QIP DHCP and AD DNS.

[Barry Finkel]

"DG" dgouldth at csc.com wrote:

>We have Windows XP clients, utilising dhcp from a QIP server. The
>clients are members of an AD domain (eg Example.net), hence their
>primary dns suffix is Example.net
>
>Dhcp gives out option 81 to allow the dhcp server to update dns. It
>also assigns them a dhcp domain (ie BuildingLocation.co.uk).
>
>QIP also hosts DNS and is authoritative for all zones except the AD
>domain Example.net. QIP also hosts the reverse lookup zones.  The AD
>dc's are running AD integrated DNS and are authoritative for the AD
>domain. QIP contains delegations for the AD zone.
>
>When a client receives an ip from dhcp, QIP is able to successfully
>register the PTR record, and the hostname within the dhcp domain.
>However, when it tries to register the hostname record in AD's
>Example.net zone it fails.
>
>I haven't seen the network traces yet, but our n/wk guys (who look
>after QIP) tell me they can see the QIP server asking the AD dns server
>if it is authoritative for Example.net , the AD server replies that it
>is, the QIP server attempts to send the update then... nothing. And the
>update never appears.
>
>The AD dns servers are a mixture of 2000 and 2003, and are all set to
>"allow dynamic update - yes" (on 2000 boxes) and "allow dynamic update
>- secure and nonsecure" (on 2003 boxes).
>
>Is anyone else running a similar config? If so, did you have a similar
>problem and how was it resolved? I'm going to turn on full debug
>logging on the AD dns server, but the problem is A) we have 40+ of them
>and B) the nwk's guys mentioned QIP has a list of AD dns servers it
>tries to send the updates to, and they can't guarantee which AD dns
>server(s) in the list it will send to and C)QIP apparently doesn't send
>the update to AD dns straight away - it waits a certain period of time.
>
>All help appreciated. For info, this dynamic update from QIP to AD dns
>has never worked, so it's not something that's recently changed.

I am getting confused.  What is the domain for these machines?  Is it

     example.net
or
     BuildingLocation.co.uk

Your attempt at hiding information has confused the issue.  If I 
correctly interpret what you have written, the QIP DHCP server
assigns a nodename in the domain

     BuildingLocation.co.uk.

That QIP server also handles all DNS except for

      example.com

so QIP has delegations for example.com.

I have never seen a setup where a machine gets two DNS forward
registrations, one in each of two zones.

You write, "when it tries to register the hostname record in AD's
Example.net zone it fails."   What do you mean by "it fails"?

     Is the DDNS refused by the W2k AD DNS Servers?
     Or is the DDNS request not appearing the AD DNS zone for no
     apparent reason?

Are you running with multiple AD DNS Servers?  What is in the dns.log
file on the AD DNS Server(s)?  I assume that you have enabled full
logging.  You need to determine if the DDNS request is getting to the
W2k DNS Server.  If not, then you need to determine why.  If yes, then
you need to determine what the W2k DNS Server is doing with the request.
The MS DNS code does not. in general, produce an EventID record for
rejected DDNS requests, so you will have to look in the dns.log file
to see if the request was rejected.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory          Phone:    +1 (630) 252-7277
9700 South Cass Avenue               Facsimile:+1 (630) 252-4601
Building 222, Room D209              Internet: BSFinkel at anl.gov
Argonne, IL   60439-4828             IBMMAIL:  I1004994