نمایش نتایج: از شماره 1 تا 2 از مجموع 2
سپاس ها 1سپاس

موضوع: How to configure DNS dynamic update

  
  1. #1
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272

    How to configure DNS dynamic update

    کد:
    http://support.microsoft.com/?scid=kb%3Ben-us%3B317590&x=12&y=9
    How to configure DNS dynamic update in Windows 2000


    This article describes how to configure the DNS dynamic update functionality in Windows 2000. The DNS dynamic update functionality enables DNS client computers to register and dynamically update their resource records with a DNS server whenever changes occur. If you use this functionality, you can reduce the need for manual administration of zone records, especially for clients that frequently move or change locations and use Dynamic Host Configuration Protocol (DHCP) to obtain an Internet Protocol (IP) address.

    Windows 2000 provides client and server support to use the dynamic update functionality as described in Request for Comments (RFC) 2136. For DNS servers, the DNS service allows you to enable or disable the DNS dynamic update functionality on a per-zone basis at each server that is configured to load either a standard primary or directory-integrated zone.



    Windows 2000 DNS Dynamic Update Features

    The DNS service allows client computers to dynamically update their resource records in DNS. When you use this functionality, you improve DNS administration by reducing the time required to manually manage zone records. You can use the DNS dynamic update functionality in conjunction with DHCP to update resource records when a computer's IP address is changed. Computers that are running Windows 2000 can send dynamic updates.

    Windows 2000 provides the following features that are related to the DNS dynamic update protocol:
    • Support for Active Directory directory service as a locator service for domain controllers.
    • Integration with Active Directory.

      You can integrate DNS zones into Active Directory to provide increased fault tolerance and security. Every Active Directory-integrated zone is replicated among all domain controllers in the Active Directory domain. All DNS servers that are running on these domain controllers can act as primary servers for the zone and accept dynamic updates. Active Directory replicates on a per-property basis, propagating only relevant changes.
    • Support for aging and scavenging of records.

      The DNS service can scan and remove records that are no longer needed. When you enable this feature, you can prevent stale records from remaining in the DNS.
    • Support for secure dynamic updates in Active Directory-integrated zones.

      You can configure Active Directory-integrated zones for secure dynamic update so that only authorized users can make changes to a zone or record.
    • Improved ease of administration.
    • Administration from the command prompt.
    • Enhanced name resolution.
    • Enhanced caching and negative caching.
    • Interoperability with other DNS server implementations.
    • Integration with other network services.
    • Incremental zone transfer.
    • Support for new resource record types.



    How Windows 2000-Based Computers Update Their DNS Names

    By default, computers that run Windows 2000 and are statically configured for TCP/IP try to dynamically register host address (A) and pointer (PTR) resource records for IP addresses that are configured and used by their installed network connections. By default, all computers register records based on their full computer name.

    For Windows 2000 computers, the primary full computer name (which is a fully qualified domain name [FQDN]) is the primary DNS suffix of the computer that is appended to the computer name. To determine the primary DNS suffix of the computer and the computer name, right-click My Computer, click Properties, and then click the Network Identification tab.

    Dynamic updates can be sent for any of the following reasons or events:
    • An IP address is added, removed, or modified in the TCP/IP properties configuration for any one of the installed network connections.
    • An IP address lease changes or renews any one of the installed network connections with the DHCP server. For example, when the computer is started or if you use the ipconfig /renew command.
    • You use the ipconfig /registerdns command to manually force a refresh of the client name registration in DNS.
    • At startup time, when the computer is turned on.

    When one of these events triggers a dynamic update, the DHCP Client service (not the DNS Client service) sends updates. This process is designed so that if a change to the IP address information occurs because of DHCP, corresponding updates in DNS are performed to synchronize name-to-address mappings for the computer. The DHCP Client service performs this function for all network connections used on the system, including connections that are not configured to use DHCP.

    NOTES:
    • The dynamic update process for Windows 2000-based computers that use DHCP to obtain their IP address is different than the process that is described in this section. For more information, see the Integration of DHCP with DNS section and the Windows DHCP Clients and DNS Dynamic Update Protocol section of this article.
    • The update process that is described in this section assumes Windows 2000 installation defaults are in effect. Specific names and update behavior is tunable when advanced TCP/IP properties are configured to use non-default DNS settings.
    • In addition to the full computer name (or primary name) of the computer, you can configure additional connection-specific DNS names and optionally register or update them in DNS.

    An Example of How Dynamic Update Works

    For Windows 2000, dynamic updates are typically requested when either a DNS name or an IP address changes on the computer. For example, a client named "oldhost" is first configured in System properties to have the following names: Computer name: oldhost
    DNS domain name of computer: example.microsoft.com
    Full computer name: oldhost.example.microsoft.com

    In this example, no connection-specific DNS domain names are configured for the computer. If you rename the computer from "oldhost" to "newhost," the following name changes occur: Computer name: newhost
    DNS domain name of computer: example.microsoft.com
    Full computer name: newhost.example.microsoft.com

    After the name change is applied in System properties, Windows 2000 prompts you to restart the computer. After the computer restarts Windows, the DHCP Client service performs the following sequence to update DNS:
    1. The DHCP Client service sends a start of authority (SOA) type query by using the DNS domain name of the computer.

      The client computer uses the currently configured FQDN of the computer (such as "newhost.example.microsoft.com") as the name specified in this query.
    2. The authoritative DNS server for the zone that contains the client FQDN responds to the SOA-type query.

      For standard primary zones, the primary server (owner) that is returned in the SOA query response is fixed and static. It always matches the exact DNS name as it is displayed in the SOA resource record stored with the zone. However, if the zone that is being updated is directory-integrated, any DNS server that is loading the zone can respond and dynamically insert its own name as the primary server (owner) of the zone in the SOA query response.
    3. The DHCP Client service attempts to contact the primary DNS server.

      The client processes the SOA query response for its name to determine the IP address of the DNS server that is authorized as the primary server for accepting its name. The client proceeds to perform the following procedure (if required) to contact and dynamically update its primary server:
      1. The client sends a dynamic update request to the primary server that is determined in the SOA query response.

        If the update succeeds, no further action is taken.
      2. If this update fails, the client next sends an NS-type query for the zone name that is specified in the SOA record.
      3. When the client receives a response to this query, it sends an SOA query to the first DNS server that is listed in the response.
      4. After the SOA query is resolved, the client sends a dynamic update to the server that is specified in the returned SOA record.

        If the update succeeds, no further action is taken.
      5. If this update fails, the client repeats the SOA query process by sending to the next DNS server that is listed in the response.
    4. After the primary server that can perform the update is contacted, the client sends the update request and the server processes it.

      The contents of the update request include instructions to add A (and possibly PTR) resource records for "newhost.example.microsoft.com" and remove these same record types for "oldhost.example.microsoft.com" (the name that was previously registered).

      The server also checks to ensure that updates are permitted for the client request. For standard primary zones, dynamic updates are not secured and any client attempt to update succeeds. For Active Directory-integrated zones, updates are secured and performed using directory-based security settings.

