Solved

DNS Question/Issues

Posted on 2006-11-30
4
273 Views
Last Modified: 2010-04-18
Hi,

I have a Windows 2003 network and we are having issues with DNS. I noticed that some host a records were incorrect. I figured out that this was du to the fact that the computer account didn't have rights on the record. This is the case for some of them (haven't gone through all of them because we have over a 1000 pcs).

What i really want to know is why some A host permissions would not be correct. I don't know of any that would have been created manualy. I can unederstand if a computer was reformatted or replaced with the same name and the computer account was deleted and recreated but this would leave the old SID in the permissions. (some have this) But in my case the records have no computer accounts or unknown SID accounts in the permissions just all the other default ones.

I want to make sure this doesn't happen again so i would would like to know what caused this. Any ideas?

Also i would like to correct this wothout having to go through each record individually. Any ideas?
 
0
Comment
Question by:inf2300
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 51

Accepted Solution

by:
Netman66 earned 250 total points
ID: 18048192
There are a few reasons for incorrect A records:

1)  The originally registered computer was renamed.
2)  The lease expired on those computers, then the IP was given to another PC.

Scavenging is how to delete stale records - normally, the default behaviour for Scavenging is good as long as the default DHCP lease assignment is still being used.

0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 250 total points
ID: 18049070
If you are using DHCP and have it set up to do the DNS dynamic updates, there is a suggested way to get around any possible permissions issues in Win2k3 server.  MS recommends setting up a single user ID to be used for DHCP to update DNS registrations.  You set up a user ID that has membership ONLY in the DNSUpdateProxy group.  Then, go to your DHCP management console, right-click on the server name, click on the Advanced tab, click the Credentials button and put in the user name and password that you set up.  This way, every dynamic update uses these credentials and potential problems are avoided.  

In addition, you need to set up scavenging to get rid of the stale records, as mentioned by Netman66.  Default behavior for scavenging is fine.  However, scavenging is not enabled by default in Win2k3.  So, you need to go and edit the properties of your DNS server(s) to enable scavenging of stale records.  To do this, in the DNS mgmt. console, right-click on the server name and click "Set aging/scavenging for all zones."

Hope this helps!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question