The IPv4-only script and setup information is available from ISC DHCPd: Dynamic DNS updates against secure Microsoft DNS There is an alternative script that supports IPv4 and IPv6, but using the same premise as the above script is available at
The basic crux of the issue is that MS DNS uses Kerberos for authentication to update DNS records, while ISC DHCP, out of the box, supports TSIG [for BIND].
In order to do so, I need to be able to facilitate updating DNS records from clients that do and do not support dynamic DNS record registration.
Active Directory/DNS is running on Server 2012 R2 in 2012 R2 forest/domain functional levels.
to 192.1: timed out dhcpd: DHCPREQUEST for 192.1 from : (sysadmin) via eth1 dhcpd: DHCPACK on 192.1 to : (sysadmin) via eth1 ddns-updates on; ddns-update-style interim; update-static-leases on; authoritative; key "update-key" ; allow unknown-clients; use-host-decl-names on; default-lease-time 1814400; #21 days max-lease-time 1814400; #21 days log-facility local7; zone
DNS registration ensures that the addresses configured in the DNS zone match the IP addresses leased by the DHCP server.
DNS forward and reverse lookup zones accept secure dynamic updates only.
I've been unsuccessful at finding a guide on how to integrate just ISC DHCP into an AD DNS environment.
We will start by copying the files so we have a backup remaining if anything goes wrong: 1.1 Copy the zone database files: We now need to add the key to the bind configuration and tell it what zones that we want it to allow updates on.
I’ve included the whole contents of my file here and marked the changes that I’ve made in bold.
The chapter ends by looking at how to manage a DHCP server and monitor its performance.