    Dynamic updates are sent or refreshed periodically. By default, Windows 2000 sends a refresh once every 24 hours. If the update occurs and there are no changes to zone data, the zone remains at its current version and no changes are written. Updates that result in actual zone changes or increased zone transfers only if names or addresses actually change.

    Note Names are not removed from DNS zones if they become inactive or if they are not updated within the refresh interval (24 hours). DNS does not use a mechanism to release or tombstone names, although DNS clients do attempt to delete or update old name records when a new name or address change is applied.

    When the DHCP Client service registers A and PTR resource records for a Windows 2000 computer, it uses a default caching Time-To-Live (TTL) value of 15 minutes for host records. This value determines how long other DNS servers and clients cache a computer's records when they are included in a query response.



    Integration of DHCP with DNS

    With Windows 2000, a DHCP server can enable dynamic updates in the DNS namespace for any of its clients that support these updates. Scope clients can use DNS dynamic update protocol to update their host name-to-address mapping information (which is stored in zones on the DNS server) whenever changes occur to their DHCP-assigned address. A Windows 2000 DHCP server can perform updates on behalf of its DHCP clients to any DNS server.

    How DHCP/DNS Update Interaction Works

    You can use the DHCP server to register and update the PTR and A resource records on behalf of its DHCP-enabled clients. When you do so, you must use an additional DHCP option, the Client FQDN option (option 81). This option permits the client to provide its FQDN as well as instructions to the DHCP server on how it would like the server to process DNS dynamic updates (if any) on its behalf.

    When this option is issued by a qualified DHCP client, such as a DHCP-enabled computer that is running Windows 2000, it is processed and interpreted by Windows 2000 DHCP servers to determine how the server initiates updates on behalf of the client.

    For example, you can use any of the following configurations to process client requests:
    • The DHCP server registers and updates client information with its configured DNS servers according to the client request.

      After you install a new DHCP server, this configuration becomes the default configuration for Windows 2000 DHCP servers and clients. In this mode, any Windows 2000 DHCP client can request the way in which the DHCP server performs updates of its host A and PTR resource records. If possible, the DHCP server accommodates the client request for handling updates to its name and IP address information in DNS.

      To configure the DHCP server to register client information according to the client's request, open the DHCP properties for the server, click the DNS tab, click Properties, and then click Update DNS only if DHCP client requests.
    • The DHCP server always registers and updates client information with its configured DNS servers.

      This configuration is a modified configuration that is supported for Windows 2000 DHCP servers and clients. In this mode, the DHCP server always performs updates of the client's FQDN and leased IP address information, both its host A and PTR resource records, regardless of whether the client has requested to perform its own updates.

      To configure a DHCP server to register and update client information with its configured DNS servers, open the DHCP properties for the server, click the DNS tab, click Properties, and then click Always update DNS.
    • The DHCP server never registers and updates client information with its configured DNS servers.

      To use this configuration, the DHCP server must be configured to disable performance of DHCP/DNS proxied updates. When you use this configuration, no client host A or PTR resource records are updated in DNS for DHCP clients.

      To configure the server to never update client information, open the DHCP properties for the DHCP server or one of its scopes on the Windows 2000 DHCP server, click the DNS tab, click Properties, and then clear the Automatically update DHCP client information in DNS check box. By default, updates are always performed for newly installed Windows 2000 DHCP servers and any new scopes that you create for them.



    Windows DHCP Clients and DNS Dynamic Update Protocol

    DHCP clients that are running Windows 2000 and earlier versions of Windows interact differently when they perform the DHCP/DNS interactions that are described in the preceding section. The following examples show how this process varies in different cases.

    An Example of a DHCP/DNS Update Interaction for Windows 2000 DHCP Clients

    Windows 2000 DHCP clients interact with DNS dynamic update protocol in the following manner:
    1. The client initiates a DHCP request message to the server.
    2. The server returns a DHCP acknowledgment message to the client, which grants an IP address lease.
    3. By default, the client sends a DNS update request to the DNS server for its own forward lookup record (a host A resource record).

      Alternately, the server can perform this update to the DNS server on behalf of the client if both the client and its configuration are modified accordingly.
    4. The server sends updates for the DHCP client's reverse lookup record (a PTR resource record) by using the process that is defined by the DNS dynamic update protocol.

    An Example of a DHCP/DNS Update Interaction for Windows DHCP Clients That Use a Version of Windows That Is Earlier Than Windows 2000

    Earlier versions of Windows DHCP clients do not support the DNS dynamic update process directly and cannot directly interact with the DNS server. For these DHCP clients, updates are typically handled in the following manner:
    1. The client initiates a DHCP request message (DHCPREQUEST) to the server.
    2. The server returns a DHCP acknowledgment message (DHCPACK) to the client, which grants an IP address lease.
    3. The server sends updates to the DNS server for the client's forward lookup record, which is a host A resource record.
    4. The server also sends updates for the client's reverse lookup record, which is a PTR resource record.



    Secure Dynamic Updates

    For Windows 2000, DNS update security is available only for zones that are integrated into Active Directory. After you directory-integrate a zone, you can use the access control list (ACL) editing features that are available in the DNS snap-in to add or remove users or groups from the ACL for a specified zone or resource record.

    For more information, see Windows 2000 Help and search for either "To modify security for a resource record" or "To modify security for a directory integrated zone."

    By default, dynamic update security for Windows 2000 DNS servers and clients is handled in the following manner:
    1. Windows 2000 DNS clients attempt to use unsecured dynamic updates first. If an unsecured update is refused, clients try to use a secure update.

      Also, clients use a default update policy that permits them to attempt to overwrite a previously registered resource record, unless they are specifically blocked by update security.
    2. After a zone becomes Active Directory-integrated, Windows 2000 DNS servers only allow secure dynamic updates by default.

    When you use standard zone storage, the DNS Server service does not allow dynamic updates on its zones by default. For zones that are either directory-integrated or use standard file-based storage, you can change the zone to allow all dynamic updates, which permits all updates to be accepted by passing the use of secure updates.

    Important For Windows 2000 Server, the DHCP Server service can perform proxy registration and update of DNS records for legacy clients that do not support dynamic updates.

    If you use multiple Windows 2000 DHCP servers on your network and configure your zones to allow secure dynamic updates only, use the Active Directory Users and Computers snap-in to add your DHCP server computers to the built-in DnsUpdateProxy group. When you do so, all of your DHCP servers have the secure rights to perform proxy updates for any of your DHCP clients. For more information, see Windows 2000 help and search for "Using DNS servers with DHCP" or "Manage groups"

    Caution In Windows 2000, the secure dynamic updates functionality can be compromised if you run a DHCP server on a domain controller if Windows 2000 DHCP server is configured to perform registration of DNS records on behalf of its clients. To avoid this issue, deploy DHCP servers and domain controllers on separate computers. If you are not concerned about security of reverse lookup PTR resource records, this precaution is only advisable if the DHCP server is configured to perform registration of host A resource records on behalf of its clients (which is not the default behavior).

