Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

DNS issue in Active Directory

Posted on 2009-07-13
7
Medium Priority
?
219 Views
Last Modified: 2012-05-07
Recently I booted up a new laptop that is part of my AD domain.
The laptop received an ip address of 172.16.8.56. As long as this laptop is in this subnet, I could ping the name of the laptop and get a reply with no problem.

I then moved the laptop to a different subnet (172.16.3.0/24) If I ping the name of the laptop, the name resolves to the old 172.16.8.56 IP address and I receive a request timed out. If I reboot the laptop on the new subnet and try to ping by name, I still get the same result, request timed out result.

It appears that the laptop is not re-registering with DNS when it moves to a different subnet, but Im not sure how to resovle the problem. Any help would be appreciated.

Thank you in advance,

Don
0
Comment
Question by:dwesolowicz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24841016

Hey Don,

Does DHCP update DNS for you? Do the two subnets use different DHCP servers?

If they are different, are they both MS DHCP servers?

Chris
0
 

Author Comment

by:dwesolowicz
ID: 24841410
Thanks for the reply Chris
I only have one active DHCP server, both are MS DHCP, and it appears by your resonse that DHCP is not automatically updating DNS. When I look at the properties of DNS there are three tabs.
They are general, DNS, and advanced. When I click on the DNS tab, the following is checked:

enable DNS dynamic updates according to the setings below
Dynamically update DNS A and PTR records only if requested by the DHCP clients
Discard A and PTR records when lease is deleted.

I do see the option to always dynamically update DNS A and PTR records.
Should that be checked?
0
 

Author Comment

by:dwesolowicz
ID: 24841685
Chris,

I need to clarify.....sorry.....been on of those days.
I made a mistake when I told you that I only have one DHCP server. Turns out there is two.
My 172.16.3.0/24 is active on one server and the 172.16.8.0/24 is active on the second server.
Both scopes exist on each server.

sorry for the confusion.

Don



0
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 24842247

No problem.

Normally you would want to configure both of the DHCP servers to update using the same credentials (you'd have to make an account for this, just a regular domain user). That way, if a client gets an address from the other DHCP server it can be correctly update the previous entry. Without this you end up with lots of Access Denied type responses when it tries to update.

Do you have Aging and Scavenging configured? Even if we do set credentials it'll either need time (if Aging and Scavenging are configured) or a bit of work (if they're not) to get everything updating properly.

Chris
0
 

Author Comment

by:dwesolowicz
ID: 24842472
Chris,

When DHCP was set up, all of the default settings are currently being used. So I would have to see how Aging and Scavenging is set up.
Sounds like I need to do some reading on how to configure each server to update properly. Do you have any suggestions on documentation? Does each DHCP server replicate with each other?

New territory for me.

Thanks for your patience


0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24842875

No replication in DHCP I'm afraid.

Any settings you make are per-server. The Credentials option is under the server properties / Advanced (on the DHCP server). I recommend you made a new account, for the sake of argument, lets call it "dnsupdate", set a decent password for it. Then pop that into the Credentials for each DHCP server.

For Aging and Scavenging it's back to DNS. How long is your DHCP lease at the moment? 8 days? It would be good to base the settings for Aging and Scavenging on that.

If it is 8 days... head to the DNS Console, then open the properties for your Forward Lookup Zone. Select the Aging button. Tick the box at the top, then set the No-Refresh Interval to 2 days, and the Refresh Interval to 2 days (see below for why). With this, records will become stale if they're completely untouched for 4 days.

Still in the DNS console, open the properties for the server. Then go to the Advanced tab, tick the Enable Automatic Scavenging option and set the Period to 1 day. That means your DNS server will go through and clean out stale records (untouched for 4 days) once a day.

The Aging Intervals then...

DHCP updates the DNS server at the Renewal interval of the DHCP lease. A client using a lease will attempt to renew that lease half way through, so with an 8 day lease it will renew 4 days in. That means that a DHCP lease extends in 4 day increments. To match that, we set the life-time of a DNS record to 4 days in total (2 No-Refresh + 2 Refresh), that way the DNS record also exists for 4 days, incrementing each time by 4 days.

Your servers will all be happy with this. They refresh their DNS records with the server once a day (all static clients do this).

This is a fine article on setting up Aging / Scavenging:

http://blogs.technet.com/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx

I still recommend implementing the aging intervals above if I have your DHCP lease length right.

Chris
0
 

Author Closing Comment

by:dwesolowicz
ID: 31602889
Chris,

Sorry for the delay.
I will test out your solution and let you kow how things go.
 Thank you for all of you help.

Don
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Here's a look at newsworthy articles and community happenings during the last month.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question