DDNS Windows clients, W2k, W2k3 and DDNS/DHCP interaction

[Thanassis Stathopoulos]

Hello,

I'm a little confused about the exact interaction between modern
(DDNS) Windows clients and Microsoft DNS/DHCP servers.Could anybody
please confirm that I'm interpreting the documentation correctly?

All cases refer to out-of-the box (default) client and server
configuration.

1. Statically configured Windows DDNS clients:
- No DHCP server interaction
- DHCP Client service updates A and PTR records in DNS server.

2. DHCP-provided address, DDNS enabled:
- DHCP client service requests address
- DHCP server provides address
- DHCP Client service receives it and registers A record with DNS
server
- DHCP server registers PTR record with DNS server
- upon lease expiration:
- DHCP server removes PTR record
- DHCP server also removes A record (because it's configured to do so
by default)

3. Am I correct to assume that PTR record management is exclusively
the job of the DHCP server? (aside from DNS zone scavenging being
enabled). i.e. the DDNS Windows workstation never, ever, under no
circumstances attempts PTR record registration for a DHCP-obtained
address?

4. Any comments on why the split default behavior regarding A and PTR
records (A managed by the client, PTR by the DHCP server)? Is it
because of the need to secure the registration of A records via Active
Directory? Even in this case, wouldn't it make more sense to secure
the PTR registration similarly and just let the DHCP server remove the
stale A and PTR stuff, as it does now, not-so-securely, anyway?

5. What is the RFC number describing these proposed DNS/DHCP
interactions?

Thanks for any and all pointers!

Thanassis

 

[Herb Martin]

1. Statically configured Windows DDNS clients:

- No DHCP server interaction
- DHCP Client service updates A and PTR records in DNS server.

If possible -- not that Forward and Reverse zones may (quite
commonly) be on different servers, and are definitely different
zones so one may be dynamic while the other is not.

2. DHCP-provided address, DDNS enabled:
- DHCP client service requests address
- DHCP server provides address
- DHCP Client service receives it and registers A record with DNS
server

Yes, if it's capable and the DHCP isn't set to override it.

- DHCP server registers PTR record with DNS server
- upon lease expiration:

Usually (again if possible.)

- DHCP server removes PTR record

(If possible) the DHCP server always removes the PTR IF
it was the one that registers it.

- DHCP server also removes A record (because it's configured to do so
by default)

Yes -- if configured.

3. Am I correct to assume that PTR record management is exclusively
the job of the DHCP server? (aside from DNS zone scavenging being
enabled). i.e. the DDNS Windows workstation never, ever, under no
circumstances attempts PTR record registration for a DHCP-obtained
address?

Not, sure but for DHCP clients that sounds correct.

4. Any comments on why the split default behavior regarding A and PTR

In some since the DHCP server "owns" the addresses.

5. What is the RFC number describing these proposed DNS/DHCP
interactions?

RFC 2136
RFC3007 (security related to dynamic updates)

 

[Ivan Sheng]

Hi Thanassis,

Question 1,2 and 3, I think they are right.

As for question 4:
===================

DHCP server may register and update both the pointer (PTR) and the address
(A) resource records on behalf of its DHCP-enabled clients. The draft
document
ftp://ftp.ietf.cnri.reston.va.us/internet-drafts/draft-ietf-dhc-dhcp-dns-04.
txt describes how a DHCP server can register and update pointer (PTR) and
address (A) resource records on behalf of its DHCP-enabled clients.

The ability to register both A and PTR type records lets a DHCP server act
as a proxy for clients, such as the Microsoft Windows 9x operating system
and Windows NT 4.0, for the purpose of DDNS registration. The DHCP server
can differentiate between Windows 2000 Professional and other clients.
Windows 2000 Professional clients can register the A record directly to the
DDNS server. This DHCP option permits the DHCP server the following
possible interactions for processing DNS information on behalf of DHCP
clients:
The DHCP server always registers the DHCP client for both the forward
(A-type records) and reverse lookups (PTR-type records) with DNS.
The DHCP server never registers the name-to-address (A-type records) for
DHCP clients.
The DHCP server registers the DHCP client for both forward (A-type records)
and reverse lookups (PTR-type records) only when requested to by the
client.


As for question 5:
==========

DHCP for Windows 2000 is open and based on industry standards, supporting
Requests for Comments (RFCs) 2131 and 2132. (31 printed pages)
An excellent source of DHCP information is found at:
http://www.ietf.cnri.reston.va.us/internet-drafts/draft-ietf-dhc-dhcpv6-12.t
xt


Please let me know if you have any questions. I look forward to hearing
from you.

Ivan Sheng
Microsoft Online Partner Support
MCSD,MCSE4,2000,MCDBA,CCNA,ASE
Get Secure! ¨C www.microsoft.com/security

This posting is provided ¡°as is¡± with no warranties and confers no rights.