    For more information, see the Security Considerations When You Use the DnsUpdateProxy group section of this article.

    How to Allow Only Secure Dynamic Updates


    1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
    2. Under DNS, expand the applicable DNS server, expand Forward Lookup Zones (or Reverse Lookup Zones) , and then click the applicable zone.
    3. On the Action menu, click Properties.
    4. On the General tab, verify that the zone type is Active Directory-integrated.
    5. In the Allow dynamic updates? box, click Only secure updates.

    Caution In Windows 2000, the secure dynamic updates functionality can be compromised if you run a DHCP server on a domain controller and Windows 2000 DHCP server is configured to perform registration of DNS records on behalf of its clients. To avoid this issue, deploy DHCP servers and domain controllers on separate computers. If you are not concerned about security of reverse lookup PTR resource records, this precaution is only advisable if the DHCP server is configured to perform registration of host A resource records on behalf of its clients (which is not a default behavior).

    Notes
    • The secure dynamic update functionality is supported only for Active Directory-integrated zones. If you configure a different zone type, you must change the zone type and directory integrate the zone before you secure it for DNS dynamic updates.
    • Dynamic update is an RFC-compliant extension to the DNS standard. The DNS update process is defined in RFC 2136, "Dynamic Updates in the Domain Name System (DNS UPDATES)."



    How to Use the DnsUpdateProxy Security Group

    You can configure a Windows 2000 DHCP server so that it dynamically registers host A and PTR resource records on behalf of DHCP clients. If you use secure dynamic updates in this configuration with Windows 2000 DNS servers, resource records may become stale.

    For example, consider the following scenario:
    1. A Windows 2000 DHCP server (DHCP1) performs a secure dynamic update on behalf of one of its clients for a specific DNS domain name.
    2. Because the DHCP server successfully created the name, it becomes the owner of the name.
    3. After the DHCP server becomes the owner of the client name, only that DHCP server can update the name.

    In some circumstances, this process may cause problems. For example, if DHCP1 fails and a second backup DHCP server comes online, the backup server cannot update the client name because it is not the owner of the name.

    In a similar example, DHCP1 registers client the name "host.example.microsoft.com" in DNS on behalf of its clients, and then you upgrade that computer from an earlier version of Windows to Windows 2000. Because the DHCP server (DHCP1) is the owner of this name, the client cannot update its DNS records after the computer is upgraded to Windows 2000.

    To resolve this problem, a new built-in security group called DnsUpdateProxy is provided in Windows. Any object that is created by the members of this group has no security. The first user that is not a member of the DnsUpdateProxy group to modify the set of records that is associated with a client becomes its owner. Therefore, if every DHCP server that is registering resource records for older clients is a member of this group, you do not have problems with updates that result from ownership.

    How to Add Members to the DnsUpdateProxy Group

    Use the Active Directory Users and Computers snap-in to configure the DnsUpdateProxy security group. For more information, refer to Windows 2000 help, and search for "To add a member to a group".

    Note If you are using multiple DHCP servers for fault tolerance and you use secure dynamic updates, add each of the computers that are operating a Windows 2000 DHCP server to the DnsUpdateProxy global security group.

    Security Considerations When You Use the DnsUpdateProxy Group

    You can resolve some DNS update concerns about maintaining secure updates if you add all DHCP servers to the DnsUpdateProxy group. However, you face additional security concerns when you add all DCHP severs to this group.

    For example, any DNS domain names that are registered by the computer that is running the DHCP server are not secure. The host A resource record for the DHCP server itself is not secure. This issue is more significant if the DHCP server that is a member of the DnsUpdateProxy group is installed on a domain controller. To prevent this problem, manually specify a different owner for any DNS records that are associated with the DHCP server itself.

    In this case, all service location (SRV), host A, or alias (CNAME) resource records that are registered by the Netlogon service for the domain controller are not secure. To prevent this problem, do not install a DHCP server on a domain controller.

    If you run a Windows 2000 DHCP server on a Windows 2000 domain controller, the DHCP server has full control over all DNS objects stored in Active Directory because the DHCP server is running under the computer account (in this case, the domain controller).



    Configuring DNS Dynamic Update

    The dynamic update functionality that is included in Windows 2000 follows RFC 2136. Dynamic update allows clients and servers to register DNS domain names (PTR resource records) and IP address mappings (A resource records) to an RFC 2136-compliant DNS server.

    A Windows 2000 Professional-based computer does not have to use dynamic update to be a member of a Windows 2000 domain; however, your administrative workload increases because you are required to manually update DNS information in this scenario. In Windows 2000, clients can send dynamic updates for three different types of network adapters: DHCP adapters, statically configured adapters, and remote access adapters. Regardless of the adapter that is used, the DHCP Client service sends dynamic updates to the authoritative DNS server. The DHCP Client service runs on all computers regardless of whether they are configured as DHCP clients.

    How to Configure DNS Dynamic Update for DHCP Clients

    By default, Windows 2000-based DHCP clients are configured to request that the client register the A resource record and the server register the PTR resource record. By default, the name that is used in the DNS registration is a concatenation of the computer name and the primary DNS suffix. To change this default name, open the TCP/IP properties of your network connection.

    To change the dynamic update defaults on the dynamic update client:
    1. Right-click My Network Places, and then click Properties.
    2. Right-click the connection that you want to configure, and then click Properties.
    3. Click Internet Protocol (TCP/IP), click Properties, click Advanced, and then click the DNS tab.

      By default, Register this connection's address in DNS is selected and Use this connection's DNS suffix in DNS registration is not selected. This default configuration causes the client to request that the client register the A resource record and the server register the PTR resource record. In this case, the name to be used in DNS registration is a concatenation of the computer name and primary DNS suffix of the computer.
    4. Click to select the Use this connection's DNS suffix check box in DNS registration.

      If you select this check box, the client requests that the server update the PTR record by using the name that is a concatenation of the computer name and the connection-specific DNS suffix. If the DHCP server is configured to register DNS records according to the client's request, the client registers the following records:
      • The PTR record, which uses the name that is a concatenation of the computer name and the primary DNS suffix.
      • The A record, which uses the name that is a concatenation of the computer name and the primary DNS suffix.
      • The A record, which uses the name that is a concatenation of the computer name and the connection-specific DNS suffix.
    5. To configure the client to make no requests for DNS registration, click to clear the Register this connection's address in DNS check box. If you clear this check box, the client does not attempt to register any A or PTR DNS records that correspond to this connection.

    DNS Dynamic Update on Statically Configured and Remote Access Clients

    Statically configured clients and remote access clients do not communicate with the DHCP server. Statically configured Windows 2000-based clients dynamically update their A and PTR resource records every time they start in case the records become corrupted in the DNS database. Remote access clients dynamically update A and PTR resource records when a dial-up connection is made. They also attempt to unregister the A and PTR resource records when the user closes down the connection. However, if a remote access client fails to unregister a resource record within four seconds, the connection is closed, and the DNS database contains a stale record. If the remote access client fails to unregister a resource record, it adds a message to the event log, which you can view by using the Event Viewer. The remote access client never deletes stale records.

