LAP dynamic DNS record

Similar Messages

• FIOS and Dynamic DNS

  I'm thinking about switching from Verizon DSL to FIOS, but I have a few concerns.
  Right now I am able to directly connect form my linux-based router to the DSL modem via PPPoE.  If for some resaon the PPP link drops the router just re-establishes it, and it always knows my outside IP.  It can also update my multiple dyanamic DNS addresses automatically when this happens.  My DSL IP address seems to change only when I shut down my router - it lasts weeks at a time.
  With FIOS it sounds like you are forced to use NAT with the supplied router.  I can go ahead and disable wireless on it, and then just set up my own router to use a static IP and put it in the DMZ to get as close to a bypass as I can.  However, if my outside IP changes my internal router isn't going to know about it, and won't be able to update my dynamic DNS/etc.  It looks like the FIOS routers will update dynamic DNS addresses, but I'm not sure if they support namecheap, and I also don't know if they support updating more than one dynamic DNS service when my IP changes.
  It also sounds like they cut the copper connection, so if it doesn't work out right it will be very hard to go back to DSL.
  Does anybody know:
  1.  Will the supplied router update more than one dynamic DNS service automatically?
  2.  Will the supplied router update a namecheap hosted dynamic DNS record? 
  3.  When updating a namecheap DNS record will it only touch the A record and not mess with all my other DNS settings?
  4.  Can I somehow configure the router to provide my external IP to a single internal computer via DHCP (ie router gets an address from verizon, and then the router offers that address to my own router)?  Obviously this won't work with more than one computer on the router.
  5.  Can I alternatively connect to the verizon-provided router using PPPoE or a similar protocol to just get my external IP directly tunneled through the router?
  6.  Does a FIOS TV standard definition tuner box require a network connection? 
  7.  What happens if the tuner it isn't connected to the network?  I won't be using any kind of interactive services anyway since the tuners will just be connected to my DVR.
  8.  Does the network connection have to be on the same subnet as the verizon-provided router, or is it sufficient that it be able to reach that router or the internet via NAT (there would be a NAT layer between my internal network and the verizon-powered router)?
  9.  If this stuff doesn't end up working right, can I just pull the plug on FIOS and go back to Verizon DSL and POTS?
  In case it isn't clear, here is how I envision the network looking:
  Verizon - Verizon Router - NAT with My Router in the DMZ - My Router - NAT - My internal network
  I guess if I get really desperate I could try to find a tunnel broker of some kind - not sure if anybody does that for IPv4 the way it is done for IPv6.  That would allow me to get my external IP through the NAT and potentially give me a static one as well...
  I REALLY don't want to pay an extra $50 for a static IP.  I'd probably just stick with the DSL if it came to that even though it is actually more expensive than switching (for dynamic service) and it is a lot slower...
  Solved!
  Go to Solution.

  Hmm - that idea might not actually work out all that well.  It might or might not work at all, but one thing that it would probably do is make it impossible to access the router's web interface (since the router wouldn't have an IP address of its own on any of the ports).  So, if it did work it would be a once-and-done configuration and then I'd need to reset it to do anything else with it.  This would also make it impossible to attach set-top-boxes directly to the actiontec router, but then again they'd be only one NAT layer away from verizon if I attached them to my home network.
  I suspect I might be better off with the DMZ approach and just living with a single dynamic dns entry.  The main reason I use more than one of those is so that if my IP address changes I don't have to wait for the DNS TTL to run out to find out what the new IP is - I can just wait a few minutes to be safe and resolve one of my other dynamic addresses which won't be cached anywhere so it will get the fresh entry. 
  I guess my other option is to fire up nslookup and point it directly at the appropriate DNS server so that I"m not seeing a cached response.
  I've heard mixed reports on how often the FIOS IPs change anyway.  If they only change once in a blue moon I'm not terribly concerned about this stuff. 
  (Why can't everybody just switch to IPv6 and end all this NAT nonsense anyway...?) 

• Dynamic DNS for ipv4 AND ipv6?

  tl;dr: do you know any dynamic dns service and updater daemon that supports both ipv4 and ipv6?
  Hi,
  ever since my provider supplied me with a proper dual stack account (real ipv4, real ipv6) for internet access I got some kind of little problem regarding the services I host at home. So this is mainly about email. I have a server sitting behind my router that has an open submission and IMAPS port. For ipv4 I've been using the NAT and dyndns features of my router (fritzbox) without any problem. For ipv6 there is no NAT (at least as far as my router is concerned). What I can do though is to open the firewall for incoming ports dynamically based on the interface identifier. So if someone wants to connect to an ipv6 address that would map to my server the router knows to not block the traffic. For this to work though I need update a dynamic DNS record with the public ipv6 address that my server gets to use (something out of the prefix my provider assignes me). This server is an arch linux box. I tried to use inadyn-mt with some systemd unit file I found through google but this does not seem to work right. When I'm in ipv4-only networks (on a mobile connection for example) I often can't resolve the right ip address of my server through dyndns. The thing is that my server doesn't know about a changed ipv4 address because this is handled by the router. It does only know about when his own ipv6 address changes/expires. Based on when this happens inadyn-mt might fire an update to dyndns and with that also pick up the new ipv4 address, but this is not guaranteed.
  Any suggenstions, tool and/or service proposals? Is there a way dns-wise to add a CNAME alias just for A records and not for AAAA?

  I currently use cloudflare as the DNS servers for my domain as it's free and allows to update certain records with their API. I only use it for IPv4, but since they support AAAA records, I assume it will work for IPv6 just as well. It should be quite simple for you to update the script to get the ip of a given interface instead of fetching it from the net.
  #!/bin/sh
  # modified by jfro from http://www.cnysupport.com/index.php/linode-dynamic-dns-ddns-update-script
  # Uses curl to be compatible with machines that don't have wget by default
  # modified by Ross Hosman for use with cloudflare.
  cfkey=<your api key>
  cfuser=<your username>
  cfhost=<hostname you want to update>
  WAN_IP=`curl -s http://icanhazip.com/`
  if [ -f $HOME/.wan_ip-cf.txt ]; then
  OLD_WAN_IP=`cat $HOME/.wan_ip-cf.txt`
  else
  OLD_WAN_IP=""
  fi
  perl -i -pe 'chomp if eof' /var/log/cfclient.log
  if [ "$WAN_IP" = "$OLD_WAN_IP" ]; then
  echo -ne "." >> /var/log/cfclient.log
  else
  echo $WAN_IP > $HOME/.wan_ip-cf.txt
  echo -ne "\nUpdating IP to $WAN_IP\n" >> /var/log/cfclient.log
  curl -s https://www.cloudflare.com/api.html?a=DIUP\&hosts="$cfhost"\&u="$cfuser"\&tkn="$cfkey"\&ip="$WAN_IP" >> /var/log/cfclient.log
  fi
  echo -ne "\n" >> /var/log/cfclient.log

• DNS record is not dynamically created in DNS Zone, when joining to DNS domain

  hi
  in my test lab i have deployed two virtual machines (both are windows server 2008 R2 enterprise).
  on vm1 i have installed just DNS role (without Active directory) and created a primary non-ADintegrated zone.
  on this DNS zone, i have enabled dynamic update set to
  non-secure & secure .
  now in my vm2 (as a DNS client) , i set the ip address of this DNS server as preferred DNS server and then in system properties, on the primary DNS suffix field, i entered the name of my DNS domain (mydomain.lab)& rebooted VM2, but the a record of this
  client (vm2) is not registered (created ) in mydomain.lab zone.
  i respect the record be created like the situations which we join a client to AD domain 

  Hi  John ,
  When registering DNS record ,client will send a SOA query to find the primary server of the zone .Then send register message to the server .
  We can use nslookup to find the problem :
  Open Command Prompt
  type nslookup
  type set type=soa
  type zone name
      1. If there is positive response ,check the name of
  primary name server and the IP address of the server .
  Its name should be vm1.mydomain.lab .If not ,edit the SOA record in the zone .
  If no IP address ,edit NS record in the zone .
      2. If there is no response ,check the SOA record in the zone .
  We can manually delete and recreate the records to ensure there are right SOA and NS records .
  Here is the guide for using nslookup :
  Nslookup :
  https://technet.microsoft.com/en-us/library/cc940085.aspx
  Best Regards,
  Leo
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Hi Leo, thanks for reply.
  i did all steps you mentioned but still no result.
  i put an screenshot of my desktop here , everything is shown here:

• HTTPS, DNS and dynamically updating DNS records

  Hello to you all, if you are able to help with a DNS problem that I'm having then please accept my thanks and appreciation in advance.
  First some background information, I recently  moved my server from my studio to my house where a new purpose built studio will soon be erected. At my old studio any requests for myurl.com came in via the IP (whether that be http, https, ftp etc) from the domain registrar and the router would send the request to the relevant port number whether that be 80 for http or 443 for https etc and all was well as this location had a fixed IP address. Unfortunately at my new location whilst I have a much faster connection I do not have a fixed IP. To get around this I have the following set up (not ideal for a business I know but perfectly OK for home hosting); I set up two psuedo nameservers at no-ip.com (ns1myurl.com and ns2myurl.com) which tracks the changes in my IP address and updates its records accordingly, my registrar then sends any requests to these 'nameservers' and no-ip then forwards it on to my server. So far so good.
  The problem arises once the requests get to my server, whilst I have DNS set up, I can only recieve requests from a straight request to the server ie myurl.com will display the site without any problem, but if I then put a www in front of that or try to access the https part of my site (which is set up as a seperate site on the same server) then the server throws an error. I have tried to put an alias (CNAME) into the zone but it does not want to resolve the request. I have searched around but to no avail, I am totally new to DNS so am currently on a steep learning curve and fumbling around in the dark.
  The first thing that I need to get working is the request to be resolved correctly and then (and this is where the real fun starts!) is to dynamically update the IP in the DNS records as the IP changes. I will probably have to get help in on this as I understand that this requires BIND of which I know nothing about, first though I'd like to get the pages to be served up correctly. Advice, hints, tips or links to tutorials all greatly appreciated. Full set up listed below.
  Many thanks, David.
  Xserve PPC G5 running 10.5.8 unlimited set up as standalone OD master
  Xraid
  APC UPS
  CradlePoint MBR1200 Gateway router which acts as the DHCP
  http://myurl.com and https://myurl.com set up as 2 seperate sites and located on the Xraid
  Current DNS setup:
  Primary Zone name: myurl.com with nameservers ns1myurl.no-ip.info and ns2myurl.no-ip.info and allow zone transfers in checked
  Then
  Name
  Type
  Value
  myurl.com
  Primary Zone
          ns1myurl.no-ip.info
          Machine
  12.34.56.78 (external IP)
          ns2myurl.no-ip.info
          Machine
  12.34.56.78 (external IP)
          myurl.com.
          Machine
  12.34.56.78 (external IP)
          www.myurl.com.
          Alias
  myurl.com.
  With the reverse zone looking thus with allow zone transfers being checked
  Name
  Type
  Value
  56.34.12.in-addr.arpa.
  Reverse Zone
          12.34.56.78
          Reverse mapping
          myurl.com.

  Thanks for the reply Camelot, that part though I had already figured out. I now have this working, all I did was change the external IP to the internal one of the server with resolves with the .local machine name and all is working just fine (for now!). As long as I have primary zones set for each site and any alias or services set up on them then everything works well.. The real test will be when my ISP changes the IP, whilst my tests have proved successful the proof will be when they update the address.
  Thanks anyway. David.

• Dynamic DNS (via DHCP) out of the box?

  Greetings!
  I was just wondering... Does OS X support Dynamic DNS updates out of the box?
  I can't seem to find any confirmation if 10.5 uses bootpd (which I think it does), and if bootpd supports dynamic DNS updates with the named service built into Leopard Server. There don't seem to be any options in Server Admin to enable this... So I'm a little hazy as how to enable dynamic DNS without compiling my own version of ISC-DHCP.
  Just for clarification here; what I'm looking for is the ability to update a DNS zone with a PTR/A record(s) of machines that send a hostname as a part of retrieving a IP address from a DDNS-enabled DHCP server. Ie, "mybox" requests IP from DHCP server, DHCP server updates "mydomain.tld" with a record for "mybox", so that "mybox.mydomain.tld" is resolvable afterwards by the machines on this subnet.
  Cheers,
  -SC

  This is a strange topic because implementing Dynamic DNS on Mac OS X Server looks like it should be child's play... so why hasn't Apple done it? Could it simply be that Apple sees no need for it at this time? Mac OS X clients don't need it to sit happy with a Mac OS X Server. Neither do Windows clients using a Mac OS X Server PDC.
  Apple has implemented Dynamic DNS client support into the Active Directory Plug-in in Leopard. In this environment, of course, the client's DNS server is most likely to be an Active Directory-integrated DNS server which happily support DDNS. Unfortunately this Dynamic DNS facility is not immediately available to those not using the Active Directory plug-in.

