1

I have a central office with a domain controller with DNS installed. Any computers at that office are on the same subnet (10.1.32.x) update their DNS entries correctly. DHCP is handled in that office by the DC

There are also two remote offices that connect over site-to-site VPNs. All the machines at the two remote sites are joined to the domain and are using the domain controller for their DNS. However, those remote machines are not registering their DNS entries with the domain controller. DHCP at each of these sites is handled by their respective firewall/router (Juniper SSG5 configured as a DHCP Server at each site).

The two remote sites have subnets (192.168.1.x and 192.168.201.x) that have been added as Sites on the Domain Controller, but the remote machines are still not registering in DNS.

Domain authentication is working properly remotely, GPO is being applied remotely.

How do I get client machines at each site to update their DNS entries? The check box for self-registering the connections DNS address is checked, but it isn't updating with the DC's DNS entries. DHCP is handled by an on-site Juniper SSG5 which does not send DNS updates back to the DC/DNS server.

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
Ben
  • 51
  • 3
  • Two things - 1. you don't actually ask a question here. And 2. How are DNS record updates configured. Are they using the default setting of clients self-registering, or are they being handled by DHCP? – MDMarra Jan 31 '13 at 04:05
  • Sorry, question would be: How do I get client machines at each site to update their DNS entries? The check box for self-registering the connections DNS address is checked, but it isn't updating with the DC's DNS entries. DHCP is handled by an on-site Juniper SSG5 which does not send DNS updates back to the DC/DNS server – Ben Feb 01 '13 at 00:54
  • Your DHCP server shouldn't be registering DNS records anyway, unless you have a real edge case need for it. Do your clients point directly at the DC(s) for DNS, or do they point somewhere else that does forwarding to the DCs? – MDMarra Feb 01 '13 at 02:37

1 Answers1

-1

The way DNS registration works in an AD environment is that the DHCP service sends the updates to the DNS server. In theory at least the clients should also be able to send the DNS server the updates but in reality that seldom happens. In your case you're stuck because the DHCP service on the routers is not sending the updates to the DNS server. It's unlikely that you can configure the routers to update the DNS.

The easiest and best way to fix this, as well as many other problems, is to set up a DC at each site. Alternatively, set up a box with a DHCP service that can update the DNS for the clients. Having been victim to admins who don't believe in placing a DC at each site I can tell you that your users will appreciate it if you do give them a local DC.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
  • `The way DNS registration works in an AD environment is that the DHCP service sends the updates to the DNS server. In theory at least the clients should also be able to send the DNS server the updates but in reality that seldom happens` - Sorry, but this is really untrue. The default and *by far* most common way is client self-update. There is additional configuration needed for a DHCP server to update the DNS records on behalf of the client. Self-registration is preferred and it works fine as long as you don't have a screwed up DNS infrastructure. – MDMarra Jan 31 '13 at 14:01
  • Just to clarify - either way can work if configured properly, but saying that DHCP proxy updates are `"the way"` implies that it's the default, most widely used, and preferred configuration, which it isn't. – MDMarra Jan 31 '13 at 14:04
  • Yes, I'd agree that setting up a local DC at each site would be nice, but the organization has decided not to pay the hardware and support cost of a server at each remote office. They've accepted the risks and issues that comes with, but I'd at least like to have DNS updating correctly. I've made sure the "Register this connection's addresses in DNS" box in Local Area Connection->IPv4 Properties->Advanced->DNS is checked, but the clients are still not updating DNS. – Ben Feb 01 '13 at 00:51