sent:

  • For statically assigned IP addresses, when the computer is started or an IP address on any network connection is added, removed, or modified in the properties of the TCP/IP protocol.
  • For dynamically assigned IP addresses, when an IP address lease on any network connection changes or is renewed with the DHCP server (for example, when the computer is started or the ipconfig /renew command is used).
  • For domain controllers, when the Net Logon service is started.
  • For all computers, when the ipconfig /registerdns command is used to manually force a refresh of the client name registration in DNS.
  • For all computers, after the initial dynamic update. By default, updates are sent every 24 hours.

When one of these events triggers a dynamic update, the DHCP Client service on the Windows 2000 computer sends the update. The DHCP Client service is used for updates because it provides IP address configuration, whether static or dynamic, and monitors changes in IP address configuration.

How Computers Running Windows 2000 Update their DNS Names

The specific mechanism and types of records registered by a computer running Windows 2000 depends on whether its TCP/IP configuration is static (configured manually) or automatic (configured using DHCP).

Statically Assigned IP Addresses

By default, computers running Windows 2000 that are manually configured with static IP addresses attempt to dynamically register A and PTR resource records for all configured DNS names.

Automatically Assigned IP Addresses

By default, computers running Windows 2000 that are automatically configured with IP addresses allocated by a DHCP server attempt to dynamically register A resource records. The DHCP server attempts to dynamically register the PTR resource records on the DHCP client's behalf. This behavior is controlled by:

  • The inclusion of the Client FQDN option (option 81) in the DHCPREQUEST message sent by the DHCP client.
  • The settings on the DNS tab on the properties of a DHCP server or the appropriate DHCP scope in the DHCP snap-in.

For DHCP clients that do not send the Client FQDN option (not running Windows 2000), the DHCP server does not register the A or PTR resource records on the DHCP client's behalf. To enable this support, you can select the Enable updates for DNS clients that do not support dynamic updates option on the DNS tab in the properties of a DHCP server or the appropriate DHCP scope in the DHCP snap-in.

DNS Dynamic Update Process

A Windows 2000 DNS client computer uses the following process to perform a DNS dynamic update:

  1. The client queries its configured DNS server to find the authoritative name server for the DNS zone of the DNS name that is being updated.

  2. The DNS client's configured DNS server performs the standard name resolution process and sends the SOA (Start of Authority) resource record and IP addresses of the name servers that are authoritative for the queried DNS zone.

  3. The client sends a dynamic update request to the authoritative DNS server for the zone of the DNS name that is being updated.

  4. The client's dynamic update request might include a list of prerequisites that must be fulfilled before the update can be completed. Types of prerequisites include:

    • Resource Record set exists.
    • Resource Record set does not exist.
    • Name is in use.
    • Name is not in use.

    For more information about these prerequisite types, see RFC 2136.

  5. The authoritative DNS server determines whether the prerequisites have been fulfilled. If they have, the authoritative DNS server performs the requested update. If the prerequisites have not been fulfilled, the update fails. In either case, the authoritative DNS server replies to the client, indicating whether or not the update was successful.

Configuring DNS Dynamic Update

DNS dynamic update behavior is configured on Windows 2000 DNS client computers, Windows 2000 DNS servers, and Windows 2000 DHCP servers.

Windows 2000 DNS Client Computer

To configure DNS dynamic update on a Windows 2000 DNS client computer:

  1. Click Start, point to Settings, and then click Network and Dial-up Connections.
  2. Right-click the network connection that you want to configure, and then click Properties.
  3. On the General tab (for a local area connection) or the Networking tab (all other connections), click Internet Protocol (TCP/IP), and then click Properties.
  4. Click Advanced, and then click the DNS tab.
  5. To use DNS dynamic update to register the IP addresses for this connection and the full computer name of the computer, select the Register this connection's addresses in DNS check box. This option is enabled by default.
  6. To configure a connection-specific DNS suffix, type the DNS suffix in DNS suffix for this connection.
  7. To use DNS dynamic update to register the IP addresses and the connection-specific domain name for this connection, select the Use this connection's DNS suffix in DNS registration check box. This option is disabled by default.

