Solved

PTR Records on Internal DNS

Posted on 2006-06-23
12
1,492 Views
Last Modified: 2006-11-18
Hello,

We host our own internal and external DNS.  On the internal side, my reverse lookup zone is a mess.  I have PTR records for the same IP pointing to various machines and vice versa.

Question 1:  where or what creates the PTR record?  Does doing a /flushdns and /registerdns all records for the host its run on?

Question 2:  why do i have some records with host name machinename. and others have machinename.domain.com?

Here are some examples of what i have

10.1.1.25   Pointer(PTR)    host1.domain.com
10.1.1.25   Pointer(PTR)    host2.
10.1.1.25   Pointer(PTR)    host2.domain.com
10.1.1.25   Pointer(PTR)    host3.domain.com

and on the flip side

10.1.1.96   Pointer(PTR)    host12.domain.com
10.1.1.45   Pointer(PTR)    host12.domain.com
10.1.1.12   Pointer(PTR)    host12

how do i clean this up?  I was thinking I can use a login script that would run ipconfig /flushdns and ipconfig /registerdns but I tested this on a few machines and it's not cleaning up the records.

Thanks
0
Comment
Question by:darrennelson
  • 4
  • 4
  • 2
  • +1
12 Comments
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 16970954
ipconfig /flushdns only clears the local DNS cache

Your PTR's should be created automaticaly when a computer registers with DNS.  I don't know how to automaticaly remove PTR records, but you can safley delete the ones for your internal domain.  You may have to recreate the ones you need.

You may also need to check your DHCP settings
Right click on your DHCP server and go to properties
On the DNS tab make sure the following are checked;
Enable DNS dynamic updats according to the settings below

Dynamically update DNS and PTR records only if requested by the DHCP client

Discard A and PTR records when lease is deleted

eb
0
 
LVL 9

Expert Comment

by:dooleydog
ID: 16971015
actually, you probably do not need a reverse lookup zone, in my company, we have about 100,000 workstations, and do not use a reverse lookup zone.

i would remove it and your problem is solved.

Good Luck,
0
 

Author Comment

by:darrennelson
ID: 16971320
ok, I found a source of what I believe is part of the problem.  I recently upgraded a domain controller to 2k3, and it installed DNS on this server, as well (I don't remember doing, but maybe I did without thinking).   I have removed DNS from this server and I am cleaning up the reverse zone on the other server.  Removing the reverse zone isn't an option.  We are a software dev shop, and need both forward and reverse capabilities.

ebjers, i checked those settings before posting and they are all checked, but for some reason old pointers aren't getting cleaned up when ip's are reassigned.  Possible because I had 2 internals and the dhcp server only knew about one of them.  I think the second dns was replicating old records to the primary internal after they were cleaned.

I will keep you posted.  If this resolves it, I will assign points accordingly.  Thanks for the replies.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 16982351

Hi guys,

Sorry to barge in, but I was going through a few of the older questions and I wanted to drop a quick comment in about this one.

Is DHCP pushing records into DNS for you - you will have to have configured this if it is, it doesn't do it by default? If so then it should be cleaning up after itself as it turns off the clients ability to register their own records.

If not, you need to configure the Aging options on the Reverse Lookup Zone (and any other dynamically updatable zone) and ensure at least one of your DNS servers is performing Scavenging to keep it clear of old records. If you don't know how to configure that then:

Aging: Set on each zone under Properties, General, Aging
Scavenging: Set on each DNS Server under Properties, Advanced, Scavenging (one box for Enable and one for the Period - 1 day is generally more than enough).

In an ideal world the aging options; No-Refresh Interval and the Refresh Interval added together should match your DHCP lease time.

HTH

Chris
0
 

Author Comment

by:darrennelson
ID: 17014094
Thanks for chiming in Chris, scavenging is set for both forward and reverse zones for 1 day.  I still seem to be getting a few dupes, as if DHCP isn't cleaning records as it reassings addresses. (didn't notice before, but I have dupes in both forward and reverse zones)

I also noticed in Properties->Name Servers for forward and reverse zones, I still had the unintentional DNS server listed as a name server.  I removed it and will continue to monitor.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17014362
You should only have internal servers listed as name servers, so removing it was the right thing to do.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 17016192

How do you have the Aging period configured on the zone?

Chris
0
 

Author Comment

by:darrennelson
ID: 17244726
I forget how to reference a question to be closed by support.  The question hasn't been answered.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 125 total points
ID: 17248317

You never answered the question I asked you...

If zones are a mess you should set Aging limits. Scavenging is only half of the process, you can enable it all you want, but it won't do anything at all unless you actually set the aging limits. Normally these should when added together equal your DHCP Lease time. That is, if your DHCP lease is 10 days then 5 days for No-Refresh and 5 days for Refresh would be appropriate.

Chris
0
 

Author Comment

by:darrennelson
ID: 17291254
My apologies, I assumed they were the same thing.  I set aging limits as you suggested and I don't see any dupes.  Thanks for the help
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 17291349

No problem, glad it's all working now :)

Chris
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now