Solved

RAS DNS Entries

Posted on 2008-06-09
14
851 Views
Last Modified: 2012-08-13
As it stands right now, when a RAS connection is created to one of our servers a DNS entry is also created.  However when the RAS connection is closed it doesn't always remove the DNS.

Because of this we have DNS entries for our Domain Controllers, which host the RAS, which are no longer valid.  So when someone tries to access the DC via it's name rather than proper ip, it doesn't always work.

How can I correct this?  Without moving RAS away from the DC's.
0
Comment
Question by:ARSCO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
14 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 21746892
I think that yo need to either do a
ipconfig /flushdns in a scheduled bat, or find the registry entry that controls the DNS cache timeout


I hope this helps !

0
 

Author Comment

by:ARSCO
ID: 21750821
Flushing the DNS won't correct it cause the record is still in the DNS table.  I'll have to look into the Cache setting.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21751586
I am surprised they are registering in DNS at all. How was the server end VPN created? No chance that instead of using the RRAS management console it was created from the Network Connections window using the "New Connection Wizard"? This would cause the problem you are experiencing. If this was done there will be a "WAN Miniport (PPTP) adapter present under Virtual Private Network under network connections. There should not be one there.
It was just a thought.

You can also avoid the RAS clients from registering their names in DNS by opening the DNS management console, right click on the server name and choose properties, Under the Interfaces tab change from the default all to the non RAS IP's only.

Enabling scavenging will automatically clean up these old records but probably not fast enough for your needs.
0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 

Author Comment

by:ARSCO
ID: 21751726
The VPN configuration was created through RRAS Management Console.  I did check for the PPTP adapter just to make sure and it doesn't exist.

I configured DNS to only respond to the static IP of the machine.  How does that keep DNS records being created for the RAS clients?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21751777
I should have asked the subnet of the VPN clients first. Many folk use a different subnet for VPN clients. If that is the case, the server will have a VPN/PPP adapter in a subnet different than the physical NIC addressing, and therefore DNS will not be registered.
If the VPN clients are using the same subnet as the LAN (which is common) that solution will not help.
0
 

Author Comment

by:ARSCO
ID: 21751853
Yeah we use the same subnet for the VPN clients.  Should I set it up the other way?  I assume a separate subnet is best practice.

Any guides for setting it up this way?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21752123
It is most common to do so when the router is the VPN endpoint. You can do it on the RRAS but it is not necessary and if doing so you have to set up routing and modify the clients slightly. Ultimately I don't think it would change the issue you are having with the server's PPP address being registered in DNS. I am not sure why that is happening, I haven't seen them registered before.

are you using a DHCP relay agent in RRAS?
0
 

Author Comment

by:ARSCO
ID: 21752206
IP address is assigned by the RRAS.  Is that what you're asking?
0
 

Author Comment

by:ARSCO
ID: 21752246
I see what you're asking about.  Yes it looks like the RRAS is relaying DHCP packets.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 21752287
RRAS can assign IP addresses in 3 ways.
1) If you just check DHCP in RRAS it will assign a 169.254.x.x address
2) You can define a "static address pool" as outlined in:
http://www.lan-2-wan.com/vpns-RRAS-1nic.htm
3) You can install and configure a DHCP relay agent. This relays DHCP requests to your DHCP server and might register the VPN addresses in DNS. The DHCP relay agent, if present, will be in the RRAS console, in the list on the left  under under IPRouting.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21752311
Sorry missed your last post.
DHCP relay allows you some extra options but I don't usually use it as the DHCP server needs to be on a different server than the RRAS server for it to work. You could try changing to option 2 above to see if it eliminates the problem, though that is really dealing with the symptoms rather than the actual problem.

I have been assuming this is not Small Business Server, but should it be let me know.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24406136
I feel the information I provided was correct and relevant. The problem appears as if it was not fully resolved, but that is due to ARSCO dropping out of the 'conversation'. Perhaps it warrants awarding of points, but personally I am happy with any decision you, angelIII's, make.
Thanks,
--Rob
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question