Share via

DNS Dynamic update with DHCP server

Anonymous
2024-05-10T01:57:27+00:00

Dear All,

I have a question about the DNS dynamic update.

our domain is a forest domain (xx.yyy.com)under our HQ(they are the primary domain yyy.com), the PC at our site will be under our subdomain and we have our GPO, policy, and config.

I have set up my DHCP Server, which will always dynamically update DNS records. and it works fine with the PC under xx.yyy.com

but I figured out that the update frequently fails to update the DNS record if the PC is under yyy.com (by DHCP log)

I think it was because we didn't set up the DNS dynamic update registration credentials. and it causes the DHCP not to have permission to update the record.

our HQ IT team mentioned that credentials are not required anymore, but from what I understand, this will only work when the DNS and the DHCP are under the same domain, (my DHCP is under xx.yyy.com, and HQ DNS is under yyy.com)

the DHCP keeps failing to update the record, and it causes a big issue ( since some of our services rely on DNS records)I have requested the HQ the credentials that can have access to update both domain's DNS, after they put the credentials, in these two days, the situation seems remain as normal.

I would like to see if anyone can give me some idea what's wrong with that, I'm confused the situation.

Windows for business Windows Server Networking Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments
Accepted answer
  1. Anonymous
    2024-05-10T05:23:20+00:00

    Hello Vannness,

    To resolve the issue of your DHCP server failing to dynamically update DNS records for PCs under the yyy.com domain while working fine for PCs under xx.yyy.com, several factors and potential solutions can be considered. The core of the problem likely stems from the configuration settings and permissions across the different domains.

    Step-by-Step Troubleshooting

    1. Verify Service Account Permissions:

    • Ensure that the service account used by the DHCP server has sufficient permissions to update DNS records in both the xx.yyy.com and yyy.com zones. This typically means having write access to the DNS zones.
    • If the DHCP server is configured without explicit credentials (using the DHCP server's machine account), ensure that this account has appropriate permissions in both DNS zones.

    2. Check DNS and DHCP Configuration:

    • Verify that the DNS zones (both xx.yyy.com and yyy.com) are configured to allow dynamic updates. This setting is usually found in the zone properties in the DNS Manager.
    • Ensure that the DHCP server is configured correctly to perform DNS updates on behalf of the clients. This includes checking the DHCP scope settings for DNS dynamic updates.

    3. Review DHCP Logs:

    • Look into the DHCP server logs for specific error messages related to DNS updates. This can provide clues on whether the issue is due to permissions, network errors, or configuration mistakes.

    4. DNS Update Configuration on DHCP Server:

    • Ensure that the "Dynamically update DNS A and PTR records for DHCP clients that do not request updates" option is selected if older clients are in use.
    • Make sure "Discard A and PTR records when lease is deleted" is enabled to keep the DNS zone clean from stale records.

    5. Credentials for DNS Updates:

    • Although your HQ IT team mentioned that credentials are not required, practical implementation might vary especially when cross-domain interactions are involved. It might be necessary to configure credentials specifically for the DNS dynamic update process. This typically involves setting up a dedicated user account with appropriate permissions and configuring the DHCP server to use these credentials.

    6. Cross-Domain Trust and Delegation:

    • Check if there is a trust relationship between the domains xx.yyy.com and yyy.com. Lack of proper trust settings or delegation can lead to permission issues.
    • Ensure that there is proper delegation or permission setup allowing the DHCP server of one domain to update DNS records in another domain.

    7. Test with Manual Updates:

    • Try manually adding a DNS record in both domains using the same credentials as the DHCP server to test if the permissions are set correctly.
    • This can help identify if the problem is specific to the DHCP server or a broader permissions issue.

    8. Consult with HQ IT Team:

    • Collaborate with your HQ IT team to ensure that all configurations and permissions align with organizational policies and technical requirements. They may also have additional insights or restrictions specific to your network architecture.

    By following these steps, you should be able to identify and resolve the issue with DNS dynamic updates. If the problem persists, it may be beneficial to conduct a thorough review of both the DHCP and DNS server configurations with your IT security and network teams.

    Best regards

    Rosy

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest