Today I want to show how we can configure DNS dynamic updates in Windows.

The DNS update functionality enables DNS client computers to register and to dynamically update their resource records with a DNS server whenever changes occur. If you use this functionality, you can reduce the requirement for manual administration of zone records, especially for clients that frequently move and use Dynamic Host Configuration Protocol (DHCP) to obtain an IP address.

Windows provides support for the dynamic update functionality as described in Request for Comments (RFC) 2136. For DNS servers, the DNS service permits you to enable or to disable the DNS update functionality on a per-zone basis at each server that is configured to load either a standard primary or directory-integrated zone.

Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003





Introduction

By default, Windows computers that are statically configured for TCP/IP try to dynamically register host address (A) and pointer (PTR) resource records for IP addresses that are configured and used by their installed network connections. By default, all computer register records are based on the full computer name.

The primary full computer name is a fully qualified domain name (FQDN). Additionally, the primary full computer name is the primary DNS suffix of the computer that is appended to the computer name. To determine the primary DNS suffix of the computer and the computer name, right-click My Computer, click Properties, and then click Computer Name.

DNS updates can be sent for any one of the following reasons or events:

  • An IP address is added, removed, or modified in the TCP/IP properties configuration for any one of the installed network connections.
  • An IP address lease changes or renews any one of the installed network connections with the DHCP server. For example, this update occurs when the computer is started or when you use the ipconfig /renew command.
  • You use the ipconfig /registerdns command to manually force an update of the client name registration in DNS.
  • The computer is turned on.
  • A member server is promoted to a domain controller.


When one of these events triggers a DNS update, the DHCP Client service, not the DNS Client service, sends updates. If a change to the IP address information occurs because of DHCP, corresponding updates in DNS are performed to synchronize name-to-address mappings for the computer. The DHCP Client service performs this function for all network connections on the system. This includes connections that are not configured to use DHCP.

By default, Windows registers A and PTR resource records every 24 hours regardless of the computer’s role. To change this time, add the DefaultRegistrationRefreshInterval registry entry under the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters

The interval is set in seconds.

To disable dynamic updates for all network interfaces, add the following registry DWORD value:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate = 1

Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003


In order to show how this will work I will first create a new DNS Zone in the next section below.




Create a new DNS Zone (Primary Forward Lookup Zone)

To create a new DNS zone on a Windows DNS server, right click on the Forward Lookup Zone folder and select New Zone …



I will create a new primary zone which can directly updated on the server.

More about the different types of zones you will find in the following Microsoft article https://learn.microsoft.com/en-us/windows-server/networking/dns/zone-types#dns-zone-types.


I will create a new Forward lookup zone which will translate DNS names into IP addresses and further will provide information about available network services by providing so called service records (SRV).


Enter a zone name which is the DNS namespace for which this server is authoritative.



Here you can select to allow or not allow dynamic updates, I will first select here to not allow in order to show you later where you can change this.



Finally the new zone is created.



As mentioned we can anytime change to allow or not allow dynamic DNS updates by right clicking on the DNS zone, selecting properties and here within the General tab we can switch for Dynamic updates from None to Nonsecure and secure.

Because this DNS zone is not stored in Active Directory (just available if DNS server is a writeable domain controller), we can’t use Secure only dynamic updates here.


Below for example the domain controller from my lab environment where the DNS zone is stored in Active Directory we can select Secure only dynamic updates.

Secure dynamic updates
https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003#secure-dynamic-updates





Enable DNS dynamic Updates

Below to show dynamic updates from a Windows Server 2022 which is not domain joined in my lab environment, I will first enable dynamic updates on the DNS server.


Here you will see the configuration of a Window Server 2022 which have configured the DNS server in its IP configuration. The server is not domain joined but have configured the DNS suffix from the above braintesting.local zone.


As shown previously in the introduction, default, Windows registers A and PTR resource records every 24 hours regardless of the computer’s role. To change this time, add the DefaultRegistrationRefreshInterval registry entry under the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters

The interval is in second.

To disable dynamic updates for all network interfaces, add the following registry DWORD value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate = 1

We can also uncheck below on the NIC to register or not the IP address in DNS.


So far within the DNS zone for braintesting.local there are no A records shown up from computers.

I will now execute the ipconfig /registerdns command on the Windows Server 2022 (brainSRV01).


The new A record is shown up immediately on the DNS server.




Disable DNS dynamic Updates

As already mentioned and showed, you can disable DNS dynamic updates in general on the DNS server or just on dedicated client computer.

On the DNS server you can disable DNS dynamic updates for DNS zones. On the properties dialog of the DNS zone switch to None within the General tab for dynamic updates as shown below.



By default, Windows registers A and PTR resource records every 24 hours regardless of the computer’s role. To change this time, add the DefaultRegistrationRefreshInterval registry entry under the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters

The interval is set in seconds.

To disable dynamic updates for all network interfaces, add the following registry DWORD value:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableDynamicUpdate = 1

Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003


To disable dynamic DNS updates on a client just for a specific network interface, you can either use the advanced TIP/IP settings of a specific NIC or you can also use a registry setting.


To disable dynamic updates for a specific interface by using the registry,

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\interface

Add a new DWORD value named DisableDynamicUpdate with the value 1.

interface is the device ID of the network adapter for the interface that you want to disable dynamic update for.

Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003#disable-dns-dynamic-updates


In case you have disabled DNS dynamic updates on a computer and nevertheless execute the ipconfig /registerdns command on that computer, you will encounter the following error message.

Registration of DNS records failed: Not enough memory resources are available to complete this operation.



DNS dynamic Updates through Conditional Forwarders

The DNS dynamic updates by the way are also working when using a conditional forwarder on the DNS server.

Below for example I have a DNS server just for non domain computers on which the braintesting.local domain is configured as primary DNS suffix.

When I will now change the primary DNS suffix into braintesting.de on this computer, the computer will register its computer name on the DNS server for the braintesting.de domain which is configured below as conditional forwarder.


Because the DNS server for braintesting.de will store its DNS zone in Active Directory, I first have to allow Nonsecure dynamic updates on.





Links

How to configure DNS dynamic updates in Windows
https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-dns-dynamic-updates-windows-server-2003