Announcement

Collapse
No announcement yet.

Migrating DHCP server service between Server 2008 R2 servers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Migrating DHCP server service between Server 2008 R2 servers

    We are going to migrate our DHCP server, which is currently running on a Server 2008 R2 Domain Controller, to a member server (its actually a cluster).

    In that case I'm curious about the steps necessary to perform the migration. I know that I can use the netsh dhcp server export and netsh dhcp server import commands to export the DHCP database on the old server, and import it on the new DHCP server. So moving the database is not a problem.

    What I am curious about is the dynamic update of PTR records in DNS. The default configuration is that DHCP clients update the A records themselves, and the clients themselves are therefore owners of those records.

    While the PTR records are updated by the DHCP server, and therefore the DHCP server is the owner of those records. But now that I am going to move the DHCP server service to another server. Do I need to perform any configuration changes related to dynamic updates of PTR records, so they can continue to be updated properly?

  • #2
    Re: Migrating DHCP server service between Server 2008 R2 servers

    Just add the new servers to the DnsUpdateProxy group and they should be able to update the existing records.
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Migrating DHCP server service between Server 2008 R2 servers

      But will I also need to configure an account which will perform these updates?

      In the Advanced tab of ipv4, DNS dynamic registration credentials..

      Comment


      • #4
        Re: Migrating DHCP server service between Server 2008 R2 servers

        Thank you for your reply.

        I am just going to think out loud here. By default A host records are updated by clients themselves, therefore the DHCP server is not involved in updating A host records.

        By default PTR records are updated by the DHCP server. When the DHCP server registers these records for the clients, it becomes the owner of these records, and therefore only this DHCP server can update those records afterwards. If you replace the DHCP server, the new server will not be able to update PTR records registered by the old DHCP server. No matter which group you make the new DHCP server a member of, it will not be able to update those records.

        There is a slight caveat here, if the new DHCP server is a Domain Controller, it has the priveleges of the Domain Controller, and can therefore update records that were previously registered by another DHCP server.

        So here you have two choices, either delete the old PTR records manually, and let the new DHCP server register those records. Or, let Aging and Scavenging do its job. Since the old PTR records will not be updated/refreshed, they will in the end be scavenged, if you have configured Aging and Scavenging.

        Only records with a timestamp are aged and scavenged, not the static ones, which have been registered manually. Once the old records are scavenged, the new DHCP server can register those PTR records (again).

        About the DnsUpdateProxy Group

        If the new DHCP server is made member of the DnsUpdateProxy group, any NEW records that are registered by the new DHCP server, will be owned by the Authenticated Users identity. Which means that anyone can update those records.

        This makes those records unsecure. Therefore credentials of a user (who only needs to be member of the Domain Users group) are provided on the Advanced tab of the DHCP server's properties sheet, so that user, whos credentials you provide, becomes the owner of these records.

        If you replace the DHCP server again, you can just provide the credentials of the same user again, and the PTR records will be updated just fine.

        If you have a DHCP cluster, you should make all nodes of the cluster, and the virtual computer object for the clustered DHCP service a member of the DnsUpdateProxy group, and define credentials for a user, so that user can take ownership of the PTR records.

        Because in a clustered DHCP server, the active node, who registers the PTR records, will be the owner of those records, and the other node will not be able to update those records when failover occurs.

        Comment

        Working...
        X