DHCP not updating DNS records

[bob]

Greetings,

We recently upgraded from winNT4 to win2000 AD. The DHCP,
DNS and WINS services were also migrated to win2000 and we
started to noticing that reverse records were not being
removed from DNS after a machine leaves the domain or is
inactive for an extended period of time.

DHCP is configured to automatically update reservations in
DNS. Scavenging is enabled, but does not remove the
inactive reverse records. The following options are
configured:

DHCP, checked- auto update DHCP client info in DNS
DHCP, dotted- always update DNS
DHCP, checked- discard forward lookups when lease expires
DHCP, checked- enable update for DNS clients that do not..
DNS- is also enabled for dynamic updates
DNS- configured for scavenging at zone and in server
properties


Question1 -
Is there a configuration option that could have been
missed that would result in reverse records not being
removed?


Question2 -
Is there a way to grant the head technician in a
departmental OU control over specific zones in DHCP, but
not other zone?

Thanks for any responses.

 

[Kevin D. Goodknecht]

In

Greetings,

We recently upgraded from winNT4 to win2000 AD. The DHCP,
DNS and WINS services were also migrated to win2000 and we
started to noticing that reverse records were not being
removed from DNS after a machine leaves the domain or is
inactive for an extended period of time.

DHCP is configured to automatically update reservations in
DNS. Scavenging is enabled, but does not remove the
inactive reverse records. The following options are
configured:

DHCP, checked- auto update DHCP client info in DNS
DHCP, dotted- always update DNS
DHCP, checked- discard forward lookups when lease expires
DHCP, checked- enable update for DNS clients that do not..
DNS- is also enabled for dynamic updates
DNS- configured for scavenging at zone and in server
properties


Question1 -
Is there a configuration option that could have been
missed that would result in reverse records not being
removed?

The PTR records may have been created by the clients themselves in that case
DHCP does not own the records and does not have the permissions to delete
them. Read the section of the following KB article
http://support.microsoft.com/default.aspx?scid=kb;en-us;317590&Product=win2000#51

DHCP Does Not Delete DDNS PTR Record for Expired Leases
http://support.microsoft.com/default.aspx?scid=kb;en-us;306780&Product=win2000

Question2 -
Is there a way to grant the head technician in a
departmental OU control over specific zones in DHCP, but
not other zone?

AFAIK, Not on a scope by scope basis, If they are DHCP Admins they have
control over the server and can not be delegated to just certain scopes as
there are no Security pages in DHCP.
..
DNS zone security is set zone by zone for the entire forward or reverse
lookup zones, not subzones.

Thanks for any responses.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
============================
http://www.lonestaramerica.com/
============================
When responding to posts, please "Reply to Group" via your
newsreader so that others may learn and benefit from your issue.
To respond directly to me remove the nospam. from my email.
==========================================
--
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
==========================================
Keep a back up of your OE settings and folders with
OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
==========================================

 

[Michael Johnston [MSFT]]

You may also want to turn on scavenging on the reverse lookup zone to clean out stale records. As for the DHCP admin question, are you refering to DNS
zones or DHCP scopes? With DHCP, there isn't a way to granulary grant admin rights. You cannot grant rights per scope. As for DNS, if the zone is AD
integrated, you can give rights per user. Just grant rights to the zone from the security tab.

Thank you,
Mike Johnston
Microsoft Network Support
--

This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.

 

[Bob]

Thanks for the reply,

Scavenging was enabled on the zone when DNS/DHCP/WINS was
converted from winNT4 to win2000. I decided to check the
configuration again and noticed something funny.

Under the DNS zone properties > aging, the field "The zone
becomes available for scavenging at:" list the date and
time as:

1/7/1601 6:00:00 PM

I checked all the reverse zones and they have the same
data and time stamp for the next scavenging period. I'm
not sure when the date stamps changed to include the year
1601, but they all do.

I disabled scavenging on a DNS zone and then re-enabled
it, but it gave the same year of 1601.

Does anyone know of a way to reset the Date and Time stamp
for when a zone next comes available for scavenging? Is
there a registry field that can be edited to change the
year of the time stamp manually?

I searched the registry and was unable to locate the
registry value for the date. The zones are very large and
I would rather not have to redo/recover them.

Once again, thanks for the help
Bob

-----Original Message-----
You may also want to turn on scavenging on the reverse

lookup zone to clean out stale records. As for the DHCP
admin question, are you refering to DNS

zones or DHCP scopes? With DHCP, there isn't a way to

granulary grant admin rights. You cannot grant rights per
scope. As for DNS, if the zone is AD

integrated, you can give rights per user. Just grant

rights to the zone from the security tab.

Thank you,
Mike Johnston
Microsoft Network Support

confers no rights. Use of included script samples are
subject to the terms specified at

http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all

responses to this message are best directed to the
newsgroup/thread from which they originated.