• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 529
  • Last Modified:

machine names, IPs are not always in sync

Hi,

We use Win2k3 AD, DNS, WINS and DHCP.
DHCP is setup to auto-update A and PTR record in DNS servers.
zone Aging and scavenging old DNS records  every 12 hrs.

There appears to be a some problem where machine names, IPs are not always in sync.

What the cause is? what the options are to fix it?

Would you please make a reocmmendation.

Many thanks in advance.

Regards

John
0
mbsadmin
Asked:
mbsadmin
  • 5
  • 2
1 Solution
 
TDKDCommented:
Hi mbsadmin,

You say you have enabled  Aging and scavenging old DNS records  every 12 hrs. <-- this is enabled on only "one" of your DNS servers?
0
 
mbsadminAuthor Commented:
To TDKD,

Aging and scavenging old DNS records  every 12 hrs is enabled on all the forward lookup zones and all reverse lookup zones of all DNS servers.

Cheers

Regards

John
0
 
TDKDCommented:
Hi mbsadmin,

The reason I ask is because some of my guys enabled it on all DNS Servers and it didn't work so well, they ended up enabling it on only one DNS Server, then when they synced with that DNS Server it all worked nicely, I hope the info helps?
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
TDKDCommented:
Also, I got this from a useful website http://www.myitforum.com/articles/16/view.asp?id=6287 I think the bottom portion is the route my guys took.


The Scavenging Period setting only applies to an individual DNS server. Unlike the other settings, which are replicated by AD, this setting is specific to the DNS server in question. With this in mind, not enabling this setting means that no servers are scavenging records!. Aging of records is taking place (No-refresh, Refresh), but nothing else is going on. This is good for a variety of reasons. First of all, you don't necessarily want ALL of your DNS servers to scavenge. You only need one to do it. It'll replicate the record deletes to the other DNS servers. This also allows for some other configuration options.

 * Small Environment - Turn Scavenging Period on. This should be ample for you.

 * Larger Environment - Here's another method you can use. Leave the Scavenging Period setting off. In other words, you don't want DNS servers scavenging records for you. Instead, use the DNSCMD.exe (Support Tools) with the /StartScavenging option and schedule it on a recurring basis, at the timeframe you're looking for. It's probably reasonable to suggest night-time hours to have very little DNS registrations or queries going on.

 * Enterprise Environment - Designate a DNS server to handle all scavenging and nothing else. This can be establish by placing the DNS server in its own site so that clients do not refer to it for lookups or any AD functions. If that sounds like too much work, the SRV records for this DNS server can be stripped from DNS achieving the same effect.
0
 
mbsadminAuthor Commented:
to TDKD,

Thanks for that!
Is there anything to do with a security group called "DnsUpdateProxy"?
Do I need to put our DHCP servers into this group?

Any information would be much appreciated.

Regards

John
0
 
TDKDCommented:
Sorry, I have been traveling John, here is a good link one of my guys sent me in regards to your question:

http://msmvps.com/blogs/ulfbsimonweidner/archive/2004/11/15/19325.aspx
0
 
TDKDCommented:
Just in case you don't scroll down far enough to see this link in the above link:

http://msmvps.com/blogs/UlfBSimonWeidner/archive/2005/03/26/39841.aspx
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now