Cisco CNS Network Registrar User's Guide, 5.0
Configuring Dynamic DNS Update
Download this chapter
Configuring Dynamic DNS UpdateConfiguring Dynamic DNS Update
give_us_feedback

Table of Contents

Configuring Dynamic DNS Update

Configuring Dynamic DNS Update

Dynamic DNS update integrates DNS with DHCP. The two protocols are complementary: DHCP centralizes and automates IP address allocation; dynamic DNS update automatically records the association between assigned addresses and host names.

When you use DHCP and dynamic DNS update, this configures a host is automatically for network access whenever it attaches to the IP network. You can locate and reach the host using its permanent, unique DNS host name. Mobile hosts, for example, can thereby move freely on a network without user or administrator intervention.

This chapter explains how to use dynamic DNS update with Network Registrar servers using both the GUI and the CLI. Table 9-1 lists the dynamic DNS update configuration topics explained in this chapter and their associated sections.


Table 9-1: Dynamic DNS Update Configuration Topics
If you want to... Go to...

Know more about why you would configure dynamic DNS update

"Dynamic DNS Update Process" section

Configure dynamic DNS update for the scope

"Configuring Dynamic DNS for a Scope" section

Configuring host name updates for Windows 2000 clients

"Configuring Updates for Windows 2000 Clients" section

Enable dynamic DNS updates from host names

"Enabling Dynamic Update on the DNS Server" section

Change system defaults for advanced parameters

"Setting Advanced DDNS Properties" section


Dynamic DNS Update Process

To configure dynamic DNS update, you need to configure both a DHCP scope and a primary DNS zone, and supply host names. You can request that Network Registrar generate host names, or you can supply them. You can update only a primary DNS server that supports dynamic DNS update.

This is the process you follow to configure dynamic DNS update:

1. Configure the DHCP scope for dynamic DNS update.

2. Configure the DNS zones to accept dynamic DNS updates.

3. Define advanced dynamic DNS update support. (You rarely need to modify the system defaults for the advanced parameters. However, they are described in "Setting Advanced DDNS Properties" section for your reference.)

4. Reload the servers.

The remainder of this chapter describes each step in more detail.

Dynamic DNS resource records do not appear in the DNS GUI interface. If you want to confirm that the DNS update is working, enter:

nrcmd> zone testzone listRR dynamic

A complete list of dynamic updates appears.

The Network Registrar DHCP server stores all pending DNS update information on disk. If DHCP cannot communicate with a particular DNS server, it periodically tests for re-established communication and submits all pending updates. This test typically occurs every 40 seconds until communication with DNS is re-established.

Configuring Dynamic DNS for a Scope

This section describes how to configure dynamic DNS for a DHCP scope.

Note   If you enable dynamic DNS update for large deployments, you should divide primary DNS and DHCP servers across multiple clusters. Dynamic DNS update generates an additional load on the Network Registrar servers.
Using the GUI:
Step 1   In the Server Manager window, double-click the DHCP scope you want to associate with dynamic DNS update.

Step 2   Click the DNS tab of the Scope Properties dialog box (Figure 9-1).


Figure 9-1: DNS Tab (Scope Properties Dialog Box)


Step 3   Select the Perform dynamic DNS updates check box.

Step 4   In the Forward field, enter the domain name of the forward DNS zone. This is the name of the DNS zone to which a DHCP client's host address (A record) should be added.

Step 5   In the Server IP address field next to the Forward field, enter the IP address of the DNS server for the forward zone.

Step 6   In the Reverse field, enter the domain name of the reverse DNS zone. This is the in.addr.arpa zone updated with the pointer (PTR) and text (TXT) records.

Step 7   In the Server IP address field next to the Reverse field, enter the IP address of the reverse DNS server.

The Number of host bytes field indicates the number of IP address octets in the host name of the reverse DNS zone as opposed to the actual zone name. This is a non-editable field and the number is derived from the network number of the reverse zone.

Step 8   Select whether to update the DNS records before or after the DHCP server responds to the client with a lease. The default is After responding to client.

Caution   With Windows 95 clients, do not choose Before responding to client. This can cause unnecessary delays and problems.

