Solved

RAS DNS Entries

Posted on 2008-06-09
14
849 Views
Last Modified: 2012-08-13
As it stands right now, when a RAS connection is created to one of our servers a DNS entry is also created.  However when the RAS connection is closed it doesn't always remove the DNS.

Because of this we have DNS entries for our Domain Controllers, which host the RAS, which are no longer valid.  So when someone tries to access the DC via it's name rather than proper ip, it doesn't always work.

How can I correct this?  Without moving RAS away from the DC's.
0
Comment
Question by:ARSCO
  • 6
  • 5
14 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 21746892
I think that yo need to either do a
ipconfig /flushdns in a scheduled bat, or find the registry entry that controls the DNS cache timeout


I hope this helps !

0
 

Author Comment

by:ARSCO
ID: 21750821
Flushing the DNS won't correct it cause the record is still in the DNS table.  I'll have to look into the Cache setting.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21751586
I am surprised they are registering in DNS at all. How was the server end VPN created? No chance that instead of using the RRAS management console it was created from the Network Connections window using the "New Connection Wizard"? This would cause the problem you are experiencing. If this was done there will be a "WAN Miniport (PPTP) adapter present under Virtual Private Network under network connections. There should not be one there.
It was just a thought.

You can also avoid the RAS clients from registering their names in DNS by opening the DNS management console, right click on the server name and choose properties, Under the Interfaces tab change from the default all to the non RAS IP's only.

Enabling scavenging will automatically clean up these old records but probably not fast enough for your needs.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 

Author Comment

by:ARSCO
ID: 21751726
The VPN configuration was created through RRAS Management Console.  I did check for the PPTP adapter just to make sure and it doesn't exist.

I configured DNS to only respond to the static IP of the machine.  How does that keep DNS records being created for the RAS clients?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21751777
I should have asked the subnet of the VPN clients first. Many folk use a different subnet for VPN clients. If that is the case, the server will have a VPN/PPP adapter in a subnet different than the physical NIC addressing, and therefore DNS will not be registered.
If the VPN clients are using the same subnet as the LAN (which is common) that solution will not help.
0
 

Author Comment

by:ARSCO
ID: 21751853
Yeah we use the same subnet for the VPN clients.  Should I set it up the other way?  I assume a separate subnet is best practice.

Any guides for setting it up this way?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21752123
It is most common to do so when the router is the VPN endpoint. You can do it on the RRAS but it is not necessary and if doing so you have to set up routing and modify the clients slightly. Ultimately I don't think it would change the issue you are having with the server's PPP address being registered in DNS. I am not sure why that is happening, I haven't seen them registered before.

are you using a DHCP relay agent in RRAS?
0
 

Author Comment

by:ARSCO
ID: 21752206
IP address is assigned by the RRAS.  Is that what you're asking?
0
 

Author Comment

by:ARSCO
ID: 21752246
I see what you're asking about.  Yes it looks like the RRAS is relaying DHCP packets.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 21752287
RRAS can assign IP addresses in 3 ways.
1) If you just check DHCP in RRAS it will assign a 169.254.x.x address
2) You can define a "static address pool" as outlined in:
http://www.lan-2-wan.com/vpns-RRAS-1nic.htm
3) You can install and configure a DHCP relay agent. This relays DHCP requests to your DHCP server and might register the VPN addresses in DNS. The DHCP relay agent, if present, will be in the RRAS console, in the list on the left  under under IPRouting.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21752311
Sorry missed your last post.
DHCP relay allows you some extra options but I don't usually use it as the DHCP server needs to be on a different server than the RRAS server for it to work. You could try changing to option 2 above to see if it eliminates the problem, though that is really dealing with the symptoms rather than the actual problem.

I have been assuming this is not Small Business Server, but should it be let me know.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 24406136
I feel the information I provided was correct and relevant. The problem appears as if it was not fully resolved, but that is due to ARSCO dropping out of the 'conversation'. Perhaps it warrants awarding of points, but personally I am happy with any decision you, angelIII's, make.
Thanks,
--Rob
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question