Trying to diagnose why a process in one of our routers went amok (!) I ran into a document that explains the DHCP/DNS Update mechanism in Windows clients. This topic has always been a bit obscure, so I decided to write a note here for the record.
Option 81 (a.ka. FQDN option) is one of the many DHCP option fields. This one in particular is used by the clients at DHCPREQUEST time to tell the DHCP server how it should behave concerning DNS updates.
For clients running Windows 2000, Windows XP or Windows Server 2003, the process goes like this:
1. The client sends a DHCPREQUEST and include the option 81. By default it requests that the server updates (sends to the DNS server) only the PTR record, while the client is in charge of updating his own A record.
2. If the server is configured with the default settings (update DNS entries only if clients ask for it) answers with a DHCPACK which contains the option 81 which says that it will only update the PTR record, as requested.
3. The only thing left after the agreement is to do it! The client sends a dynamic DNS update to the DNS server and the DHCP server updates the PTR on behalf of the client.
I got this info at the Microsoft Technet site but how does this work when the DHCP server is a Cisco router, instead of a MS server?
Inside the ip dhcp pool section there’s an option to specify how should this server manage the DNS updates. The syntaxis is as follows:
update dns [both | never] [override] [before]
The default option, that is, the behaviour when this option is not explicitly configured is to don’t perform any update. This is similar to using the option never, I guess.
The interesting options here are both and override, which have opposite effects.
Both will make the Cisco router to update both entries (A and PTR) on behalf of the client. This could be useful if the client lacks this capability, for example a very old Windows client.
Override, on the other side, will instruct the router to perform DDNS updates for PTR records even if the client has specified that the server should not send updates.
Long story short, in a regular network configuration with MS Windows clients, the Cisco router should be configured with the (sub)command “update dns” to let the client update its own A record, while the router takes care of the PTR RR.