Re: Restrict Dynamic Updates

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
Date: Fri, 2 May 2008 21:22:00 -0400

In news:63D7D919-F796-4717-8753-831ECCBE22FC@xxxxxxxxxxxxx,
Robert Lindholm <RobertLindholm@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:

Ace:

Thanks for your continued assistance...

Is there a way to force the [WinXP] clients to update their A/PTR
records directly with the AD/DNS server?

Well, yes, assuming you mean for DHCP clients. Non-DHCP clients do it
anyway. In DHCP properties, under the DNS tab, check the appropriate boxes.
But it is your benefit to force Windows DHCP to do it, as well as giving
DHCP ownership of the record (by adding the DHCP server to the
DnsUpdateProxy group). This way you won't find dupes of the same hostnames
with different IPs. This plus setting scavenging in Windows DNS, will
automate self-cleaning, so to speak. If you want to do this, follow the
instructions concerning the DnsProxyUpdate group. Matter of fact, this is
good reading concerning how the whole process between Windows DNS and
Windows DHCP works:

816592 - How to configure DNS dynamic updates in Windows Server 2003:
http://support.microsoft.com/kb/816592/

While I appreciate the win of using AD/DNS and AD/DHCP, it's not
something I'm going to be able to implement in our environment.

I can understand.

If the clients do own the A/PTR records and can directly update
AD/DNS, can the "stale" records be removed manually or by using
scavenging?

Scavenging.

I will definitely incorporate your recommendation of using a forward
to the BIND/DNS server to minimize the exposure of the AD/DNS servers
to the Internet.

Bob

If you have any other questions, post back.

Ace

.

Follow-Ups:
- Re: Restrict Dynamic Updates
  - From: Robert Lindholm

References:
- Re: Restrict Dynamic Updates
  - From: Ace Fekay [MVP]
- Re: Restrict Dynamic Updates
  - From: Robert Lindholm

Prev by Date: Re: Migrate DNS records from one zone to different zone [new domain name]
Next by Date: Re: Cannot resolve our ISP Web page. Please help
Previous by thread: Re: Restrict Dynamic Updates
Next by thread: Re: Restrict Dynamic Updates
Index(es):
- Date
- Thread

Relevant Pages

RE: VPN, RRAS & DHCP
... Open DHCP console. ... Check the status of the local server. ... <VPN connections subsequently fail again. ... <I say fail but in practice both the server and clients are assigned IP ...
(microsoft.public.windows.server.sbs)
RE: DHCP: not reached by clients
... This newsgroup only focuses on SBS technical issues. ... | Thread-Topic: DHCP: not reached by clients ... | thereafter re-enabling dhcp server it worked perfectly. ...
(microsoft.public.windows.server.sbs)
Re: How to setup effective school network
... > I have a very nice quality server ... ... > Network card all hubs and switches to my server and serve dhcp. ... the listing it appears you are running samba/windows clients. ... Do SSO for just a few hosts initially to get some experience. ...
(comp.os.linux.networking)
Re: Taking Domain Controller Offline
... Depends of the DHCP clients lease, if you think that the amount of time that ... additional DHCP server, of course if you've one in place you should use it ... sure that the clients are able to use the additional DNS server. ... "Jorge Silva" wrote: ...
(microsoft.public.windows.server.active_directory)
Re: Autoenrollment errors in Event Viewer...
... I agree with you on the DHCP part for the clients. ... Ed. server acting as the DC, DNS, ... servers and login directly into the local domain. ...
(microsoft.public.windows.server.sbs)