Windows Server 2012 R2- Enhancing DHCP policies and DNS registrations in DHCP server
Windows DHCP server can perform registration of DNS records with the DNS server on the behalf of its clients. Windows Server 2012 R2 enhances this DNS registration functionality in DHCP server. It provides you more flexibility in registering clients with the DNS server. You can now configure the DHCP server to perform registration only for A records and not PTR records. You can now also configure a DNS suffix to register the clients that match a DHCP policy. Together these enhancements give you more control over the DHCP-DNS integration and can be used to reduce the number of DNS registration failures that normally caused due to absence of suitable reverse and forward lookup zones on the DNS server. This blogpost provides step-by-step instructions on how to use these new DHCP server features in Windows Server 2012 R2.
Disabling PTR Record Registrations
Prior to Windows Server 2012 R2, DNS registrations (if enabled on the DHCP server) were performed for both A and PTR records. There are however scenarios where you may want the registrations to be performed by the DHCP server only for DNS A records. For example, it is possible that reverse lookup zones are not configured on the DNS server and any attempts to perform DNS PTR registration leads to failures.
With Windows Server 2012 R2, you can disable DNS registrations for PTR records on the DHCP server. And you can do this at granular levels like scope, policy or reservation. This enables you to configure the DHCP server to register A and PTR records for a particular set of clients and only A records for some other clients.
Right click on the node for IPv4 or a DHCP scope and select Properties.
Go to the DNS tab.
You should be able to see the new configuration for disabling PTR registration.
Using this, you can disable registration of PTR records for clients that get their lease from this scope.
This configuration is also available in properties of server, policies and reservations. You can disable PTR registrations for all DHCP clients by using the configuration at server level or for clients that match a particular policy by using the configuration at policy level. You can disable it for clients that have reservations on DHCP server by using the same configuration provided on a DHCP reservation.
Registering foreign clients using a guest DNS suffix
With the BYOD trend on rise, enterprises today are witnessing a number of devices visiting their premises which are not a member of any of their local registered corporate domains. These devices are either the members of some foreign domain or are workgroup-joined. Now how do you handle the DNS registrations of such devices via DHCP server?
DHCP server in Windows Server 2012 R2 introduces a new criterion in DHCP policies to allow you to group clients based on their fully qualified domain names. What’s more? Using wildcards, you can use this criterion to group clients based on their DNS suffix or based on their host names.
Having grouped clients belonging to foreign domains or workgroups using DHCP policies, you can disable PTR registrations for them. You can also register these clients in a different DNS suffix.
Let us try configuring a scope level policy with fully qualified domain name based conditions and use it to register all matching clients using a guest DNS suffix.
Right click on a DHCP scope and select New Policy.
Enter a suitable name and description for the policy.
On the conditions page press Add.
Select Fully Qualified Domain Name in the Criteria dropdown.
In the Operator dropdown you should be able to see Is Single Label and Is Not Single Label.
Is Single Label should be used when you want to create a policy to match clients with single label names (workgroup clients). Is Not single Label should be used if the case is just opposite. Please note that on selecting either of the operators, you cannot provide a value for the condition.
You can add multiple conditions based on fully qualified domain.
You can add conditions as per any of the use cases demonstrated below:
- The policy in the screenshot below will apply to clients that are member of contoso1.com and contoso2.com
- The policy in the screenshot below will apply to clients that are workgroup joined.
- The policy in the screenshot below will apply to clients that have their fully qualified domain names starting with ‘DELL‘.
Please observe that as the information message in the screenshot below suggests, you cannot configure IP address range or options for a policy with conditions based on fully qualified domain name.
Using the wizard you would have been able to configure only conditions for the policy. You can configure the DNS registration settings for it from the Policy Properties dialog.
Right click on the policy (scope or server level) and select Properties.
Go to the DNS tab.
Here you can specify a guest DNS suffix. All the clients that match this policy will be registered using this DNS suffix.
This guest DNS suffix configuration is available only at policy level. Using this new configuration, you can create a policy with fully qualified domain name based condition and ensure that all foreign domain or workgroup joined clients are registered under a guest DNS suffix.
For successful registration of DNS record, the DNS suffix (guestdomain.contoso.com in this case) must be configured on the DNS server.
You can also try this walk-through for server level policy. For creating a server level policy right click on the IPv4 node and select New Policy.
- You can use the guest DNS suffix configuration with a policy with conditions based on any criteria. You can configure the DHCP server to handle scenarios where clients belonging to specific vendor class or clients with MAC addresses starting with the same OUI prefix are to be registered using the guest DNS suffix.
- Now, you can attach wildcards at the beginning of condition values as well. This will allow you to identify clients whose attribute value ends with a particular set of characters. And now you can use wildcards with relay agent information based criteria as well.
In this post, you have seen the new features in DHCP server in Windows Server 2012 R2, which allow you to disable PTR registration for clients and register a group of clients using a guest DNS suffix.
We hope you found this blogpost helpful. Do let us know your feedback on this post and the new features.