Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, April 16, 2015 2:08 PM
I'm noticing in our DNS Manager for our Windows Server 2008 R2 domain / dns servers, the timestamp is not always updating. It seems hit or a miss. All clients are Windows 7 Professional. I notice if I go on a machine and manually type in ipconfig /registerdns, then the timestamp updates on the DNS servers. Is this something I should be putting in the login script for our domain users?
I even created a GPO called DNS Client Configuration and the following is defined:
Primary DNS Suffix
Register DNS records with connection-specific DNS suffix
Register PTR Records
Dynamic Update
Registration Refresh Interval
DNS Suffic Search List
Update Security Level.
For our DHCP server we do have secure updates on and I created a special AD user that is defined dhcpupdsrv with a randomly generated 24 character password that never expires.
One group of PC's I see their timestamp is 5/14/2013, when those computers were installed. I think that location has static IP's but wouldn't the GPO cause this to update?
I want to enable DNS scavenging but I am afraid to do so until the timestamps are current.
All replies (2)
Monday, April 20, 2015 3:24 AM âś…Answered | 1 vote
Hi,
If your DNS timestamp is not correct, please check if the DNS clients can update their record successfully.
>>One group of PC's I see their timestamp is 5/14/2013
Please check the security setting of this record. Make sure that the client has the permission to modify it. Then run the ipconfig /registerdns on the client.
>>That account's password expired at some point so DNS got a little messy. I found this out and created a new AD USER called dhcpdnssvc.
If you change the account used by DHCP server to register the DNS, please delete the old records and let the new account register them.
Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Thursday, April 16, 2015 6:43 PM
I have a question if its related to the advanced security settings for the DNS records not updating.
For example on old DNS entry owner is account unknown (with a long SID attached).
Most of them are Domain Admins.
We moved a bunch of computers to another building and had DNS issues (connecting to their name when answering support calls), so we deleted them in DNS and used PSEXEC to remotely issue ipconfig /registerdns. Those DNS records owners are the computer name.
Some if you delete the DNS record, and reboot the owner is dhcpdnssvc (an AD account we created for DHCP to write to DNS).
So is this why? Any script to mass update them to the AD account, or do I have to click them one by one in DNS manager?
What happened at one point is the account used for DHCP to update DNS was a domain admin account. That account's password expired at some point so DNS got a little messy. I found this out and created a new AD USER called dhcpdnssvc. But its just a user, not an admin or anything. Is this why? DC, DNS and DHCP are on the domain controllers.