• No-ip dynamic DNS for routers that won't accept no...

  For those of you who have abandoned the hopeless BT hub and have gone for another router that doesn't offer no-ip as a dynamic DNS server (e.g. the Netgear DGN1000 router) there is a simple solution. Go to http://no-ip-duc.software.informer.com/4.0/ and download the app. Set it up as per the help instructions and use the File menu to make it a server and also to operate when you log on to yoour PC. Make sure you select your free no-ip address (i.e. make sure all 3 items on its screen have green ticks). It will take care of updating your WAN IP address at no-ip. For no-ip free users you can't change the update rate to automatically update other than every 5 minutes but, for free, that's pretty good!
  For those of you who don't know, BT change your WAN IP address at arbitrary intervals - a free account with no-ip allows you to access a PC, webcam, whatever on your home network from the internet despite the changes to your WAN IP address.

  I currently use cloudflare as the DNS servers for my domain as it's free and allows to update certain records with their API. I only use it for IPv4, but since they support AAAA records, I assume it will work for IPv6 just as well. It should be quite simple for you to update the script to get the ip of a given interface instead of fetching it from the net.
  #!/bin/sh
  # modified by jfro from http://www.cnysupport.com/index.php/linode-dynamic-dns-ddns-update-script
  # Uses curl to be compatible with machines that don't have wget by default
  # modified by Ross Hosman for use with cloudflare.
  cfkey=<your api key>
  cfuser=<your username>
  cfhost=<hostname you want to update>
  WAN_IP=`curl -s http://icanhazip.com/`
  if [ -f $HOME/.wan_ip-cf.txt ]; then
  OLD_WAN_IP=`cat $HOME/.wan_ip-cf.txt`
  else
  OLD_WAN_IP=""
  fi
  perl -i -pe 'chomp if eof' /var/log/cfclient.log
  if [ "$WAN_IP" = "$OLD_WAN_IP" ]; then
  echo -ne "." >> /var/log/cfclient.log
  else
  echo $WAN_IP > $HOME/.wan_ip-cf.txt
  echo -ne "\nUpdating IP to $WAN_IP\n" >> /var/log/cfclient.log
  curl -s https://www.cloudflare.com/api.html?a=DIUP\&hosts="$cfhost"\&u="$cfuser"\&tkn="$cfkey"\&ip="$WAN_IP" >> /var/log/cfclient.log
  fi
  echo -ne "\n" >> /var/log/cfclient.log

• Can we generate the Offfice 365 MX-Token needed for the MX-DNS-Record by ourselves?

  Hi there
  As a hosting company we programmed a DNS-zone-editor in which our customers can edit their DNS-zone. A new feature we are offering is a so-called "DNS-Template-Service", in which our customers can select predefined record templates like GoogleApps
  and then trigger by one click the installation of the predefined records.
  We also would like to offer them "Office 365" as a template. According to this article https://support.office.com/en-ie/article/Create-DNS-records-at-any-DNS-hosting-provider-for-Office-365-7b7b075d-79f9-4e37-8a9e-fb60c1d95166#BKMK_add_CNAME we
  understand that all we need to do is to add a couple of CNAME, TXT and SRV records which is great.
  However, there is also an MX record with a dynamical component (the "MX-Token") that is required:
  <MX token>.mail.protection.outlook.com
  We understand that this token can be fetched by the customer from their office installation. However that would break the purpose of our templating system that is designed to work like an on/off switch.
  So our question is if there is any way that our system could generate this token by itself since we have knowledge of the customers domain anyway.
  According to some customers who already installed those records manually we can see some patterns:
  Example 1: domain1.com results in an MX with a value of
  domain1-com.mail.protection.outlook.com
  This is easy: just replace the dot with a hyphen.
  However for domains with hyphens in the name a special conversion is made and appended on the back of the first part: 
  Example 2: domain-withdash.com results in an MX with a value of domainwithdash-com01e.mail.protection.outlook.com
  Example 3: dom-ainwithdash.com results in an MX with a value of domainwithdash-com0i.mail.protection.outlook.com
  Example 4: doma-in-withadash.ch results in an MX with a value of domainwithdash-com01bb.mail.protection.outlook.com
  So what is the algorithm for this (probably bidirectional) conversion?
  Thanks for letting us know and make it easier for our customers to use office 365 with their own domain name.
  Regards
  Lukas
  Developer @ cyon GmbH

  We actually spent the last 1.5h to reverse-engineer the pattern and (hopefully) found the right answer on how these hyphen-replacements are substituted.
  * This functions generates a token as done in office 365
  * @return mixed|string
  private function getOffice365MxToken($domain)
  $delimiter = '0'; // delimiter between the domain part and the hyphen replacement part
  $token = $domain;
  $hyphenReplaceToken = '';
  // split domain string into chunks of 4 chars
  $chunkSize = 4;
  $chunks = str_split($token, $chunkSize);
  // transform the hyphens (their position) in the domain name to an alphanumerical character string
  $skipCount = 0;
  $intOfA = ord('a'); // get the decimal value of the letter 'a' as start value
  foreach($chunks as $chunk){
  $digit = $intOfA;
  for ($i = 0; $i < $chunkSize; $i++){
  if('-' === $chunk[$i]){
  $digit += pow(2, $i);
  if($intOfA === $digit){ // if the value is a it means no hyphen was found
  $skipCount++;
  continue;
  if (0 !== $skipCount) {
  $hyphenReplaceToken .= $skipCount;
  $hyphenReplaceToken .= chr($digit);
  $skipCount = 0; // rewind skip count
  if(strlen($hyphenReplaceToken) > 0){
  $token .= $delimiter . $hyphenReplaceToken;
  $token = str_replace('-', '', $token); // remove - from domain name
  $token = str_replace('.', '-', $token); // replace dots with -
  return $token;
  Short-hand explanation: The pattern showed that the domain string simply gets chunked into pieces of 4 chars. For each setting at which hyphen(s) can be located at the index value (seen as bit mask 0124) is added up. The resulting number we get per chunk
  then can be added to starting decimal value of the letter 'a' (97) and thus gives us another letter that substitutes the hyphens locations in this chuck. If no hyphen is found, the algo simply counts for how many chunks none were find and adds this up sa a
  number.
  These concatenated letters + skip-numbers then result in the replacement token that gets appended on the end of the domain name (hyphens removed, dots replaced with hyphens). 
  Oh and yeah, between these two parts a '0' is added as delimiter.
  That's it. I hope we got it correct.
  Regards
  Lukas @ cyon GmbH

