John Howard - Senior Program Manager in the Hyper-V team at Microsoft

Senior Program Manager, Hyper-V team, Windows Core Operating System Division.

Blogs

DHCP Client service required for Dynamic DNS Registration

  • Comments 2
  • Likes

One of those oddities I discovered a couple of days ago after trying to tune down my IIS box which is configured with a static IP address. I stopped the DHCP Client service as I figured (incorrectly) that it wouldn't be needed due to not using DHCP for that server. I didn't notice a problem until I tried accessing the website externally the next day. Once you stop the DHCP Client service, there isn't an immediate problem as the DNS server still had the unexpired registration - however, as soon as that expired, the IIS server effectively fell off the network as it's name could not be resolved internally.

The error I was seeing was when accessing a web-site hosted on that IIS server externally. The network looks a bit like this:

Client -> Internet -> ISA Server -> IIS

When accessing the website, the ISA server returns an error to the client along the lines that it could not locate the upstream server. The ISA Server's web-publishing rule says that to forward requests from www.myexternaldomain.com to iis.myinternaldomain.com (names substituted obviously).

When trying to diagnose why the problem was happening, it's worth mentioning I have three DNS servers internally, all replicating among them. Unfortunately, what I didn't realise (bad Admin, slap wrists again) that one of them wasn't replicating fully. Hence, from the ISA firewall, an nslookup to find iis.myinternaldomain.com worked. I didn't point nslookup at the other two servers, or run a netdiag as it appeared to be OK. I could also ping the machine from the firewall so it involved a bit of headscratching.

What was even stranger from a diagnosis point of view was that from a client, I could point Internet Explorer at iis.myinternaldomain.com and the site appeared. It was only when I went to the IIS box itself which happened to be pointing at a different DNS server, I realised on an nslookup that there was a DNS problem - the record wasn't present on that DNS Server. Now why the firewall default DNS server thought the record was present, yet when accessing it through the ISA Server, it failed to find it, I've no idea.

Anyway, the moral of this story is, don't stop the DHCP client on a server if you want to be able to find your server through DNS at a later time. There's a related KB article I found here.

Hope this helps someone.
Cheers,
John.

Comments
  • More than likely the clients had cached the DNS entry previously. You should always do an ipconfig /flushdns before diagnosing DNS errors. Especially to get rid of negative entries that might have been cached.

  • Good post.  I also found out the hard way that the dhcp Client is required.

    Who would have thought for those servers who are statically assigned.

    Thanks.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment