DHCP and DNS Integration Disabled - Architecture Discussion
I have been working with this organization as an SCCM Engineer and recently came into a discussion pertaining to the DHCP and DNS configurations. DNS and DHCP have been recently reconfigured to NOT be integrated anymore. I strongly am against this and feel
that the organization is moving in the wrong direction, however, they are not my systems to support (though it greatly impacts my SCCM environment). Any advice would be great:
Old Configuration:
DNS Configured with Non-secure Updates and scavenging every 4 daysDHCP registering DNS requests on behalf of clients
**Please note that some of the Server A and PTR Records are ALSO in the same forward lookup zone as the workstations. **
Issues that Occurred:
Mobile phones had same names as existing workstations / servers and overwrote the good records.Non Domain Member Workstation joins Network and registers in DNS.
Architecture that Organization Moved To (which I believe is the wrong direction):
Disable DNS and DHCP IntegrationDNS Configured to Secure-Only UpdatesA Script (yes I said it) was created to delete any duplicate A and PTR records in DNS (deleting the oldest record and this script runs every 15 minutes) for the workstation Forward Lookup Zone.
Problems:
If a computer is replaced with a new computer, there will be TWO entries in DNS until the script runs.If we change back to DNS and DHCP integration we will have manage the permissions on the DNS records to allow DHCP to modify those records on change.
Things we want to avoid:
Mobile phones had same names as existing workstations / servers and overwrote the good records.Non Domain Member Workstation joins Network and registers in DNS.
So we made a call into Microsoft I was not on the call; however, they asked Premier support the best way to architect this solution. I feel that the conversation was scripted as it was what is the best way to support what we have put ourselves into, rather
than what is the Microsoft Recommended method to Manage DNS and DHCP.
I have my own opinion on how to solve this, however, I dont want to guide the community to a solution that I want to implement. I want to know..
What is the best way to architect this? Please ask questions as I know I May have left out important details.
June 26th, 2012 12:08pm
Hi,
Thank you for the post.
The best way is:
1.Enable DNS and DHCP integration
2.Configure DNS zone Dynamic update to secure-only
If the zone is set for Secure Updates Only, then DHCP cannot update non-Microsoft clients and Microsoft clients that are not joined to the domain.
3.Enable DNS Scavenging
http://support.microsoft.com/kb/816592
http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx
If there are more inquiries on this issue, please feel free to let us know.
RegardsRick Tan
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2012 5:20am
Rick,
Thank you for your response. This was what I wanted to implement, however, now that the clients are creating their own records (subsequently inheriting Owner privileges), will DHCP have issues
registering on behalf of the Windows domain workstations?
Thank you,
-Brenton
June 28th, 2012 4:58pm
Hi Breton,
It's normal that client computers own their DNS records.
If you want to change DNS records to the same owner, please enable DHCP option 081 and configure DHCP credentials which mentioned in ACE blog I posted before. The setting is for DNS dynamic update by multiple DHCP servers when client laptops are moved
from one site to another.
RegardsRick Tan
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
June 29th, 2012 12:27am
For clarification, are you stating that when DHCP registers & updates the DNS on behalf of the client computers, the client computer becomes the owner of the record?
Thanks again for your input on this!
June 29th, 2012 10:19am
Hi Breton,
Yes, it's caused by design.
RegardsRick Tan
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
July 1st, 2012 11:57pm