What this means in practice is the following: This means the DHCP server computer account will own certain records in DNS, such as the PTR records and even some A records for older hosts.(However, it's unlikely that you would have many NT 4.0 hosts in your environment.) This can cause the following two problems: For this reason, DHCP servers could be added to a group called Dns Update Proxy.Dynamic DNS is a feature that allows hosts to register their records in DNS, thus removing the need for administrators to manually create records.
If the machine’s DNS is statically configured: – It must only point to the internal DNS – It must be joined to the domain in order to authenticate using Kerberos to update. If statically configured and not joined to the domain, the client can’t update if the zone is set to Secure Only. For non-joined domain DHCP clients, you can configure DHCP to update in lieu of the client updating into a Secure Only zone. For any non-Windows statically configured machine, it must support the DNS Dynamic Updates feature and the zone configured to allow Secure and Unsecure updates. If the DNS server is multihomed and not configured properly to work with multihoming, it may cause problems with Dynamic Updates. If the zone is single label name, such as ‘domain’ instead of the proper minimal format of ‘domain.com,’ ‘domain.net,’ etc., it will NOT update. The client will "look" for the SOA of the zone when it attempts registration. For AD Integrated Zones and Secure Only Updates: a.ISC has made a note of the excessive traffic generated by Microsoft DNS servers configured with a single label name in 2004 with Microsoft, which in turn disabled the ability for Microsoft DNS in Windows 2000 SP4 and newer to resolve single label names without a registry band aid.More info on this: Active Directory DNS Domain Name Single Label Names – Problematic Published by Ace Fekay, MCT, MVP DS on Nov 12, 2009 at PM 641 0 When a DHCP server is added to the Dns Update Proxy group, its records aren't secured, meaning that other DHCP servers can update the records.
In additon, hosts can change the records and then become the owner of the record.in the TCP/IP settings of the network interface: As much as it may appear strange, this is the only solution to ensure Windows will register both the A and the PTR records for a DHCP network connection; otherwise, it will only register the A record. sends option 81 and its fully qualified domain name to the DHCP server and requests the DHCP server to register a pointer resource record (PTR RR) on its behalf.The dynamic update client registers an address resource record (A RR). the DHCP server can be configured to instruct the client to allow the server to register both records with the DNS.That doesn't exactly seem to be the case from your experience, but might be close.... Massimo, are you able to pull a wireshark trace and check the DHCPREQUEST Packet?There should be a flag set to "1" if the client is supposed to update both the A record and PTR record.A flag of "0" means the client updates the A record and requests that the server update the PTR record on its behalf. Also in the DHCP scope make sure == Click the DNS tab, click Properties, and then click to select the Dynamically update DNS A and PTR records only if requested by the DHCP clients check box == is set.