2

I have clients configured via GPO with the following settings enabled:

  • Dynamic Update
  • Primary DNS Suffix
  • Register DNS records with connection-specific DNS suffix
  • Register PTR Records: Register

I also have two DHCP servers that are servicing the clients performing updates to the DNS records using a configured user (which is part of the DNSUpdateProxy security group).

The following is currently occurring:

1) A records are updated by clients. ACLs look fine (the clients' computer objects have write access to their own records).

2) PTR records appear to be updated once by the configured DNSUpdateProxy user on the DHCP server(s). ACLs look fine (the clients' computer object has write access).

3) Client machines don't appear to be trying to update the PTR records (although I've not pcaped anything yet); I say this because there are no errors logged by Dnsapi after ipconfig /registerdns.

So, what is going on here? If I enable scavenging, the PTR records will be deleted as their timestamps are all from way back when they were originally registered.

mbrownnyc
  • 1,825
  • 8
  • 30
  • 50
  • Perhaps a better approach to allow DHCP server to handle DNS records management? Check the settings on the DHCP server. – Vick Vega May 13 '14 at 23:36
  • Is your DHCP running on a DC? http://blogs.technet.com/b/stdqry/archive/2012/04/03/dhcp-server-in-dcs-and-dns-registrations.aspx – fukawi2 May 14 '14 at 00:29
  • Either way/both ways should not be a problem. I should be able to use the DHCP server(s) and the clients to modify and register A and PTR records, and this is what I am intending to do. The problem is with the PTR records only. Note that the network is architected so that not all DHCP is managed by our Windows DHCP servers (yes, I prefer to not have this be the case, but it is). So, with this in mind, the clients, of which there are `ACEs` on the A and PTR records, should be able to update their records as well as the [Windows] DHCP server(s). – mbrownnyc May 14 '14 at 12:07

0 Answers0