gilget
asked on
DNS and DHCP best practice for windows server 2008 domain
hi dear experts
i will need some help on a very unconfortable problem i do have on the network.
we use application distribution software that needs 100% correct DNS entries.
we have a server 2008 domain with 6 locations around the world and we offer vpn access to laptop users.
right now, usually about 10% of the domains machines have incorrect DNS entries.
Ive been searching all over the net to get some information about it, but a lot of people say that it is nearly impossible to get a dns to 100%, except of using reservations for ip adresses.
well, we dont want to use reservations, so I would be very happy if somone could give me some nice hints on the configuration of dhcp leasetimes, dns configuration etc.. so that i will at least get the DNS entries from 80% to 99% - that would be good enough.
thanks in advance.
i will need some help on a very unconfortable problem i do have on the network.
we use application distribution software that needs 100% correct DNS entries.
we have a server 2008 domain with 6 locations around the world and we offer vpn access to laptop users.
right now, usually about 10% of the domains machines have incorrect DNS entries.
Ive been searching all over the net to get some information about it, but a lot of people say that it is nearly impossible to get a dns to 100%, except of using reservations for ip adresses.
well, we dont want to use reservations, so I would be very happy if somone could give me some nice hints on the configuration of dhcp leasetimes, dns configuration etc.. so that i will at least get the DNS entries from 80% to 99% - that would be good enough.
thanks in advance.
ASKER
hi
thanks for your links but I guess I didnt explain my problem clearly enugh.
my dns works basically fine, but as I said about 10% of the host have bad dns entries for some reason.
now what I would like to know is:
- is there any co-relation between dns registers and the dhcp lease times of a host?
- what clean-up time do you configure for your dns servers?
- possibilities to force an update of a dns record from a host except of loginscript (ipconfig /registerdns)?
- any other configuration hints to get my dns more reliable?
in my network, hosts change their subnets very often (lots of remote users but machines also often change locations in our buildings here)..... wich makes it all a bit more difficult.
thanks for your links but I guess I didnt explain my problem clearly enugh.
my dns works basically fine, but as I said about 10% of the host have bad dns entries for some reason.
now what I would like to know is:
- is there any co-relation between dns registers and the dhcp lease times of a host?
- what clean-up time do you configure for your dns servers?
- possibilities to force an update of a dns record from a host except of loginscript (ipconfig /registerdns)?
- any other configuration hints to get my dns more reliable?
in my network, hosts change their subnets very often (lots of remote users but machines also often change locations in our buildings here)..... wich makes it all a bit more difficult.
Dynamic DNS have the relation between the DNS and Dhcp updates.
Default it is 8 days process called Aging and Scavenging
It will be forced while system startup
If you changing the Subnet often meansit will going to affect the AD Sites and services...!
Check that too..
Default it is 8 days process called Aging and Scavenging
It will be forced while system startup
If you changing the Subnet often meansit will going to affect the AD Sites and services...!
Check that too..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hi chris
expert is what they call you, genius is what you are ;)-
thanks for the great help.
it looks like most of the stuff here was installed and left on standard settings.
so I will go thru the configuration and make sure I have the following setup:
- scavenging activ and interval set to 1 Day
- DHCP Lease: 16 Days
- No-Refresh: 4 Days
- Refresh: 4 Days
- disable update of DNS records by DHCP (i dont fully understand why this is bad thought).
thanks and I will inform You if it helped later on.
expert is what they call you, genius is what you are ;)-
thanks for the great help.
it looks like most of the stuff here was installed and left on standard settings.
so I will go thru the configuration and make sure I have the following setup:
- scavenging activ and interval set to 1 Day
- DHCP Lease: 16 Days
- No-Refresh: 4 Days
- Refresh: 4 Days
- disable update of DNS records by DHCP (i dont fully understand why this is bad thought).
thanks and I will inform You if it helped later on.
No rush, it'll take quite a while for the impact of those settings to become apparent.
Chris
> - disable update of DNS records by DHCP (i dont fully understand why this is bad thought).
Sorry... should have qualified that one:
It's not bad at all if you have a consistent configuration for your DHCP servers, that is, all must use exactly the same credentials. It's vital that you do not have a mix of DHCP updating and clients updating directly if you want accuracy, one or the other is the order of the day.
In most large networks I've worked with the difficulty has been in making all DHCP servers update. There tends to be a mixture of MS DHCP servers, DHCP servers resident on network devices (routers / firewalls) and DHCP servers for inbound VPN connections. Some can, some can't. If any can't then none should.
I hope that makes more sense of that statement. By all means leave the setting enabled if you can make all behave in the same way.
Chris
ASKER
well, i only have windows DHCP servers, except of the one for the VPNs, but that one runs on a cisco device and I can configure it to forward DHCP requests to our main DHCP server insted of acting as DHCP server on its own.
so Im propably going to leave it enabled, but will make sure its the same on every of the 7 DHCP servers....
so Im propably going to leave it enabled, but will make sure its the same on every of the 7 DHCP servers....
Sounds good to me :)
You may have issues updating records while the credentials kick in (if they're not already configured). The DHCP server will not be able to update existing records.
There are possibly ways around that if continuation of service is essential, probably something down the scripting path to update the existing rights.
Only necessary if credentials aren't configured at all though.
Chris
ASKER
sorry this might sound stupid, but what you mean by the "credentials". do you mean the credentials of the user login into his workstation? sorry im not sure plz enlighten me.
Head to the DHCP console, then open the properties for the server, select the Advanced Tab and you'll see a Credentials button (I hope). It allows you to specify a user account to use to perform dynamic updates. If an account is not set the server's computer account is used.
The account you use does not need to be anything more than a standard domain users, by default that will have rights to create new records in DNS.
It does lead to a problem. If an account has not already been set, changing it will mean that each DHCP server will no longer be able to maintain / update existing records. It is possible to work around this issue by rewriting the access control lists on each DNS record (something you'd need a script to do), or alternatively by waiting for old records to be scavenged.
Chris
ASKER
hi chris
thx for your help, i will go after this and will let you know if i was successful.
however, I would like to keep this post open for a little more time, because i still might have another question.
your gona get the points for sure, as soon as I close the subject.
thanks again
thx for your help, i will go after this and will let you know if i was successful.
however, I would like to keep this post open for a little more time, because i still might have another question.
your gona get the points for sure, as soon as I close the subject.
thanks again
No problem, no rush :)
Chris
http://www.windowsreference.com/windows-server-2008/step-by-step-guide-for-windows-server-2008-domain-controller-and-dns-server-setup/
http://www.zdnetasia.com/techguide/windows/0,39044904,62040433,00.htm
https://www.experts-exchange.com/questions/23735481/How-can-I-fix-DNS-configuration-on-Server-2008.html
DHCP:
http://www.windowsreference.com/windows-server-2008/how-to-setup-dhcp-server-in-windows-server-2008-step-by-step-guide/
http://www.zdnetasia.com/techguide/windows/0,39044904,62040983,00.htm
http://www.petri.co.il/dhcp-server-migration-made-easy-windows-server-2008.htm
http://www.windowsnetworking.com/articles_tutorials/How-to-Install-Configure-Windows-Server-2008-DHCP-Server.html