Step 9   If you want Network Registrar to create host names for hosts that do not supply names, select the Create host names for hosts that do not supply one check box. Network Registrar then creates a unique host name by prepending characters (dhcp by default) to the server's ID within the cluster followed by an incremented number, starting with dhcp-1-1 by default.

Step 10   If you want Network Registrar to use a specific host name prefix other than dhcp, enter the prefix in the Create host name starting with field.

Step 11   Click OK.

Step 12   Reload the DHCP server. The server can start giving out leases again.

Using the CLI:

Use the scope set and scope enable commands to set up and enable dynamic DNS update for the DHCP scope. Use separate scope set commands to set the name of the zone to which a DHCP client's host name should be added, as well as the IP addresses of the primary forward and reverse zones on a server that supports the dynamic DNS update protocol.

nrcmd> scope testScope set dns-zone-name=QuickExample.com 
nrcmd> scope testScope set dns-server-addr=192.168.40.1 
nrcmd> scope testScope set 
dns-reverse-zone-name=40.168.192.in-addr.arpa 
nrcmd> scope testScope set dns-rev-server-addr=192.168.40.1

Use the scope enable command to enable dynamic updates for this scope, then reload the server.

nrcmd> scope testScope enable dynamic-dns 
nrcmd> server DHCP reload
Note   For dynamic DNS update, DHCP uses the host name that is passed to the server in the host-name DHCP option. With Microsoft clients, this is the name that appears in the Control Panel/Network/Identification dialog box, not the one that appears in the Control Panel/Network/Protocols/Microsoft TCPIP Properties/DNS dialog box. The name is set on the client's computer.

For security purposes, Network Registrar's dynamic DNS update process does not modify or delete a name an administrator manually entered in the DNS database.

Configuring Updates for Windows 2000 Clients

Windows 2000 clients can update the DNS server with their address records directly, if allowed to do so by the DHCP server. The client notifies the DHCP server that it is updating DNS with its name by sending the fqdn (Fully Qualified Domain Name) DHCP option (81) in a request packet to the server. The client can either request to notify the DNS server of its name (A record), or request that the server should update the A record. To request notifying the server directly, the client selects the "Register this connection's addresses in DNS" option in control panel settings. However, a Windows 2000 RC3 DHCP server can also set the fqdn option to ignore the client's request and force the server to update the name. In Network Registrar, you can do this by creating a policy for Windows 2000 clients and setting the allow-client-a-record-update feature of the policy enable command.

If the fqdn option is sent, either the client or the server can update the client's A resource record, but only the DHCP server can update the PTR record, in the DNS server. If the client does not send the fqdn option, the server always updates the A record without responding to the client with the fqdn option.

Note that dynamic update does not necessarily need to be enabled in the server or for a scope as long as the Windows 2000 client requests self-updating through the fqdn option (81) and the server allows it to do so. The client can still broadcast its name update to a DNS server. The various actions the client and server can take and their results are described in Table 9-2.


Table 9-2: Windows 2000 Client DNS Update Options
If the DHCP client.... With DDNS... Then the DHCP server...

Requests the DHCP server to update its name (deselects "Register this connection's address in DNS")

Enabled

Responds with the fqdn option and updates the client name with the DNS server.

Disabled

Does not respond with the fqdn option. No A or PTR records are updated in the DNS server.

Does not request a name update (does not send the fqdn option)

Enabled

Does not respond with the fqdn option, but still updates the client name.

Disabled

Does not respond with the fqdn option. No A or PTR records are updated in the DNS server.

Requests to update its name itself (selects "Register this connection's address in DNS") and the server sets allow-client-a-record-update=true

Enabled or disabled

Responds with the fqdn option to allow the client to update its name with the DNS server.

Requests to update its name itself (fqdn S=0), but the server sets allow-client-a-record-update=false

Enabled

Responds with the fqdn option that the server and not the client will update the A record.

Disabled

Sends no fqdns. No name is updated.


Settings in the Windows 2000 Client:

The Windows 2000 RC3 client has an Advanced tab of the TCP/IP Settings in the control panel to enable sending the fqdn option with the proper setting:

Step 1   On the Windows 2000 RC3 client system, go to the Control Panel and open the TCP/IP Settings dialog box.

Step 2   Click the Advanced tab.

Step 3   Click the DNS tab.

Step 4   To have the client send the fqdn option in its request, leave the Register this connection's addresses in DNS option selected. This indicates that the client wants to do the A record update.

Settings in the DHCP Server:

You can use the GUI or CLI to apply a relevant policy to a scope that includes the Windows 2000 clients, and enable DNS updates for the scope. However, you must use the CLI to set the allow-client-a-record-update feature for the policy.

Step 1   Create a new policy (explicit or embedded) for the scope that includes the Windows 2000 clients, naming the policy something like policyWin2k, as described in the "Defining and Configuring Scopes" section. For example:

nrcmd> scope Win2k create 192.168.1.0 255.255.255.0 
nrcmd> policy policyWin2k create 
nrcmd> policy policyWin2k set ...
nrcmd> scope Win2k set policy=policyWin2k 
nrcmd> scope Win2k addRange 192.168.1.10 192.168.1.100

Step 2   Use the scope enable dynamic-dns command or select the Perform dynamic DNS updates check box in the GUI. Then set the zone name, server address (for A records) and reverse server address (for PTR records) properties, as described in the "Configuring Dynamic DNS for a Scope" section.

Step 3   If you want the client to update its A record in the DNS server, use policy enable allow-client-a-record-update (this is the default).

nrcmd> policy policyWin2k enable allow-client-a-record-update

Step 4   Reload the DHCP server.

nrcmd> server DHCP reload

Enabling Dynamic Update on the DNS Server

After configuring dynamic DNS update for the DHCP scope, you must enable the feature for the DNS server.

Using the GUI:
Step 1   In the Server Manager window, double-click the DNS zone that you want to configure for dynamic DNS update.

Step 2   Click the DHCP tab of the Primary Zone Properties dialog box (Figure 9-2).


Figure 9-2: DHCP Tab (Primary Zone Properties Dialog Box)


Step 3   Select the Enable dynamic DNS updates check box.

Step 4   In the Accept updates from these addresses only field, enter at least one address from which to allow DNS updates. You must enter an address, or dynamic updates will not occur.

You should find the addresses on the Hosts tab.

Step 5   Repeat this process for the reverse DNS zones. For example, the corresponding reverse zone for forward zone example.com might be 1.168.192.in-addr.arpa.

Step 6   Click OK.

Step 7   Reload the DNS server by right-clicking the icon, then clicking Reload.

Using the CLI:

Use the zone enable dynamic command to enable dynamic updates for host names in the forward and reverse zones and the zone set dynupdate command to specify the name of the server, then reload the server.

nrcmd> zone example.com. enable dynamic 
nrcmd> zone 40.168.192.in-addr.arpa. enable dynamic 
nrcmd> zone example.com. set dynupdate-set=192.168.40.1 
nrcmd> zone 40.168.192.in-addr.arpa. set dynupdate-set=192.168.40.1 
nrcmd> server DNS reload
Note   If the DNS zone and the DHCP scope are on the same machine, be sure to include the loopback address 127.0.0.1 in the DNS server's list of addresses from which it accepts updates to ensure that dynamic updates occur in both the forward and reverse zones.

Setting Advanced DDNS Properties

You rarely need to modify the system defaults for advanced DDNS properties. However, they are described in the following sections for your reference. Defining advanced dynamic DNS update support involves setting these parameters:

  • Number of DNS packets

  • DNS packet size

  • Number of DNS retries

  • Number of DNS renaming retries

  • DNS request timeout

  • Maximum DNS record time to live

Setting the Number of DNS Packets

You can control the number of buffers that DHCP allocates for communicating with DNS servers. You can reduce the DHCP server's memory requirements by reducing the number of DNS packets, at the risk of missing updates. The default is 500 packets.

Using the GUI:
Step 1   In the Server Manager window, double-click the DHCP server to open its properties.

Step 2   Click the Advanced tab of the DHCP Server Properties dialog box.