Windows 2000 DNS Server

To enable DNS dynamic update on a Windows 2000 DNS server:

  1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
  2. In the console tree, click the appropriate zone in Forward Lookup Zones or Reverse Lookup Zones.
  3. On the Action menu, click Properties.
  4. On the General tab, verify that the zone type is either Primary or Active Directory-integrated.
  5. If the zone type is Primary, in the Allow dynamic updates? list, click Yes.
  6. If the zone types is Active Directory-integrated, in the Allow dynamic updates? list, click either Yes or Only secure updates, depending on whether you want DNS dynamic updates to be secure.

Windows 2000 DHCP Server

To configure DNS dynamic update for a Windows 2000 DHCP server:

  1. Click Start, point to Programs, point to Administrative Tools, and then click DHCP.
  2. In the console tree, click the appropriate DHCP server or a scope on the appropriate DHCP server.
  3. On the Action menu, click Properties.
  4. Click the DNS tab.
  5. To enable DNS dynamic update for DHCP clients that support it, select the Automatically update DHCP client information in DNS check box. This option is enabled by default.
  6. To enable DNS dynamic update for DHCP clients that do not support it, select the Enable updates for DNS clients that do not support dynamic updates check box. This option is disabled by default.

Troubleshooting DNS Dynamic Update

To troubleshoot DNS dynamic update, perform any of the following:

  • Use the ping and nslookup commands to verify both network connectivity and the ability to send DNS traffic between all of the computers involved in DNS dynamic update (the DNS client computers, the DNS servers, and the DHCP servers).
  • Check the event logs on the Windows 2000 DNS client computers, Windows 2000 DNS servers, or Windows 2000 DHCP servers for error messages and information about why dynamic update is failing.
  • Verify that the Windows 2000 DNS client computers are configured to perform DNS dynamic update (on the DNS tab in the advanced properties of the Internet Protocol (TCP/IP) protocol in Network and Dial-up Connections).
  • Verify that the Windows 2000 DNS client computers are configured with a full computer name (on the Computer Identification tab in the properties of System in Control Panel).
  • Verify that the Windows 2000 DNS client computers and Windows 2000 DHCP server computers can locate the correct authoritative name server for the zone in which the records are being registered. You can simulate this with the nslookup command by using the SOA resource record query type to query the zone name.
  • Use the ipconfig /registerdns command on a Windows 2000 computer to manually retry DNS dynamic update.
  • For DNS client computers that are not running Windows 2000, verify that the Windows 2000 DHCP server is configured to perform DNS dynamic updates on behalf of DNS clients that do not perform them (on the DNS tab in the properties of a DHCP server or the appropriate scope in the DHCP snap-in).
  • Verify that the appropriate standard primary or Active-Directory integrated zones of the authoritative Windows 2000 DNS server are configured to either allow dynamic updates or secure dynamic updates. If the zone is configured to allow only secure dynamic updates, verify that the resource record access control list (ACL) is allowing dynamic updates (on the Security tab in the properties of a resource record in the DNS snap-in).
  • For a DNS server that is not running Windows 2000, verify that it supports DNS dynamic updates (RFC 2136) and configure the server appropriately. A Windows NT version 4.0 (and earlier) DNS server does not support DNS dynamic update.
  • Verify that the Windows 2000 DHCP server is configured to perform DNS dynamic updates for DHCP clients that support them (on the DNS tab in the properties of a DHCP server or the appropriate scope in the DHCP snap-in).
  • If you use multiple Windows 2000 DHCP servers on your network and also configure your zones to allow only secure dynamic updates, verify that all of your Windows 2000 DHCP servers are members of the built-in DnsUpdateProxy Active Directory group.
  • For a DHCP server that is not running Windows 2000, verify that it can perform DNS dynamic updates on behalf of DHCP clients and configure the server appropriately. A Windows NT version 4.0 (and earlier) DHCP server does not support DNS dynamic update.

Additional Resources

For more information about DNS dynamic update in Windows 2000, you can consult the following resources:

For a list of all The Cable Guy articles, click here.