DHCP not updating DNS

Saibot75 · 04-05-2007

Hello,

my office has a Windows 2003 server network set up using both DHCP and DNS
on the DC. We have a problem where all XP machines are getting registered in
DNS but our own developed equipment or network printers are not. Both our
equipment and the network printers use FQDN option 81 and requests the DHCP
server to update the DNS and support for this option is also enabled in the
DHCP server. Why are only the XP machines added and not the rest ?

As a side info perhaps helpful, when examining the audit log in the dhcp
subdirectory, for a complete week, not a single DNS update is made.

Any help is welcome!

Best regards,
Tobias Olofsson

Herb Martin · 06-05-2007

Tip: If you add you own problems to someone else's thread there
is a lower probability of receiving help.

Especially when you do it over a month after the last post.

This is NOT a criticism or a complaint just a tip for you to obtain
better help.

"Saibot75" <Saibot75@discussions.microsoft.com> wrote in message
news:9FC02BC8-7B7C-44E4-922E-024CB90E22A5@microsoft.com...
> Hello,
>
> my office has a Windows 2003 server network set up using both DHCP and DNS
> on the DC. We have a problem where all XP machines are getting registered
> in
> DNS but our own developed equipment or network printers are not. Both our
> equipment and the network printers use FQDN option 81 and requests the
> DHCP
> server to update the DNS and support for this option is also enabled in
> the
> DHCP server. Why are only the XP machines added and not the rest ?

You're equipment actually REQUESTS the update using the protocol that
the XP machines use?

You might also try checking the DHCP option for updating legacy machines.

> As a side info perhaps helpful, when examining the audit log in the dhcp
> subdirectory, for a complete week, not a single DNS update is made.

If "Secure only Updates" are being used (they should be) the DHCP server
might not be authenticating, or it might not be using the correct DNS server
set (ONLY), or it might not be a member of the DNSUpdateProxy groups,
or better be using the correct DNS Update credentials with a valid and
current password.

If the Update Credentials works PREVIOUSLY then consider that this
account may need an non-expiring password.

> Any help is welcome!
>
> Best regards,
> Tobias Olofsson

Saibot75 · 06-05-2007

Thanks for your reply, see my comments inline below...

"Herb Martin" wrote:

>
> You're equipment actually REQUESTS the update using the protocol that
> the XP machines use?

Our equipment (and also for example HP network printers) use option 81 in
the DHCP protocol to specifically request the server to register both the DNS
A and PTR records in DNS. (S flag in request set to 1).

> You might also try checking the DHCP option for updating legacy machines.

Yes, we have tried that also even though we should not have to. It still
did not work. We also tried "DHCP always update DNS A at PTR" but to no
success either.

> If "Secure only Updates" are being used (they should be) the DHCP server
> might not be authenticating, or it might not be using the correct DNS server
> set (ONLY), or it might not be a member of the DNSUpdateProxy groups,
> or better be using the correct DNS Update credentials with a valid and
> current password.

Yes, secure only updates are in use. DHCP server is NOT a member of the
DNSUpdateProxy group, should it be ?
I have checked the DHCP audit log but it shows no sign of authenticating or
conneting problems. Maybe I check in the wrong place ? I'm NOT a system
administrator, just a programmer ;-)

> If the Update Credentials works PREVIOUSLY then consider that this
> account may need an non-expiring password.

Well, the problems we have began after a complete server hardware and
software upgrade so it is certainly possible a mistake has been made...

I will forward your tips to our system administrators and hope they NOW are
able to solve our problem...

Thank you!

Kind regards,
Tobias Olofsson

Herb Martin · 06-05-2007

"Saibot75" <Saibot75@discussions.microsoft.com> wrote in message
news:7CE21556-1D41-48F5-9FD4-3BE9AEF700D2@microsoft.com...
> Thanks for your reply, see my comments inline below...
>
> "Herb Martin" wrote:
>
>>
>> You're equipment actually REQUESTS the update using the protocol that
>> the XP machines use?
>
> Our equipment (and also for example HP network printers) use option 81 in
> the DHCP protocol to specifically request the server to register both the
> DNS
> A and PTR records in DNS. (S flag in request set to 1).
>
>> You might also try checking the DHCP option for updating legacy machines.
>
> Yes, we have tried that also even though we should not have to. It still
> did not work. We also tried "DHCP always update DNS A at PTR" but to no
> success either.

