DNS resolution issues internal network to DirectAccess clients

Ruud Deenen 6 Reputation points
2020-09-15T12:27:53.39+00:00

Good afternoon,

We are having some issues with resolving DirectAccess clients hostnames from the internal network. Laptops are moving from inside our network (IPv4 address handled by 2 DHCP servers / DNS / DC) to outside the office, using DirectAccess (IPv6-addresses handled by DirectAccess server).

When checking the DNS server, it seems like most of the records have been created by the DHCP DDNS service account, however, when those laptops move to out of office, the computer account has no access to change the DNS record from the internal IPv4 adress to the external DirectAccess (IPv6) address.

So when you try to resolve the hostname, it will keep pointing to the old IPv4 address while the laptop is already using a DirectAccess IPv6 address.

When I remove the DNS entry, connect through DirectAccess, it will create the DNS record (AAAA) and give the computer object read/ write access to the record, and not the DDNS service account. When the laptop is then moving back into the office, it will update the DNS record without any issues (permissions are unchanged).

Not sure if this makes any sense, or you need any further information. But I'm unsure if this could be resolved, I have not been able to find any helpfull information through Google.

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,044 questions
Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
562 questions
0 comments No comments
{count} vote

3 answers

Sort by: Most helpful
  1. Gloria Gu 3,921 Reputation points
    2020-09-16T09:15:13.727+00:00

    Hi,

    In regards to your issue, I want to confirm these questions:

    1. What's the specific symptom of "computer account has no access to change the DNS record"? Is there any error message when the client trying to change the DNS record?

    2.What's the owner of the old DNS ipv4 RR?
    25192-49.png

    3.When the client connecting DA to have an ipv6 address, can it use 'ipconfig /registerdns' to update the new RR without deleting the old RR?

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Ruud Deenen 6 Reputation points
    2020-09-16T12:22:09.297+00:00

    Hello,

    Thanks for your reply, please see the response:

    1. I'm getting error ID 8018 in Event Viewer, error message is:
      The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol.
      To register the DNS host (A or AAAA) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.
    2. Owner of the old records is our DDNS service account:
      25264-dns1.png
      25188-dns2.png
      25265-dns3.png
    1. When I use the ipconfig /registerdns command it will not update the DNS entry and give the error stated in answer 1.

  3. Gagnon, Cuauhtémoc 0 Reputation points
    2023-01-24T16:35:27.3466667+00:00

    so did you get this to work, I have the same problem...

    Thanks

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.