Ondrej Tucny

Asked: 2021-01-08 16:49:21 +0800 CST2021-01-08 16:49:21 +0800 CST 2021-01-08 16:49:21 +0800 CST

DHCP not updating dynamic DNS record which has an associated CNAME record

I have an Active Directory domain corp.com, which has a child domain dev.corp.com. Each domain has a pair of DCs. For the top-level AD domain, DNS, as well as DHCP, runs on both ADs. For the child domain, DNS runs on both ADs. The child domain trusts the top-level domain, but not the other way around.

Originally, I was running a mix of Windows Server 2008 R2 and Windows Server 2012 DCs, subsequently added new Windows Server 2019 DCs, and decommissioned all older DCs. Everything is running fine, but dynamic DNS updates from the DHCP.

I'm experiencing the following two errors in the Event Log:

PTR record registration for IPv4 address [[192.168.8.102]] and FQDN cstl-dms01.dev.corp.com failed with error 9009 (DNS server not authoritative for zone.).
Forward record registration for IPv4 address [[192.168.8.102]] and FQDN cstl-dms01.dev.corp.com failed with error 9005 (DNS operation refused.).

Originally, every dynamic DNS attempt failed. I'm using secure updates and have a dedicated system account for DHCP-to-DNS access, so I made it member of DnsUpateProxy group for certain machines updates started working.

So far, I was able to isolate the issue to a situation when there's a sub-domain CNAME associated with the problematic record. The records in the MS DNS look like this:

Name	Type	Data	Timestamp
(same as parent folder)	Host (A)	192.168.8.119	01.01.2021 18:00:00
*	Alias (CNAME)	cstl-dms01.dev.corp.com	static

Note that once I (manually) create the CNAME record, the MS DNS Server automatically creates a folder, named alike the machine hostname, and places both A and CNAME records within it.

I cannot avoid the *.cstl-dms01.dev.corp.com CNAME, it's required by SharePoint running on that machine for it to work. I have a couple dozen such records in the DNS, so I'd like to avoid switching to static IPs.

In addition, while I wasn't experiencing this issue on previous Windows Server versions, it may be the case that there is some misconfiguration after introducing new DHCP and DNS servers.

How to make the dynamic DNS updates work? Is this is a limitation of the DNS server or am I missing something?

DHCP not updating dynamic DNS record which has an associated CNAME record

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

DHCP not updating dynamic DNS record which has an associated CNAME record

0 Answers