That is what I would have tried.

>> If "Secure only Updates" are being used (they should be) the DHCP server
>> might not be authenticating, or it might not be using the correct DNS
>> server
>> set (ONLY), or it might not be a member of the DNSUpdateProxy groups,
>> or better be using the correct DNS Update credentials with a valid and
>> current password.
>
> Yes, secure only updates are in use. DHCP server is NOT a member of the
> DNSUpdateProxy group, should it be ?

ONLY if you don't use "Update Credentials" (a regulary user account with
non-expiring password).

Update Credentials are set to the same account on all (competing) DHCP
servers so that the secure updates will not conflict.

> I have checked the DHCP audit log but it shows no sign of authenticating
> or
> conneting problems. Maybe I check in the wrong place ? I'm NOT a system
> administrator, just a programmer ;-)

Check the command line set command for logonserver:

set logonserver

....ensure this is set to a replciated DC -- or use NLTest and NetDiag for
definitive tests. (But this latter is usually overkill.)

>> If the Update Credentials works PREVIOUSLY then consider that this
>> account may need an non-expiring password.
>
> Well, the problems we have began after a complete server hardware and
> software upgrade so it is certainly possible a mistake has been made...

With Secure only updates you must use EITHER DNSUpdateProxy OR
the Update Credentials IF you have more than one DHCP server that might
ever update the same records.

> I will forward your tips to our system administrators and hope they NOW
> are
> able to solve our problem...

After I had proven authentication then I might consider (with permission
from
management etc) using the Network Monitor or something similar on the DHCP
server to capture all of the DHCP and registration traffic.

First this would tell me whether the DHCP server was ever SENDING the
registration (and having it fail) or just messing up before that.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

Bjarni · 08-05-2007

Hi,

I'm having the same problem, Windows Clients are registering but nothing
else. My DHCP and DNS settings are:

DHCP Settings:
- Enable DNS Dynamic Updates according to the settings below
- Always dynamically update DNS A and PTR records
- Discard A and PTR records when lease is deleted
- Dynamically update DNS A and PTR records for DHCP clients that do not
request updates (for example, clients running Windows NT 4.0)
- Lease duration: from 1 day to 4 days (depending what scope/vlan)

DNS Settings:
- Dynamic Updates: Nonsecure and secure.
- Scavenge set to 7 days

I don't have the FQDN option 81 in the DHCP.

On a small network, It did work to exclude DHCP option 15 (DNS Domain name),
and printers started to register in the DNS. Was trying that on a larger
network with a lot of vlans without success.

Any suggestions what to check next?

The goal is, everything that get's IP from the DHCP, is registered in the DNS.

Thanks in advanced.
- Bjarni

"Saibot75" wrote:

> Hello,
>
> my office has a Windows 2003 server network set up using both DHCP and DNS
> on the DC. We have a problem where all XP machines are getting registered in
> DNS but our own developed equipment or network printers are not. Both our
> equipment and the network printers use FQDN option 81 and requests the DHCP
> server to update the DNS and support for this option is also enabled in the
> DHCP server. Why are only the XP machines added and not the rest ?
>
> As a side info perhaps helpful, when examining the audit log in the dhcp
> subdirectory, for a complete week, not a single DNS update is made.
>
> Any help is welcome!
>
> Best regards,
> Tobias Olofsson

Kevin D. Goodknecht Sr. [MVP] · 09-05-2007

Read inline please.

