DHCP Dynamic Updates not working consistently

Lanky Doodle 226 Reputation points
2021-04-20T18:05:00.92+00:00

Hi,

I have an issue that I'm struggling to solve fully. Basically DHCP is not consistently keeping DNS in order so we have multiple hostnames with the same IP. We have LOTS of scopes, with different lease times. Sometimes it works and sometimes it doesn't. We have DHCP Server set to this, and there is presently a single DHCP Server.

Enable dynamic updates: On
-> Always dynamically update A and PTR
Discard A and PTR: On
Dynamically update for clients that do not request updates: On
Name protection: Off
Custom domain user account for doing the updates
DHCP Server is NOT in the DnsUpdateProxy group

The above settings are historic and so I have no knowledge around the original decisions - I have inherited this issue just this week!

DHCP Server is 2008 R2, and is NOT running AD DS or DNS role
DNS Servers are all now 2016 - this upgrade work happened very recently and some believe this problem has started since decommissioning the last 2008 R2 DNS Server. However I have also been told "stale" DNS has happened for a very long time
Some A records have the custom user account as the owner and some have the actual computer object itself (I know by default only the owner can make some changes to the DNS records)

DHCP Server Log sample:

Microsoft DHCP Service Activity Log

ID,Date,Time,Description,IP Address,Host Name,MAC Address,User Name, TransactionID, QResult,Probationtime, CorrelationID,Dhcid.

24,04/19/21,00:00:31,Database Cleanup Begin,,,,,0,6,,,

31,04/19/21,00:00:31,DNS Update Failed,172.16.127.142,<redacted-device-1>,,,0,6,,,
30,04/19/21,00:00:31,DNS Update Request,172.16.127.142,<redacted-device-1>,,,0,6,,,
34,04/19/21,00:44:02,DNS update request failed as the DNS update requests queue limit exceeded,172.16.127.142,<redacted-device-1>,,,0,6,,,

31,04/19/21,00:14:06,DNS Update Failed,192.168.69.152,<redacted-device-2>,,,0,6,,,
30,04/19/21,00:14:06,DNS Update Request,192.168.69.152,<redacted-device-2>,,,0,6,,,
11,04/19/21,00:14:06,Renew,192.168.69.152,<redacted-device-2>,14ABC52E274B,,1512827778,0,,,
31,04/19/21,00:14:06,DNS Update Failed,192.168.69.152,<redacted-device-2>,,,0,6,,,
30,04/19/21,00:14:06,DNS Update Request,192.168.69.152,<redacted-device-2>,,,0,6,,,
11,04/19/21,00:14:06,Renew,192.168.69.152,<redacted-device-2>,14ABC52E274B,,1512827778,0,,,

30,04/19/21,00:14:09,DNS Update Request,10.161.134.147,<redacted-device-3>,,,0,6,,,
11,04/19/21,00:14:09,Renew,10.161.134.147,<redacted-device-3>,001AE87FF5D6,,3195220243,0,,,

10,04/19/21,00:40:29,Assign,192.168.68.23,<redacted-device-4>,6C19C0D08A63,,391714430,0,,,
31,04/19/21,00:40:29,DNS Update Failed,192.168.68.23,<redacted-device-4>,,,0,6,,,
30,04/19/21,00:40:29,DNS Update Request,192.168.68.23,<redacted-device-4>,,,0,6,,,
11,04/19/21,00:40:29,Renew,192.168.68.23,<redacted-device-4>,6C19C0D08A63,,391714430,0,,,

02,04/19/21,07:44:51,Audit Log Paused,,,,,0,6,,,
02,04/19/21,17:51:07,Audit Log Paused,,,,,0,6,,,
02,04/19/21,17:54:10,Audit Log Paused,,,,,0,6,,,
02,04/19/21,18:41:15,Audit Log Paused,,,,,0,6,,,
02,04/19/21,19:08:28,Audit Log Paused,,,,,0,6,,,

Since yesterday, I have changed the DNS Queue length in the registry and restarted DHCP. Today, we haven't seen any queue limit exceeded events, but things are still failing. The logs are reaching their max 10MB size daily. I haven't yet tried adding the DHCP Server to the DNSUpdateProxy group.

Where else can start looking to help diagnose this issue.

Thanks

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,169 questions
Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,023 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sunny Qi 10,906 Reputation points Microsoft Vendor
    2021-04-21T10:23:38.373+00:00

    Hi,

    Thanks for posting in Q&A platform.

    Please try to add the DHCP server to the DNSUpdateProxy group to see if the issue can be resolved.

    Meanwhile, I'm currently performing test in my environment and if any updates I will get back to you as soon as possible. I appreciate your patience.

    If you have any updates during this process, please feel free to let me know.

    Thanks and Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Sunny Qi 10,906 Reputation points Microsoft Vendor
    2021-04-22T05:32:02.09+00:00

    Hi,

    Thanks for your update.

    I have performed some tests in my lab and attaching the following test results for your reference.

    DNS and DHCP are in two separate Windows servers.

    Configure Always dynamically update A and PTR and add a credential account on DHCP server, the Host record can be updated by DHCP server successfully.

    90196-image-30.png

    90197-image-31.png

    Configure Always dynamically update A and PTR and add DHCP server in DNSUpdateProxy group, the Host record can be updated by DHCP server successfully.

    90040-image-32.png

    90231-image-33.png

    Note: please restart DNS or DHCP server after you made any changes on them.

    Regarding of the stale records, have you enabled Aging and Scavenging on DNS server? If this feature was enabled, then those stale records will be scavenged automatically after NoRefresh interval+ Refresh interval + Scavenge period. Otherwise, you need clean up these stale records manually. To make the change take effect, I would suggest you could delete the specific records manually.

    For more details regarding of Aging and Scavenging, please refer to the following article and thread:

    How DNS Aging and Scavenging Works

    DNS Aging and Scavenging

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  3. Mares Antonin 0 Reputation points
    2024-03-22T14:40:36.6+00:00

    I found this page while searching for "DNS update request failed as the DNS update requests queue limit exceeded" error that suddently started to appear in our DHCP server logs.

    We discovered the issue because non Windows users started to complain that their systems are not registered in DNS.

    While testing we observed that dns updates are not working consistently - few successes, lot of fails.

    At the end the issue was identified as dhcp scope that had dns option set to non domain(non Windows) DNS server while having dns updates enabled on scope level.

    This cause that dns update queue get filled by always failing dns update requests as it was quite busy scope - lot of dhcp request with short leases and DNS server was not configured to accept updates.

    Disabling dns updates on scope with non Windows DNS server option solved the issue for us.

    I think that this can also be an issue when DNS server is Windows but in different domain that is not trusted etc.

    I just want to share my experience with this error and hope that this tip can help someone.

    0 comments