How do I... Configure DHCP for dynamic updates in Windows Server 2008?

For those companies upgrading to Windows Server 2008, it is very important to understand how DHCP and DNS work together to power Windows Server 2008. Steven Warren shows you how to configure DHCP to dynamically collaborate with DNS and WINS.

For those companies considering an upgrade to Microsoft Windows Server 2008, it is very important to understand how DHCP and DNS work together to power Windows Server 2008. In this post, you will learn how to configure DHCP to dynamically collaborate with DNS and WINS in Windows Server 2008.

Under Windows NT, DNS was static and had to be manually altered to make changes. With the advent of Windows 2000, many administrators were elated to hear that it contained a new feature called Dynamic DNS (DDNS). Basically, DDNS, in conjunction with DHCP and Active Directory, can provide secure dynamic updates for your A and PTR records in DNS.

For example, a client machine receives an IP address from DHCP and then DHCP automatically (as long as it is configured to support DDNS) passes along the host information for that machine to the DNS service. This feature alone can save an administrator a lot of valuable time.

This blog post is also available in the PDF format as a TechRepublic Download and as a TechRepublic Photo Gallery.

Configuring DHCP for dynamic updates

As you can see by the Properties sheet shown in Figure A, you have a number of options to consider when configuring DHCP for dynamic updates.

Figure A

Scope Properties window

To access this menu and configure DHCP for dynamic updates:

  1. Click Start | Administrative Tools and select DHCP
  2. Right-click on the DHCP scope you want to configure and click Properties
  3. Click the DNS tab
  4. Configure your settings
  5. Click OK

The default is for a DHCP client to update A (host name) records and have the DHCP server update the PTR records. If you select the Always dynamically Update DNS A and PTR records option, as we have done in Figure A, the DHCP server updates all A and PTR records. If you select the Discard A and PTR records when lease is deleted check box, when any client lease expires, the DNS entries expire and will be removed. Deselecting the box simply leaves your lookups there.

Configuring DDNS

To configure DDNS:

  1. Click Start | Administrative Tools and select DNS
  2. Right-click on the zone you want to configure and select Properties
  3. In the General tab, choose Yes or No to Allow Dynamic Updates. If AD is installed, you will have an additional option of Secure only
  4. Click OK to close the Properties screen

When configuring DDNS, you can Pause the DNS service and change the zone type, as shown in Figure B and Figure C.

Figure B

Secure Dynamic Updates

Figure C

Changing the zone type

If you select Active Directory-Integrated, you can choose Secure only from the Dynamic Updates drop-down list. If AD is not running, your choice is simply Yes or No to allow dynamic updates.

Configuring WINS and WINS-R

Now we can spice things up a little more by introducing WINS and WINS-R into the mix. For the uninitiated, WINS resolves computer names to IP addresses (similar to DNS), and WINS-R provides reverse DNS lookups. In addition to configuring DDNS, you can configure your DNS server to use WINS for name resolution. To perform this function, open the DNS console, right-click on your forward lookup zone, and select Properties (Figure D).

Figure D

Adding the WINS IP Address
Choose the WINS tab and enter the IP address of your WINS server. To configure WINS-R, follow the same steps but right-click and choose Properties on the reverse lookup zone (Figure E).

Figure E

Adding the WINS-R IP address

You now know how to properly configure DDNS to dynamically update your DNS records and how dynamic updates will save you from maintaining static mappings. You've also learned how WINS can be integrated into this equation and how DHCP and DNS collaborate to make Windows more dynamic and easier to administer.


The reason WINS is still here is because it works and works well when properly deployed (which is so easy even a caveman can do it). The key of course with WINS when used to resolve NetBIOS names across foriegn subnets is to enable broadcast forwarding on your layer 3 equipment (IP Helper on Cisco) and of course be sure that WINS is properly provisioned in your DHCP scope. Often I see only WINS WINS/NBNS Servers (044) set in the DHCP scope on servers running WINS. It is important to remember to enable the WINS NBT Node Type as well (046). Typically you'll want it set to "Hybrid" or "0x8". Assuming connectivity at layer 2 is correctly configured, and if forwarding across subnets then also assuming layer 3 is correctly configured for connectivity and forwarding, then WINS still works wonderfully in small to mid sized networks. The fact is most networks out there are not the vast enterprises so much of what we discuss is geared towards, and smaller to mid sized networks, particularly those without a full time network administrator (of which there are many) work perfectly fine for local browsing using WINS\NetBIOS. WINS helps resolve master browser issues in small broadcast networks and provides fast efficient browsing across foreign subnets. And you'll find some applications, including Microsoft applications work better with WINS enabled. Like many good things Microsoft made (can you say Public Folders), WINS is clearly being slowly phased (forced) out, and with advances in things like Dynamic DNS it probably won't be missed by many newer network administrators. But those of us who relied on it "back in the day" when NT4 was king still recognize its intrinsic value in the small to midsized networks operating in the real world. WINS is indeed on life support, and may go away some day all together but if and when it does there's a few of us left out there who are going to miss it.


Why on earth can't Mircosoft get rid of WINS once and for all, and why are we still talking about it in regards to Windows Server 2008.


WINS uses NetBIOS. So I disabled WINS/NetBIOS on my XP client and sure enough network browsing stopped showing computer in the network. For Example: My computer->network neighborhood -> entire network no longer showed the computers attached to the network. Also, the XP machine with NetBIOS disabled was not 'discoverable' from other machines 'network browsers'. However, with NetBIOS/WINS disabled, you can still access machines if you know the IP addresses or UNC names \\{computer name} for EVERY computer on the network. SO if you don?t need the computer "browser" then you can safely disable WINS and NetBIOS. I find "browsing" the network handy (when it works) so I leave WINS/NetBIOS enable, which is the default any way. WINS/NetBIOS has not seem to get in the way of anything I need to do so I have generally left I alone. If any one knows a way to keep the ?browsing? feature WITHOUT NetBIOS and/or WINS then I would be happy to try it. In a network environment with windows server DHCP server religiously used, I don?t see why someone could not create a ?browser? that worked with by querying the DHCP server leases. Maybe somebody has. I hope this is helpful

Editor's Picks