To better understand and actually see it in action I have recorded a short video that filters out only DHCP client / server communication from a Windows (10) workstation and AD (DNS / DHCP) server.

As you can see when machine is started, first it needs to get the IP address that it receives from DHCP server message. When IP is assigned there are more activities going on in DNS context but I have filtered out only Dynamic Updates (by using filter dns.flags==0x2800 and dns.flags==0xa800).

As you can see in the video (as DHCP lease is set only to 1 minute) renewals are happening every 30 seconds (which is correct) – as you probably know (https://www.ietf.org/rfc/rfc2131.txt) when lease is assigned there are two “timers” that are started – renewal (that happens on 50% of lease exhaustion) and rebinding (that happens on 87,5% of lease exhaustion (on 52 second) and after every renewal there is also DNS dynamic update happening towards Active Directory DNS servers.

Basically – Active Directory DNS dynamic updates are by default done from client side without any need for DHCP server to do the update (yes, you can configure that also but by default all the magic is done by domain joined client).