| Author | Messages | |
Johnchristie11
Posts:16
 | | 05/06/2008 2:21 PM |
| Dear List
I have an issue with dynamic DNS and I'm wondering whether anyone can point
me in the right direction. It seems that when I change the DHCP IP address
on a workstation to static, the DNS record is not dynamically updated.
This is the process.....
Computer assigned DHCP address of 192.168.10.5. DNS record is created in the
porkies.local DNS zone
Computer assigned static address of 192.168.10.54 DNS record is NOT updated.
So I carry out an Ipconfig /registerdns on the computer and it logs the
following event id:
Event ID 11163
The system failed to register host (A) resource records (RRs) for network
adapter
with settings:
Adapter Name : {19E26ADC-9F3B-4D54-B500-598AA5A2E496}
Host Name : XP001
Primary Domain Suffix : porkies.local
DNS server list :
192.168.10.18, 192.168.5.18
Sent update to server : 192.1.1.1
IP Address(es) :
192.168.10.54
The reason the system could not register these RRs was because the DNS
server failed the update request. The most likely cause of this is that the
authoritative DNS server required to process this update request has a lock
in place on the zone, probably because a zone transfer is in progress.
You can manually retry DNS registration of the network adapter and its
settings by typing "ipconfig /registerdns" at the command prompt. If
problems still persist, contact your DNS server or network systems
administrator.
DNS is configured for secure updates. This is a Windows 2003 Active
Directory integrated zone.
If I manually delete the record in DNS and do an IPCONFIG/ Registerdns,
everything works fine but I don't want to have to do this every time. I
noticed that it's trying to send the update to 192.1.1.1?? that doesn't
exist.
Has anyone experienced this before? My thought was that if you changed a
DHCP address to static, the associated DNS records would be updated as well?
Any advice appreciated
| | | |
| amulnick
Posts:138
| | 05/07/2008 2:28 PM |
| How is your DHCP server configured for that subnet?
Specifically, the dns settings information for that subnet?
Most likely, the issue has to do with the permisisons based on the symptoms
you describe, but more information is needed.
Since it's a secure zone, I'm assuming this is an AD integrated zone. If
not, please let us know. The event indicates a lock, but that may be a false
lead.
Any history you can provide would also be useful.
On Tue, May 6, 2008 at 2:18 PM, John Christie <johnchristie11@googlemail.com>
wrote:
>
> Dear List
>
> I have an issue with dynamic DNS and I'm wondering whether anyone can
> point me in the right direction. It seems that when I change the DHCP IP
> address on a workstation to static, the DNS record is not dynamically
> updated.
>
> This is the process.....
>
> Computer assigned DHCP address of 192.168.10.5. DNS record is created in
> the porkies.local DNS zone
> Computer assigned static address of 192.168.10.54 DNS record is NOT
> updated.
>
> So I carry out an Ipconfig /registerdns on the computer and it logs the
> following event id:
>
> Event ID 11163
>
> The system failed to register host (A) resource records (RRs) for network
> adapter
> with settings:
>
> Adapter Name : {19E26ADC-9F3B-4D54-B500-598AA5A2E496}
> Host Name : XP001
> Primary Domain Suffix : porkies.local
> DNS server list :
> 192.168.10.18, 192.168.5.18
> Sent update to server : 192.1.1.1
> IP Address(es) :
> 192.168.10.54
>
> The reason the system could not register these RRs was because the DNS
> server failed the update request. The most likely cause of this is that the
> authoritative DNS server required to process this update request has a lock
> in place on the zone, probably because a zone transfer is in progress.
>
> You can manually retry DNS registration of the network adapter and its
> settings by typing "ipconfig /registerdns" at the command prompt. If
> problems still persist, contact your DNS server or network systems
> administrator.
>
> DNS is configured for secure updates. This is a Windows 2003 Active
> Directory integrated zone.
