DHCP Auto registration with MS DNS

RonaldNutter · ‎12-06-2011

Would like to see about getting DHCP configured on a Cisco switch to auto-register the computers hostname with a MS DNS server. Had to troubleshoot a workstation hogging bandwidth. Using Netflow, I could see the ip address of the offender but couldnt see the hostname of the computer/workstation that was the offender. Here is my config for DHCP on the switch -

ip dhcp pool PC

network 10.1.70.0 255.255.255.0

domain-name mycompany.com

dns-server 10.1.1.1 10.1.1.2

default-router 10.1.70.1

lease 8

This is an office across the street from the main building. Dont have a router there, only a 3750 tied in via a fiber link.

I have been looking at the Cisco docs for getting this to work but nothing yet.

Would appreciate any pointers on getting this to work.

Ron

JohnTylerPearce · ‎12-06-2011

If you have a reserve lookup zone on your MS DNS Server, try using the following commands

ping -a

that will give you the hostname of the specific IP address.

Obviously try this from a Windows Workstation.

RonaldNutter · ‎12-06-2011

As far as I know, I have working because my windows servers can be resolved by using the command you gave.

The difference is that they are statically assigned at the server.

This is the only site that I am using DHCP on IOS for at this point.

Is there a way I can have the IOS DHCP service to auto-register ip addresses it has assigned ?

Is there a way that I can have IOS DHCP record the hostname of the requesting workstations ?

Is your IOS DHCP config any different than mine ?

sleepyshark · ‎12-06-2011

This is a wonderful Windows-based feature that most other DHCP server don't handle too well. Not saying either is wrong here, but the fact is that Windows DHCP servers DO tell the DNS clients to update A and PTR records when an IP address is obtained.

There are two relatively easy options to try:

1. Modify your DHCP pool as follows:

ip dhcp pool PC

network 10.1.70.0 255.255.255.0

update dns both override

domain-name mycompany.com

dns-server 10.1.1.1 10.1.1.2

default-router 10.1.70.1

lease 8

ip dhcp update dns both

2. a MUCH easier way to make things work natively is to do the following:

on the VLAN for that office, delete all DHCP configs and add this

service dhcp

ip help-address

Setup a secondary DHCP scope with the following info:

Range 10.1.70.2 -10.1.70.254

Router 10.1.70.1

DNS server: 10.1.1.1, 10.1.1.2

DNS domain name: mycompany.com

I'm not 100% confident that option #1 will work, but it's worth a try - Option #2 will keep DHCP on a windows-DHCP server and will tell windows-based clients to update A and PTR records and also will give you a nifty gui to find computer names....

Thanks,

Sean Brown (sean@sleepyshark.com)

voice: 212.760.1700 x7001

Wanna learn more about me? Check out my bio

Follow me on LinkedIn

RonaldNutter · ‎12-06-2011

Option 1 - With using DHCP on a 3750 switch 12.2.55.SE1, I dont have update dns both overide available under the DHCP pool config area and dont have ip dhcp udpate command available at the global level.

Option 2 - Using MS DHCP isnt an option (departmental politics ) at this point

I am used to doing dhcp on a cisco router and not having these issues but at this site the fiber connection goes from the 3750 on site directly to my 6509 core.

I looked at the dns server and do see the A record for the workstation in question but not a corresponding entry in the reverse lookup zone. There are entries for some systems in there but not all of the systems.

Ron

sleepyshark · ‎12-06-2011

If MS DHCP isn't an option (whcih I am shocked of this) then you'll probably have to visit each workstation and manually configure DNS update in TCP/IP settings - Windows 7 should automatically handle the record updates. Again, a departmental policy against MS DHCP vs paying an employee to visit each workstation doesnt' make sense.

Thanks,

Sean Brown (sean@sleepyshark.com)

voice: 212.760.1700 x7001

Wanna learn more about me? Check out my bio

Follow me on LinkedIn

RonaldNutter · ‎12-06-2011

It isnt a department policy but since there are different departments involved, it becomes more complicated. I have been here a couple of months and still learning the office politics.

We have MS DHCP running just about everywhere else. I have seen a lot of stability problems with 2003 and 2008 and the same types of problems were seen at my new employer before my arrival. The problems usually show up with workstations not getting an ip address is the most common problem. No errors show on the server but a restart of the DHCP service on the MS server is the usual fix. Management on my side wants to move away from MS DHCP because of these ongoing problems that MS hasnt been able to find a cause for.

JohnTylerPearce · ‎12-06-2011

That's interesting. I've never had a problem with DHCP unless there was a misconfiguration or something else going on.

Have you guys checked event viewer to see if an error puts up in a log? It's just wayyy easier to manage DHCP on MS

than Cisco IOS. It looks like it's updating the A record on the MS DNS server but not the PTR.

sleepyshark · ‎12-06-2011

Hi Ron -

I have to agree with John, MS DHCP is BY FAR the way to go if you've implemented active directory. Additionally I have been running MS DHCP across very large organizations (thousands of users) with zero issues and excellent reliability and uptime.

I'm thinking that there may be some underlying network/firewall/access issues which my also have some involvement with DNS updates. Are you seeing any errors on the desktop event logs?

Thanks,

Sean Brown (sean@sleepyshark.com)

voice: 212.760.1700 x7001

Wanna learn more about me? Check out my bio

Follow me on LinkedIn

spamtrashed · ‎09-27-2013

I encountered the exact same issue in my domain. MS & Win7 environment but can't use MS DHCP for political reasons, can't "ping -a" any of the clients on my network.

I did figure out a simple workaround and wanted to post it in case it helps anyone else.

Go into the config of a Windows client's network adapter.

IPv4 TCP/IP settings > "Advanced" button > "DNS" tab.

There are two checkboxes for "Register this connection's addresses in DNS" and "Use this connection's DNS suffix in DNS registration." If you check both checkboxes and ipconfig release & renew, a PTR record will appear.

To automate that across the entire environment I added two settings to our workstation GPO.

Computer Configuration\Policies\Administrative Templates\Network\DNS Client\Register DNS records with connection-specific DNS suffix > Enabled
Computer Configuration\Policies\Administrative Templates\Network\DNS Client\Register PTR Records > Register if A record registration succeeds

My Reverse Lookup Zone is populating as the workstations reboot.

It won't catch non-domain PCs and devices but it will help target the majority of clients.

Need a Dropbox account? Endorse me on LinkedIn!

ivan.krechko · ‎11-01-2013

Many thanks. It really helps.

Charles Rayer · ‎04-27-2017

Thank you, fixed it for us too

Joe Mrazik · ‎02-08-2018

Great fix, thanks for sharing this most worthy solution.

kconrad01 · ‎05-02-2017

I had problems with workstations not auto registering in DNS. The subnet where those workstations reside have an ACL. I had udp/53 opened up from there to the DNS servers and the workstations would register if I turned off the ACL. Turns out that MS uses udp/53 for DNS queries but tcp/53 for name registration. Once that was added into the ACL, all was well.