RAS DNS Entries

As it stands right now, when a RAS connection is created to one of our servers a DNS entry is also created.  However when the RAS connection is closed it doesn't always remove the DNS.

Because of this we have DNS entries for our Domain Controllers, which host the RAS, which are no longer valid.  So when someone tries to access the DC via it's name rather than proper ip, it doesn't always work.

How can I correct this?  Without moving RAS away from the DC's.
ARSCOAsked:
Who is Participating?
 
Rob WilliamsConnect With a Mentor Commented:
RRAS can assign IP addresses in 3 ways.
1) If you just check DHCP in RRAS it will assign a 169.254.x.x address
2) You can define a "static address pool" as outlined in:
http://www.lan-2-wan.com/vpns-RRAS-1nic.htm
3) You can install and configure a DHCP relay agent. This relays DHCP requests to your DHCP server and might register the VPN addresses in DNS. The DHCP relay agent, if present, will be in the RRAS console, in the list on the left  under under IPRouting.
0
 
SysExpertCommented:
I think that yo need to either do a
ipconfig /flushdns in a scheduled bat, or find the registry entry that controls the DNS cache timeout


I hope this helps !

0
 
ARSCOAuthor Commented:
Flushing the DNS won't correct it cause the record is still in the DNS table.  I'll have to look into the Cache setting.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
Rob WilliamsCommented:
I am surprised they are registering in DNS at all. How was the server end VPN created? No chance that instead of using the RRAS management console it was created from the Network Connections window using the "New Connection Wizard"? This would cause the problem you are experiencing. If this was done there will be a "WAN Miniport (PPTP) adapter present under Virtual Private Network under network connections. There should not be one there.
It was just a thought.

You can also avoid the RAS clients from registering their names in DNS by opening the DNS management console, right click on the server name and choose properties, Under the Interfaces tab change from the default all to the non RAS IP's only.

Enabling scavenging will automatically clean up these old records but probably not fast enough for your needs.
0
 
ARSCOAuthor Commented:
The VPN configuration was created through RRAS Management Console.  I did check for the PPTP adapter just to make sure and it doesn't exist.

I configured DNS to only respond to the static IP of the machine.  How does that keep DNS records being created for the RAS clients?
0
 
Rob WilliamsCommented:
I should have asked the subnet of the VPN clients first. Many folk use a different subnet for VPN clients. If that is the case, the server will have a VPN/PPP adapter in a subnet different than the physical NIC addressing, and therefore DNS will not be registered.
If the VPN clients are using the same subnet as the LAN (which is common) that solution will not help.
0
 
ARSCOAuthor Commented:
Yeah we use the same subnet for the VPN clients.  Should I set it up the other way?  I assume a separate subnet is best practice.

Any guides for setting it up this way?
0
 
Rob WilliamsCommented:
It is most common to do so when the router is the VPN endpoint. You can do it on the RRAS but it is not necessary and if doing so you have to set up routing and modify the clients slightly. Ultimately I don't think it would change the issue you are having with the server's PPP address being registered in DNS. I am not sure why that is happening, I haven't seen them registered before.

are you using a DHCP relay agent in RRAS?
0
 
ARSCOAuthor Commented:
IP address is assigned by the RRAS.  Is that what you're asking?
0
 
ARSCOAuthor Commented:
I see what you're asking about.  Yes it looks like the RRAS is relaying DHCP packets.
0
 
Rob WilliamsCommented:
Sorry missed your last post.
DHCP relay allows you some extra options but I don't usually use it as the DHCP server needs to be on a different server than the RRAS server for it to work. You could try changing to option 2 above to see if it eliminates the problem, though that is really dealing with the symptoms rather than the actual problem.

I have been assuming this is not Small Business Server, but should it be let me know.
0
 
Rob WilliamsCommented:
I feel the information I provided was correct and relevant. The problem appears as if it was not fully resolved, but that is due to ARSCO dropping out of the 'conversation'. Perhaps it warrants awarding of points, but personally I am happy with any decision you, angelIII's, make.
Thanks,
--Rob
0
All Courses

From novice to tech pro — start learning today.