Solved

Script Required to delete duplicate DNS records

Posted on 2008-06-25
5
2,372 Views
Last Modified: 2011-01-06
Good Day..

We are having an issue with DNS records being duplicated in Active directory. Domain controllers are running Windows server 2003.
If a user connects in from home over the VPN the following day when they try and connect in the office they are having problems connecting to parts of the network as the dns record discovered using nslookup and other tools does not match the settings on their PC. Looking into the DNS records they have 1 DNS record with their normal IP address and then a second entry with the IP address assigned to the vpn connection.  The vpn connections are created using a Cisco VPN3005 concentrator.

This can happen to a few select people and they will not be able to connect to devices on our network until the "vpn" DNS record is removed.

I was thinking that a script could be run in powershell that will search for multiple instances of that user and then remove the false record.  For example we have a record markc.domain.ds whio normally is assigned an ip address of 192.168.15.114, however after using the vpn connection he also has a record for the ip address 192.168.0.71 and this causes the conflict.

Alternatively if anyone could suggest a settings change to our DNS system that would clear these records that would work just as well.  we are thinking that it would be a setting on the Cisco Concentrator that needs changing.
any and all help welcome


Kind Regards


Robert Dent
0
Comment
Question by:vodyanoi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21863576

Hey Robert,

Interesting coincidence on the surname :)

Your situation suggests that DNS entries for your network are updated by your DHCP server. If that is the case the record for the internal network cannot be removed until the lease expires on the internal DNS Server.

Perhaps the easiest way to resolve this in the long run is to set the clients to update DNS directly (anything from Windows 2000 upwards can do that). All you have to do to allow them to update is disable the updates from DHCP.

If this is done a client connecting on the VPN will have permission to Update their existing record rather than making a new one.

HTH

Chris
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 21863588

One more bit I forgot to mention.

In either case you will need to check your Aging / Scavenging settings. That won't help when two records are being created naturally (rather than duplicates because of age).

Chris
0
 

Author Comment

by:vodyanoi
ID: 21914594
thanks Chris

i dont know if this will solve my issue but will look into the suggestion...

Rob Dent
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 125 total points
ID: 21914605

There is one issue I should have mentioned.

The current record registered in DNS will only allow updates by the DHCP Server. The client will not be able to update correctly until the current record is Scavenged (or manually deleted).

Chris
0
 

Author Closing Comment

by:vodyanoi
ID: 31470475
thanks for the advice you have provided, not sure if we will go down this road but since the complaint hasnt come through since i posted the question it may have solved itself.

Rob Dent
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Active Directory Upgrade from 2008 to 2012 21 55
NTP Servers 4 48
Windows 2012 R2 DFS Replication 12 47
PTR DNS record question 1 31
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question