DHCP not actually updating DNS even though logs indicate otherwise

This question is sort of a follow-up to this previous question: DHCP failing to update DNS

We have a Windows Server 2003 SP2 machine that is a domain controller, DNS server, and DHCP server. Our DHCP audit logs were filled with Event ID error code 31: "DNS Update Failed". The issue was resolved by creating a reverse DNS zone. Afterwards, we get code 32 in the DHCP audit log. For instance:

32,07/06/09,08:24:40,DNS Update Successful,10.0.1.55,COMPUTER01.ssx.local,,

However, if I take a look at the DNS, the entry for "COMPUTER01.ssx.local" is not 10.0.1.55 but some other IP address.

I've been reviewing the DHCP audit logs again as well as the Event Logs for DNS and other system logs. There are no errors to indicate why the DNS is not actually updating. I am not sure why the DHCP logs would indicate a DNS update success, when the actual DNS does not update.

Any ideas on what is happening here?


Solution 1:

By default, only the "PTR" record is updated by the DHCP server for Windows 2000+ client computers. Here's an article from Microsoft that describes the dynamic DNS process with their DHCP server: http://technet.microsoft.com/en-us/library/cc787034(WS.10).aspx

The stock behaviour of W2K and up is for the client to request the DHCP server register the PTR record on behalf of the client, and the client registers the A record itself. The DHCP server can be made to register the A record and the PTR record (including for pre-Windows 2000 clients that can't make DDNS registrations themselves).

To alter the behaviour of client computers in DNS registrations, have a look in Group Policy in the DNS Client node under the Network subnode of the Administrative Templates node of the Computer Configuration. In there, you'll find that you can force the clients to register their PTR records, rather than having it done by the DHCP server (if you so desire), and you can set the TTL on records registered by clients.

To alter the behaviour of the DHCP server computer to cause it to register the "A" record, you can change the settings on the "DNS" tab of the "Properties" of the DHCP server or on the DHCP scope. If you've already done this and set it to, for example, "Always dynamically update DNS A and PTR records", then the DHCP Server should be modifying the "A" record and "PTR" record.

So, unless you've used that setting to change the behaviour of the client computers or the DHCP Server, the client computers should be doing the updates on their "A" records. (Which is what it looks like you're examining in your question-- the "A" record for COMPUTER01.ssx.local.)

If the clients are supposed to be doing their own updates, have a look at the Application Event Log of one of the clients that's not updating properly after you run an "ipconfig /registerdns" on the client.

My gut tells me that since you're using an "Active-Directory Integrated" DNS zone w/ secure dynamic updates turned on the clients might be running into permission issues updating their "A" records. (You can look at the ACL on each "A" record by looking at the "Properties" of the record in the DNS Management MMC snap-in.) The event log on the client will tell you more.