Re: DNS Server Refuses Updates from DHCP

Will wrote:
"Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx> wrote in message
news:OaOvqgc$GHA.4292@xxxxxxxxxxxxxxxxxxxxxxx
Is that zone accepting dynamic updates?
Have you assigned a user account with a non-expiring password in the
DHCP scope properties for the DHCP server to authenticate with the
DNS server? Or did you change that password recently?
are you seeing errors in eventvwr.
You can also run network monitor to check what is going on...

Is the only requirement for the domain account that runs DHCP that it
be in the DNS Updates reserved group on the domain controller?
What is the absolute minimum permissions that this service account
must have?

I really hate to run services as domain accounts, since Microsoft
stores the passwords of such accounts in system memory as clear text,
and it's a common hacker trick when doing a buffer overload on a
service to grab those accounts and passwords and use them for further
attacks. Would there be any way to run the DHCP service as one of
the reserved accounts like Network Service?

You do not need to run the DHCP service as a domain account, right click on
the server in the DHCP console, select properties, select the Advanced tab,
click the credentials button, enter a dedicated user account credentials.
This user needs not be a member of any special group, but all DHCP servers
must use the same credentials, and I recommend a strong non-expiring
password. This account is used by DHCP to take ownership of records it
registers, so it can update the record when the IP changes and remove the
records when the lease expires.
I also recommend adding Windows 2000 and Microsoft option 002, which will
release the lease when the client is shutdown. Windows clients do not
normally release their IP lease on shutdown and will attempt to use the IP
again when it starts.

--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================


.