    How to Configure DNS Dynamic Update on Multiple-Homed Clients

    If a dynamic update client is multiple-homed (if it has more than one adapter and an associated IP address), it registers all of its IP addresses with DNS by default. If you do not want the client to register all of its IP addresses, you can configure it to not register one or more IP addresses in the network connection properties.

    To prevent the computer from registering all its IP addresses:
    1. Right-click My Network Places, and then click Properties.
    2. Click the connection that you want to configure, and then click Properties.
    3. Click Internet Protocol (TCP/IP), click Properties, click Advanced, and then click the DNS tab.
    4. Click to clear the Register this connection's address in DNS check box.

    You can also configure the computer to register its domain name in DNS. For example, if you have a client that is connected to two different networks, you can configure the client to have a different domain name on each network.

    How to Configure DNS Dynamic Update on a Windows 2000 DNS Client Computer

    To configure DNS dynamic update on a Windows 2000 DNS client computer:
    1. Click Start, point to Settings, and then click Network and Dial-up Connections.
    2. Right-click the network connection that you want to configure, and then click Properties.
    3. Click either the General tab (for the local area connection) or the Networking tab (for all other connections), click Internet Protocol (TCP/IP), and then click Properties.
    4. Click Advanced, and then click the DNS tab.
    5. To use DNS dynamic update to register both the IP addresses for this connection and the full computer name of the computer, click to select the Register this connection's addresses in DNS check box. This check box is selected by default.
    6. To configure a connection-specific DNS suffix, type the DNS suffix in the DNS suffix for this connection box.
    7. To use DNS dynamic update to register the IP addresses and the connection-specific domain name for this connection, click to select the Use this connection's DNS suffix in DNS registration check box. This check box is selected by default.

    How to Configure DNS Dynamic Update on a Windows 2000 DNS Server

    To enable DNS dynamic update on a Windows 2000 DNS server:
    1. Click Start, point to Programs, point to Administrative Tools, and then click DNS.
    2. Click the appropriate zone under either Forward Lookup Zones or Reverse Lookup Zones.
    3. On the Action menu, click Properties.
    4. On the General tab, verify that the zone type is either Primary or Active Directory-integrated.
    5. If the zone type is Primary, click Yes in the Allow dynamic updates? list.
    6. If the zone types is Active Directory-integrated, click either Yes or Only secure updates in the Allow dynamic updates? list, depending on whether you want DNS dynamic updates to be secure.

    How to Configure DNS Dynamic Update on a Windows 2000 DHCP Server

    To configure DNS dynamic update for a Windows 2000 DHCP server:
    1. Click Start, point to Programs, point to Administrative Tools, and then click DHCP.
    2. Click the appropriate DHCP server or a scope on the appropriate DHCP server.
    3. On the Action menu, click Properties.
    4. Click the DNS tab.
    5. To enable DNS dynamic update for DHCP clients that support it, click to select the Automatically update DHCP client information in DNS check box. This check box is selected by default.
    6. To enable DNS dynamic update for DHCP clients that do not support it, click to select the Enable updates for DNS clients that do not support dynamic updates check box. This check box is selected by default.

    How to Enable DNS Dynamic Updates to a DNS Server

    Windows 2000 DHCP and DNS servers now support dynamic updates to a DNS server. Windows 2000 clients can dynamically update their forward lookup records themselves with the DNS server after the clients obtain a new IP address from a DHCP server.

    In Windows 2000 DHCP server, you can dynamically update the DNS records for pre-Windows 2000 clients that cannot do it for themselves. This feature currently works only with the Windows 2000 DHCP and DNS servers.

    To enable a DHCP server to dynamically update the DNS records of its clients:
    1. Select the scope or DHCP server on which you want to permit dynamic DNS updates.
    2. On the Action menu, click Properties, and then click the DNS tab.
    3. Click to select the Automatically Update DHCP Client Information In DNS check box.
    4. To update a client's DNS records based on the type of DHCP request that the client makes and only when it is requested, click Update DNS Only If DHCP Client Requests.
    5. To always update a client's forward and reverse lookup records, click Always Update DNS.
    6. Click to select the Discard Forward Lookups When Leases Expire check box to have the DHCP server delete the Host resource record for a client when its DHCP lease expires and is not renewed.
    7. Click to select the Enable Updates For DNS Clients That Do Not Support Dynamic Updates check box to enable the DHCP server to update the forward and reverse lookup records for clients that cannot update their own forward lookup records. If you do not select this check box, the DHCP server does not automatically update the DNS records of non-Windows 2000 clients.



    Additional Advanced DHCP/DNS Server Configuration Options

    In addition to the standard DHCP/DNS interactions, you can configure the Windows 2000 DHCP server to perform the following optional update tasks:
    • You can configure the server to not send updates for a discarded client host (A) resource record when the client lease expires.

      When you enable the DHCP server to perform DNS updates, the server always sends updates to discard the client PTR resource records when the lease expires. You can configure the server to discard client host A resource records when a client's lease expires (by default, the server discards these records).

      To modify this setting at the applicable DHCP server, open the DHCP properties, click the DNS tab, click Properties , and then clear the Discard forward (name-to-address) lookups when leases expires check box.
    • You can configure the server to not send updates for clients that cannot use the Client FQDN option (option 81) to request the way that updates are handled.

      By default, the DHCP server sends updates for clients that do not support option 81. This allows the server to perform proxy updates in DNS for all of its DHCP clients that are running earlier versions of Windows operating systems.

      To modify this setting at the applicable DHCP server, open the DHCP properties, click the DNS tab, click Properties, and then click to clear or click to select the Enable updates for DNS clients that do not support dynamic updates check box.



    How to Disable DNS Dynamic Update

    Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: 322756 (How to back up and restore the registry in Windows XP ) How to back up and restore the registry in Windows

    Dynamic update is configured on Windows 2000 Professional-based clients by default. To disable dynamic update for all network interfaces:
    1. Start Registry Editor (Regedt32.exe).
    2. Locate and click the following registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ Tcpip\Parameters
    3. Add the following value: Value name: DisableDynamicUpdate
      Data type: REG_DWORD
      Data value: 0x1

    To disable dynamic update for all a specific interface:
    1. Start Registry Editor (Regedt32.exe).
    2. Locate and click the following registry key, where interface is the device ID of the network interface card for the interface for which you want to disable dynamic update:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ Tcpip\Parameters\Interfaces\interface
    3. Add the following value: Value name: DisableDynamicUpdate
      Data type: REG_DWORD
      Data value: 0x1



    Troubleshooting

    For additional information about how to troubleshoot DNS Dynamic Update in Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base: 287156 (Troubleshooting Windows 2000 Domain Name System Dynamic Update Problems ) Troubleshooting Windows 2000 DNS dynamic update problems


    REFERENCE

    For additional information about DNS dynamic updates, refer to the following resources: is available from the following Resources:
    Windows 2000 DNS White Paper (Windows 2000 DNS)

    "Introduction to DNS" chapter in the Windows 2000 Server Resource Kit (Introduction to DNS)

    "Windows 2000 DNS" chapter in the Windows 2000 Server Resource Kit (Windows 2000 DNS)

    Dynamic Host Configuration Protocol for Windows 2000 Server (Dynamic Host Configuration Protocol for Windows 2000)
    For additional information about DNS dynamic updates in Microsoft Windows 2003, click the following article number to view the article in the Microsoft Knowledge Base: 816592 (How to configure DNS dynamic updates in Windows Server 2003 ) How to configure DNS dynamic update in Windows 2003



    APPLIES TO


    • Microsoft Windows 2000 Server
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Professional Edition







    موضوعات مشابه:
    ipouyesh سپاسگزاری کرده است.

