Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 326
  • Last Modified:

DNS configured incorrectly

Something is broken with our DNS. I think the records are not being updated or refreshed. If I ping an internal computer by name a lot of the time it resolves to the wrong IP address. External addresses resolve fine. There aren't any errors in the DNS log. Although, looking at our local subnets under reverse lookup zones shows the inacurate IP records along with old computer names that have since been renamed.

Any pointers would be greatly appreciated.
0
BIZNETplus
Asked:
BIZNETplus
  • 2
  • 2
1 Solution
 
Chris DentPowerShell DeveloperCommented:

Hey,

The kind of old records you mention are normally cleaned out by the Scavenging process (if Aging is configured).

Any idea if either of those are set at the moment? You'll find the settings in the properties for each zone by clicking on the Aging button. That applies to both forward and reverse lookup zones.

Ideally, we would want to set those intervals to work with your DHCP Lease duration That is, if your lease were 8 days, setting No-Refresh to 4 days and Refresh to 4 days is a good start.

Chris
0
 
mgpremkumarCommented:
did you mak sure that dynamic updates are enabled on you zone?

is your zone AD integrated? are the dynamic updates set to secure and non-secure? did you try setting it to non-secure?

is you dhcp server a windows dhcp server? did you check the settings for option 81:
http://technet.microsoft.com/en-us/library/cc787034.aspx
0
 
BIZNETplusAuthor Commented:
The Scavenge stale resource records option was not checked. I checked that and set both no-refresh and refresh interval at 4 days. Im not sure how long the DHCP lease is, DHCP is handled by a SonicWall that I do not have access to. I will go ahead and contact the company that manages that and see if they will tell me.

There were two places I saw to set scavenging that seemed independent of each other. Right clicking the dns server there was "Set Aging/Scavenging for All Zones", but also if you click Properties and the Advanced tab, at the bottom there is another option to enable automatic scavenging of stale records. I turned it on in both places.

It is AD integrated, and dynamic updates is set to secure. I will try changing to unsecure if the scavenging doesnt correct the problem.
0
 
Chris DentPowerShell DeveloperCommented:

Just a quick note on Scavenging again.

You have to be rather patient with it, with your current settings it will not allow Scavenging to execute against the zone for 4 days (the value of the Refresh Interval). This is to give AD, and all the network clients, time to think about correctly writing the Time Stamp information.

You can see the value for that if you select View / Advanced, then re-open the Aging option.

The Scavenging option under the DNS server Properties / Advanced, states how frequently the task itself runs. I recommend setting that to 1 day on one of your Domain Controllers.

And if the lease time is really short...

Whatever you do, don't set a Refresh Interval less than 1 day. Records only dynamically register once every 24 hours, having a shorter Refresh interval makes a real mess.

Chris
0
 
BIZNETplusAuthor Commented:
This worked out great, thanks!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now