10/21/16

DHCP and secure dynamic for DNS

Consider this.  You support a network where:

  • DNS is Active-Directory integrated and requires secure dynamic updates
  • IPAM has been implemented to track IP address utilization
  • DHCP is set to update DNS records automatically
However, the DHCP server never updates DNS records.  Domain members appear in DNS, but not the smart phones seen in the DHCP lease table.  This limits the info available in IPAM.

The solution is to give the DHCP server a specific username/password to use when registering DNS records.  Further, you want this dedicated user account to be a member of the DnsUpdateProxy group so that if the DHCP server creates a record, the workstation can come along later and update that record itself (I ran into this once in a DirectAccess manage-out scenario).