Issue with DNS record owners being $computername and not the Service Accounts for some records

Question

Issue with DNS record owners being $computername and not the Service Accounts for some records

JSUSZ001 1

Hi

I hope someone can point me towards the right directions.

We have a Dynamic DNS configured and and added all the DHCP servers in DNSUpdateProxy group. We also have a Service Account configured credentials on each DHCP server.

However we still get some DNS records that have the system computer account, when created rather than the Service Account.

There is no pattern or logic that can be found. We have checked all our config and tested this with multiple clients. Checked the event logs and confirmed that these records are being created dynamically..

Any pointers where to look next ?

Clément BETACORNE 2,496 Reputation points

2021-12-09T13:43:24.47+00:00

Hello,

On your DHCP the configuration is always register for the client or Dynamically update DNS A and PTR records only if requested by the DHCP clients ?

Regards,
JSUSZ001 1 Reputation point

2021-12-09T13:46:22.157+00:00

Hi ClementBETACORNE

See the attached config
Clément BETACORNE 2,496 Reputation points

2021-12-09T14:10:20.62+00:00

Did you try what is in this thread to check if it's related :
https://learn.microsoft.com/en-us/answers/questions/47173/dhcp-dynamic-updates-proxy-account.html

Regards,
JSUSZ001 1 Reputation point

2021-12-10T08:55:04.62+00:00

Hi There,

We have checked this solution out however due to problems with our group policy (probably due to problems with our DNS which we are trying to fix ) this won't apply to all our machines.

Any other ideas?

Thanks,

1 answer

Your answer

Clément BETACORNE 2,496 Reputation points

2021-12-09T13:43:24.47+00:00

Hello,

On your DHCP the configuration is always register for the client or Dynamically update DNS A and PTR records only if requested by the DHCP clients ?

Regards,
JSUSZ001 1 Reputation point

2021-12-09T13:46:22.157+00:00

Hi ClementBETACORNE

See the attached config
Clément BETACORNE 2,496 Reputation points

2021-12-09T14:10:20.62+00:00

Did you try what is in this thread to check if it's related :
https://learn.microsoft.com/en-us/answers/questions/47173/dhcp-dynamic-updates-proxy-account.html

Regards,
JSUSZ001 1 Reputation point

2021-12-10T08:55:04.62+00:00

Hi There,

We have checked this solution out however due to problems with our group policy (probably due to problems with our DNS which we are trying to fix ) this won't apply to all our machines.

Any other ideas?

Thanks,

Answer 1

Limitless Technology 39,916

Hello @JSUSZ001

The recommend configuration should like below:

Make sure you have set DHCP server to always dynamically update records: IPv4 properties - DNS - Enable DNS dynamic updates
dynamically update DNS records too, Discard A and PTR records and Always dynamically update DNS.....
Add the DHCP server to DnsUpdateProxy security group.

If the DHCP server is on a different machine than the Domain Controller, make sure to include the DHCP server in the DnsUpdateProxy group in Active Directory. Otherwise, the DHCP server may not be able to update the records on DNS server.

Provide credential to secure the DNS dynamic update
Then DNS record owner should be your service account.

Hope this helps with your query!

---------
--If the reply is helpful, please Upvote and Accept as answer--

JSUSZ001 1 Reputation point

2021-12-10T08:53:55.313+00:00

Hi there,

These are the setting on the DHCP:

The DHCP's are added in the DnsUpdateProxy group and the service account credentials have been added to each of the DHCP servers.

The issue is that some records get the DNS Record Owner as the service account and some have it as the computername? So it appears to be working, some of the time. Not all of the time.

Share via

Issue with DNS record owners being $computername and not the Service Accounts for some records

1 answer

Your answer