Tip

Tom Shinder Q&A: Dynamic DNS

Author Tom Shinder fields user questions on DNS and Dynamic DNS in a followup to his Sept. 6 searchWin2000 live expert Q&A.

Q: If you are not sharing any workstation services on client Win2k machines, is it necessary to register their "A" and "PTR" records in DNS?

A:No. If no resources are contained on those clients that other machines need to access, there is no reason for them to register in the DDNS.

Q: Do you have to be running in native mode to use DDNS?

A:No. You can run a stand-alone Win2k DDNS server and take advantage of dynamic updates.

Q: What should the DNS Server entries be set to in the TCPIP settings on a DNS server? Also, on a DNS/DHCP/DC? If the PTR records for the DHCP server are set on another DNS server, would that affect what DNS server entries the TCPIP settings should be set to?

A:The DNS server settings should typically point to itself. This is especially the case if the DNS server is on a Domain Controller and using DDNS to update domain records information. There should be PTR records for all records stored on the DNS server. You might consider making a secondary zone on your server if you need pointer records from another server.

Q: Are there any issues with using a Windows 2000 DNS stand only server for a mix of NT4.0 domains and Windows 2000 domains pointing to it for resolution?

A:There are no serious problems. Remember

    Requires Free Membership to View

that WinNT clients will not be able to update the DDNS themselves.

Q: Our DNS Win2k server is not AD-integrated. It is primary for our domain but not for the reverse lookup, which is handled by a UNIX server. The UNIX server is run by another org and will not delegate. The UNIX server is a secondary DNS server for our domain. Question: Will AD integration work in this situation?

A:This will work, but you need to make sure there is some mechanism in place to manually add the PTR records to the other domain. You lose a lot of functionality in this way because your DDNS configuration will not work best when the DNS server cannot register reverse lookup records. You might consider creating a subdomain for your internal network clients for which your server is authoritative.

Q: I have a mixed Win2k/NT Domain. I have a couple of machines (one is a member server with IIS installed and the other is a Win2k Pro with IIS installed) and I get a Security Event Failure with Event ID 565. The description indicates this is DNS related. I know that 565 is normally a success event. I haven't been able to find any references to Event ID 565 as a failure. Everything seems to be working normally but the Event Logs have lots of 565's and I'm concerned. Description contain: Object Open: Object Server: DS Object Type: dnsNode Object Name: DC=141,DC=220.16.168.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=etcmcn,DC=org New Handle ID: - Operation ID: {0,5787872} Process ID: 248 Primary User Name: APOLLO2K$ Primary Domain: ETC-MACON Primary Logon ID: (0x0,0x3E7) Client User Name: WEB2K$ Client Domain: ETC-MACON Client Logon ID: (0x0,0x5850D3) Accesses Write Self Privileges - Properties: Delete Child Read Property %{00000000-0000-0000-0000-000000000000} Write Property %%7689 dnsRecord ACCESS_SYS_SEC dNSTombstoned.

A:It looks like an issue with dynamic update. You can try to put in static records for these clients or disable dynamic update on the client side.

Q: When dynamic updates is turned on we loose the DNS entries for our Static RAS DNS entries. The clients that are dialing in are non-Windows 2000. RAS is Windows 2000 server and all DNS and DC are 2000 Server. Ideas?

A:This can be a problem on domain controllers that also run DDNS. I would advise not running Active Directory on a RAS server.


This was first published in October 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.