VPN DNS update/registration failure when on site IP provided by DHCP server

James Edmonds 811 Reputation points

We have our domain controllers acting as on prem DHCP servers, and set to register DNS entries as part of the DHCP process.

I have found today that, for at least some of our remote VPN users, their DNS entries are not updated to their VPN IP, if they had previously been assigned a DHCP address whilst on site.
Even though their DHCP lease is 6 hours, the DNS entry for that lease stuck around.
Even though the security on the DNS entry says SELF is allowed to update, it fails to do so when they connect via the VPN, even though register in DNS is ticked on the VPN connection settings.

I manually deleted the DNS entry for the on prem IP, and a replacement with the VPN IP immediately appeared.

Can anyone suggest why the VPN DNS registration is failing in this scenario?


Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,286 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. JimmySalian-2011 41,931 Reputation points

    Hi James,

    Not sure which VPN you are using but it seems for Windows 10 there was a fix released and registry key is available for VPN clients, check this Richard Hicks article for setting up always-on-vpn-dns-registration-update-available

    Hope this helps.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  2. Limitless Technology 44,011 Reputation points

    Hello there,

    By default, Windows computers that are statically configured for TCP/IP try to dynamically register host address (A) and pointer (PTR) resource records for IP addresses that are configured and used by their installed network connections.

    Make sure your VPN server's DHCP assigns your AD DNS server to the client (and not some other DNS server address like its own acting like a relay)
    Make sure your router(s) and/or firewall(s) allow for this type of DNS traffic between the VPN client subnet and the AD DNS server.

    You can get some insights about this from here https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003


    --If the reply is helpful, please Upvote and Accept it as an answer–

  3. James Edmonds 811 Reputation points

    Any other thoughts on what this issue might be please?

    Many thanks

    0 comments No comments

  4. James Edmonds 811 Reputation points

    Anyone have any suggestions on what to check please, as it makes remote management over the VPN difficult for things like remote powershell etc.

    Many thanks

    0 comments No comments

  5. James Edmonds 811 Reputation points

    Any other suggestions please?