Dns not updating from dhcp in windows 2016
When I review a customer’s Active Directory environment, I often find additional Windows Server roles (other than the default ADDS and DNS roles) installed on one or more of the Domain Controllers.This can be any role – from RDS Licensing, through Certificate Authority and up to DHCP Server.
If the client’s IP address is found in one of the subnets, the Domain Controller returns the relevant site information to the client, and the client use this information to contact a Domain Controller within its site.If you suspect that you have missing subnets in your Active Directory environment, you can look for event ID 5807 (Source: NETLOGON) within your Domain Controllers.The event is created when there are connections from clients whose IP addresses don’t map to any of the existing AD sites.Do It Right: Use Domain Controllers for Active Directory Domain Services only, and install additional roles (let it be KMS or a DHCP server) on different servers.When you install Windows Server, you can choose between two installation options: Although Windows Server Core has some major advantages compares to Desktop Experience, most administrators are still choosing to go with the full user interface, even for the most convenient and supported server roles like Active Directory Domain Services, Active Directory Certificate Services, and DHCP Server.Beside Windows Server roles, I also find special applications and features running on the Domain Controllers, like KMS (Key Management Service) host for volume activation, or Azure AD Connect for integrating on-premises directories with Azure AD.
There is a wide variety of roles and applications which administrators install on the Domain Controllers, but there is one thing common to all of them: Domain Controllers are NOT the place for them.
At a minimum, an attacker can add bogus entries to the DNS database; at worst, the attacker can overwrite or delete legitimate entries in the DNS database.
DNS domain names that are registered by the Dynamic Host Configuration Protocol (DHCP) server are not secure if the DHCP server is a member of the Dns Update Proxy group.
For the supported Windows Server roles, it is the official recommendation by Microsoft.
Using Windows Server with Full Desktop Experience increases the chances that your Domain Controllers will get messy and will be used for administration tasks rather than providing domain services.
When you install additional roles and applications on your Domain Controllers, two problems are raised: This is why putting additional roles and applications on your Domain Controllers is not recommended for most cases.