Windows 2000 DNS |
If you have problems with dynamic update, use the following steps to diagnose and solve your problem.
If dynamic update does not register a name or IP address properly, use the following process to diagnose and solve your problem.
For more information about dynamic update and secure dynamic update, see "Dynamic Update and Secure Dynamic Update" earlier in this chapter.
This is not necessary for dynamic update to work; however, if the client lists a preferred server other than the primary DNS server for the zone, many other problems might cause the failure, such as a network connectivity problem between the two servers or a prolonged recursive lookup for the primary server of the zone. To ascertain the preferred DNS server for the client, check the IP address configured in the TCP/IP properties of the network connection for the client, or at the command prompt type ipconfig /all.
If the zone is Active Directory-integrated, any DNS server that hosts an Active Directory-integrated copy of the zone can process the updates.
If the zone is configured for secure dynamic update, the update can fail if zone or record security does not permit this client to make changes to the zone or record, or the update can fail if this client does not have ownership of the name that it is trying to update. To see whether the update failed for one of these reasons, check Event Viewer on the client. For more information about Event Viewer, see "Troubleshooting Tools" earlier in this chapter.
For information about what to do if the update failed because the zone is configured for secure dynamic update, see "Troubleshooting Secure Dynamic Update" later in this chapter.
Secure dynamic update can prevent a client from creating, modifying, or deleting records, depending on the ACL for the zone and the name. By default, secure dynamic update prevents a client from creating, deleting, or modifying a record if the client is not the original creator of the record. For example, if two computers have the same name and both try to register their names in DNS, dynamic update fails for the client that registers second.
If a client failed to update a name in a zone that is configured for secure dynamic update, the failure could be caused by one of the following conditions:
If the client does not have the appropriate rights to update the resource record, check whether the DHCP server registered the name of the client and that the DHCP server is the owner of the corresponding dnsNode object. If so, you might consider placing the DHCP server in the DNSUpdateProxy security group. Any object created by a member of the DNSUpdateProxy security group has no security.
For more information about the DNSUpdateProxy security group, see "Dynamic Update and Secure Dynamic Update Interoperability Considerations" earlier in this chapter.