Solved

DNS A Records not updating

Posted on 2008-09-29
7
914 Views
Last Modified: 2012-05-05
I have a DNS server running AD Integrated in a Win2k3 Native Environment

My DHCP Server is set to update DNS and PTR records always.

I have 50 machines on one VLAN that just changed VLAN's a couple days ago.

Now all 50 machines are not pingable by host name. Instead it returns the old IP Address. Registering the machines does no good obviously because the host records still exist and you can't have two machines with the same name in DNS even though the IP has changed.

It's not profesional to wait 7 days for the records to scavenge obviously when all 50 machines are not pingable by host. They actually have to get to their file servers which is on their VLAN as well but I'm not sure if this can cause other issues like Group Policy and stuff that requires the DC to push down infnormation.

Can anyone explain this phenomina and show me how to correct it so next time I don't have to manually delete all 50 freakin records? I mean I'm lucky it was only 50. If I knew how the problem was created I can prevent it from happening next time we do VLAN changes or fix oter isolated incidents which seemto creep up now and then...

Thanks a ton everyone
0
Comment
Question by:snyderkv
7 Comments
 
LVL 13

Expert Comment

by:Rowley
ID: 22603575
http://technet.microsoft.com/en-us/library/cc757041.aspxhttp://technet.microsoft.com/en-us/library/cc757041.aspx

Alter your refresh and scavenge times as part of the migration as well as ensuring that all clients run ipconfig /registerdns after you're done. If you'd have planned top do both of these as part of the migration, you might have saved yourself a headache.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 22604411

Hey,

In an ideal world the Aging intervals should be set to work with your DHCP Lease time.

That way if a record does fail to overwrite it won't matter because the record will be scavenged at the same time as the new lease is granted.

Typically these kind of issues occur when permissions to write to the records have changed. For instance, if you moved the DHCP service, or changed the credentials it uses (or changed from DHCP updating to clients updating).

If you use multiple DHCP servers then you should ensure they work with the same credentials.

Chris
0
 
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22607260
Dynamic updates will only update dynamic records and not static records.
In DNS-manager: Click View|Advanced. Open the DNS-records and tick the checkbox "Delete this record when it becomes stale" to mark the record as dynamic.

To do a manual scavenge: Right-click on DNS-server in DNS-manager and choose 'Scavenge Stale Resource Records'
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 
LVL 4

Expert Comment

by:cybersean
ID: 22607395
Next time, you should be able to reload the dns zone simply by right-clicking on it and select Reload.
0
 

Author Comment

by:snyderkv
ID: 22611573
But reloading the zone I thought was used only if you want Cached ifo to sync with the zone file. Replication is not an issue here.

The record is stale, but we don't want to wait 7 days.

We cannot manually scavenge all records because I thought that creates lots of DNS replication traffic?

It's not a permissions issue . It's ust I can't get a cmputer to registerdns because it's old record is taking it's place. Or maybe that is permissions. I don't know. ???

I will check permissions out within the hour

0
 

Author Comment

by:snyderkv
ID: 22611714
FIXED!

Turns out it was a permissios issue like Chris suggested.

I gave permissions to myself for the A record and did another ipconfig /registerdns and it updated theA record to the crrect IP Address. I was told that to prevent this I could stop letting DHCP dynamically update the records and let the clients do it on their own.

Sorry for not spliting points but Chrise's answer made me look into permissions which fixed the issue. If anybody contests it let me know and I will split the points.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22612384

> I was told that to prevent this I could stop letting DHCP dynamically
> update the records and let the clients do it on their own.

That will work well enough. Once clients have permission on the record they will update it themselves no matter where they log on (well, as long as they're connected of course).

If DHCP is updating, and there are multiple (or changing) DHCP servers it is best to configure each to use the same credentials when registering records. There's also the DNSUpdateProxy group that can be used to simplify permissions set on created records.

Chris
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
W 10 Workstation can't join Win 2012 domain 12 66
DNS and NSLOOKUP 21 79
DNS issue with resolving request 14 106
Separate DNS forwarding 2 18
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question