This post is a little confusing, but it may help someone out there. In a recent security audit, we were told to disable several services on our servers, one of which was DHCP. Before disabling it on each server, I verified they were manually configured. We have some that are set by DHCP with a static. I then proceeded to disable DHCP on all of the servers with manually configured NICs.
After a couple hours, we had 1 server that could no longer be reached. of course it was a fairly critical web server. After investigating, we could reach it in our Indianapolis location, but not Albuquerque. The server was physically in ABQ. I started thinking it was a network issue. Also, the external users that access it from outside our firewall could still reach it.
After looking through the network and trying to see what changed, we realized the server no longer had any records in DNS in ABQ. How does one record get removed from DNS like that, I thought? After getting DNS back to how it should be, we started investigating what caused the DNS change.
Finally, we realized the server was using dynamically updated DNS, instead of a manually entered static record… Never ever did it cross any of our minds that DHCP was keeping the DNS record updated, but it was. The DHCP service on Windows machines automatically registers with DNS regularly. This I knew, but I didn’t know that DHCP will register with DNS even if none of the interfaces on the machine are obtaining an address from DHCP. Interesting.
So, before you disable that service, make sure your DNS records are manual entries and didn’t just come from DHCP’s dynamic updates.
Tags: dhcp, dns, Networking, server 2003, Windows, xp