Microsoft DNS and DHCP not in sync.
I am running Active Directory on Windows 2003 servers (two of them to be exact). My Win2003 servers are our companies internal DNS servers and DHCP servers.
My problem is that as users come and go in DHCP I have noticed that some times DNS gets updated some times not. To be exact
1. When a new machine is seen by DHCP and assigned and address most of the time a DNS PTR record is not created in DNS (but some times it is).
2. When a DHCP record expires and the machine is not around to renew the address. If a DNS PTR record did exits it is never deleted and I only notice it because I look in DNS and find two (or more) A recored for that same machine on different addresses.
3. The other way I find out about the problem is when I see a machine resolving to an incorrect address. When I look in DNS there are multiple PTR records for this host
Any idea what is going on? In the past when I have run DNS and DHCP on unix I have gotten this to all work smoothly.
Louis
My problem is that as users come and go in DHCP I have noticed that some times DNS gets updated some times not. To be exact
1. When a new machine is seen by DHCP and assigned and address most of the time a DNS PTR record is not created in DNS (but some times it is).
2. When a DHCP record expires and the machine is not around to renew the address. If a DNS PTR record did exits it is never deleted and I only notice it because I look in DNS and find two (or more) A recored for that same machine on different addresses.
3. The other way I find out about the problem is when I see a machine resolving to an incorrect address. When I look in DNS there are multiple PTR records for this host
Any idea what is going on? In the past when I have run DNS and DHCP on unix I have gotten this to all work smoothly.
Louis
Is you DHCP configured to automatically update the DNS records regardless of whether it is requested by the client?
ASKER
Yes it is ...
Is you DNS setup to allow nonsecure or secure updates? What OS do the machines have that are experiencing the problem? Maybe on the ones that are being created the Advanced IP Settings on the computer are set to register the name in DNS. I am not sure if the DDNS functionality is considered a secure update since it is coming from a service that will hand addresses to anyone that requests it.
ASKER
The client OSes are all Win2k or WinXP.
Updates are secure using ActiveDirectory.
Updates are secure using ActiveDirectory.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Make sure on the DHCP server properties (In the DNS TAB) that you have the "Automatically update DHCP client information in DNS" and "Update DNS only if DHCP client requests" or (try it both ways) "Always update DNS" and make sure to check "Discard forward (name-to-address) lookups when lease expires "
these should fix the problem , if so please inform us
i had the same issue once and it got solved this way
oh and dont forget to delete all theunused ips and outdated DNS records before doing this step.
it might be a good idea to minimize the lease time (recommendation is 4 days or less)
Cheers
these should fix the problem , if so please inform us
i had the same issue once and it got solved this way
oh and dont forget to delete all theunused ips and outdated DNS records before doing this step.
it might be a good idea to minimize the lease time (recommendation is 4 days or less)
Cheers
ASKER
I had some of the scavenging stuff setup but not correctly. I fixed it and I will keep an eye on the dns for a few days.
Thanks,
Louis
Thanks,
Louis
You can force Scavenging to run if you wish by right-clicking on the Server and selecting "Scavenge Stale Resource Records". That should give you an idea of whether it's working or not more quickly (if you want).
Chris
ASKER
I did but I did not see much change. What exactly does Scavenging do???
Louis
Louis
That needs the background as well, hopefully this will be clear enough:
When a record is dynamically created in DNS it gets a Time-stamp added. This basically starts a countdown timer for how long the record is valid.
This timer starts off in the No-Refresh Interval, during that time the DNS Server sits there and listens to the network clients DNS information but ignores it unless it sees an Update request (such as if you change the IP Address of the machine). It does this to keep AD replication traffic to a minimum. After all, if your DHCP Lease is 7 days it's really unlikely to have got a new IP within the first 4 days. So what's the point in replicating that change to every DC / DNS Server?
After the No-Refresh Interval has passed we enter the Refresh Interval. Now the DNS Server really starts paying attention. If it receives a Refresh request (an "I'm still using this IP" statement) from the Client it updates the Timestamp on the record and sends us back to the No-Refresh Interval to start again. If it hears nothing at all then it continues waiting, and will consider the record perfectly valid for another 3 Days (using the example above) before it considers the record Out of Date or Stale.
Now Scavenging comes into it. For every record that hasn't had a Network Client say "I'm still using this IP" within that 3 Day Refresh Interval (that is, a Stale Record) it Deletes the record. The idea is simply to leave you with a nice clean DNS Zone even with network clients all over the place adding things to it.
If the client turns up again afterwards, and happens to still be using the same IP then it will simply register again and the process starts again.
As a side note: Using the example above again, if a client does Refresh as soon as the Refresh Interval comes (after 4 days). But then gets a new IP Address 3 days later you will have, at most, 1 day where you have an incorrect record in DNS. A 50/50 split of the times works more successfully with the DHCP Lease; but the example above is near enough for any discrepancy to be unnoticable.
Chris