• DNS records are not 100% correct

  For a while now we've been noticing that some DNS records are not correct. The records are pointing to incorrect IP addresses. One by one I open the record, update the IP, then replicate across all domain controllers.
  What would cause the hostname of one machine to point to another IP address?

  I believe what you're seeing is from DHCP-DNS registration. You may have duplicates, or incorrect data for records that can't be updated by DHCP service or the DHCP client due to permissions on the record. You may also not have scavenging in place.
  In summary:
  Configure DHCP Credentials. The credentials only need to be a plain-Jane, non-administrator, user account. But give it a really strong password.
  Set DHCP to update everything, whether the clients can or cannot.
  Set the zone for Secure & Unsecure Updates. Do not leave it Unsecure Only.
  Add the DHCP server(s) to the Active Directory, Built-In DnsUpdateProxy security group. Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group. For example, some believe that the DNS servers or other DCs not running DHCP should be in it.
  They must be removed or it won't work. Make sure that NO user accounts are in that group, either. (I hope that's crystal clear - you would be surprised how many will respond asking if the DHCP credentials should be in this group.)
  On Windows 2008 R2 or newer, DISABLE Name Protection.
  If DHCP is co-located on a Windows 2008 R2 or Windows 2012 DC, you can and must secure the DnsUpdateProxy group by running the following:
  dnscmd /config /OpenAclOnProxyUpdates 0
  Configure Scavenging on ONLY one DNS server. What it scavenges will replicate to others anyway. Set the scavenging NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length.
  For specifics and step by steps, and good discussions on what's going on in the background and what to expect:
  DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
  http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx  
  Good summary
  How Dynamic DNS behaves with multiple DHCP servers on the same Domain?
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e9d13327-ee75-4622-a3c7-459554319a27
  Another good Summary:
  Thread: "DNS problem" December 18, 2013
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/37b8b6b3-6cb1-496c-8492-09ded13bab18/dns-problem?forum=winserverNIS
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• Dns records

  Recently started running an oes11 dhcp server, replacing a nw65sp8 dhcp
  server.
  Cleared out the existing dns records added by nw65 dhcp & restarted all
  dns/dhcp services.
  Dns records do not seem to be updating the way they did w/ nw65 dhcp.
  Suggestions?
  Stevo

  Originally Posted by Stevo
  Recently started running an oes11 dhcp server, replacing a nw65sp8 dhcp
  server.
  Cleared out the existing dns records added by nw65 dhcp & restarted all
  dns/dhcp services.
  Dns records do not seem to be updating the way they did w/ nw65 dhcp.
  Suggestions?
  Stevo
  How have you setup DDNS on the DHCP server and what do you mean by not updating the way they did? Meaning not at all... partially? :)
  Did you follow TID 3372644 (How to setup Dynamic DNS (DDNS) on OES2 SP2 Server
  Cheers,
  Willem

• DNS record ownership for DHCP clients

  my configuration:
  dhcp/dns/dc installed on same system - Windows 2008 R2 SP1 in domain environment.
  all zones configured to secure updates only with aging and scavenging enabled
  dhcp servers are member of DNSupdateproxy group.
  dhcp are configured with standard domain user account (this user was made a member of dnsupdateproxy as well, DOES THAT MATTER?)
  dhcp scopes are configured with default DNS setup (force DNS update by DHCP)
  now...
  all DNS records for endpoint devices on dhcp lease (windows7, mac os X, ubuntu) are owned by SYSTEM
  in security tab for some DNS records i can see service account with write permission to record ( i believe this is desired state)
  in other records service account has no permission but timestamps are still updated by computer account (hostname$ has write permission). these records have pencil icon on computers in dhcp lease table.
  Problem with this (hostname$ has write permissions) is when user connect to network via VPN (obtains dhcp lease) it get's two records registered in DNS -> 1 record for ip distributed by dhcp server and 2nd record for his home private network.
  Have anyone seen this before?
  i've tried deleting DNS records / releasing ip on endpoint device (example win7). It would not register to DNS by DHCP. However if i do ipconfig /registerdns it will do it, but dhcp service account won't have permission no this record.

  Apparently it appears that DHCP may not be configured with credentials, DHCP DNS settings are not configured to force DHCP to register ALL requests, nor has the DHCP server itself have been added to the DnsUpdateProxy group. These are all prerequisites
  for DHCP to own all records, otherwise you will see default behavior, which is:
  By default, a Windows 2000 and newer statically configured machines will
  register their A record (hostname) and PTR (reverse entry) into DNS.
  If set to DHCP, a Windows 2000 or newer machine will request DHCP to allow
  the machine itself to register its own A record, but DHCP will register its PTR
  (reverse entry) record.
  The entity that registers the record in DNS, owns the record.
  In summary:
  Configure DHCP Credentials. The credentials only need to be a plain-Jane, non-administrator, user account. Give it a really strong password.
  Set DHCP properties, DNS tab, to update everything, whether the clients can or cannot.
  Add the DHCP server(s) to the Active Directory, Built-In DnsUpdateProxy security group.
  Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group. For example, some believe that the DNS servers or other DCs not running DHCP should be in it. They must be removed or it won't work.
  On Windows 2008 R2 or newer, DISABLE Name Protection.
  If DHCP is co-located on a Windows 2008 R2 or Windows 2012 DC, you can and must secure the DnsUpdateProxy group by running the following:
  dnscmd /config /OpenAclOnProxyUpdates 0
  Configure Scavenging one one DNS server. Set the NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length. What it scavenges will replicate to others anyway.
  DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
  Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM  3758  2 
  http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx 
  Good summary:
  How Dynamic DNS behaves with multiple DHCP servers on the same Domain?
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e9d13327-ee75-4622-a3c7-459554319a27
  DNS Record Ownership and the DnsUpdateProxy Group
   http://technet.microsoft.com/en-us/library/dd334715(v=ws.10).aspx
  DNS Record Ownership and the DnsUpdateProxy Group
  "... to protect against unsecured records or to permit members of the DnsUpdateProxy group to register records in zones that allow only secured dynamic updates, you must create a dedicated (NON-ADMIN) user account and
  configure DHCP servers to perform DNS dynamic updates with the credentials of this account (user name, password, and domain). Multiple DHCP servers can use the credentials of one dedicated user account."
  http://technet.microsoft.com/en-us/library/dd334715(WS.10).aspx
  DNS record ownership and the DnsUpdateProxy group
  http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/b17c798c-c4b2-4624-926c-4d2676e68279/
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• [SOLVED] Local Hosting Using a Dynamic DNS

  I've been trying to self host a domain to use owncloud with, through www.mydomainname/owncloud.com or something similar. I've gotten a LAMP set up with a virtual host, have signed up with https://freedns.afraid.org/, set the afraid nameservers, set my IP as an A record through my domain provider and have tried to install a dynamic DNS client on my server computer, though I have not gotten successful results. On my LAMP I've set a virtual host for my domain and I've been able to connect to it locally but not outside of my network. I was able to ping my domain that would in result ping my home IP address but now I get an unknown host. I've also tried to set up my DDWRT router with the provided dyndns. At this point I'm not sure what I'm doing incorrectly.
  Another issue I've been having has been finding a working dyndns client, afraid-dyndns-uv from the AUR gives me a hash error, and the only promising client I've been able to find is freedns-afraid, but it's an RPM package and I don't know how to make use of the files in the tarball.
  I can provide any needed configs, though I don't think that a config would be an error as I've been able to start up my httpd service and connect to it locally perfectly fine. I would greatly appreciate any help c:
  Last edited by 0X1A (2013-06-16 20:19:10)

  0X1A wrote:Alright, so the problem with not being able to ping my IP again was with my registrar nameservers, I had to remove the provided nameservers from them and only use the afraid ones. Now I can ping my IP address but I still can't connect to my domain through my LAMP so now I'm guessing it's either a port forwarding issue or a issue with my apache configuration. What exactly should I have on my httpd conf? I have the ServerName set to my domain name, is there something I'm missing?
  My "ServerName" isn't set to anything particularly special. It's "archsystem:80", which is what I call my computer locally. Here's the entire file for reference:
  # This is the main Apache HTTP server configuration file. It contains the
  # configuration directives that give the server its instructions.
  # See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
  # In particular, see
  # <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
  # for a discussion of each configuration directive.
  # Do NOT simply read the instructions in here without understanding
  # what they do. They're here only as hints or reminders. If you are unsure
  # consult the online docs. You have been warned.
  # Configuration and logfile names: If the filenames you specify for many
  # of the server's control files begin with "/" (or "drive:/" for Win32), the
  # server will use that explicit path. If the filenames do *not* begin
  # with "/", the value of ServerRoot is prepended -- so 'log/access_log'
  # with ServerRoot set to '/www' will be interpreted by the
  # server as '/www/log/access_log', where as '/log/access_log' will be
  # interpreted as '/log/access_log'.
  # ServerRoot: The top of the directory tree under which the server's
  # configuration, error, and log files are kept.
  # Do not add a slash at the end of the directory path. If you point
  # ServerRoot at a non-local disk, be sure to point the LockFile directive
  # at a local disk. If you wish to share the same ServerRoot for multiple
  # httpd daemons, you will need to change at least LockFile and PidFile.
  ServerRoot "/etc/httpd"
  # Listen: Allows you to bind Apache to specific IP addresses and/or
  # ports, instead of the default. See also the <VirtualHost>
  # directive.
  # Change this to Listen on specific IP addresses as shown below to
  # prevent Apache from glomming onto all bound IP addresses.
  #Listen 12.34.56.78:80
  Listen 80
  # Dynamic Shared Object (DSO) Support
  # To be able to use the functionality of a module which was built as a DSO you
  # have to place corresponding `LoadModule' lines at this location so the
  # directives contained in it are actually available _before_ they are used.
  # Statically compiled modules (those listed by `httpd -l') do not need
  # to be loaded here.
  # Example:
  # LoadModule foo_module modules/mod_foo.so
  LoadModule authn_file_module modules/mod_authn_file.so
  LoadModule authn_dbm_module modules/mod_authn_dbm.so
  LoadModule authn_anon_module modules/mod_authn_anon.so
  LoadModule authn_dbd_module modules/mod_authn_dbd.so
  LoadModule authn_default_module modules/mod_authn_default.so
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
  LoadModule authz_user_module modules/mod_authz_user.so
  LoadModule authz_dbm_module modules/mod_authz_dbm.so
  LoadModule authz_owner_module modules/mod_authz_owner.so
  LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
  LoadModule authz_default_module modules/mod_authz_default.so
  LoadModule auth_basic_module modules/mod_auth_basic.so
  LoadModule auth_digest_module modules/mod_auth_digest.so
  LoadModule file_cache_module modules/mod_file_cache.so
  LoadModule cache_module modules/mod_cache.so
  LoadModule disk_cache_module modules/mod_disk_cache.so
  LoadModule mem_cache_module modules/mod_mem_cache.so
  LoadModule dbd_module modules/mod_dbd.so
  LoadModule dumpio_module modules/mod_dumpio.so
  LoadModule reqtimeout_module modules/mod_reqtimeout.so
  LoadModule ext_filter_module modules/mod_ext_filter.so
  LoadModule include_module modules/mod_include.so
  LoadModule filter_module modules/mod_filter.so
  LoadModule substitute_module modules/mod_substitute.so
  LoadModule deflate_module modules/mod_deflate.so
  LoadModule ldap_module modules/mod_ldap.so
  LoadModule log_config_module modules/mod_log_config.so
  LoadModule log_forensic_module modules/mod_log_forensic.so
  LoadModule logio_module modules/mod_logio.so
  LoadModule env_module modules/mod_env.so
  LoadModule mime_magic_module modules/mod_mime_magic.so
  LoadModule cern_meta_module modules/mod_cern_meta.so
  LoadModule expires_module modules/mod_expires.so
  LoadModule headers_module modules/mod_headers.so
  LoadModule ident_module modules/mod_ident.so
  LoadModule usertrack_module modules/mod_usertrack.so
  LoadModule unique_id_module modules/mod_unique_id.so
  LoadModule setenvif_module modules/mod_setenvif.so
  LoadModule version_module modules/mod_version.so
  LoadModule proxy_module modules/mod_proxy.so
  LoadModule proxy_connect_module modules/mod_proxy_connect.so
  LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
  LoadModule proxy_http_module modules/mod_proxy_http.so
  LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
  LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
  LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
  LoadModule ssl_module modules/mod_ssl.so
  LoadModule mime_module modules/mod_mime.so
  LoadModule dav_module modules/mod_dav.so
  LoadModule status_module modules/mod_status.so
  LoadModule autoindex_module modules/mod_autoindex.so
  LoadModule asis_module modules/mod_asis.so
  LoadModule info_module modules/mod_info.so
  LoadModule suexec_module modules/mod_suexec.so
  LoadModule cgi_module modules/mod_cgi.so
  LoadModule cgid_module modules/mod_cgid.so
  LoadModule dav_fs_module modules/mod_dav_fs.so
  LoadModule vhost_alias_module modules/mod_vhost_alias.so
  LoadModule negotiation_module modules/mod_negotiation.so
  LoadModule dir_module modules/mod_dir.so
  LoadModule imagemap_module modules/mod_imagemap.so
  LoadModule actions_module modules/mod_actions.so
  LoadModule speling_module modules/mod_speling.so
  LoadModule userdir_module modules/mod_userdir.so
  LoadModule alias_module modules/mod_alias.so
  LoadModule rewrite_module modules/mod_rewrite.so
  LoadModule php5_module modules/libphp5.so
  <IfModule !mpm_netware_module>
  <IfModule !mpm_winnt_module>
  # If you wish httpd to run as a different user or group, you must run
  # httpd as root initially and it will switch.
  # User/Group: The name (or #number) of the user/group to run httpd as.
  # It is usually good practice to create a dedicated user and group for
  # running httpd, as with most system services.
  User http
  Group http
  </IfModule>
  </IfModule>
  # 'Main' server configuration
  # The directives in this section set up the values used by the 'main'
  # server, which responds to any requests that aren't handled by a
  # <VirtualHost> definition. These values also provide defaults for
  # any <VirtualHost> containers you may define later in the file.
  # All of these directives may appear inside <VirtualHost> containers,
  # in which case these default settings will be overridden for the
  # virtual host being defined.
  # ServerAdmin: Your address, where problems with the server should be
  # e-mailed. This address appears on some server-generated pages, such
  # as error documents. e.g. [email protected]
  ServerAdmin [email protected]
  # ServerName gives the name and port that the server uses to identify itself.
  # This can often be determined automatically, but we recommend you specify
  # it explicitly to prevent problems during startup.
  # If your host doesn't have a registered DNS name, enter its IP address here.
  ServerName archsystem:80
  # DocumentRoot: The directory out of which you will serve your
  # documents. By default, all requests are taken from this directory, but
  # symbolic links and aliases may be used to point to other locations.
  DocumentRoot "/home/http"
  # Each directory to which Apache has access can be configured with respect
  # to which services and features are allowed and/or disabled in that
  # directory (and its subdirectories).
  # First, we configure the "default" to be a very restrictive set of
  # features.
  <Directory />
  Options FollowSymLinks
  AllowOverride None
  Order deny,allow
  Deny from all
  </Directory>
  # Note that from this point forward you must specifically allow
  # particular features to be enabled - so if something's not working as
  # you might expect, make sure that you have specifically enabled it
  # below.
  # This should be changed to whatever you set DocumentRoot to.
  <Directory "/home/http">
  # Possible values for the Options directive are "None", "All",
  # or any combination of:
  # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
  # Note that "MultiViews" must be named *explicitly* --- "Options All"
  # doesn't give it to you.
  # The Options directive is both complicated and important. Please see
  # http://httpd.apache.org/docs/2.2/mod/core.html#options
  # for more information.
  Options Indexes FollowSymLinks
  # AllowOverride controls what directives may be placed in .htaccess files.
  # It can be "All", "None", or any combination of the keywords:
  # Options FileInfo AuthConfig Limit
  AllowOverride All
  # Controls who can get stuff from this server.
  Order allow,deny
  Allow from all
  </Directory>
  # DirectoryIndex: sets the file that Apache will serve if a directory
  # is requested.
  <IfModule dir_module>
  DirectoryIndex index.html index.php
  </IfModule>
  # The following lines prevent .htaccess and .htpasswd files from being
  # viewed by Web clients.
  <FilesMatch "^\.ht">
  Order allow,deny
  Deny from all
  Satisfy All
  </FilesMatch>
  # ErrorLog: The location of the error log file.
  # If you do not specify an ErrorLog directive within a <VirtualHost>
  # container, error messages relating to that virtual host will be
  # logged here. If you *do* define an error logfile for a <VirtualHost>
  # container, that host's errors will be logged there and not here.
  ErrorLog "/var/log/httpd/error_log"
  # LogLevel: Control the number of messages logged to the error_log.
  # Possible values include: debug, info, notice, warn, error, crit,
  # alert, emerg.
  LogLevel warn
  <IfModule log_config_module>
  # The following directives define some format nicknames for use with
  # a CustomLog directive (see below).
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
  LogFormat "%h %l %u %t \"%r\" %>s %b" common
  <IfModule logio_module>
  # You need to enable mod_logio.c to use %I and %O
  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
  </IfModule>
  # The location and format of the access logfile (Common Logfile Format).
  # If you do not define any access logfiles within a <VirtualHost>
  # container, they will be logged here. Contrariwise, if you *do*
  # define per-<VirtualHost> access logfiles, transactions will be
  # logged therein and *not* in this file.
  CustomLog "/var/log/httpd/access_log" common
  # If you prefer a logfile with access, agent, and referer information
  # (Combined Logfile Format) you can use the following directive.
  #CustomLog "/var/log/httpd/access_log" combined
  </IfModule>
  <IfModule alias_module>
