DNS cilent won't update its HOST A record in DNS AD INTEGRATED ZONE

boxer · 19-11-2008

Hi,

I have this situation:

Windows 2003 native mode domain
2 DCs
2 DNS servers on 2 DCs (Active Directory Integrated Zones)
Dynamic Updates (Secure only)

When I change IP address (static or dynamic (it doesn't matter) )DNS client
(either XP PRO or SERVER 2003)
failed to update itself HOST A record (old IP remains in DNS).

Event ID DNSAPI 11166 is recorded in event log:
The system failed to register host (A) resource records (RRs) for network
adapter...

I disovered that dns client (machine name) doesn't have permission to update
its HOST A record.

How to resolve this in security?
Do I need to add Domain Computers perrmission to change(update) their HOST A
records?
What are defaults (recommend) in security regarding this problem(issue) ?

Thanx in advanced

Boxer

JohnB · 19-11-2008

Pre-Windows 2000 computers are not able to dynamically update their records.
However, a DHCP server can perform dynamic updates on the behalf of those
computers if the server is configured to do so. But, because the DHCP
server updated the records on the client's behalf, it is considered the
owner of those records, and the clients can't update the records themselves.
That is even true, after a pre-2000 machine us upgraded to XP, etc.
Or, you could have a situation where a DHCP server was updating records for
pre-2000 machines, and that DHCP sever fails or is replaced, those clients
would then not get updated by other DHCP servers.
Not sure if that is your probelem thoough.

For more info, do a Google on; dns update proxy

"boxer" <a@g.com> wrote in message
news:ukA4MmlSJHA.4680@TK2MSFTNGP06.phx.gbl...
> Hi,
>
> I have this situation:
>
> Windows 2003 native mode domain
> 2 DCs
> 2 DNS servers on 2 DCs (Active Directory Integrated Zones)
> Dynamic Updates (Secure only)
>
> When I change IP address (static or dynamic (it doesn't matter) )DNS
> client (either XP PRO or SERVER 2003)
> failed to update itself HOST A record (old IP remains in DNS).
>
> Event ID DNSAPI 11166 is recorded in event log:
> The system failed to register host (A) resource records (RRs) for network
> adapter...
>
> I disovered that dns client (machine name) doesn't have permission to
> update its HOST A record.
>
> How to resolve this in security?
> Do I need to add Domain Computers perrmission to change(update) their HOST
> A records?
> What are defaults (recommend) in security regarding this problem(issue) ?
>
> Thanx in advanced
>
> Boxer
>
>
>
>

boxer · 19-11-2008

Thanx JohnB but this is not my problem.

Suppose that....

If I have clear new pc, joined in domain... it creates its HOST A record in
DNS and thats ok. (This works fine)

but

if you change IP of this pc it should update its HOST A record in DNS with
this new IP address.

I can get this to work only if I give security permission on this pc HOST A
record - "pcname" (not user)

Then it update HOST A record to new IP add.

Regards
"JohnB" <jbrigan@yahoo.com> wrote in message
news:%232eSMAmSJHA.1484@TK2MSFTNGP03.phx.gbl...
> Pre-Windows 2000 computers are not able to dynamically update their
> records. However, a DHCP server can perform dynamic updates on the behalf
> of those computers if the server is configured to do so. But, because the
> DHCP server updated the records on the client's behalf, it is considered
> the owner of those records, and the clients can't update the records
> themselves.
> That is even true, after a pre-2000 machine us upgraded to XP, etc.
> Or, you could have a situation where a DHCP server was updating records
> for pre-2000 machines, and that DHCP sever fails or is replaced, those
> clients would then not get updated by other DHCP servers.
> Not sure if that is your probelem thoough.
>
> For more info, do a Google on; dns update proxy
>
>
> "boxer" <a@g.com> wrote in message
> news:ukA4MmlSJHA.4680@TK2MSFTNGP06.phx.gbl...
>> Hi,
>>
>> I have this situation:
>>
>> Windows 2003 native mode domain
>> 2 DCs
>> 2 DNS servers on 2 DCs (Active Directory Integrated Zones)
>> Dynamic Updates (Secure only)
>>
>> When I change IP address (static or dynamic (it doesn't matter) )DNS
>> client (either XP PRO or SERVER 2003)
>> failed to update itself HOST A record (old IP remains in DNS).
>>
>> Event ID DNSAPI 11166 is recorded in event log:
>> The system failed to register host (A) resource records (RRs) for network
>> adapter...
>>
>> I disovered that dns client (machine name) doesn't have permission to
>> update its HOST A record.
>>
>> How to resolve this in security?
>> Do I need to add Domain Computers perrmission to change(update) their
>> HOST A records?
>> What are defaults (recommend) in security regarding this problem(issue) ?
>>
>> Thanx in advanced
>>
>> Boxer
>>
>>
>>
>>
>
>