>
> If I manually delete the record in DNS and do an IPCONFIG/ Registerdns,
> everything works fine but I don't want to have to do this every time. I
> noticed that it's trying to send the update to 192.1.1.1?? that doesn't
> exist.
>
> Has anyone experienced this before? My thought was that if you changed a
> DHCP address to static, the associated DNS records would be updated as well?
>
> Any advice appreciated
>
>
>
| | | |
| Marty1_0
Posts:73
| | 05/07/2008 2:39 PM |
| Could it be that the DNS record is updated by DHCP (if totally well configured, a dedicated account) and that when changing the IP to a fix one, it tries to update the record with different credentials?
1. It uses the dedicated account through DHCP
2. It uses the computer account itself
??
- Bart
From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Al Mulnick
Sent: Wednesday, May 07, 2008 20:24
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Fwd: OT DNS records not updating
How is your DHCP server configured for that subnet?
Specifically, the dns settings information for that subnet?
Most likely, the issue has to do with the permisisons based on the symptoms you describe, but more information is needed.
Since it's a secure zone, I'm assuming this is an AD integrated zone. If not, please let us know. The event indicates a lock, but that may be a false lead.
Any history you can provide would also be useful.
On Tue, May 6, 2008 at 2:18 PM, John Christie <johnchristie11@googlemail.com> wrote:
Dear List
I have an issue with dynamic DNS and I'm wondering whether anyone can point me in the right direction. It seems that when I change the DHCP IP address on a workstation to static, the DNS record is not dynamically updated.
This is the process.....
Computer assigned DHCP address of 192.168.10.5 <http://192.168.10.5/> . DNS record is created in the porkies.local DNS zone
Computer assigned static address of 192.168.10.54 <http://192.168.10.54/> DNS record is NOT updated.
So I carry out an Ipconfig /registerdns on the computer and it logs the following event id:
Event ID 11163
The system failed to register host (A) resource records (RRs) for network adapter
with settings:
Adapter Name : {19E26ADC-9F3B-4D54-B500-598AA5A2E496}
Host Name : XP001
Primary Domain Suffix : porkies.local
DNS server list :
192.168.10.18 <http://192.168.10.18/> , 192.168.5.18 <http://192.168.5.18/>
Sent update to server : 192.1.1.1 <http://192.1.1.1/>
IP Address(es) :
192.168.10.54 <http://192.168.10.54/>
The reason the system could not register these RRs was because the DNS server failed the update request. The most likely cause of this is that the authoritative DNS server required to process this update request has a lock in place on the zone, probably because a zone transfer is in progress.
You can manually retry DNS registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
DNS is configured for secure updates. This is a Windows 2003 Active Directory integrated zone.
If I manually delete the record in DNS and do an IPCONFIG/ Registerdns, everything works fine but I don't want to have to do this every time. I noticed that it's trying to send the update to 192.1.1.1 <http://192.1.1.1/> ?? that doesn't exist.
Has anyone experienced this before? My thought was that if you changed a DHCP address to static, the associated DNS records would be updated as well?
Any advice appreciated
| | | |
| Johnchristie11
Posts:16
| | 05/08/2008 12:14 PM |
| The DHCP server is sitting on a DC which is also a WINS and DNS server. We
have two of these.
The DHCP config contains:
2 x DNS servers
2 x WINS servers,
Domain name = porkies.local
Default gateway = 192.168.10.1
I'm not sure what other information you need?
It is an AD integrated zone on Windows 2003 R2.
I am pretty sure it's permissions problem as my colleague mentioned that she
changed the security settings of the DNS record to allow authenticated
user write permissions and the record was updated?? I need to verify this
myself to be certain. In any case what object/security principal is
responsible for updating the DNS record in the DHCP and Static IP scenario?
Ta
JC
On Wed, May 7, 2008 at 7:23 PM, Al Mulnick <amulnick@gmail.com> wrote:
> How is your DHCP server configured for that subnet?
