Solved

DNS issue in Active Directory

Posted on 2009-07-13
7
216 Views
Last Modified: 2012-05-07
Recently I booted up a new laptop that is part of my AD domain.
The laptop received an ip address of 172.16.8.56. As long as this laptop is in this subnet, I could ping the name of the laptop and get a reply with no problem.

I then moved the laptop to a different subnet (172.16.3.0/24) If I ping the name of the laptop, the name resolves to the old 172.16.8.56 IP address and I receive a request timed out. If I reboot the laptop on the new subnet and try to ping by name, I still get the same result, request timed out result.

It appears that the laptop is not re-registering with DNS when it moves to a different subnet, but Im not sure how to resovle the problem. Any help would be appreciated.

Thank you in advance,

Don
0
Comment
Question by:dwesolowicz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24841016

Hey Don,

Does DHCP update DNS for you? Do the two subnets use different DHCP servers?

If they are different, are they both MS DHCP servers?

Chris
0
 

Author Comment

by:dwesolowicz
ID: 24841410
Thanks for the reply Chris
I only have one active DHCP server, both are MS DHCP, and it appears by your resonse that DHCP is not automatically updating DNS. When I look at the properties of DNS there are three tabs.
They are general, DNS, and advanced. When I click on the DNS tab, the following is checked:

enable DNS dynamic updates according to the setings below
Dynamically update DNS A and PTR records only if requested by the DHCP clients
Discard A and PTR records when lease is deleted.

I do see the option to always dynamically update DNS A and PTR records.
Should that be checked?
0
 

Author Comment

by:dwesolowicz
ID: 24841685
Chris,

I need to clarify.....sorry.....been on of those days.
I made a mistake when I told you that I only have one DHCP server. Turns out there is two.
My 172.16.3.0/24 is active on one server and the 172.16.8.0/24 is active on the second server.
Both scopes exist on each server.

sorry for the confusion.

Don



0
Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

 
LVL 71

Expert Comment

by:Chris Dent
ID: 24842247

No problem.

Normally you would want to configure both of the DHCP servers to update using the same credentials (you'd have to make an account for this, just a regular domain user). That way, if a client gets an address from the other DHCP server it can be correctly update the previous entry. Without this you end up with lots of Access Denied type responses when it tries to update.

Do you have Aging and Scavenging configured? Even if we do set credentials it'll either need time (if Aging and Scavenging are configured) or a bit of work (if they're not) to get everything updating properly.

Chris
0
 

Author Comment

by:dwesolowicz
ID: 24842472
Chris,

When DHCP was set up, all of the default settings are currently being used. So I would have to see how Aging and Scavenging is set up.
Sounds like I need to do some reading on how to configure each server to update properly. Do you have any suggestions on documentation? Does each DHCP server replicate with each other?

New territory for me.

Thanks for your patience


0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24842875

No replication in DHCP I'm afraid.

Any settings you make are per-server. The Credentials option is under the server properties / Advanced (on the DHCP server). I recommend you made a new account, for the sake of argument, lets call it "dnsupdate", set a decent password for it. Then pop that into the Credentials for each DHCP server.

For Aging and Scavenging it's back to DNS. How long is your DHCP lease at the moment? 8 days? It would be good to base the settings for Aging and Scavenging on that.

If it is 8 days... head to the DNS Console, then open the properties for your Forward Lookup Zone. Select the Aging button. Tick the box at the top, then set the No-Refresh Interval to 2 days, and the Refresh Interval to 2 days (see below for why). With this, records will become stale if they're completely untouched for 4 days.

Still in the DNS console, open the properties for the server. Then go to the Advanced tab, tick the Enable Automatic Scavenging option and set the Period to 1 day. That means your DNS server will go through and clean out stale records (untouched for 4 days) once a day.

The Aging Intervals then...

DHCP updates the DNS server at the Renewal interval of the DHCP lease. A client using a lease will attempt to renew that lease half way through, so with an 8 day lease it will renew 4 days in. That means that a DHCP lease extends in 4 day increments. To match that, we set the life-time of a DNS record to 4 days in total (2 No-Refresh + 2 Refresh), that way the DNS record also exists for 4 days, incrementing each time by 4 days.

Your servers will all be happy with this. They refresh their DNS records with the server once a day (all static clients do this).

This is a fine article on setting up Aging / Scavenging:

http://blogs.technet.com/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

I still recommend implementing the aging intervals above if I have your DHCP lease length right.

Chris
0
 

Author Closing Comment

by:dwesolowicz
ID: 31602889
Chris,

Sorry for the delay.
I will test out your solution and let you kow how things go.
 Thank you for all of you help.

Don
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
In-place Upgrading Dirsync to Azure AD Connect
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question