Dns server reverse lookup zone not updating
The use of Name Protection in the Windows Server® 2008 R2 operating system prevents name squatting by non-Windows-based computers.“ DHCP Name Protection The DNSupdateproxy group must be secured if Name Protection is enabled on any IPv4 scope Credentials for DNS update should be configured if secure dynamic DNS update is enabled and the domain controller is on the same host as the DHCP serverIf there is no timestamp, such as a manually created, static record, it will not get scavenged.Also, if all servers, including DCs, are automatically updating their own record, then there is no fear of losing their records, because for one, their records (timestamps) are current, therefore scavenging won’t touch them, and two, Windows Servers by default will update their records every 24 hours, with the exception of domain controllers at every 60 minutes.This is because DHCP doesn’t own the record, the client does, even though DHCP registered it.The way to get around this is you can configure DHCP’s Option 081 to update the record for all client, no matter if the client asks or not.Also by default, the creator owns the new object and is given full control of it.
With the default settings, a duplicate A record gets registered by DHCP with the client’s new IP.
If there is a problem with PTRs getting updated even after configuring credentials, please see this article: DHCP server processes expired PTR resource records in Windows Server 2003 . The use of Name Protection in the Windows Server® 2008 R2 operating system prevents name squatting by non-Windows-based computers.
Name squatting does not present a problem on a homogeneous Windows network where Active Directory® Domain Services (AD DS) can be used to reserve a name for a single user or computer.” DHCP Step-by-Step Guide: Demonstrate DHCP Name Protection“Name squatting occurs when a non-Windows-based computer registers in Domain Name System (DNS) with a name that is already registered to a computer running a Windows® operating system.
By default, the ACL gives Create permission to all members of the Authenticated User group, the group of all authenticated computers and users in an Active Directory forest.
This means that any authenticated user or computer can create a new object in the zone.