Hi, we have issues with records in the reverse lookup zone which are created by clients in the DHCP zones.
The DHCP is only partially used for entries in the zone. Additionally, the lease time is set to different times (6h, 12h and 24h)
We have to use a short lease time on the DHCP servers and therefore the records are changing constantly. The DHCP servers are set to update the DNS entry for forward-zone and PTR. But in the reverse Zone we have issues with wrong and outdated entries. Normally the DHCP should be owner of all entries for the scopes it is configured. But for a lot of entries still the client is the owner.
Some clients have more than one entry in the reverse zone (possibly due to Wifi and LAN connection) with different owners (system and DHCP user).
We have a setup with two DHCP-Server configured as Hot-Standby Failover. Both servers are NOT a DC and DNS, they only have the DHCP Role installed.
The DHCP-Scopes are configured as followed: Enable DNS dynamic updates according to the settings below -> Alway dynamically update DNS records -> Enabled Discard A and PTR records when lease is deleted -> Enabled Dynamically update DNS records for DHCP clients that do not request updates -> Enabled
Name protection is disabled.
User credentials for DNS dynamic update registration are set on both server (one user for both) The computer objects of the DHCPs are members of the DNSUpdateProxy group.
The DNS-Zones are set to: Dynamic updates: Secure only
Currently the is reverse zone set: 50.10.in-addr.arpa
This zone is used for all scopes of the DHCP and static clients as well.
On the DHCP we can see several errors popping up:
Example: PTR record registration for IPv4 address [[10.50.43.110]] and FQDN x.x.com failed with error 9005 (DNS operation refused.).
Event ID 20322 PTR record registration for IPv4 address [[10.50.6.143]] and FQDN y.x.com failed with error 10054 (An existing connection was forcibly closed by the remote host.).
Event ID 20319 Forward record registration for IPv4 address [[10.50.43.117]] and FQDN z.x.com failed with error 9005 (DNS operation refused.).
Question1: To enable scavenging we will have to create a reverse zone for every scope of the DHCP on the DNS?
For example:
22.50.10.in-addr.arpa (scavenging 12h)
23.50.10.in-addr.arpa (scavenging 24h)
Is this correct? When they are created what will happen to the entries which are currently part of 50.10.in-addr.arpa?
Will a reverse lookup still be resolved if the old entry is in the 50.10.in-addr.arpa or does they have to be recreated in the new zone?
Question2: The DHCP is set manage the DNS entries, but why are a lot of entries still owned by the clients? Even new created entries are sometimes owned by the client and not the DHCP user.
Is it necessary to disable dynamic DNS updates on the client itself to fully manage DNS entries by the DHCP?