Statically-set clients (static clients) that perform dynamic updates will send updates for both its A record (forward lookup record) and its PTR record (reverse lookup record) to the authoritative DNS server.Clients with dynamically-set network connections (DHCP clients) will communicate with both the authoritative DNS server and the DHCP server for updating A and PTR records.As long as the Internal Domains are correctly populated, then any SOA queries for any internal-facing domains will be sent to the local DNS server.Q: Does setting DNS dynamic update credentials on DHCP achieve the same result as adding a DHCP server to the Dns Update Proxy group?From there, the client continues communicating with the primary DNS server that is accepting the PTR record update.Please see For a DHCP client, when some particular action causes its IP address to change, such as a DHCP lease renewal, if the client supports it, it will send Client FQDN information (DHCP option 81 flags) to the DHCP server.
(The first update to a record that isn't a member of Dns Update Proxy becomes the owner.) This is very dangerous if a DHCP server is also a domain controller because it means that all the Active Directory records for that domain controller are written with no security and can therefore be overwritten by other hosts (although an additional setting, Open ACLOn Proxy Updates, helps prevent this by stopping records from being overwritten by any server that isn't a member of Dns Update Proxy group when set to a value of 0).
(However, it's unlikely that you would have many NT 4.0 hosts in your environment.) This can cause the following two problems: For this reason, DHCP servers could be added to a group called Dns Update Proxy.
When a DHCP server is added to the Dns Update Proxy group, its records aren't secured, meaning that other DHCP servers can update the records.
Using a credential for the DHCP server doesn't solve the problem of transferring ownership of DNS records for hosts upgrading from NT 4.0; however, this is highly unlikely to still be a concern for organizations today.
Keep in mind, for the most part it automatically works "out of the box" without much administrative overhead. The machine’s DNS entries in the NIC, must be ONLY configured to use the internal DNS servers that host the zone. Single label name zones are problematic, do not conform to the DNS RFC, and causes excessive internet traffic to the Root Servers when DNS tries to resolve a single label name query, such as querying for computername.domain – in such a query, the domain name is actually treated as a TLD.