12 comments

Windows 7 & Reverse Lookup DNS Registration

Published on Thursday, December 2, 2010 in

Update [27/06/2013]: new information regarding the topic: Windows 7 & Reverse Lookup DNS Registration [Update]

In my current project we have an Active Directory domain where we use Windows DNS servers with domain integrated DNS zones. For the reverse lookup zones we configured secure only updates. As the DHCP servers in this environment are Linux based we would like the clients to update their PTR records themselves. Updating the PTR records means a client registers his name and IP in the reverse lookup zone.

As we noticed that only Windows 7 workstations with a static IP were being registered we started troubleshooting. As an AD guy I was 100% confident we could get this done using GPO’s. However in the past I have seen strange behavior with the GPO settings below Administrative Templates\Network\DNS client section, and today was just the same. Getting this done is not that obvious.

Below Computer Configuration > Policies > Administrative Templates > Network > DNS Client there is a setting called “Register PTR Records”. One could think that this is pretty easy to configure, enable, throw a gpupdate in and off we go. The setting with some additional info:

image

Although the policy came through just fine, even after a reboot, my client was not registering his PTR record… So I used my 24/7 available free of charge consultant-helpline called google. I stumbled upon the following topic (http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/3a1c9334-54ba-4845-b7c0-ef8ce5454276) where L Ravie Kumar [MSFT] states:

The behavior of Client not registering PTR record by default is modified prior to Windows7 (mostly during Vista time) and is the intended behavior. The Dhcp Server is responsible for performing PTR record registration on behalf of client. Incase if dynamic DNS registration is not enabled on Server (because of which Server doesnot do PTR registration), Client can trigger registration,if "Use this connection's DNS suffix in DNS registration" is selected in adapter properties.

After checking “Use this connection’s DNS suffix in DNS registration” in the advanced TCP/IP settings all went fine. The record appeared in the reverse DNS zone as expected. Even without the above GPO setting configured. I do think you can use the GPO if you want to fine-tune the registration behavior as it contains 3 options.

image

So all we have to do is implement this in bulk. I haven’t found a way to do this by GPO, I might have missed it though. I thought GPO preferences would be the easiest way, but this setting is located below HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{GUID}\RegisterAdapterName and the GUID is different for each system… So no luck there.

The following command can be executed in order the check the required option:

netsh interface ipv4 set dnsservers name="Local Area Connection" source=dhcp register=both

In our environment we deploy all workstations using SCCM so the above is definitely a reasonable solution.

Related Posts

12 Response to Windows 7 & Reverse Lookup DNS Registration

Anonymous
23 January, 2012 18:18

Excellent.. Your work helped addressed my issue.

Anonymous
14 March, 2012 13:48

Great!
That solved my problems with my VDI:s.
They refused to register in the RLZ. One checkbox on the masterimage and the problem was solved!

// Jonas

Anonymous
25 March, 2013 20:04

Dude, you're awesome. Finding your blog was finally ending my struggle with this mystery.

Cheers!!

28 March, 2013 19:20

Thanks for the thumbs up!

04 April, 2013 08:30

Excellent article!
I experienced a similar problem. I installed bind9 on debian. I can look at the log, all Windows XP client update both the forward and reverse zone. But the Windows 7 only update the forward zone. I thought this anomaly comes from the unappropriated setting on bind, but I believe there is something wrong with Windows 7 and it's true. Luckily I read this article, thanks.

Anonymous
08 May, 2013 01:32

Awesome.. same issue here with VDIs.. so easy.. lol

27 June, 2013 17:19

Because updating dns has now become DHCP servers responsibility in Server 2008, you can modify the behavior of your scope to ALWAYS update DNS, rather than only when the client requests it. I recently had a DNS issue, and had to re-create my zone, and the rDNS entries weren't being added. I found this blog, and realized that there was no easy way to turn that setting on, so I looked into the DHCP side of things, and that is now working perfectly.

Q

27 June, 2013 19:27

Thanks for taking the time to post back. What a coincidence: I just was writing an update for this matter: http://setspn.blogspot.be/2013/06/windows-7-reverse-lookup-dns.html

At the bottom you can also find an explanation as to why letting DHCP register the records is not an option for us.

Anonymous
14 November, 2013 11:11

Thanks a lot. This solved our problem. We don't need to setup a Windows DHCP Server.

Anonymous
31 March, 2014 21:30

To do it in a GPO, you can find the option under Computer Config > Policies > Admin Template > Network > DNS Client > Register DNS records with connection-specific DNS Suffix and enable it.

Anonymous
27 February, 2015 15:39

Make sure it's not a permission issue like I just found out. I followed this video and it rectified the problems I had. https://www.youtube.com/watch?v=Tukvch2Qtuc

26 September, 2018 14:07

Do not forget explicitly implement security access rights to the desired reverse DNS zone for DnsUpdateProxy AD built-in group. This mentioned group should include all of yours DHCP servers. Otherwise DHCP server will not be able to write/change PTR-record.

Add Your Comment