Windows DHCP Clients Failing to Register Reverse DNS (PTR) Records: Investigation and Workarounds


40 views

During routine network maintenance, I encountered a peculiar DNS registration behavior affecting Windows systems (Vista/2008 through 8.1/2012 R2) when using DHCP. While forward (A) records register correctly, reverse (PTR) records mysteriously fail to appear in AD-integrated DNS zones.

  • AD-integrated DNS zones configured for secure dynamic updates
  • Domain-joined machines with proper DNS server configuration
  • Network adapter DNS registration enabled
  • Static IP configurations work flawlessly

The root cause appears to be a change in Windows' DNS registration behavior starting with Windows Vista. When configured for DHCP:

# Sample network adapter configuration that exhibits the issue
netsh interface ipv4 set dnsservers name="Ethernet" source=dhcp

The system performs these steps:

  1. Successfully registers A record via DDNS update
  2. Attempts PTR registration but receives no response
  3. Fails silently without logging events

To confirm the issue:

# Check DNS registration attempts
nslookup -type=soa yourdomain.com
nslookup -type=ptr [IP_address]

Packet capture reveals the client sends the PTR update, but the DNS server doesn't process it correctly for DHCP-assigned addresses.

Option 1: Client-Side PowerShell Fix

# Force PTR registration for DHCP interfaces
$Adapter = Get-NetAdapter | Where-Object {$_.Status -eq "Up"}
$Interface = $Adapter | Get-NetIPInterface -AddressFamily IPv4
Set-DnsClient -InterfaceIndex $Interface.InterfaceIndex -RegisterThisConnectionsAddress $true
Invoke-Command -ScriptBlock {ipconfig /registerdns}

Option 2: DNS Zone Configuration Adjustment

For AD-integrated zones:

dnscmd /config /updateoptions 783

For larger deployments, implement via Group Policy:

<GroupPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <ComputerConfiguration>
    <Policies>
      <NetworkDNSClient>
        <RegisterReverseLookupPriority>1</RegisterReverseLookupPriority>
      </NetworkDNSClient>
    </Policies>
  </ComputerConfiguration>
</GroupPolicy>

Create a scheduled task triggered by DHCP events:

# PowerShell script for DHCP lease event
Register-ObjectEvent -InputObject (New-Object -ComObject WScript.Network) -EventName OnIPAddressChange -Action {
    Start-Sleep -Seconds 30
    ipconfig /registerdns
}

The most reliable solution remains configuring DHCP servers to handle registrations, but these workarounds provide viable alternatives when that's not possible.

For years, Windows systems from Vista/2008 through 8.1/2012 R2 exhibit a peculiar behavior where DHCP-configured clients successfully register forward (A) DNS records but fail to create reverse (PTR) records. This occurs specifically when:

  • DHCP server doesn't handle DNS registration
  • AD-integrated zones accept dynamic updates
  • Clients have "Register this connection's addresses in DNS" enabled

The core issue stems from Windows DHCP client implementation changes post-XP/2003. When obtaining IP via DHCP, newer Windows versions delegate reverse DNS registration to the DHCP server by default - even when the server isn't configured for it.

// Typical DNS update packet analysis shows:
DHCP clients send:
- A record update: YES
- PTR record update: NO (expects DHCP server to handle)

Static IP clients send:
- Both A and PTR record updates

Force client-side PTR registration by modifying these registry settings:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DisableReverseAddressRegistrations"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters]
"DisableDynamicUpdate"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters]
"DisableRpcDynamicUpdateRegistrations"=dword:00000000

Apply changes via PowerShell:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" 
    -Name "DisableReverseAddressRegistrations" -Value 0 -Type DWord

Restart-Service Dhcp -Force
ipconfig /registerdns

For domain environments, create a GPO with these settings:

Computer Configuration > Policies > Administrative Templates > Network > DNS Client:
- "Dynamic Update Protocol" = Enabled (set to "Use both if available")
- "Register PTR Records" = Enabled

Computer Configuration > Preferences > Windows Settings > Registry:
- Add the registry keys mentioned above

After implementing changes, verify with:

# PowerShell DNS check
Resolve-DnsName [hostname] -Type A
Resolve-DnsName [IPaddress] -Type PTR

# Command line alternative
nslookup [hostname]
nslookup [IPaddress]

Use Wireshark to monitor DNS update packets. Filter for:

dns && (ip.src == [client_ip] || ip.dst == [dns_server_ip])

Successful updates should show both A and PTR update requests originating from the client.

Watch for these special scenarios:

  • Multiple network interfaces - check each adapter's DNS registration settings
  • IPv6 configurations may require separate GPO settings
  • Network locations marked as "Public" may block updates