Windows Server - DHCP entries slow showing up in DNS

Asked By ruic

18-Nov-09 11:49 AM

Hi,

On my Win2k3 server I have both DHPC and DNS installed and DHCP is updating
entries in DNS when it hands out ip addresses from the pool. However it
takes a long time to update the DNS with the new A resource. Is there a way
to speed it up? Sometimes it takes a couple of days.

--
Rui

18-Nov-09 12:10 PM

r> On my Win2k3 server I have both DHPC and DNS installed and DHCP is
r> updating entries in DNS when it hands out ip addresses from the
pool.
r> However it takes a long time to update the DNS with the new A
resource.

That statement is almost certainly false, so this question:

r> Is there a way to speed it up?

... is meaningless.

r> Sometimes it takes a couple of days.

Hint:  How do you know that it takes a couple of days?  Have you sent
an "A" query _directly to the content DNS server_ to find out?  What
was the response, before and after an update?

Another hint: It is almost certainly the case that _you configured_
that "couple of days" in your DNS data.  (-:  You told the world that
it was all right to remember some things for two days.

19-Nov-09 12:44 AM

You should see a registration entry within 15 minutes, 30 minutes tops if in
the same site with mutltiple DC/DNS servers, depending on the number of DCs
that are DNS, etc. If expecting to see it in another site, it depends on
replication schedule.

How many DNS servers do you have? Which one is the client pointing to as the
first entry in it is DHCP scope? Are you only using the internal DNS servers,
or is there a mix of internal and external? Refreshing the console
frequently until you see it appear?

Is there a way to speed it up? NOpe. By default you should see it within a
reasonable time as mentioned. Otherwise, there is a misconfiguration.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

25-Nov-09 10:11 AM

Thanks for your input.

There is only one server with DNS it is the DC. After 15 minutes it does show
up in the reverse lookup zone but not in the forward lookup zone.

I did have the DHCP server giving out another DNS as the first listed while
testing so as not to break users DNS resolution. I have now changed it back to
the DC's DNS, I will see if that is the problem and THAT was the problem!

Thanks for you suggestions.

Rui

25-Nov-09 12:06 PM

Rui,

What is the "other" DNS server you were listing?

First thing I must say, is NEVER use an ISP's DNS, the router as a DNS
address, or anything else other than AD's DNS, which is your DC in your
case. Otherwise, expect problems.

If there are any event log errors, please post the EventID# and we can help
you with fixing them.

If you are listing anything other than your DC for DNS, it will be inviting
problems with AD and authentication. I bet this is what the cause of entries
not showing up in DNS. This is because AD must only use it is own internal
DNS servers, because that is where all the AD info is stored and how clients
if you use an ISP's DNS server, the client will be asking the ISP's DNS
server, "where is my DC so I can authenticate to logon," however the ISP's
DNS server does not have info about your internal AD DCs.

Also the Primary DNS Suffix must match the zone name. The zone name must
allow updates.

Other things that will cause problems with AD, authentication, DNS
registration, etc, are:
1. Multihomed DCs (a DC with more than one NIC and/or IP address, and/or
with RRAS installed)- non SBS.
2. Single label name AD DNS domain name (domain name is "domain" instead of
required minimal format of "domain.something")
3. ISA installed on a DC (non-SBS)
4. DC is set to use some other DNS other than itself or other internal DCs
for DNS.
5. The Primary DNS Suffix on a machine (DC or client) must match the zone
name, or no entries will register. If the DC's Primary DNS Suffix does not
match the zone name, it is a condition called a "Disjointed Namespace."

And no, resolution internally or for the internet, will not break if you
only use your DC. DNS is designed to use Root Hints to resolve queries for
external (internet) names.

Configure a Forwarder for efficient internet resolution. This way it will
use your ISP's for external resolution instead of Root Hints. If not sure
how, follow this article:
323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003
(including how to configure a Forwarder) :
http://support.microsoft.com/?id=323380

Some more info below to understand what I am talking about.

Best practices for DNS client settings in Windows 2000 Server and in Windows
Server 2003
http://support.microsoft.com/?id=825036

DNS and AD (Windows 2000 & 2003) FAQ:
http://support.microsoft.com/?id=291382

Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
Domain
http://support.microsoft.com/?id=555040




Ace

03-Dec-09 02:25 PM

The other DNS server was a Netware server.

I also found out that unchecking "Register this connection's addresses in
DNS" in the DNS tab of Advanced TCP/IP settings makes things go a lot faster
for computers not joined to the domain.

The whole thing is working great now! Once again thanks for your help.

Rui

03-Dec-09 04:12 PM

Glad to hear it is working now. If a machine is not joined, it will not have a
Primary DNS Suffix, so with the connection to try to register, would be
unnecessary, which I am glad you unchecked it. You can add Dhcp Option 015
and provide the domain name, which becomes the connection specific suffix,
and the check box in IP properties of that connection, will register into
DNS, as long as the zone allows Secure AND Unsecure updates.

I have not worked with Netware servers, but from what I understand, they do
not support all the features that AD needs.

Ace