• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1746
  • Last Modified:

DNS server updates and removes 2nd Host record of itself (it's Hamachi, software VPN, IP address)

I have a domain that has an SBS 2003 server as the PDC, we'll call this server "Server A" at "Site A". DNS server is running on Server A, as well as DHCP. Server A is also the Exchange server for the domain. The local area connection on Server A has a static IP and the only DNS server for the connection is itself. Everything DNS related for the workstations at Site A is working fine.

There is a 2003 Standard server, "Server B" on the domain at another location "Site B" hundreds of miles away from Site A. I was able to use Hamachi (software VPN connection) to connect the two sites. After many many hours of struggling, I was able to run dcpromo on Server B with it at Site B in order to make it an additional domain controller on the domain. In order to do so I had to manually create and populate the _msdcs.domain.local forward lookup zone in the DNS server on Server B. Before doing so the dcpromo wizard would fail because it could not find the Domain controller.

So I got that fixed up and got Server B promoted to domain controller. Active Directory and DNS both replicated to Server B successfully. I was then able to join the 2 workstations at Site B to the domain. Both of those workstations are also running Hamachi and are joined to the same Hamachi network as the domain controllers. One of the workstation's Outlook client keeps losing its connection to the Exchange server (Server A at Site A). When it does, I check the DNS server (on either server) and the Hamachi IP address of Server A (the Exchange server) is missing from the Forward Lookup Zone. I can manually add the Host Record of the Hamachi IP address of Server A and then the workstation is once again able to connect to the Exchange server.

Everything would be fine if the DNS server would quit removing the Host Record for Server A conatining the Hamachi IP address. It seems that it is now removing that record every 15 minutes or so. This is causing a lot of email downtime and a lot of frustration (for the user and myself).

Addditional info... When running properly the DNS server should have 2 Host Record for Server A, it's local IP and it's Hamachi IP. Server B has two Host Records, its local IP and its Hamachi IP and neither record has ever disappeared. All necessary Reverse Lookup Zones are created and PTRs are created. I've opened the LDAP port in the firewall at Site A. DNS event viewer shows the following 2 events just before the Host Record goes missing:

Event ID 4521

The DNS server encountered error 32 attempting to load zone 255.162.5.in-addr.arpa from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

Event ID 6702

DNS server has updated its own host (A) records.  In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update.  An error was encountered during this update, the record data is the error code.
 
If this DNS server does not have any DS-integrated peers, then this error
should be ignored.
 
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.
 
To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact.  (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner.  It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.
0
rnapro
Asked:
rnapro
  • 7
  • 4
1 Solution
 
rnaproAuthor Commented:
Any takers?
0
 
Rob WilliamsCommented:
Afraid it is not a solution but just an opinion; as wonderful a product as Hamachi is, I do not feel it is an enterprise solution. Have you considered site to site hardware VPN devices? A pair of Linksys RV042's work extremely well for $200 each, but you can get Linksys BEFV41's, or Netgear FVS318's for under $150 each.
Among other issues, Hamachi uses dynamic addressing which can play havoc with DNS and unless you have a paid version it does not run as a service.

I apologize up front, I appreciate this is not the information you are looking for.
0
 
rnaproAuthor Commented:
Thank you for the comment. We are using the paid version on both sides. We went with the software solution instead of hardware since we have had good experience with Himachi. We will have to keep the hardware you suggested in mind if no one is able to solve this issue.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
rnaproAuthor Commented:
As he said, we are usign the paid service. I've never seen a Hamachi address change when running on the same user profile. I appreciate your suggestion. My thoughts though, is that it is not a complcation of using Hamachi. With the problem being that DNS removes the Hamachi IP address, I'm not sure that if I wasn't using Hamachi, there would be a different result. And for whatever reason the Hamachi address of Server B never gets removed.

Is anyone aware of a way to make a Host record never get deleted? It seems like such a small issue causing such a big problem. When the Host Record is there, everything works like a charm.
0
 
Rob WilliamsCommented:
>>"Is anyone aware of a way to make a Host record never get deleted?"
You could resort to using the Hosts file (for DNS names) or the LMHosts file (for NetBIOS names).
http://msmvps.com/blogs/robwill/archive/2008/05/10/lmhosts-and-hosts-files.aspx
0
 
rnaproAuthor Commented:
Already tried that and it didn't help.
0
 
rnaproAuthor Commented:
When the Hamachi address is missing from DNS, regardless of if I use lmhosts file or not... the computer resolves Server A to it's local IP address (local to Site A), which of course doesn't get it anywhere.
0
 
Rob WilliamsCommented:
Does your version of Hamachi create a virtual adapter in network connections? If so the only other thought I would have is to verify that "register this connection's address in DNS" is checked under the advanced DNS tab of the virtual adapter.

The interesting part is if you had a site to site VPN connection there is no DNS entry relating to the VPN, just the remote site's LAN IP and routing knows the path to get there. I assume the remote site and subnet are set up in AD sites and services?
0
 
rnaproAuthor Commented:
I tried checking "register this connection's address in DNS". It did not register. I did a command prompt ipconfig /registerdns, it did not register. I am not familiar with using AD sites and services to achieve what I need. Could you elaborate?
0
 
rnaproAuthor Commented:
I finally figured out how to get the Host Record to stay. Instead of just creating a new Host Record in the forward lookup zone... I went tot he properties of the forward lookup zone, then to the Name Servers tab, selected Server A, clicked edit and added the Hamachi address. It automatically creates the Host Record and it appears to stay indefinitely.
0
 
Rob WilliamsCommented:
Sounds good.

As for sites and services it is important to set up the different sites, subnets, and link to be used so that replication between the DC's works properly. Jay_Jay70 has written an excellent "down to earth" article about the basic functionality of AD sites & services, which may be of help:
http://www.block.net.au/help/AD-Sites/
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now