  2. #2
    نام حقيقي: 1234

    مدیر بازنشسته
    تاریخ عضویت
    Jul 2009
    محل سکونت
    5678
    نوشته
    5,634
    سپاسگزاری شده
    2513
    سپاسگزاری کرده
    272
    کد:
    http://support.microsoft.com/?scid=kb%3Ben-us%3B816592&x=12&y=11


    How to configure DNS dynamic updates in Windows Server 2003



    This article describes how to configure the DNS update functionality in Microsoft Windows Server 2003. The DNS update functionality enables DNS client computers to register and to dynamically update their resource records with a DNS server whenever changes occur. If you use this functionality, you can reduce the requirement for manual administration of zone records, especially for clients that frequently move and use Dynamic Host Configuration Protocol (DHCP) to obtain an IP address.

    Windows Server 2003 provides support for the dynamic update functionality as described in Request for Comments (RFC) 2136. For DNS servers, the DNS service permits you to enable or to disable the DNS update functionality on a per-zone basis at each server that is configured to load either a standard primary or directory-integrated zone.



    Windows Server 2003 DNS update features

    The DNS service lets client computers dynamically update their resource records in DNS. When you use this functionality, you improve DNS administration by reducing the time that it requires to manually manage zone records. You can use the DNS update functionality with DHCP to update resource records when a computer's IP address is changed. Computers that are running Windows Server 2003 can send dynamic updates.

    Windows Server 2003 provides the following features that are related to the DNS dynamic update protocol:
    • Use of Active Directory directory service as a locator service for domain controllers.
    • Integration with Active Directory.

      You can integrate DNS zones into Active Directory to provide increased fault tolerance and security. Every Active Directory-integrated zone is replicated among all domain controllers in the Active Directory domain. All DNS servers that are running on these domain controllers can act as primary servers for the zone and accept dynamic updates. Active Directory replicates on a per-property basis and propagates only relevant changes.
    • Aging and scavenging of records.

      The DNS Server service can scan and remove records that are no longer required. When you enable this feature, you can prevent outdated records from remaining in DNS.
    • Secure dynamic updates in Active Directory-integrated zones.

      You can configure Active Directory-integrated zones for secure dynamic updates so that only authorized users can make changes to a zone or to a record.
    • Administration from a command prompt.
    • Enhanced name resolution.
    • Enhanced caching and negative caching.
    • Interoperability with other DNS server implementations.
    • Integration with other network services.
    • Incremental zone transfer.



    How Windows Server 2003-based computers update their DNS names

    By default, computers that run Windows Server 2003 and that are statically configured for TCP/IP try to dynamically register host address (A) and pointer (PTR) resource records for IP addresses that are configured and used by their installed network connections. By default, all computer register records are based on the full computer name.

    For Windows Server 2003-based computers, the primary full computer name is a fully qualified domain name (FQDN). Additionally, the primary full computer name is the primary DNS suffix of the computer that is appended to the computer name. To determine the primary DNS suffix of the computer and the computer name, right-click My Computer, click Properties, and then click Computer Name.

    DNS updates can be sent for any one of the following reasons or events:
    • An IP address is added, removed, or modified in the TCP/IP properties configuration for any one of the installed network connections.
    • An IP address lease changes or renews any one of the installed network connections with the DHCP server. For example, this update occurs when the computer is started or when you use the ipconfig /renew command.
    • You use the ipconfig /registerdns command to manually force an update of the client name registration in DNS.
    • The computer is turned on.
    • A member server is promoted to a domain controller.

    When one of these events triggers a DNS update, the DHCP Client service, not the DNS Client service, sends updates. If a change to the IP address information occurs because of DHCP, corresponding updates in DNS are performed to synchronize name-to-address mappings for the computer. The DHCP Client service performs this function for all network connections on the system. This includes connections that are not configured to use DHCP.

    Notes
    • The update process for Windows Server 2003-based computers that use DHCP to obtain their IP address is different from the process that is described in this section. For more information, see the "Integration of DHCP with DNS" section and the "Windows DHCP clients and DNS dynamic update protocol" section.
    • The update process that is described in this section assumes that Windows Server 2003 installation defaults are in effect. Specific names and update behavior is tunable when advanced TCP/IP properties are configured to use non-default DNS settings.
    • Besides the full computer name, or the primary name, of the computer, you can configure additional connection-specific DNS names and optionally register or update them in DNS.

    By default, Windows XP and Windows Server 2003 reregister their A and PTR resource records every 24 hours regardless of the computer's role. To change this time, add the DefaultRegistrationRefreshInterval registry entry under the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TcpIp\Parameters
    The interval is set in seconds.
    An example of how DNS updates work

    For Windows Server 2003, dynamic updates are typically requested when either a DNS name or an IP address changes on the computer. For example, a client named "oldhost" is first configured in system properties to have the following names: Computer name: oldhost
    DNS domain name of computer: example.microsoft.com
    Full computer name: oldhost.example.microsoft.com
    In this example, no connection-specific DNS domain names are configured for the computer. If you rename the computer from "oldhost" to "newhost", the following name changes occur: Computer name: newhost
    DNS domain name of computer: example.microsoft.com
    Full computer name: newhost.example.microsoft.com

    After the name change is applied in System Properties, Windows Server 2003 prompts you to restart the computer. After the computer restarts Windows, the DHCP Client service performs the following sequence to update DNS:
    1. The DHCP Client service sends a start of authority (SOA) type query by using the DNS domain name of the computer.

      The client computer uses the currently configured FQDN of the computer, such as "newhost.example.microsoft.com", as the name specified in this query.
    2. The authoritative DNS server for the zone that contains the client FQDN responds to the SOA-type query.

      For standard primary zones, the primary server, or owner, that is returned in the SOA query response is fixed and static. The primary server name always matches the exact DNS name as that name is displayed in the SOA resource record that is stored with the zone. However, if the zone that is being updated is directory-integrated, any DNS server that is loading the zone can respond and dynamically insert its own name as the primary server of the zone in the SOA query response.
    3. The DHCP Client service tries to contact the primary DNS server.

