I'm facing a challenge with our network setup which includes three Domain Controllers (DCs) and five DHCP servers scattered across different locations. We previously had five Read-Only Domain Controllers (RODCs) at these locations, but they've since been replaced with DHCP servers. The main problem is that the DNS isn't always getting updated by the DHCP servers, and I'm unsure about how DNS updates are supposed to work in this setup.
Should I provide the DHCP servers with read/write access in the DNS Security tab, or create a dedicated AD user with administrative privileges to handle the DHCP to DNS updates? This new user would be set up on the DHCP servers. Also, I've been encountering 'BAD_ADDRESS' entries in the DHCP logs, which I suspect is linked to IP conflicts. I would really appreciate any guidance on how to move forward with this!
2 Answers
Have you checked if dynamic DNS is set up on the DHCP servers? It’s important to know how many clients each server is managing too. Those 'BAD_ADDRESS' entries are definitely indicating IP conflicts. You might have devices using static IPs within the DHCP ranges or even conflicting addresses from the servers.
Your DHCP servers don’t need any special permissions in Active Directory or DNS. Instead of giving them direct access, it's better to enable Name Protection and set up a regular, non-privileged service account for them. Make sure all your DHCP servers are using the same account. To resolve those 'BAD_ADDRESS' entries, you'll need to identify the IPs that are causing issues as they might be from previously reserved or excluded addresses that didn’t transfer over to the new servers.
That's true, but remember, the DHCP servers do need permission to update DNS records! Just ensure you set it up properly.