>
> Specifically, the dns settings information for that subnet?
>
> Most likely, the issue has to do with the permisisons based on the
> symptoms you describe, but more information is needed.
>
> Since it's a secure zone, I'm assuming this is an AD integrated zone. If
> not, please let us know. The event indicates a lock, but that may be a false
> lead.
>
> Any history you can provide would also be useful.
>
> On Tue, May 6, 2008 at 2:18 PM, John Christie <
> johnchristie11@googlemail.com> wrote:
>
> >
> > Dear List
> >
> > I have an issue with dynamic DNS and I'm wondering whether anyone can
> > point me in the right direction. It seems that when I change the DHCP IP
> > address on a workstation to static, the DNS record is not dynamically
> > updated.
> >
> > This is the process.....
> >
> > Computer assigned DHCP address of 192.168.10.5. DNS record is created in
> > the porkies.local DNS zone
> > Computer assigned static address of 192.168.10.54 DNS record is NOT
> > updated.
> >
> > So I carry out an Ipconfig /registerdns on the computer and it logs the
> > following event id:
> >
> > Event ID 11163
> >
> > The system failed to register host (A) resource records (RRs) for
> > network adapter
> > with settings:
> >
> > Adapter Name : {19E26ADC-9F3B-4D54-B500-598AA5A2E496}
> > Host Name : XP001
> > Primary Domain Suffix : porkies.local
> > DNS server list :
> > 192.168.10.18, 192.168.5.18
> > Sent update to server : 192.1.1.1
> > IP Address(es) :
> > 192.168.10.54
> >
> > The reason the system could not register these RRs was because the DNS
> > server failed the update request. The most likely cause of this is that the
> > authoritative DNS server required to process this update request has a lock
> > in place on the zone, probably because a zone transfer is in progress.
> >
> > You can manually retry DNS registration of the network adapter and its
> > settings by typing "ipconfig /registerdns" at the command prompt. If
> > problems still persist, contact your DNS server or network systems
> > administrator.
> >
> > DNS is configured for secure updates. This is a Windows 2003 Active
> > Directory integrated zone.
> >
> > If I manually delete the record in DNS and do an IPCONFIG/ Registerdns,
> > everything works fine but I don't want to have to do this every time. I
> > noticed that it's trying to send the update to 192.1.1.1?? that doesn't
> > exist.
> >
> > Has anyone experienced this before? My thought was that if you changed a
> > DHCP address to static, the associated DNS records would be updated as well?
> >
> > Any advice appreciated
> >
> >
> >
>
| | | |
| amulnick
Posts:138
| | 05/08/2008 12:24 PM |
| The way it is configured for the DNS settings tab? Is it configured to have
DHCP update the dns records? If so, that is likely your problem. When DHCP
handles name registration, the computer account has no need to be added to
the computer security principal - the DHCP server handles it. When you go
to a static registration, often we do not release the address first (that
leaves the record out there) and the computer account does not have the
sufficient privs to delete/modify etc.
A quick fix is to add the computer account to the dns record acl. Then it
can update the records appropriately.
Another suggestion would be to evaluate changing your dhcp/dns interaction
so that it does not register the records on behalf of the windows hosts.
That may or may not be possible in your environment - you'll have to
evaluate that impact. You would still have to change the records that
currently exist, i.e. either delete them and let them re-register or change
the permissions on the objects to allow them to update themselves.
Either way, I agree its a permisisons issue. Just a question of how you
want to modify it to suit your needs. I'm sure there are other ways to
adjust this as well depending on your unique requirements.
Al
On Thu, May 8, 2008 at 12:14 PM, John Christie <
johnchristie11@googlemail.com> wrote:
>
> my initial thoughts were on the same track as yours but the DHCP server is
> on a domain controller so it doesn't use a dedicated account through DHCP
> like you would on a member server.
