Does Windows DNS automatically register all domain members?

windows domain-name-system active-directory

Solution 1:

Windows AD DNS usually is updated with all your domain member and network host IP addresses for both - the forward and the reverse lookup zone. There are two mechanisms for updating

  • either the updates, creations and deletions are performed by the Microsoft DHCP server on behalf of its clients
  • or the clients use DNS secure dynamic update mechanisms to update the NS information themselves

In the latter case the DHCP client service (yes, confusing, but this is just how it is implemented) is responsible for sending the DNS dynamic update. The behavior is configurable via group policy settings.

Solution 2:

A lot of things automatically register themselves in an Active Directory environment.

Nearly all of them do it through Dynamic DNS Update.

  • On domain controllers:
    • the netlogon service automatically registers a fair number of srv and a/aaaa resource record sets, so that workstations can find the LDAP, Kerberos, and other services provided by domain controllers.
    • the DNS server service automatically registers a/aaaa resource record sets.
  • On domain controllers, member servers, and workstations:
    • the DHCP client service automatically registers a/aaaa and ptr resource record sets for every network interface where Register this connection's addresses in DNS is enabled. By default it leaves the ptr resource record sets to be registered by the DHCP server, and only attempts to register them itself if the DHCP server does not.
  • On DHCP servers:
    • the DHCP server service automatically registers a/aaaa and ptr resource record sets for every DHCP lease, as long as the DHCP client says to do this (or is a DHCP client that doesn't understand the relevant DHCP options for negotiating who does what registration in the first place).

The problem with "external" DHCP servers is generally not that they don't attempt the registration. Several are capable of this. It's that they speak the wrong protocol for secure Dynamic DNS Update.

Further reading

  • Microsoft corporation (2007-04-06). How to enable or disable DNS updates in Windows 2000 and in Windows Server 2003. ID 246804. Microsoft Support KnowledgeBase.
  • Microsoft corporation (2000). SRV Resource Records. TechNet.
  • Microsoft corporation (2003). How DNS Support for Active Directory Works. TechNet.
  • Microsoft corporation. 6.3.6.1 DNS-Based Discovery. MSDN Library.
  • Jonathan de Boyne Pollard (2004). The Secure Dynamic DNS update client authorisation schemes used by Microsoft and ISC are incompatible.. Frequently Given Answers.

Solution 3:

I wonder if a Windows Domain DNS Server should register any Domain Member in general?

How long did you think about it?

here is an angle you have mised: How would DNS know all members? Especially of those are not active or moving. Ups - does not work. Simple. DNS never will know all systems around / existing and their IP addresses.

I notice that this does not happen if the DHCP is an external system and not aware of the internal DNS Server.

Yes. Because this is a function of the internal DNS server and it is in general a BAD BAD BAD idea to use an external DNS, exactly for reasons like that. Plus the fact that dynamic DNS updates are something that... are not really used that much outside the MS world.

Related

Cutting patch cables to length
MongoDB best practice against constant power failure
Can haproxy be used to balance unix sockets?
Found a service which logs on using the account name ".\AccountName" - What does ".\" mean? [duplicate]
Simple dig output?
Email going to a user at a similar domain name
rsnapshot : will the initial backup be retained forever?
Why doesn't this command work as a cronjob, while it works perfectly when typed in a shell? [closed]
Troubleshooting wireless network in a 4000 square feet office
Is rdiff-backup outdated? [closed]
setenforce: SELinux is disabled
Export all hosts from DNS Manager using Powershell