In news:390E0A93-8390-424F-B562-EE488D78907C@microsoft.com,
Bjarni <Bjarni@discussions.microsoft.com> typed:
> Hi,
>
> I'm having the same problem, Windows Clients are registering but
> nothing else. My DHCP and DNS settings are:
>
> DHCP Settings:
> - Enable DNS Dynamic Updates according to the settings below
> - Always dynamically update DNS A and PTR records
> - Discard A and PTR records when lease is deleted
> - Dynamically update DNS A and PTR records for DHCP clients that do
> not request updates (for example, clients running Windows NT 4.0)
> - Lease duration: from 1 day to 4 days (depending what scope/vlan)
>
> DNS Settings:
> - Dynamic Updates: Nonsecure and secure.
> - Scavenge set to 7 days
>
> I don't have the FQDN option 81 in the DHCP.
>
> On a small network, It did work to exclude DHCP option 15 (DNS Domain
> name), and printers started to register in the DNS. Was trying that
> on a larger network with a lot of vlans without success.

Without option 015, DHCP cannot register in a Forward zone, it can only
register in the reverse zone, even the the PTR will point to 'host' instead
of 'host.domain.com' DHCP uses the domain name to know where to register A
records.

DHCP also, registers in the DNS servers in TCP/IP properties of the machine
it is running on. So you have to make sure those are right.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
Send IM: http://www.icq.com/people/webmsg.php?to=296095728
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Bjarni · 09-05-2007

Hi,

that's the strange thing. On the small network(one subnet), after taking the
Option 15 of the Scope and restarting printers they registered in DNS. Both
forward and reverse zones.

I assign the IP's that the printers had to another devices and tried to let
them reregister in dns without a success, they got new ip's but didn't
register in DNS.

Is there a bug in the dhcp -> dns registration or are I missing something?

Thanks for your input.

Regards,
- Bjarni

"Kevin D. Goodknecht Sr. [MVP]" wrote:

> Read inline please.
>
> In news:390E0A93-8390-424F-B562-EE488D78907C@microsoft.com,
> Bjarni <Bjarni@discussions.microsoft.com> typed:
> > Hi,
> >
> > I'm having the same problem, Windows Clients are registering but
> > nothing else. My DHCP and DNS settings are:
> >
> > DHCP Settings:
> > - Enable DNS Dynamic Updates according to the settings below
> > - Always dynamically update DNS A and PTR records
> > - Discard A and PTR records when lease is deleted
> > - Dynamically update DNS A and PTR records for DHCP clients that do
> > not request updates (for example, clients running Windows NT 4.0)
> > - Lease duration: from 1 day to 4 days (depending what scope/vlan)
> >
> > DNS Settings:
> > - Dynamic Updates: Nonsecure and secure.
> > - Scavenge set to 7 days
> >
> > I don't have the FQDN option 81 in the DHCP.
> >
> > On a small network, It did work to exclude DHCP option 15 (DNS Domain
> > name), and printers started to register in the DNS. Was trying that
> > on a larger network with a lot of vlans without success.
>
> Without option 015, DHCP cannot register in a Forward zone, it can only
> register in the reverse zone, even the the PTR will point to 'host' instead
> of 'host.domain.com' DHCP uses the domain name to know where to register A
> records.
>
> DHCP also, registers in the DNS servers in TCP/IP properties of the machine
> it is running on. So you have to make sure those are right.
>
>
>
>
>
> --
> Best regards,
> Kevin D. Goodknecht Sr. [MVP]
> Hope This Helps
> Send IM: http://www.icq.com/people/webmsg.php?to=296095728
> ===================================
> When responding to posts, please "Reply to Group"
> via your newsreader so that others may learn and
> benefit from your issue, to respond directly to
> me remove the nospam. from my email address.
> ===================================
> http://www.lonestaramerica.com/
> http://support.wftx.us/
> http://message.wftx.us/
> ===================================
> Use Outlook Express?... Get OE_Quotefix:
> It will strip signature out and more
> http://home.in.tum.de/~jain/software/oe-quotefix/
> ===================================
> Keep a back up of your OE settings and folders
> with OEBackup:
> http://www.oehelp.com/OEBackup/Default.aspx
> ===================================
>
>
>