9 comments on “DHCP Registration of DNS Entries to an Alternate DNS Server

  1. Thank you for this post. I have a similar problem where I want to register guest devices DNS names but they are firewalled away from my non-guest vlans. I have my Windows DHCP server configured to register these devices DNS names on behalf of the device.

    I have configured DHCP option 006 with the IP of my internal (non-accessible) DNS server at index 0. Followed by accessible ISP DNS and (of course) 8.8.8.8.
    In general this works. However some devices fail all DNS lookups because they cannot access my internal DNS server. Bad device, bad. The only way for them to work is to remove my internal DNS IP from the 006 list. Doing that, of course, fails to register the DNS at all.

    So, I am confused. Since my DHCP server is performing the actual DNS registration instead of the device…. why do I need to add my internal DNS address to 006?

    Is there any way to tell the DHCP server which DNS IP to use directly? If not, why not???

    Like

    • Hi Joel,
      There are three pieces to this:
      * DHCP Option 15 should reflect the domain name you want used for guest devices.
      * DHCP Option 6 should reflect the DNS server you want clients to use for name resolution.
      * The DNS server in option 6 must have a host entry that matches the domain name from option 15, and resolves to the DNS server you want the devices registered on.
      The long and short of this is that your option 6 DNS server must be a server you manage, because without being able to add an entry yourself, you cannot meet the third requirement above.
      Does that clarify things?
      James

      Like

      • Thanks for the response. Yes, I understand the mechanics and they work as you describe. However:
        1) Option 006 is an array of DNS servers, not just one. The first one in the array is what must be your internal DNS server to register with.
        2) In my case, the first DNS in the the 006 array is unaccessible (via firewall rule) to the device. But it *IS* available to the DHCP server.

        So, my question is why does the DHCP server need to use the first item in the 006 array? Instead, why not do what DHCP clients are supposed to do and query for the DNS SOA to connect to (based on 015)?

        I am hoping for some way to configure the DHCP server to use an alternate DNS server (other than the first one in 006) or have the DHCP server perform the SOA lookup for 015. Otherwise it seems massively short sighted.

        Like

        • “The first one in the array is what must be your internal DNS server to register with.”
          What makes you say this? That is not the behavior I see, and I absolutely do NOT have the server we are registering hostnames to listed in option 6.

          Like

          • I stumbled upon the “first IP in 006” point here (3rd reply):
            https://social.technet.microsoft.com/Forums/windowsserver/en-US/444da4f6-f608-4c25-bf3c-6f305aa9d677/dhcp-not-update-dns-record
            My experimentation confirms this (if my DNS IP is 2nd or later in the list it fails).

            So, back to my original problem: some devices do not skip a failed DNS entry. Therefore if my internal DNS IP is first in the 006 array the DNS is properly updated (DHCP server successfully registers on behalf of the device) but the device fails all DNS lookups.

            So…. certainly there must be a way to override which DNS server to register. Maybe a reg key to set on the DHCP server? Or somehow override option 081?

            Like

            • …furthermore referencing MSFT’s own docs:
              https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003

              This outlines that normal DNS registration occurs by the DHCP client on the device looks up the DNS SOA for its 015 domain name to determine which DNS IP use for registration.

              In my scenario, the device’s DHCP client is not performing these steps, instead the DHCP server is. So, why is it not doing what the device’s DHCP client normally would? Why not have the DHCP server perform the 015 DNS SOA lookup instead of assuming the 1st DNS IP in 006 is where you register.

              This is why I have to assume there is some way to override this. Or maybe I am just overtly hopeful. 🙂

              Like

              • Is it possible the DHCP server updates are failing for some reason and falling back to the client? Not sure what else to suggest, other than whatever debug logging you can enable on the server, and running WIreshark on the DHCP exchange.

                Like

              • Thanks James (the web site doesn’t allow me to reply to our last reply so this may seem out of order).

                None of the devices in this scope have access to the DNS server but the DHCP server is successfully registering their DNS names properly as long as they have the DNS server IP as item 0 in the 006 array.
                It is only if I remove the DNS IP from item 0 in 006 that I see the problem. Unfortunately some devices have problems if their first DNS server is unavailable. This is why I am looking for a workaround.

                I think I’ll just have to create static IPs for these devices and create static DNS entries.

                Thanks for your help.

                Like

Leave a Reply to James F. Prudente Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s