Find the answer to your Linux question:
Results 1 to 2 of 2
Hey, I have a linux box (Ubuntu 10.04) in a microsoft environment at work. IT wants it to auto-register in the DNS. I have next to no knowledge about networking, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2008
    Location
    Copenhagen
    Posts
    5

    How to auto-register a linux box in microsoft DNS


    Hey,
    I have a linux box (Ubuntu 10.04) in a microsoft environment at work. IT wants it to auto-register in the DNS. I have next to no knowledge about networking, so any hints would be appreciated (google didn't give anything useful). Is there a specific configuration file for this?
    Cheers,
    BBAF

  2. #2
    Linux Engineer rcgreen's Avatar
    Join Date
    May 2006
    Location
    the hills
    Posts
    1,134
    The DHCP server can be configured to do the DNS
    updates itself.

    I also suggest to configure DHCP to register all DHCP clients, whether the client supports Dynamic Updates or not. This way all DHCP clients get registered and DHCP owns the record. I suggest to enable DNS scavenging to remove stale records, which will keep the zone clean.

    To force DHCP to own the record, you have two options: Option 1 is to add the DHCP server to the DnsUpdateProxy group. However this is a security risk if DHCP is on a DC. And Option 2, which is preferred, whether DHCP is on a DC or not, is to create a user account for the sole purpose of using it as credentials that DHCP will use to update records. This is a regular Domain User account, and not an admin account.

    Option 1:

    1. Add the DHCP server to the DnsUpdateProxy Group.
    2. Force DHCP to register all records, Forward and PTR, (whether a client machine can do it or not) in the Option 081 tab (DHCP properties, DNS tab).
    3. Set Option 015 to the AD domain name (such as example.com).
    4. Set Option 006 to only the internal DNS servers.
    5. If the zone is set for Secure Updates Only, then DHCP cannot update non-Microsoft clients and Microsoft clients that are not joined to the domain. In this case, you will need to create and configure a user account for use as credentials for DHCP to register such clients.


    Option 2:

    (Steps 1 and 2 are for Windows 2003)

    1. In AD, create and configure a dedicated Domain User account to use as credentials in DHCP. The user account does not need any elevated rights, a normal user account is fine, however I recommend using a Strong non-expiring password on the account.
    2. In the DHCP Console, DHCP server properties, select the Advanced tab, click the Credentials button, and provide the account's credentials.
    3. If using Windows 2000, it must be done with the Netsh command. Windows 2003 and newer can also be done with the Netsh command, if you desire.

    Providing DHCP credentials, or using the DnsUpdateProxy group, will also allow DHCP to register Win9x machines, as well as non-Windows machines, such as Linux, OSx (BIND based), and other Unix flavors.

    With regards to the DnsProxyUpdate Group, as said, this is one method, but normally, for the most part, it is not advised to use it as it weakens security including the DC records if DHCP is on a DC. Preferably configure DHCP with an account.

    Once you've implemented scavenging, you will need to wait at least a week for it to take effect. You can quicken it up by manually deleting the incorrect records to give yourself a head start.

    Configuring credentials or using the DnsUpdateProxy group, will allevaite another issue - If DHCP is on a DC, it will not overwrite the original host record for a machine getting a new lease with an IP previoulsy belonging to another host.
    DHCP, Dynamic DNS Updates , Scavenging, static entries & timestamps, and the DnsProxyUpdate Group - Ace Fekay's Active Directory, Exchange and Windows Infrastructure Services Blog

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •