DHCP and Dynamic DNS updating

62 views
Skip to first unread message

Fehlman, Lee

unread,
Nov 14, 2025, 2:54:03 PMNov 14
to ntsys...@googlegroups.com
Hello Group.
 We are experiencing issues with most users who are having issues with Windows 11 Laptops 23H2 taking devices off from docks, LAN attached, then going to another area wireless, then also reconnecting to the dock, LAN attached, and DNS not updating the record from wireless to wired or vice versa. I am reading about DHCP Dynamic updating of DNS records, but this doesn't seem to be happening. Why? Because when a user complains of not being able to surf the Internet, but I can shell out to a cmd prompt and ping TLDs like yahoo.com and receive replies, yet they are unable to use a browser to access yahoo.com, for instance.
This is not all devices, but a majority of users who travel between floors, rooms, or buildings and experience these issues. I know DNS is not updating its record as when I go to a cmd prompt and ping the device, it is replying with the previous addr. I then go to the DC's and view DNS records and I can see that the record is still the previous, whether wired or wireless. It can take up to 10 to 15 minutes before DNS updates or a reboot resolves the issue.

A little background, going back it seems like this issue started last year when a second DHCP server was implemented as a backup to the in-place DHCP server.


Any suggestions would be greatly appreciated.

James Iversen

unread,
Nov 14, 2025, 3:02:26 PMNov 14
to ntsys...@googlegroups.com
Reduce your lease time to an hour. Also insure bindings exist for DNS update. Choose to always dynamically update DNS A and PTR records. If DHCP is installed on DC, make sure the DC is in the DNSUpdateProxy group. Also configure clients to register their obtained addresses in DNS. 
Sent from my iPhone

On Nov 14, 2025, at 2:54 PM, Fehlman, Lee <LFeh...@falconercsd.org> wrote:


--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAAjPWiB2j4ihxEB%3DmztRqcjC96%3D0eXT6cRSy%3D0f1ZNBgi-euGw%40mail.gmail.com.

Kurt Buff

unread,
Nov 14, 2025, 3:11:11 PMNov 14
to ntsys...@googlegroups.com

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/665E76BD-862E-43D9-A114-F36CD411950C%40gmail.com.

brett...@hotmail.com

unread,
Nov 15, 2025, 3:30:04 PMNov 15
to ntsysadmin
I must be missing something. Why in your environment are Dynamic DNS updates necessary for browsing? Are you doing something tricky with a proxy that requires this ? (because that would be where I would focus my energy, not chasing internal DNS updating the IP of a dual-connected device...) 

Kurt Buff

unread,
Nov 17, 2025, 2:46:34 PMNov 17
to ntsys...@googlegroups.com
Sorry - I missed this.

You asked: " Why in your environment are Dynamic DNS updates necessary for browsing"

They are not. I'm not sure where that question arises.

Kurt

Brett Pound

unread,
Nov 17, 2025, 3:43:37 PMNov 17
to ntsys...@googlegroups.com
Not aimed at you, aimed at Lee, the original poster - you just happened to be the reply that was last in the chain when I replied in Google Groups. 

Why, in that env, are people being stopped from browsing when they switch address and DNS hasn't yet flipped to their now-primary address? 
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> on behalf of Kurt Buff <kurt...@gmail.com>
Sent: Tuesday, 18 November 2025 6:46 AM
To: ntsys...@googlegroups.com <ntsys...@googlegroups.com>
Subject: Re: [ntsysadmin] DHCP and Dynamic DNS updating
 
You received this message because you are subscribed to a topic in the Google Groups "ntsysadmin" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ntsysadmin/Bthg1nybZfg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce7eujbzqUt3y9nh05wn%3D9VvpidSY%2B76KVfCNH%3D%3DFh%2BzUw%40mail.gmail.com.

Kurt Buff

unread,
Nov 17, 2025, 3:50:02 PMNov 17
to ntsys...@googlegroups.com
Got it. 

I can't answer for Lee, but at a guess the proxy wants to get PTR for the requesting machine. At least, that's the only thing I can think of. I've not heard of a system that might do that, however.

Kurt

Fehlman, Lee

unread,
Nov 17, 2025, 7:15:45 PMNov 17
to ntsys...@googlegroups.com
Brett,
 That is the million-dollar question. Please review the response I just sent to Kurt.

Tnx...

 

Fehlman, Lee

unread,
Nov 17, 2025, 7:15:51 PMNov 17
to ntsys...@googlegroups.com
Thanks, Kurt, for your response. There is a Content Filter solution, iBoss, in place that is proxying users for content filtering. I have a case open with a RIC that helps support this implementation, which has a case open with iBoss and has me collect the evntvwr logs to help troubleshoot this issue.

Shouldn't DNS be updated with a record of both addr's, wired, wireless, for a machine that switches between both topologies?

As I mentioned earlier, the records on the DNS servers are not updating when this issue occurs. This is the reason for investigating other possible causes, like Dynamic updating of DNS records.

A few articles I read on DHCP and scavenging,  Dynamic DNS updates, led me to this question.

I'll check out the links you provided and thank you once again.


To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce7eujbzqUt3y9nh05wn%3D9VvpidSY%2B76KVfCNH%3D%3DFh%2BzUw%40mail.gmail.com.

Wright, John M

unread,
Nov 18, 2025, 8:12:38 AMNov 18
to ntsys...@googlegroups.com

FWIW, I just took my laptop off its wired connection, then refreshed the DNS snapin.  It showed two records for the laptop, one for wired and another for wireless.

 

--

John Wright

IT Support Specialist

1800 Old Bluegrass Avenue, Louisville, KY 40215

502.708.9953

Please submit IT requests to Hazelwoo...@bluegrass.org

24 Hour Helpline 1.800.928.8000

  

CONFIDENTIALITY NOTICE: This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Fehlman, Lee
Sent: Monday, November 17, 2025 3:46 PM
To: ntsys...@googlegroups.com
Subject: Re: [ntsysadmin] DHCP and Dynamic DNS updating

 

This is the first time you received an email from this sender (LFeh...@falconercsd.org). Exercise caution when clicking links, opening attachments or taking further action, before validating its authenticity.

Secured by Check Point

 

Thanks, Kurt, for your response. There is a Content Filter solution, iBoss, in place that is proxying users for content filtering. I have a case open with a RIC that helps support this implementation, which has a case open with iBoss and has me collect the evntvwr logs to help troubleshoot this issue.

 

Shouldn't DNS be updated with a record of both addr's, wired, wireless, for a machine that switches between both topologies?

 

As I mentioned earlier, the records on the DNS servers are not updating when this issue occurs. This is the reason for investigating other possible causes, like Dynamic updating of DNS records.

 

A few articles I read on DHCP and scavenging,  Dynamic DNS updates, led me to this question.

 

I'll check out the links you provided and thank you once again.

 

 

On Mon, Nov 17, 2025 at 2:46PM Kurt Buff <kurt...@gmail.com> wrote:

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.

Jim Behning

unread,
Nov 18, 2025, 9:15:22 AMNov 18
to ntsys...@googlegroups.com
Do you have just one DNS server?

We have 3 DNS servers in our AD. Not sure how quickly they all talk to each other. I do know workstations are slow to get updates if IPs change. I mean I have a tool called Lansweeper on a workstation on premise. If I ping a workstation by name in Lansweeper, sometimes it fails because the dns cache on that Lansweeper workstation is stale. Note I said workstation, not server.

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/SN7PR12MB6714A1D0009DC19AB6B48EA791D6A%40SN7PR12MB6714.namprd12.prod.outlook.com.

Wright, John M

unread,
Nov 18, 2025, 9:48:53 AMNov 18
to ntsys...@googlegroups.com

We have 2 DNS servers.

 

Also, and I think it may have been mentioned before, but I’d be interested in knowing the relative lengths of DHCP lease vs DNS scavenge intervals.

 

I’m not saying that’s the source of all this, but I’ve seen issues where resolution frequently fails (resolves incorrectly) because of suboptimal tuning between them.

 

--

John Wright

IT Support Specialist

1800 Old Bluegrass Avenue, Louisville, KY 40215

502.708.9953

Please submit IT requests to Hazelwoo...@bluegrass.org

24 Hour Helpline 1.800.928.8000

  

CONFIDENTIALITY NOTICE: This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Jim Behning
Sent: Tuesday, November 18, 2025 9:15 AM
To: ntsys...@googlegroups.com
Subject: Re: [ntsysadmin] DHCP and Dynamic DNS updating

 

EXTERNAL EMAIL - This email was sent by a person from outside your organization. Exercise caution when clicking links, opening attachments or taking further action, before validating its authenticity.

Secured by Check Point

Fehlman, Lee

unread,
Nov 18, 2025, 11:43:13 AMNov 18
to ntsys...@googlegroups.com
Jim,
 Thank you for your response. There are 2 DNS servers and two DHCP servers. I am still leaning towards the 2nd DHCP server implementation and not updating DNS records? 

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CALOTwGZQfW7siBJPU_N0k_Yma0p%3DvVOjUhUiPerMNVj7ncgo-g%40mail.gmail.com.

James Iversen

unread,
Nov 18, 2025, 8:39:50 PMNov 18
to ntsys...@googlegroups.com, ntsys...@googlegroups.com
testing a similar issue today. Have discovered when a pc boots on the dock, it briefly reaches out to WiFi and obtains a lease. Soon after the OS realizes it has a LAN connection through the dock and continues logon and auth as expected, but damage is done. DNS holds on to that WiFi record and doesn’t change. The WiFi lease was set for 12 hours. I’m wondering if Desktop isn’t holding on to that lease from WiFi like a rent controlled apartment in NYC. We’ve reduced DHCP lease for the WiFi vlans to 5 minutes. Will know more in the AM. Didn’t want to revoke valid leases during the day but will observe again in the AM. Have had problems with Cisco ISE inserting itself into IP stream since there’s no place to enter creds for DNS update. The struggle is real and it does impact browsing for users. Dock, undock, redock, open a browser and the system spins into oblivion. 
Sent from my iPhone

On Nov 18, 2025, at 11:43 AM, Fehlman, Lee <LFeh...@falconercsd.org> wrote:


Jim,
 Thank you for your response. There are 2 DNS servers and two DHCP servers. I am still leaning towards the 2nd DHCP server implementation and not updating DNS records? 

On Tue, Nov 18, 2025 at 9:15 AM Jim Behning <jimbe...@gmail.com> wrote:
Do you have just one DNS server?

We have 3 DNS servers in our AD. Not sure how quickly they all talk to each other. I do know workstations are slow to get updates if IPs change. I mean I have a tool called Lansweeper on a workstation on premise. If I ping a workstation by name in Lansweeper, sometimes it fails because the dns cache on that Lansweeper workstation is stale. Note I said workstation, not server.

On Tue, Nov 18, 2025, 8:12 AM Wright, John M <John....@newvista.org> wrote:

FWIW, I just took my laptop off its wired connection, then refreshed the DNS snapin.  It showed two records for the laptop, one for wired and another for wireless.

 

--

John Wright

IT Support Specialist

<image001.png>

Ian Power

unread,
Nov 19, 2025, 10:34:41 AM (14 days ago) Nov 19
to ntsys...@googlegroups.com
We use a GPO setting to prevent laptops on docks to connect to wifi on boot up.

"Minimize the number of simultaneous connections to the internet or a Windows domain"


To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/28037B9B-B026-41AF-A83F-9C9E6031B126%40gmail.com.

James Iversen

unread,
Nov 19, 2025, 11:09:15 AM (14 days ago) Nov 19
to ntsys...@googlegroups.com
hi Ian. GPO doesn’t prevent a device during boot from sniffing the air and getting an IP from an over eager access point. Once the system is up, yes. Our GPO does the same thing. Finding that hardware precedes OS as rapid boot and secure bios confirms network via WiFi prior to the point where Policy governs. I could be all wet on this. I’m just observing it happen. 
Sent from my iPhone

On Nov 19, 2025, at 10:34 AM, Ian Power <ianpo...@gmail.com> wrote:



Fehlman, Lee

unread,
Nov 20, 2025, 6:25:57 PM (13 days ago) Nov 20
to ntsys...@googlegroups.com
Thank you for your response. For that issue, a GPO is really not necessary when one enables a known Security function @ the hardware level in the BIOS, LAN/WAN AutoSwitching is set to Enabled.

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAHYHM-KSyKn%3DzYoCLZcvUJHjJGVcJpxxPZ2Z5829yLPpnJBwcg%40mail.gmail.com.

James Iversen

unread,
Nov 20, 2025, 7:05:05 PM (13 days ago) Nov 20
to ntsys...@googlegroups.com
Thank you! I’ll pass that tidbit on to desktop support. Makes good sense if it can be configured. Otherwise, the problem is always DNS, DHCP or GPO. You may have won the Internet today 🙂
Sent from my iPhone

On Nov 20, 2025, at 6:25 PM, Fehlman, Lee <LFeh...@falconercsd.org> wrote:



Kurt Buff

unread,
Nov 20, 2025, 8:53:31 PM (12 days ago) Nov 20
to ntsys...@googlegroups.com
Check Point Harmony (our EDR solution) has a policy setting that if Ethernet is connected the machine is not allowed to connect to wireless. It's enabled, except for a few IT staff.

Kurt

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/00AA186B-5DE1-48A1-97D0-4A3B1A1716E5%40gmail.com.

Denes, Laszlo

unread,
Nov 28, 2025, 1:50:11 PM (5 days ago) Nov 28
to ntsys...@googlegroups.com

Hopefully I don’t jump in too early with a question that gets answered later in some of the other emails on this topic (DHCP/DNS)… and hopefully my Friday afternoon dementia does not mean I asked it before (LOL)…

I have DHCP on DC and need to get rid of it and have built dedicated DHCP server and ready to move it, BUT

I know (pre Friday dementia) that I need some kind of service account to register / update DNS records now that bit will be off the DC (which is not safe)…

Can anyone who does it this way share some thoughts… 😊 Cheers

 

Thank you in advance for your time.

 

Laszlo

 

Laszlo Denes

Technical Analyst Servers

Information Systems

t: ext. 214

lde...@torontograce.org

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Fehlman, Lee
Sent: 17 November 2025 15:46
To: ntsys...@googlegroups.com
Subject: Re: [ntsysadmin] DHCP and Dynamic DNS updating

 

You don't often get email from lfeh...@falconercsd.org. Learn why this is important

Mike

unread,
Nov 28, 2025, 4:22:07 PM (5 days ago) Nov 28
to ntsys...@googlegroups.com
Windows clients can register their own DNS records. Do you have many non-Windows clients?

Kurt Buff

unread,
Nov 28, 2025, 5:31:59 PM (5 days ago) Nov 28
to ntsys...@googlegroups.com
Printers (wired and wireless), Scan guns, VoIP phones (wired and wireless), Internet-connected displays for showing content to customers/employees, other IoT/OT technologies - they all count, if prod machines need to talk to them, or vice versa.

Kurt

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CA%2BSdsNGtVtXBSjE4tDKSJXT1y2STq%3D9ADQfb4KUoMQVBRkuDXw%40mail.gmail.com.

Mike

unread,
Nov 28, 2025, 6:08:15 PM (5 days ago) Nov 28
to ntsys...@googlegroups.com
Sure, if you have any of those, but I prefer to keep some of those categories away from production wherever possible, which is sometimes a challenge on its own. 

Reply all
Reply to author
Forward
0 new messages