  # Redirect: Allows you to tell clients about documents that used to
  # exist in your server's namespace, but do not anymore. The client
  # will make a new request for the document at its new location.
  # Example:
  # Redirect permanent /foo http://www.example.com/bar
  # Alias: Maps web paths into filesystem paths and is used to
  # access content that does not live under the DocumentRoot.
  # Example:
  # Alias /webpath /full/filesystem/path
  # If you include a trailing / on /webpath then the server will
  # require it to be present in the URL. You will also likely
  # need to provide a <Directory> section to allow access to
  # the filesystem path.
  # ScriptAlias: This controls which directories contain server scripts.
  # ScriptAliases are essentially the same as Aliases, except that
  # documents in the target directory are treated as applications and
  # run by the server when requested rather than as documents sent to the
  # client. The same rules about trailing "/" apply to ScriptAlias
  # directives as to Alias.
  ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"
  </IfModule>
  <IfModule cgid_module>
  # ScriptSock: On threaded servers, designate the path to the UNIX
  # socket used to communicate with the CGI daemon of mod_cgid.
  #Scriptsock /run/httpd/cgisock
  </IfModule>
  # "/srv/http/cgi-bin" should be changed to whatever your ScriptAliased
  # CGI directory exists, if you have that configured.
  <Directory "/srv/http/cgi-bin">
  AllowOverride None
  Options None
  Order allow,deny
  Allow from all
  </Directory>
  # DefaultType: the default MIME type the server will use for a document
  # if it cannot otherwise determine one, such as from filename extensions.
  # If your server contains mostly text or HTML documents, "text/plain" is
  # a good value. If most of your content is binary, such as applications
  # or images, you may want to use "application/octet-stream" instead to
  # keep browsers from trying to display binary files as though they are
  # text.
  DefaultType text/plain
  <IfModule mime_module>
  # TypesConfig points to the file containing the list of mappings from
  # filename extension to MIME-type.
  TypesConfig conf/mime.types
  # AddType allows you to add to or override the MIME configuration
  # file specified in TypesConfig for specific file types.
  #AddType application/x-gzip .tgz
  # AddEncoding allows you to have certain browsers uncompress
  # information on the fly. Note: Not all browsers support this.
  #AddEncoding x-compress .Z
  #AddEncoding x-gzip .gz .tgz
  # If the AddEncoding directives above are commented-out, then you
  # probably should define those extensions to indicate media types:
  AddType application/x-compress .Z
  AddType application/x-gzip .gz .tgz
  # AddHandler allows you to map certain file extensions to "handlers":
  # actions unrelated to filetype. These can be either built into the server
  # or added with the Action directive (see below)
  # To use CGI scripts outside of ScriptAliased directories:
  # (You will also need to add "ExecCGI" to the "Options" directive.)
  #AddHandler cgi-script .cgi
  # For type maps (negotiated resources):
  #AddHandler type-map var
  # Use for PHP 5.x:
  AddHandler php5-script php
  # Filters allow you to process content before it is sent to the client.
  # To parse .shtml files for server-side includes (SSI):
  # (You will also need to add "Includes" to the "Options" directive.)
  #AddType text/html .shtml
  #AddOutputFilter INCLUDES .shtml
  </IfModule>
  # The mod_mime_magic module allows the server to use various hints from the
  # contents of the file itself to determine its type. The MIMEMagicFile
  # directive tells the module where the hint definitions are located.
  #MIMEMagicFile conf/magic
  # Customizable error responses come in three flavors:
  # 1) plain text 2) local redirects 3) external redirects
  # Some examples:
  #ErrorDocument 500 "The server made a boo boo."
  #ErrorDocument 404 /missing.html
  #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
  #ErrorDocument 402 http://www.example.com/subscription_info.html
  # MaxRanges: Maximum number of Ranges in a request before
  # returning the entire resource, or one of the special
  # values 'default', 'none' or 'unlimited'.
  # Default setting is to accept 200 Ranges.
  #MaxRanges unlimited
  # EnableMMAP and EnableSendfile: On systems that support it,
  # memory-mapping or the sendfile syscall is used to deliver
  # files. This usually improves server performance, but must
  # be turned off when serving from networked-mounted
  # filesystems or if support for these functions is otherwise
  # broken on your system.
  #EnableMMAP off
  #EnableSendfile off
  # Supplemental configuration
  # The configuration files in the conf/extra/ directory can be
  # included to add extra features or to modify the default configuration of
  # the server, or you may simply copy their contents here and change as
  # necessary.
  # Server-pool management (MPM specific)
  #Include conf/extra/httpd-mpm.conf
  # Multi-language error messages
  Include conf/extra/httpd-multilang-errordoc.conf
  # Fancy directory listings
  Include conf/extra/httpd-autoindex.conf
  # Language settings
  Include conf/extra/httpd-languages.conf
  # User home directories
  Include conf/extra/httpd-userdir.conf
  # Real-time info on requests and configuration
  #Include conf/extra/httpd-info.conf
  # Virtual hosts
  #Include conf/extra/httpd-vhosts.conf
  # Local access to the Apache HTTP Server Manual
  #Include conf/extra/httpd-manual.conf
  # Distributed authoring and versioning (WebDAV)
  #Include conf/extra/httpd-dav.conf
  # Various default settings
  Include conf/extra/httpd-default.conf
  # Secure (SSL/TLS) connections
  #Include conf/extra/httpd-ssl.conf
  # Note: The following must must be present to support
  # starting without SSL on platforms with no /dev/random equivalent
  # but a statically compiled-in mod_ssl.
  <IfModule ssl_module>
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  </IfModule>
  # PHP
  Include conf/extra/php5_module.conf
  # phpMyAdmin
  Include conf/extra/httpd-phpmyadmin.conf
  # General shared files
  Include conf/extra/httpd-drcouzelis.conf
  # Angela's files
  Include conf/extra/httpd-angela.conf
  I'm sorry, I'm having a really hard time understanding the terminology you're using (maybe because I'm just not educated enough). Even so, I'll look into what else might be the problem...

