Dynamic updates for host records fail

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Computers can fail to register the following host records:

  • Address (A) records, for a forward lookup zone

  • Pointer (PTR) records, for a reverse lookup zone

There might not be any error messages associated with these events. The only symptom of the problem might be the fact that the host’s records do not show up in the Domain Name System (DNS) zone.

Cause

The host might not be configured properly to allow dynamic DNS updates. It might be configured to use an external DNS server, or it might be experiencing other DNS configuration problems.

Solution

You can use the following procedure to verify that the host is configured for dynamic DNS updates.

To verify that the host is configured for dynamic DNS updates

  1. Log on to the computer with the Administrator account.

  2. Click Start, click Control Panel, and then double-click Network Connections.

  3. In Network Connections, right-click Local Area Connection, and then click Properties.

  4. In Local Area Network Connection Properties, click Internet Protocol (TCP/IP), and then click Properties.

  5. In Internet Protocol (TCP/IP) Properties, click Advanced, and then click the DNS tab.

  6. Ensure that both of the following check boxes are selected:

    • Register this connection’s addresses in DNS

    • Use this connection’s DNS suffix in DNS registration

  7. Click OK.

You can use the following procedure to verify that the client does not have an external DNS server, such as a DNS server from an Internet service provider (ISP), in its TCP/IP configuration. In most cases, the client should not use a DNS server from an ISP as either the preferred or alternate DNS server, because the DNS server at the ISP is unable to resolve internal names. Using a DNS server from an ISP in a client's TCP/IP configuration can also cause problems with conflicting internal and external namespaces.

To verify DNS configuration in TCP/IP settings

  1. Log on to the computer with the Administrator account.

  2. Click Start, click Control Panel, and then double-click Network Connections.

  3. In Network Connections, right-click Local Area Connection, and then click Properties.

  4. In Local Area Network Connection Properties, click Internet Protocol (TCP/IP), and then click Properties.

  5. If Obtain an IP address automatically is selected, type the following at a command prompt:

    ipconfig /all

  6. Review the DNS server settings and verify that they are correct.

You can use the following procedure to verify that the start-of-authority (SOA) resource record can be resolved by the DNS servers. In this procedure, you use the Nslookup.exe tool to test name resolution for the SOA record for the domain that the client is attempting to register in. Test this name resolution from each one of the DNS servers that the client is configured to use.

To verify that the SOA record can be resolved by the DNS servers

  1. At a command prompt, type the following command, and then press ENTER:

    nslookup

  2. At the nslookup: prompt, type the following command, and then press ENTER:

    set querytype=SOA

  3. At the nslookup: prompt, type the full name of the DNS zone that the client should be registering in — and include a terminating dot at the end of the domain name — and then press ENTER.

  4. To test another DNS server, at the nslookup: prompt, type the following command, and then press ENTER:

    server IP_address

    Then, type the domain name to be tested, and then press ENTER.

If this query attempt fails from any of your DNS servers, you might need to remove that DNS server from the client’s TCP/IP settings.

You can use the following procedure to verify that the DNS zone is enabled for dynamic updates. Open the DNS management console to verify that the zone that the clients need to register in is configured to accept dynamic updates.

To verify that the DNS zone is enabled for dynamic updates

  1. Click Start, point to All Programs, point to Administrative Tools, and then click DNS.

  2. In the console tree, double-click the appropriate DNS server name, and then double-click Forward Lookup Zones.

  3. Right-click the zone, and then click Properties.

  4. On the General tab, view the Dynamic updates setting and make sure that it is set to Nonsecure and secure or Secure only.

  5. If the setting is already set to Secure only and updates are still failing, try setting the zone to Nonsecure and secure for testing. If failures are seen only for Secure only, see Secure dynamic updates fail.

You can use the following procedure to verify that the Dynamic Host Configuration Protocol (DHCP) Client service is started. The DHCP Client service is used to perform dynamic updates, and it must be running.

To verify the status of DHCP or to start DHCP

  1. Click Start, point to All Programs, point to Administrative Tools, and then click Services.

  2. In the details pane, double-click DHCP Client and verify that the status of that service is Started. If the status is not Started, click Start to start the service.

You can use the following procedure to verify whether a single-label DNS domain name is being used.

To verify whether a single-label DNS domain name is being used

  1. At a command prompt, type the following, and then press ENTER:

    ipconfig /all

  2. View the Primary DNS Suffix and the Connection-specific DNS Suffix to make sure that the specified domain name has at least two parts, separated by a dot, for example, fabrikam.com. An example of a single-label domain is fabrikam.

  3. If the host is using a single-label domain name, and this is correct for the environment, you have to use the registry setting of UpdateTopLevelDomainZones. For more information about this registry setting, see article 300684, "Information about configuring Windows for domains with single-label DNS names," in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=37924).