      The client processes the SOA query response for its name to determine the IP address of the DNS server that is authorized as the primary server for accepting its name. If it is required, the client performs the following steps to contact and dynamically update its primary server:
      1. The client sends a dynamic update request to the primary server that is determined in the SOA query response.

        If the update succeeds, no additional action is taken.
      2. If this update fails, the client next sends an NS-type query for the zone name that is specified in the SOA record.
      3. When the client receives a response to this query, the client sends an SOA query to the first DNS server that is listed in the response.
      4. After the SOA query is resolved, the client sends a dynamic update to the server that is specified in the returned SOA record.

        If the update succeeds, no additional action is taken.
      5. If this update fails, the client repeats the SOA query process by sending to the next DNS server that is listed in the response.
    4. After the primary server that can perform the update is contacted, the client sends the update request, and the server processes it.

      The contents of the update request include instructions to add A, and possibly PTR, resource records for "newhost.example.microsoft.com" and to remove these same record types for "oldhost.example.microsoft.com". ("oldhost.example.microsoft.com" is the name that was previously registered.)

      The server also checks to make sure that updates are permitted for the client request. For standard primary zones, dynamic updates are not secured. Any client attempt to update succeeds. For Active Directory-integrated zones, updates are secured and performed using directory-based security settings.

    Dynamic updates are sent or refreshed periodically. By default, computers send an update every twenty-four hours. If the update causes no changes to zone data, the zone remains at its current version, and no changes are written. Updates that cause actual zone changes or increased zone transfers occur only if names or addresses actually change.

    Note Names are not removed from DNS zones if they become inactive or if they are not updated within the update interval of twenty-four hours. DNS does not use a mechanism to release or to tombstone names, although DNS clients do try to delete or to update old name records when a new name or address change is applied

    When the DHCP Client service registers A and PTR resource records for a Windows Server 2003-based computer, the client uses a default caching time-to-live (TTL) value of 15 minutes for host records. This value determines how long other DNS servers and clients cache a computer's records when they are included in a query response.



    Integration of DHCP with DNS

    With Windows Server 2003, a DHCP server can enable dynamic updates in the DNS namespace for any one of its clients that support these updates. Scope clients can use the DNS dynamic update protocol to update their host name-to-address mapping information whenever changes occur to their DHCP-assigned address. (This mapping information is stored in zones on the DNS server.) A Windows Server 2003-based DHCP server can perform updates on behalf of its DHCP clients to any DNS server.

    How DHCP/DNS update interaction works

    You can use the DHCP server to register and update the PTR and A resource records on behalf of the server's DHCP-enabled clients. When you do this, you must use an additional DHCP option, the Client FQDN option (option 81). This option lets the client send its FQDN to the DHCP server in the DHCPREQUEST packet. This enables the client to notify the DHCP server as to the service level it requires.

    The FQDN option includes the following six fields:
    • Code
      Specifies the code for this option (81).
    • Len
      Specifies the length of this option . (This must be a minimum of 4.)
    • Flags
      Specifies the type of service.
    • 0
      Client will register the "A" (Host) record.
    • 1
      Client wants DHCP to register the "A" (Host) record.
    • 3
      DHCP will register the "A" (Host) record regardless of the client's request.
    • RCODE1
      Specifies a response code the server is sending to the client.
    • RCODE2
      Specifies an additional delineation of RCODE1.
    • Domain Name
      Specifies the FQDN of the client.

    If the client requests to register its resource records with DNS, the client is responsible for generating the dynamic UPDATE request per Request for Comments (RFC) 2136. Then, the DHCP server registers its PTR (pointer) record.

    Assume that this option is issued by a qualified DHCP client, such as a DHCP-enabled computer that is running Windows Server 2003, Microsoft Windows 2000, or Microsoft Windows XP. In this case, the option is processed and interpreted by Windows Server 2003-based DHCP servers to determine how the server initiates updates on behalf of the client.

    For example, you can use any one of the following configurations to process client requests:
    • The DHCP server registers and updates client information with its configured DNS servers according to the client request.

      This is the default configuration for Windows Server 2003-based DHCP servers and clients that are running Windows Server 2003, Windows 2000, or Windows XP. In this mode, any one of these Windows DHCP clients can specify the way that the DHCP server updates its host A and PTR resource records. If it is possible, the DHCP server handles the client request for handling updates to its name and IP address information in DNS.

      To configure the DHCP server to register client information according to the client's request, follow these steps:
      1. Open the DHCP properties for the server or the individual scope.
      2. Click the DNS tab, click Properties, and then click to select the Dynamically update DNS A and PTR records only if requested by the DHCP clients check box.
    • The DHCP server always registers and updates client information with its configured DNS servers.

      This is a modified configuration supported for Windows Server 2003-based DHCP servers and clients that are running Windows Server 2003, Windows 2000, or Windows XP. In this mode, the DHCP server always performs updates of the client's FQDN and leased IP address information regardless of whether the client has requested to perform its own updates.

      To configure a DHCP server to register and to update client information with its configured DNS servers, follow these steps:
      1. Open the DHCP properties for the server
      2. Click DNS, click Properties, click to select the Enable DNS dynamic updates according to the settings below check box, and then click Always dynamically update DNS A and PTR records.
    • The DHCP server never registers and updates client information with its configured DNS servers.

      To use this configuration, the DHCP server must be configured to disable performance of DHCP/DNS proxied updates. When you use this configuration, no client host A or PTR resource records are updated in DNS for DHCP clients.

      To configure the server to never update client information, follow these steps:
      1. Open the DHCP properties for the DHCP server or one of its scopes on the Windows Server 2003-based DHCP server.
      2. Click DNS, click Properties, and then clear the Enable DNS dynamic updates according to the settings below check box.

      By default, updates are always performed for newly installed Windows Server 2003-based DHCP servers and any new scopes that you create for them.



    Windows DHCP clients and DNS dynamic update protocol

    DHCP clients that are running Windows Server 2003, Windows 2000, Windows XP, or earlier operating systems can interact differently when they perform the DHCP/DNS interactions. The following examples show how this process varies in different cases.

    An example of a DHCP/DNS update interaction for Windows Server 2003-based, Windows 2000-based, and Windows XP-based DHCP clients

    Clients that are running Windows Server 2003, Windows 2000, or Windows XP DHCP interact with DNS dynamic update protocol in the following manner:
    1. The client initiates a DHCP request message (DHCPREQUEST) to the server. The request includes option 81.
    2. The server returns a DHCP acknowledgement message (DHCPACK) to the client. The client grants an IP address lease and includes option 81. If the DHCP server is configured with the default settings, option 81 tells the client that the DHCP server will register the DNS PTR record and that the client will register the DNS A record.
    3. Asynchronously, the client sends a DNS update request to the DNS server for its own forward lookup record, a host A resource record.
    4. The DHCP server registers the PTR record of the client.