Step 3   Record the number entered in the Number of DHCP responses field. (For details how to set this number, see the "Defining Advanced Server Parameters" section.)

Step 4   Click the Advanced DNS tab (Figure 9-3).


Figure 9-3: Advanced DNS Tab (DHCP Server Properties Dialog Box)


Step 5   Set the number of DNS packets in the Number of DNS packets field. Do not set this lower than the number recorded in step 3. The default is 500 packets.

Step 6   When you are finished setting advanced properties, click OK, then reload the DHCP server.

Using the CLI:

Use the dhcp set max-dns-packets command to set the number of DNS packets property. Do not set this lower than the number of DHCP responses (max-dhcp-responses).

nrcmd> dhcp get max-dhcp-responses 
nrcmd> dhcp set max-dns-packets=400

Setting the DNS Packet Size

Do not change the DNS packet size unless instructed to do so by the Cisco Technical Assistance Center. The default is 512 bytes.

Using the GUI:
Step 1   In the Server Manager window, double-click the DHCP server to open its properties.

Step 2   Click the Advanced DNS tab (Figure 9-3).

Step 3   Enter the value (in bytes) instructed by the Cisco Technical Assistance Center in the DNS packet size field. The default is 512 bytes.

Step 4   When you are finished setting advanced properties, click OK, then reload the DHCP server.

Setting the Number of DNS Retries

You can control the number of times the DHCP server attempts to send dynamic updates to a DNS server. The default is three retries.

Using the GUI:
Step 1   In the Server Manager window, double-click the DHCP server to open its properties.

Step 2   Click the Advanced DNS tab (Figure 9-3).

Step 3   Enter a value in the Number of DNS retries field.

Step 4   When you are finished setting advanced properties, click OK, then reload the DHCP server.

Using the CLI:

Use the dhcp set max-dns-retries command to set the number of DNS retries.

nrcmd> dhcp set max-dns-retries=6

Setting the Number of DNS Renaming Retries

You can control the number of times the DHCP server tries to add a host to DNS even if it detects that the host name is already present. This value controls the number of times the DHCP server tries to modify a host name to resolve a conflict. The default is three retries.

Using the GUI:
Step 1   In the Server Manager window, double-click the DHCP server to open its properties.

Step 2   Click the Advanced DNS tab (Figure 9-3).

Step 3   Enter a value in the Number of DNS renaming retries field.

Step 4   If finished setting advanced properties, click OK, then reload the DHCP server.

Using the CLI:

Use the dhcp set max-dns-renaming-retries command to set the maximum number of DNS renaming retries.

nrcmd> dhcp set max-dns-renaming-retries=6

Setting the DNS Request Timeout

You can control the number of milliseconds the DHCP server waits for a response before retrying a dynamic DNS request. The default is 5000 milliseconds.

Using the GUI:
Step 1   In the Server Manager window, double-click the DHCP server to open its properties.

Step 2   Click the Advanced DNS tab (Figure 9-3).

Step 3   Enter a value in milliseconds in the DNS request timeout field.

Step 4   When you are finished setting advanced properties, click OK, then reload the DHCP server.

Using the CLI:

Use the dhcp set dns-timeout command to set the DNS request timeout value.

nrcmd> dhcp set dns-timeout=3600

Setting the Maximum DNS Record Time to Live

You can set the TTL ceiling, in seconds, for DNS records added through dynamic DNS. When the DHCP server adds a DNS record, it sets the TTL to the smaller of one-third of the lease time or this ceiling value. The DNS record's effective TTL may be determined by the DNS zone's default TTL. (See the "Setting the SOA Time to Live" section.) The default is 86400 seconds.

Using the GUI:
Step 1   In the Server Manager window, double-click the DHCP server to open its properties.

Step 2   Click the Advanced DNS tab (Figure 9-3).

Step 3   Enter a value in seconds in the Maximum DNS record time to live field.

Step 4   When you are finished setting advanced properties, click OK, then reload the DHCP server.

Using the CLI:

Use the dhcp set max-dns-ttl command to set the maximum DNS TTL value.

nrcmd> dhcp set max-dns-ttl=3600