0

I am working myself through learning and setting up a pretty standard Windows Server 2019 (Essentials edition) serving as an AD PDC, DNS- & DHCP server for a very small network. I followed some guides (like this one or this one) to get through the various steps. I have configured a static IPv4 address (disabled IPv6), added AD, DNS and DHCP roles, configured AD (following the wizard with basic defaults), added a reverse lookup zone to DNS and authorized and configured DHCP with an initial scope.

Clients are able to obtain IP addresses and can nslookup/resolve external names (like serverfault.com) as well as the server itself.

However, neither the server, nor any of the clients can nslookup/resolve any of the client names. They do show up as leases in the DHCP zone with what I believe are proper names (like winclient.DOMAIN.XXX), but nslookup returns

Server:  UnKnown
Address:  192.168.2.1    (<-this is the server's IP address)

*** localhost can't find winclient: Non-existent domain

The only difference on the server is that it shows Server: localhost and Address: 127.0.0.1.

I am totally lost as to what could be wrong - specifically as I am pretty sure that I did follow the guides and did not add anything myself.

Any help would be much appreciated.

user1211286
  • 113
  • 2

1 Answers1

0

The guides you link don't seem to configure DHCP+DNS to cooperate for dynamic DNS updates.

The way to do this:

Define a user in whose context the DHCP server will run

Simply add a domain user with no special rights, and give it a properly strong password. Then open the DHCP management console, right-click the protocol you want to change (IPv4 or IPv6), and select Properties and the Advanced tab. Click Credentials and enter the relevant information for the account.

Tell DHCP to always attempt to update DNS records

In the same properties window, select the DNS tab. Ensure the following choices are ticked:

Enable DNS Dynamic Updates(…) -> Always dynamically update DNS records Dynamically update DNS records for DHCP clients that do not request updates

Set correct DHCP server AD group membership

The DHCP server(s) should exist in the group DNSUpdateProxy. No other user or computer accounts may exist in this group.

Mikael H
  • 5,031
  • 2
  • 9
  • 18
  • This was the right hint. I had to tell DHCP to always update DNS records - apparently because I have clients on the network that are not part of the domain. – user1211286 Jan 03 '21 at 14:05
  • Why would I want to define a user in whose context the DHCP server will run? For me, not doing it still resolved the issue. Added security? Any feature I am missing? – user1211286 Jan 03 '21 at 14:06
  • Yes, it's for added security. Otherwise the DHCP server runs as Local System, which provides he service with unnecessarily high privileges. – Mikael H Jan 03 '21 at 14:14
  • Oh yes: It's probably functional too: If you run your DHCP server on a separate machine from your AD/DNS (which is recommended for larger setups, again for security reasons), Local System on the DHCP server might not be allowed to ask DNS on a different machine to update. – Mikael H Jan 03 '21 at 14:22