Question on Client DNS records

Home Forums Server Operating Systems Windows Server 2012 / 2012 R2 Question on Client DNS records

This topic contains 7 replies, has 4 voices, and was last updated by  wullieb1 1 month, 1 week ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts

  • shiftyoliver
    Participant
    #610353

    Wondering if clients registering their DNS record in an Active Directory environment is necessary for it to function?

    DNS records are basically for clients to find resources in an Active Directory environment so having A records for the local printer server or domain controller makes sense. But what are the purposes of a client registering their own A record? Aside from maybe allowing an administrator to remote in the machine by domain name instead of IP address. Thanks!


    Ossian
    Moderator
    #610384

    If you look deeply into AD, there is a lot of mutual authentication taking place, and servers expect the clients to be registered, also the clients expect (and keep trying) to register.

    (in other words, “If it ain’t broke, don’t try to fix it”)


    shiftyoliver
    Participant
    #610396

    What kind of mutual authentication is taking place between the servers and the clients? Could you explain or point me to some documentation that go through this process? Does the server actually query the clients DNS record? Haha for sure if it ain’t broke, don’t fix it I am kind of trying to get this deeper understanding of AD

    Blood
    Blood
    Moderator
    #610512

    Microsoft’s site contains extensive documentation on this. That would be your best starting point.


    Ossian
    Moderator
    #610567

    You beat me to it, Blood.


    shiftyoliver
    Participant
    #610595

    Don’t mean to be a burden here but I’m not sure exactly what I should be looking for. I can find topics on the types of service records that a client needs to find resources in an AD environment but nothing on why it’s completely necessary for a client to register its DNS record…. As long as the client is able to query and find the DC and other services like Kerberos etc… It’s not essential that a client have its own DNS record registered to function is it??

    Blood
    Blood
    Moderator
    #610599

    One example: If you installed WSUS, which is a server role and configured it to provide updates to your clients, WSUS will need to connect to those clients. As you know, any communication on a local network using A records progresses as A Record > IP Address > MAC Address in order to connect to the destination machine. Without the A Records the clients would not be able to register with WSUS nor be able to receive updates.

    A records map the name to the IP Address. Our clients connect to our data servers, remote access server, etc., servers by name. A server is used in its ordinary sense in that a server serves data and can, therefore, reside on a server OS or a client OS. Without those A records the connection attempt would fail unless staff knew the IP Address of the required resource.


    wullieb1
    Moderator
    #610603

    Some light bed time reading

    https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/dns-and-ad-ds

    as well as

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc781627(v=ws.10)

    DNS is pretty critical to the operation of AD and in all the years that i’ve worked in IT i’ve never NOT registered clients in DNS, typically done through DHCP.

    I can’t actually find anything at the moment that stipulates you MUST register your system in DNS, i don’t actually see any reason why you wouldn’t, but its pretty late here and i have an early start. I’ll try and find something when i get into the office tomorrow.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.