>
>
>
>
> On Wed, May 7, 2008 at 7:35 PM, Bart Van den Wyngaert <bart.vdw@gmail.com>
> wrote:
>
> > Could it be that the DNS record is updated by DHCP (if totally well
> > configured, a dedicated account) and that when changing the IP to a fix one,
> > it tries to update the record with different credentials?
> >
> > 1. It uses the dedicated account through DHCP
> >
> > 2. It uses the computer account itself
> >
> >
> >
> > ??
> >
> >
> >
> > - Bart
> >
> >
> >
> > *From:* ActiveDir-owner@mail.activedir.org [mailto:
> > ActiveDir-owner@mail.activedir.org] *On Behalf Of *Al Mulnick
> > *Sent:* Wednesday, May 07, 2008 20:24
> > *To:* ActiveDir@mail.activedir.org
> > *Subject:* Re: [ActiveDir] Fwd: OT DNS records not updating
> >
> >
> >
> > How is your DHCP server configured for that subnet?
> >
> >
> >
> > Specifically, the dns settings information for that subnet?
> >
> >
> >
> > Most likely, the issue has to do with the permisisons based on the
> > symptoms you describe, but more information is needed.
> >
> >
> >
> > Since it's a secure zone, I'm assuming this is an AD integrated zone.
> > If not, please let us know. The event indicates a lock, but that may be a
> > false lead.
> >
> >
> >
> > Any history you can provide would also be useful.
> >
> > On Tue, May 6, 2008 at 2:18 PM, John Christie <
> > johnchristie11@googlemail.com> wrote:
> >
> >
> >
> > Dear List
> >
> >
> >
> > I have an issue with dynamic DNS and I'm wondering whether anyone can
> > point me in the right direction. It seems that when I change the DHCP IP
> > address on a workstation to static, the DNS record is not dynamically
> > updated.
> >
> >
> >
> > This is the process.....
> >
> >
> >
> > Computer assigned DHCP address of 192.168.10.5. DNS record is created in
> > the porkies.local DNS zone
> >
> > Computer assigned static address of 192.168.10.54 DNS record is NOT
> > updated.
> >
> >
> >
> > So I carry out an Ipconfig /registerdns on the computer and it logs the
> > following event id:
> >
> >
> >
> > Event ID 11163
> >
> >
> >
> > The system failed to register host (A) resource records (RRs) for
> > network adapter
> >
> > with settings:
> >
> >
> >
> > Adapter Name : {19E26ADC-9F3B-4D54-B500-598AA5A2E496}
> >
> > Host Name : XP001
> >
> > Primary Domain Suffix : porkies.local
> >
> > DNS server list :
> >
> > 192.168.10.18, 192.168.5.18
> >
> > Sent update to server : 192.1.1.1
> >
> > IP Address(es) :
> >
> > 192.168.10.54
> >
> >
> >
> > The reason the system could not register these RRs was because the DNS
> > server failed the update request. The most likely cause of this is that the
> > authoritative DNS server required to process this update request has a lock
> > in place on the zone, probably because a zone transfer is in progress.
> >
> >
> >
> > You can manually retry DNS registration of the network adapter and its
> > settings by typing "ipconfig /registerdns" at the command prompt. If
> > problems still persist, contact your DNS server or network systems
> > administrator.
> >
> >
> >
> > DNS is configured for secure updates. This is a Windows 2003 Active
> > Directory integrated zone.
> >
> >
> >
> > If I manually delete the record in DNS and do an IPCONFIG/ Registerdns,
> > everything works fine but I don't want to have to do this every time. I
> > noticed that it's trying to send the update to 192.1.1.1?? that doesn't
> > exist.
> >
> >
> >
> > Has anyone experienced this before? My thought was that if you changed a
> > DHCP address to static, the associated DNS records would be updated as well?
> >
> >
> >
> > Any advice appreciated
> >
> >
> >
> >
> >
> >
> >
>
>
| | | |
|
|