We use windows server 2003 for DNS on our network. The forward DNS entries ("A" records) for windows machines on the domain are populated automatically. However, the reverse DNS entries ("PTR" Records) are not. The reverse lookup zone exists, and I can add entries to it manually, but it doesn't automatically populate. Dynamic updates are enabled for both the forward and reverse zones. What am I doing wrong?
-
1If this is AD integrated DNS have you run DCDIAG to see if this is a symptom of something else? – Helvick Nov 18 '10 at 18:36
3 Answers
This could be due to a couple of different things:
1) Are your clients obtaining IPs via a Windows DHCP Server? If so, your DHCP server may not be configured to auto-register their IP with the DNS server.
To check, right-click your DHCP scope and go to properties. On the DNS tab enable DNS dynamic updates and set to "Always dynamically update..." Also enable Dynamic Update for clients that do not request updates.
1a) Even if these are enabled, you might need to make sure the DHCP server has permissions to update DNS records. If your DHCP server is also a domain controller, then you are probably fine, if not, then you may want to see if the DHCP server is a member of the "DnsUpdateProxy" group in AD. Then check the Security tab on the Reverse Zone and make sure that group is authorized to create all child objects (DNS records)
2) If your statically-configured hosts are not updating the reverse zone, make sure their NICs are configured to register their IP in DNS (Windows hosts are enabled for this by default). If they are in the forward zone but not the reverse, then something else is going on...
3) If the issue is that your reverse zones are mismatched between domain controllers (meaning a host was able to register with one of the DCs, but the registration did not get replicated to the others) it could mean the zones themselves aren't replicating between domain controllers. Make sure the reverse zone is AD-Integrated and also check the Zone Transfers tab and make sure they are allowed (generally Only to servers listed on the Name Servers tab). Also make sure your DNS server are listed on the Name Servers tab.
That's all I can think of for now...
EDIT
Ok so given that your DHCP server is not registering the records on behalf of the clients, and aside from your windows clients not being set to register with DNS on their NICs (which you should verify in TCP/IP properties on the client NIC), I would check the security settings on your reverse zone to make sure clients are allowed to register in the reverse zone. This article covers the default security settings for DNS zones: http://technet.microsoft.com/en-us/library/cc780538%28WS.10%29.aspx If the settings are jacked up (or even if they are fine), you might try just blowing away the reverse zone and recreating it since you basically have a non-functioning reverse zone as it is...
Try running an "ipconfig /registerdns" on one of the clients and see if it adds a record to the reverse zone. If it didn't, you might try looking in the DNS event log on the server to see if there are any issues there. I'm not sure if it would say whether or not a client failed to register or not, but may show you other issues with DNS if they exist.

- 3,114
- 16
- 17
-
The DHCP server in this case is NOT a windows server. I guess that the forward lookup records are created by the host, but the reverse records are created by the DHCP server? Why is that? It seems pretty arbitrary. – Josh Nov 18 '10 at 19:12
-
What OS are the hosts? Are ANY reverse lookup records being created without your manual intervention? – August Nov 18 '10 at 19:24
-
The hosts are windows. There are a few reverse lookup records, but I think they may have been added manually by somebody else. – Josh Nov 18 '10 at 22:12
-
What happens when the DHCP server is a CISCO Switch ? How do you make them PTRs update ? – Overmind Oct 26 '16 at 12:09
The only thing I had to do after this was, flush the dns entries on the clients with: ipconfig /flushdns After this they have poped up in my reverse lookup zone. On my side this had worked. Server 2008 DC with Win 7 clients.

- 133,124
- 18
- 176
- 300

- 1
I believe you have a permissions error, I had a similar issue and although the how to was directed at Windows Server 2012. The fix of adding the DHCP server to DNSupdateproxy group solved my issues. See the video https://www.youtube.com/watch?v=Tukvch2Qtuc

- 1