Jul 26 2019 12:51 PM
Jul 26 2019 12:51 PM
As I understand things, if you enable dynamic updating of DNS records on a DHCP scope on a windows DHCP server, the DHCP server will attempt to update the records of the FIRST DNS server on the scope's DNS server list. Is there any way to change that behavior so that it uses an alternative DNS server for updates?
The reason I ask is because I want to use our firewall as the primary DNS server for our clients, but I also want to enable dynamic DNS registration as well and that is not possible through the firewall.
Jul 26 2019 01:31 PM - edited Jul 26 2019 01:38 PM
I want to use our firewall as the primary DNS server for our clients,
This is going to be problematic. Domain controller and all members should have the static ip address of DC listed for DNS and no others such as router or public DNS. Your router / firewall knows nothing about your domain hence should not be used like that. More info here.
Sep 05 2019 10:47 AM
I fail to see how it would be problematic IF the dhcp clients could register their info in the secondary DNS server.
TO be clear, I want to setup the DHCP server to tell the clients to use the firewall as the primary DNS server and our DC as the secondary and make sure the DHCP server registers the client with the secondary DNS server. The firewall IS NOT A delegated DNS server for the domain and it is actually not a DNS server at all and hosts no zone files. It is a smart forwarder that will forward *.contoso.com lookups to the DNS servers designated for that domain and forward other DNS lookups out to our ISP's DNS servers for all other external domains. I've tested it and it works perfectly well. The ONLY problem with this setup is that the DHCP server and the clients will not register their names with the secondary DNS server and so any client that is configured to use the firewall as its primary DNS does not show up in the DNS system for forward or reverse lookups.
From what I've been able to find, there is no way to change this behavior and as such the only option is to use the DC as the primary DNS server if we want dynamic DNS registration to function. The only place this is really much of an issue is on small remote sites connected through a VPN link without a local DC.
Sep 05 2019 01:36 PM
Yes, that's correct, the firewall router has no knowledge of the domain and active directory DNS. Domain controller and all members must use an integrated DNS / domain controller for DNS. If needed add forwarders to objects outside of scope of the domain.
Even over VPN for route the members should have the domain controller listed for DNS and no others such as router or public DNS