I am running a (Microsoft) DNS server on Windows Server 2003. I have several (Active Directory-integrated) DNS zones, each of which is configured to allow secure dynamic DNS updates. However, dynamic DNS updates do not work in my environment. When one of the domain controllers tries to perform a DDNS update, I see this message appear in the (domain controller's) Event Viewer: Event Type: Warning Event Source: NETLOGON Event Category: None Event ID: 5773 Date: 8/28/2008 Time: 6:58:28 AM User: N/A Computer: GEN-CS17 Description: The following DNS server that is authoritative for the DNS domain controller locator records of this domain controller does not support dynamic DNS updates: DNS server IP address: 10.11.61.17 Returned Response Code (RCODE): 4 Returned Status Code: 9004 USER ACTION Configure the DNS server to allow dynamic DNS updates or manually add the DNS records from the file '%SystemRoot%\System32\Config\Netlogon.dns' to the DNS database. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/even... Data: 0000: 04 00 .. When one of the (Windows XP) clients tries to perform a DDNS update, I see this message appear in the (client's) Event Viewer: Event Type: Information Event Source: DnsApi Event Category: None Event ID: 11162 Date: 8/28/2008 Time: 1:15:47 AM User: N/A Computer: GEN-CS122 Description: The system failed to register host (A) resource records (RRs) for network adapter with settings: Adapter Name : {9ECC16E8-E60A-4BB6-B0F4-226F5BBB830F} Host Name : gen-cs122 Primary Domain Suffix : bass.test DNS server list : 10.11.61.17 Sent update to server : 10.1.1.1 IP Address(es) : 10.11.61.122 The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running at this time. You can manually retry DNS registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your DNS server or network systems administrator. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/even... Data: 0000: 2c 23 00 00 ,#.. I've taken a network trace (using Wireshark) on the DNS server during one of these attempted updates, and what I saw matches up with the messages in the Event Viewers: the DNS server handles all DNS queries properly, but whenever a DNS update comes in, the server responds with "NOT IMPLEMENTED". Obviously DDNS updates are implemented in Microsoft DNS server, so I'm going to interpret that message as "not enabled", which is not true at all as DDNS updates are enabled on all DNS zones. The Event Viewer for the DNS server has nothing that would help explain this behavior. Does anyone have any idea why this would happen or what to try next?

I data dumped most of the 70-291. You are going to have to re-read chapter 4 or get it off of technet. "Best Practices", Event viewer, host file, perfmon, antivirus, anti-spyware, Live CD's, backups, are in my top 10

Huh? I think you replied to the wrong post.

For anyone who's interested, the problem was a registry setting. The following registry setting apparently overrides the GUI settings for DDNS updates for DNS zones: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\AllowUpdate On my system, that key was set to 0, which apparently means "don't allow any updates on any DNS zone". Changing that registry key to a 1 and restarting the DNS service fixed the problem.