    An example of a DHCP/DNS update interaction for Windows-based DHCP clients that use a version of Windows that is earlier than Windows Server 2003

    Earlier versions of Windows-based DHCP clients do not support the DNS dynamic update process directly and cannot directly interact with the DNS server. For these DHCP clients, updates are typically handled in the following manner:
    1. The client initiates a DHCP request message (DHCPREQUEST) to the server. This request does not include option 81.
    2. The server returns a DHCP acknowledgement message (DHCPACK) to the client. The client grants an IP address lease, without option 81.
    3. The server sends updates to the DNS server for the client's forward lookup record, the host A resource record, and sends an update for the client's PTR reverse lookup record.



    Secure dynamic updates

    For Windows Server 2003, DNS update security is available only for zones that are integrated into Active Directory. After you integrate a zone, you can use the access control list (ACL) editing features that are available in the DNS snap-in to add or to remove users or groups from the ACL for a specific zone or for a resource record.

    For more information, search for the "To modify security for a resource record" topic or the "To modify security for a directory integrated zone" topic in Windows Server 2003 Help.

    By default, dynamic update security for Windows Server 2003 DNS servers and clients is handled in the following manner:
    1. Windows Server 2003-based DNS clients try to use nonsecure dynamic updates first. If the nonsecure update is refused, clients try to use a secure update.

      Also, clients use a default update policy that lets them to try to overwrite a previously registered resource record, unless they are specifically blocked by update security.
    2. By default, after a zone becomes Active Directory-integrated, Windows Server 2003-based DNS servers enable only secure dynamic updates.

    By default, when you use standard zone storage, the DNS Server service does not enable dynamic updates on its zones. For zones that are either directory-integrated or use standard file-based storage, you can change the zone to enable all dynamic updates. This enables all updates to be accepted by passing the use of secure updates.

    Important The DHCP Server service can perform proxy registration and update of DNS records for legacy clients that do not support dynamic updates. For more information, see the "Using DNS servers with DHCP" topic in Windows Server 2003 Help.

    If you use multiple Windows Server 2003-based DHCP servers on your network and if you configure your zones to enable secure dynamic updates only, use the Active Directory Users and Computers snap-in to add your DHCP server computers to the built-in DnsUpdateProxy group. When you do this, all your DHCP servers have the secure rights to perform proxy updates for any one of your DHCP clients. For more information, see the "Using DNS servers with DHCP" topic or the "Manage groups" topic in Windows Server 2003 Help.

    Caution The secure dynamic updates functionality can be compromised if the following conditions are true:
    • You run a DHCP server on a Windows Server 2003-based domain controller
    • The DHCP server is configured to perform registration of DNS records on behalf of its clients.

    To avoid this issue, deploy DHCP servers and domain controllers on separate computers, or configure the DHCP server to use a dedicated user account for dynamic updates. For more information, see the "Using DNS servers with DHCP" topic in Windows Server 2003 Help.

    For more information, see the "Security considerations when you use the DnsUpdateProxy group" section.

    Enable only secure dynamic updates


    1. Click Start, point to Administrative Tools, and then click DNS.
    2. Under DNS, double-click the applicable DNS server, double-click Forward Lookup Zones or Reverse Lookup Zones, and then right-click the applicable zone.
    3. Click Properties.
    4. On the General tab, verify that the zone type is Active Directory-integrated.
    5. In the Dynamic updates box, click Secure only.
    6. Click OK.

    Note The secure dynamic update functionality is supported only for Active Directory-integrated zones. If you configure a different zone type, change the zone type, and then integrate the zone before you secure it for DNS updates. Dynamic update is an RFC-compliant extension to the DNS standard. The DNS update process is defined in RFC 2136, "Dynamic Updates in the Domain Name System (DNS UPDATE)".



    Use the DnsUpdateProxy security group

    You can configure a Windows Server 2003-based DHCP server so that it dynamically registers host A and PTR resource records on behalf of DHCP clients. If you use secure dynamic updates in this configuration with Windows Server 2003-based DNS servers, resource records may become stale.

    For example, consider the following scenario:
    1. A Windows Server 2003 DHCP server (DHCP1) performs a secure dynamic update on behalf of one of its clients for a specific DNS domain name.
    2. Because the DHCP server successfully created the name, it becomes the owner of the name.
    3. After the DHCP server becomes the owner of the client name, only that DHCP server can update the name.

    In some circumstances, this scenario may cause problems. For example, if DHCP1 fails and a second backup DHCP server comes online, the backup server cannot update the client name because the server is not the owner of the name.

    In another example, assume that the DHCP server performs dynamic updates for legacy clients. If you upgrade those clients to Windows Server 2003, Windows 2000, or Windows XP, the upgraded client cannot take ownership or update its DNS records.

    To solve this problem, a built-in security group named DnsUpdateProxy is provided. If all DHCP servers are added to the DnsUpdateProxy group, the records of one server can be updated by another server if the first server fails. Also, all the objects that are created by the members of the DnsUpdateProxy group are not secured. Therefore, the first user who is not a member of the DnsUpdateProxy group and that modifies the set of records that is associated with a DNS name becomes its owner. When legacy clients are upgraded, they can take ownership of their name records at the DNS server. If every DHCP server that registers resource records for legacy clients is a member of the DnsUpdateProxy group, many problems are eliminated.

    Add members to the DnsUpdateProxy group

    Use the Active Directory Users and Computers snap-in to configure the DnsUpdateProxy security group.

    Note If you are using multiple DHCP servers for fault tolerance and secure dynamic updates, add each server to the DnsUpdateProxy global security group.

    Security considerations when you use the DnsUpdateProxy group

    DNS domain names that are registered by the DHCP server are not secure if the DHCP server is a member of the DnsUpdateProxy group. The host (A) resource record for the DHCP server itself is an example of such a record. Also, objects that are created by the members of the DnsUpdateProxy group are not secure. Therefore, you cannot use this group effectively in an Active Directory-integrated zone that enables only secure dynamic updates unless you take additional steps to enable records that are created by members of the group to be secured.

    To help protect against nonsecure records or to enable members of the DnsUpdateProxy group to register records in zones that enable only secured dynamic updates, follow these steps:
    1. Create a dedicated user account.
    2. Configure DHCP servers to perform DNS dynamic updates with the user account credentials. (These credentials are the user name, the password, and the domain.)

    The credentials of one dedicated user account can be used by multiple DHCP servers.

    A dedicated user account is a user account whose sole purpose is to supply DHCP servers with credentials for DNS dynamic update registrations. Assume that you have created a dedicated user account and configured DHCP servers with the account credentials. Each DHCP server will supply these credentials when it registers names on behalf of DHCP clients that are using DNS dynamic update. The dedicated user account should be created in the forest where the primary DNS server for the zone to be updated resides. The dedicated user account can also be located in another forest. However, the forest that the account resides in must have a forest trust established with the forest that contains the primary DNS server for the zone to be updated.

