Machines not registering in Reverse DNS

[Cache]

This has me stumped but not sure whether I've resolved it yet or not.

I set up reverse dns for the ip range that we have when I started and it's been working quite happily. This summer we upgraded to Windows 7 and now no machine is registering the reverse DNS records.

Have I missed something obvious in my setup that worked quite happily in XP but doesn't in 7 (because I don't remember setting anything specific)?

Thanks

[Michael]

What server OS are you running? And I presume you're running Active Directory with DNS integrated? Or DNS on its own? Have you tried stopping and starting DNS (within DNS server)?

If you open a command prompt on a workstation and enter:

Code:

ipconfig /registerdns

do entries appear?

[Cache]

DNS is AD integrated, the few XP machines we still have are still registering in the Reverse Zones, All servers have been restarted this week.

Tried the ipconfig command and it still doesn't appear for Windows 7 machines.

Server OS is 1 Server 2003 machine and 2 2008 R2 machines.

[Jamo]

Is there already a client occupying the IP in the reverse lookups?

The other thing to check is that your DNS proxy account (can be set in the DNS options) has permission to write to the reverse DNS zones.

[Cache]

No other IP is occupying it, it's practically empty apart from my servers, static entries and Windows XP machines now.

Will try and check the DNS Proxy account (although I think I just added the server to the DNS Proxy usergroup)

[Michael]

Are your servers replicating correctly?

To my knowledge, there isn't any difference between XP or 7 how it handles DNS requests, but generally Secured DNS Updates are recommended. This basically means only computers belonging to the domain can update DNS records.

From a 7 workstation, login as an admin, open up a command prompt and enter ipconfig /all

It should display an IP from your DHCP Server, your DNS Server(s) and your Gateway. Does it all look correct?

[Cache]

Servers seem to be replicating correctly, no errors are being logged anywhere and the ipconfig appears normal.

As an example that it definitely seems to be something to do with Windows 7 or along those lines, every day this week I have redeployed one computer from XP to Windows 7. In each case I've deleted the DNS records for the machine, redeployed it and then the Forward lookup is recreated, the reverse lookup isn't. In each case the machine had a reverse lookup record before it was reinstalled with windows 7.

[PRicho]

We are getting the same issue, our reverse lookup is pretty much empty. On the DHCP Server properties ours is set to "Dynamically update DNS A and PTR Records only if requested by the DHCP Client" shoud this be on "Always dynamically update DNS A and PTR Records" ?

[Jamo]

From MS

By default, a Windows 2000 and newer statically configured machines will register their A record (hostname) and PTR (reverse entry) into DNS.
If set to DHCP, a Windows 2000 or newer machine will request DHCP to allow the machine itself to register its own A record, but DHCP will register its PTR (reverse entry) record.
Double check that the DHCP server has permissions to write to the reverse lookup zone, if in doubt test by allowing everyone full access, if that works then its permissions which are your issue. The Always update option basically just makes the DHCP server ALWAYS do the registering both on behalf of the client.

[timzim]

Have you added credentials to your DHCP servers to allow DNS dynamic updates? Create a user called e.g. DNSupdate & add them to the group DnsUpdateProxy. Open DHCP and, for each server, expand the server, right-click on IPv4, Advanced, Credentials, then add the authentication details for the account DNSupdate. You might need to restart DHCP.

[Jamo]

Have you added credentials to your DHCP servers to allow DNS dynamic updates? Create a user called e.g. DNSupdate & add them to the group DnsUpdateProxy. Open DHCP and, for each server, expand the server, right-click on IPv4, Advanced, Credentials, then add the authentication details for the account DNSupdate. You might need to restart DHCP.

Also, watch out if you have apples in the fleet as we do. They will register their own reverse DNS records and you can end up with endless apples stuck in the reverse lookup zones as the DNSProxy account doesn't have permissions to delete the entries!

[timzim]

you can end up with endless apples stuck in the reverse lookup zones

Could you fix this with the Heimlich Manoeuvre?

[Jamo]

Could you fix this with the Heimlich Manoeuvre?

Is that the removal of all Apples from the building cus I would LOVE that!

[Cache]

Don't know whether it's right or not, but it works.

Have added the DC to the DNS Update Proxy group and created a standard user and added the credientials to the DHCP server.

Ran the following command because another website said you needed to on Windows 2008 R2 DC's: dnscmd /config /enableednsprobes 0

Enabled the dHCP server to register all records regardless and the DNS zones are repopulating.

Will have to wait and see if it throws up any other problems I guess....

[Jamo]

DNS is great when it works Good luck sounds like its sorted now, best thing to do is double check that records don't become stale now! (Give it double the DHCP lease time and double check that records aren't incorrect)