• Create a DNS record that switches IP address based on active server

  Good morning,
    I am trying to create a DNS record that will automatically update which server is the "primary" server.  We use a utility to lock the data and mirror between two servers on our network.  I have been investigating scripting the
  DNS record edit when we change over to the backup server but am still working on that.
  So essentially,
  I have SERVER-SQL record created.  When SERVERSQL1 is the primary with an ip of 1.1.1.1, I want SERVER-SQL to have the IP address of 1.1.1.1.  When SERVERSQL2 is the primary with an ip of 2.2.2.2, I want SERVER-SQL record to have the IP address
  2.2.2.2.
  Any help would be appreciated.

  Hi,
  According to your description, I suppose that you have two SQL server, one is active and another is passive. I noticed that the
  name is record is presented as SERVER-SQL which is different from both of the two servers. So we need create a CNAME record here.
  Based on my knowledge, A record can be created dynamically. But we still need create CNAME record manually. So I think the solution
  is back to the scripts.
  Hope this helps.

• DNS record ownership and the DnsUpdateProxy group

  I have a 2 x 2003 domain controller that have DNS and DHCP Services installed
  I was thinking of configuring DHCP to use a service account to update DNS records.
  If I set this, do the DHCP Servers need to be members of the DNSUpdateProxy security group for the service account to work?>

  I have to agree with John here. I don't think it's reasonable to just say 'ms told us so'. We need a
  technical before and answer is given. I have multiple DHCP servers and I use a security account on them to register the records and never use the
  DNSUpdateProxy Group and I have no problems. My thinking is this:
  Assume we are using Integrated Secure Zones in AD:
  Scenario 1:
  Windows DHCP server i registering records on behalf of clients
  Not a member of DNSUpdateProxy Group and not using dedicated account
  Records will have owner as dhcpserver$  and only that account can update
  This is a problem if that DHCP server fails
  Also, non Windows DHCP server with no AD account cannot update
  Scenario 2:
  Windows DHCP server i registering records on behalf of clients
  Member of DNSUpdateProxy Group and not using dedicated account
  Records will have owner as SYSTEM  and authenticated users can updated meaning any user or client on that domain
  No problem if that DHCP server fails as any other authorized DHCP server can update
  Non Windows DHCP servers can updated if they have a domain machine account
  Scenario 3:
  Windows DHCP server i registering records on behalf of clients
  Using a dedicated account
  Records added with owner same as this dedicated account
  Another DHCP server that also uses this same account can updated the records
  A non windows DHCP server that can use this account can also update the records
  Now, can someone from MS please clarify the technical reason they say that in Scenario 3, you must add the DHCP servers to the
  DNSUpdateProxy group ?
  http://technet.microsoft.com/en-us/library/cc780538(v=ws.10).aspx
  I guess this link didn't help?
  DNS Record Ownership and the DnsUpdateProxy Group
  "... to protect against unsecured records or to permit members of the DnsUpdateProxy group to register records in zones that allow only secured dynamic updates, you must create a dedicated user account and configure DHCP servers to perform DNS dynamic updates
  with the credentials of this account (user name, password, and domain). Multiple DHCP servers can use the credentials of one dedicated user account."
  http://technet.microsoft.com/en-us/library/dd334715(WS.10).aspx
  Just to add:
  Why is the DnsUpdateProxy group needed in conjunction with credentials?
  The technical reason is twofold:
  DnsUpdateProxy:
   Objects created by members of the DNSUpdateProxy group have no security; therefore, any authenticated user can take ownership of the objects.
  DHCP Credentials:
   Forces ownership to the account used in the credentials, which the DnsUpdateProxy group allowed to take ownership other than the registering client.
  Otherwise, the default process is outlined below, and this applies to non-Microsoft operating systems, too, but please note that non-Microsoft operating systems can't use Kerberos to authenticate to dynbamically update into a Secure Only zone, however
  you can configure Windows DHCP to do that for you.
  1. By default, Windows 2000 and newer statically configured machines will
  register their own A record (hostname) and PTR (reverse entry) into DNS.
  2. If set to DHCP, a Windows 2000, 2003 or XP machine, will request DHCP to allow
  the machine itself to register its own A (forward entry) record, but DHCP will register its PTR
  (reverse entry) record.
  3. If Windows 2008/Vista, or newer, the DHCP server always registers and updates client information in DNS.
     Note: "This is a modified configuration supported for DHCP servers
           running Windows Server 2008 and DHCP clients. In this mode,
           the DHCP server always performs updates of the client's FQDN,
           leased IP address information, and both its host (A) and
           pointer (PTR) resource records, regardless of whether the
           client has requested to perform its own updates."
           Quoted from, and more info on this, see:
  http://technet.microsoft.com/en-us/library/dd145315(v=WS.10).aspx
  4. The entity that registers the record in DNS, owns the record.
     Note "With secure dynamic update, only the computers and users you specify
          in an ACL can create or modify dnsNode objects within the zone.
          By default, the ACL gives Create permission to all members of the
          Authenticated User group, the group of all authenticated computers
          and users in an Active Directory forest. This means that any
          authenticated user or computer can create a new object in the zone.
          Also by default, the creator owns the new object and is given full control of it."
          Quoted from, and more info on this:
  http://technet.microsoft.com/en-us/library/cc961412.aspx
  More on this discussed in:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/6f5b82cf-48df-495e-b628-6b1a9a0876ba/regular-domain-user-uses-rsat-to-create-dns-records?forum=winserverNIS
  If that doesn't help, I highly suggest to contact Microsoft Support to get a definitive response. If you do, I would be highly curious what they say if it's any different than what I found out from the product group (mentioned earlier in this thread).
  And of course, if you can update what you find out, it will surely benefit others reading this thread that have the same question!
  Thank you!
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• RW215W Dynamic DNS update interval

  Hi,
  I have a RW215W Router. Using a mobile broadband dongle for internet connection and the public ip changes every time the dongle is connected. I´m using a ddns service. I need update the new ip to the ddns service more frequent or when ip changes. Is this possible? any suggestions?

  Hi,
  Please check if your multiple DHCP has joint the group DnsUpdateProxy or not. To do this, you can refer to:
  DNS Record Ownership and the DnsUpdateProxy Group:  
  http://technet.microsoft.com/en-us/library/dd334715(WS.10).aspx
  Also check if the client service “DNS client service" is running fine.
  Meanwhile, please refer to these articles:
  Troubleshooting dynamic updates
  Solving Dynamic Update and Secure Dynamic Update Problems
  Karen Hu
  TechNet Community Support