    When the DHCP Server service is installed on a domain controller, you can configure the DHCP server by using the credentials of the dedicated user account to prevent the server from inheriting, and possibly misusing, the power of the domain controller. When the DHCP Server service is installed on a domain controller, it inherits the security permissions of the domain controller. The service also has the authority to update or delete any DNS record that is registered in a secure Active Directory-integrated zone. (This includes records that were securely registered by other Windows 2000-based or Windows Server 2003-based computers, and by domain controllers.)



    Configure DNS dynamic updates

    The dynamic update functionality that is included in Windows Server 2003 follows RFC 2136. Dynamic update enables clients and servers to register DNS domain names (PTR resource records) and IP address mappings (A resource records) to an RFC 2136-compliant DNS server.

    Configure DNS dynamic updates for DHCP clients

    By default, Windows Server 2003-based, Windows 2000-based, and Windows XP-based DHCP clients are configured to request that the client register the A resource record and that the server register the PTR resource record. By default, the name that is used in the DNS registration is a concatenation of the computer name and the primary DNS suffix. To change this default name, open the TCP/IP properties of your network connection.

    To change the dynamic update defaults on the dynamic update client, follow these steps:
    1. In Control Panel, double-click Network Connections.
    2. Right-click the connection that you want to configure, and then click Properties.
    3. Click Internet Protocol (TCP/IP), click Properties, and then click Advanced.
    4. Click DNS.

      By default, Register this connection's address in DNS is selected and Use this connection's DNS suffix in DNS registration is not selected. This default configuration causes the client to request that the client register the A resource record and the server register the PTR resource record.
    5. Click to select the Use this connection's DNS suffix in DNS registration check box.

      The client will then request that the server update the PTR record by using the FQDN. If the DHCP server is configured to register DNS records according to the client's request, the client registers the following records:
      • The PTR record.
      • The A record that uses the name that is a concatenation of the computer name and the primary DNS suffix.
      • The A record that uses the name that is a concatenation of the computer name and the connection-specific DNS suffix.
    6. To configure the client to make no requests for DNS registration, click to clear the Register this connection's address in DNS check box.

    Configure DNS dynamic updates on multihomed client computers

    If a dynamic update client is multihomed, it registers all its IP addresses with DNS by default. ( A client is multihomed if it has more than one adaptor and an associated IP address.)If you do not want the client to register all its IP addresses, you can configure it not to register one or more IP addresses in the network connection properties.

    To prevent the computer from registering all its IP addresses, follow these steps:
    1. In Control Panel, double-click Network Connections.
    2. Right-click the connection that you want to configure, and then click Properties.
    3. Click Internet Protocol (TCP/IP), click Properties, and then click Advanced.
    4. Click DNS.
    5. Click to clear the Register this connection's address in DNS check box.

    You can also configure the computer to register its domain name in DNS. For example, if you have a client that is connected to two different networks, you can configure the client to have a different domain name on each network.

    Configure DNS dynamic updates on a Windows Server 2003-based DHCP server

    To configure DNS dynamic update for a Windows Server 2003-based DHCP server, follow these steps:
    1. Click Start, point to Administrative Tools, and then click DHCP.
    2. Right-click the appropriate DHCP server or scope, and then click Properties.
    3. Click DNS.
    4. Click to select the Enable DNS dynamic updates according to the settings below check box to enable DNS dynamic update for clients that support dynamic update.

      Note By default, this check box is selected.
    5. To enable DNS dynamic update for DHCP clients that do not support it, click to select the Dynamically update DNS A and PTR records for DHCP clients that do not request for updates (for example, clients that are running Windows NT 4.0) check box.
    6. Click OK.

    Enable DNS dynamic updates to a DNS server

    On a Windows Server 2003-based DHCP server, you can dynamically update the DNS records for pre-Windows Server 2003-based clients that cannot do it for themselves.

    To enable a DHCP server to dynamically update the DNS records of its clients, follow these steps:
    1. In the DHCP management console, select the scope or the DHCP server that you want to enable DNS updates for.
    2. On the Action menu, click Properties, and then click DNS.
    3. Click to select the Enable DNS dynamic updates according to the settings below check box.
    4. To update a client's DNS records based on the type of DHCP request that the client makes, click to select Dynamically update DNS A and PTR records only if requested by the DHCP clients. (This update will only occur only when the client makes a request.)
    5. To always update a client's forward and reverse lookup records, click to select Always dynamically update DNS A and PTR records.
    6. Click to select the Discard A and PTR records when lease is deleted check box to have the DHCP server delete the record for a client when its DHCP lease expires and is not renewed.




    Disable DNS dynamic updates

    Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: 322756 (How to back up and restore the registry in Windows XP ) How to back up and restore the registry in Windows


    By default, dynamic updates are configured on Windows Server 2003-based clients. To disable dynamic updates for all network interfaces, follow these steps:
    1. Click Start, click Run, type regedit, and then click OK.
    2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters
    3. On the Edit menu, point to New, and then click DWORD value.
    4. Type DisableDynamicUpdate, and then press ENTER two times.
    5. In Edit DWORD Value, type 1 in the Value data box, and then click OK.
    6. Quit Registry Editor.

    To disable dynamic updates for a specific interface, follow these steps:
    1. Click Start, click Run, type regedit, and then click OK.
    2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Tcpip\Parameters\Interfaces\interface
      Note interface is the device ID of the network adaptor for the interface that you want to disable dynamic update for.
    3. On the Edit menu, point to New, and then click DWORD value.
    4. Type DisableDynamicUpdate, and then press ENTER two times.
    5. In Edit DWORD Value, type 1 in the Value data box, and then click OK.
    6. Quit Registry Editor.




    APPLIES TO


    • Microsoft Windows Server 2003, 64-Bit Datacenter Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Small Business Server 2003 Standard Edition
    • Microsoft Windows Small Business Server 2003 Premium Edition







کلمات کلیدی در جستجوها:

dnsdynamic.exe

By default FQDN is configured to provide dynamic updates to clients that support this feature.dnsdynamic.exe logdnshow dhcpdns update interaction worksdnsdynamic.exe user guidedhcp dynamic dns update multihomeddnsdynamic.exe command lineFQDN is configured to provide dynamic updates to clients that support this featurednsdynamic.exe parametersdnsdynamic remote host identification has changedclient wants dhcp to register the a (host) record.dnsdynamic.exe problem portswindows 2003 dns host a records update acl issuedhcp option 81 dworddnsdynamic.exe keeps runningconnection specific dns suffix option 81how to remove dnsdynamicmicrosoft dns security settings dynamic updateshow to remove dnsdynamic accountAllow Dynamic Updates Only Secure Updatesconfigure the client to have a different domain name on each networkdhcpnameserver overwrites dhcp settingswindows server 2003 & forward lookup record & match & reverse lookup recorddhcp option 81 server dword

برچسب برای این موضوع

مجوز های ارسال و ویرایش

  • شما نمی توانید موضوع جدید ارسال کنید
  • شما نمی توانید به پست ها پاسخ دهید
  • شما نمی توانید فایل پیوست ضمیمه کنید
  • شما نمی توانید پست های خود را ویرایش کنید
  •